1. Introduction

EHB Aesthetics LLC, operating as BioRoot AI ("we," "us," or "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use the BioRoot AI platform at biorootai.com ("the Platform").

2. Information We Collect

2.1 Account Information

When you create an account, we collect and store:

Name
Email address
Password (cryptographically hashed — we never store your plain text password)
Account type (consumer or provider) and subscription tier

2.2 Health and Wellness Information

When you use the Platform, you may provide:

Demographic information (age, sex, height, weight)
Symptoms and health complaints
Medical history and conditions
Current medications, supplements, and peptides
Lab results and bloodwork values
Genetic testing results
Lifestyle information
Photos of supplement/medication bottles

This wellness information is stored both locally in your web browser and on our secure servers (hosted by Supabase, a SOC 2 Type II compliant infrastructure provider) to enable cross-device access, treatment tracking, and reassessments. Your data is encrypted in transit (TLS/HTTPS) and at rest. If you delete your account, all associated server-stored data will be permanently deleted.

2.3 AI Processing

When you submit information for AI analysis (intake assessment, lab interpretation, care plan generation), your health data is transmitted to our AI service provider (Anthropic) for processing. This data is:

Used solely to generate your personalized recommendations
Not used to train AI models
Deleted by our AI provider in accordance with their data retention policies (typically within 30 days)
Transmitted via encrypted (HTTPS) connections

3. How We Use Your Information

Account management: To create and maintain your account, authenticate your identity
AI analysis: To generate personalized health assessments, lab interpretations, and care plans
Service improvement: To improve Platform functionality and user experience (using aggregated, anonymized data only)
Communication: To send account-related emails (password resets, important updates)
Legal compliance: To comply with applicable laws and regulations

4. Information Sharing

We do not sell your personal information. We may share information with:

AI Service Provider (Anthropic): Your wellness data is transmitted for AI analysis as described above
Database Provider (Supabase): Your account and wellness data is stored on Supabase's secure, encrypted infrastructure
Payment Processor (Stripe): Payment information for subscription processing (we do not store credit card numbers)
Email Service (Resend): Your email address and care plan content when you request email delivery
Analytics (PostHog): Anonymized usage events (pages visited, features used) to improve the Platform. No health data is sent to analytics.
Legal Requirements: If required by law, court order, or governmental authority

We do NOT share your health data with supplement companies, healthcare providers in our directory, pharmaceutical companies, advertisers, or any other third parties.

5. Third-Party Services and Affiliate Relationships

BioRoot AI links to third-party products and services including supplement dispensaries (Fullscript), genetic testing providers, and lab testing services. We may earn a commission when you purchase through these links.When you click these links and leave our Platform, your activity is governed by that third party's privacy policy, not ours.

Our recommendations are based on clinical evidence and are not influenced by affiliate relationships. We only partner with services we believe provide genuine value to our users.

6. Data Security

We implement reasonable security measures to protect your information:

All data transmission uses TLS/HTTPS encryption
Data is encrypted at rest on our database servers
Passwords are cryptographically hashed (never stored in plain text)
Row-level security ensures users can only access their own data
Our infrastructure providers (Vercel, Supabase) maintain SOC 2 Type II compliance
Access to production databases is restricted to authorized personnel only

However, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

7. Your Rights

You have the right to:

Access: View the personal information we hold about you (limited to account data)
Delete: Request deletion of your account and associated data
Export: Export your locally-stored health data at any time
Correct: Update your account information
Opt-out: Unsubscribe from non-essential communications

To exercise these rights, contact us at [email protected].

8. Cookies and Tracking

We use cookies necessary for Platform functionality (session management, authentication). We use PostHog for product analytics to understand how users interact with the Platform. PostHog collects anonymized usage events (e.g., pages visited, buttons clicked) but does not receive any health or wellness data. We do not use advertising cookies or sell data to third-party advertisers.

9. Children's Privacy

BioRoot AI is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from minors. If we learn we have collected information from a minor, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify users of material changes by posting the updated policy with a new date. Your continued use of the Platform constitutes acceptance of the revised policy.

11. Contact Us

For privacy-related questions or to exercise your data rights:

EHB Aesthetics LLC
DBA BioRoot AI
Email: [email protected]