Consumer Health Data Privacy Policy

This Consumer Health Data Privacy Policy is provided in compliance with the Washington My Health My Data Act (MHMDA). It describes how Panora Health AI ("Company," "we," "us," or "our") collects, uses, shares, and protects your consumer health data when you use Panora Health AI (the "Service"). This policy is separate from and in addition to our general Privacy Policy.

1. What Consumer Health Data We Collect

We collect the following categories of consumer health data:

• Blood work results — lab values, panel types, reference ranges, and dates
• Nutrition logs — meals, macronutrients, caloric intake, and dietary patterns
• Workout data — exercises, sets, reps, duration, and training history
• Supplement information — products, dosages, timing, and supplement stacks
• WHOOP metrics — heart rate variability (HRV), recovery scores, strain, and sleep performance data
• Daily check-in responses — self-reported wellness data collected through voice and text conversations
• AI-generated wellness insights — observations and trend analyses produced by the Service based on your data

2. How We Collect Your Health Data

We collect consumer health data through the following methods:

• Directly from you — through manual data entry, voice check-in conversations, text-based health intake forms, and photo uploads (e.g., pill identification, lab result images)
• From connected devices — through authorized integrations with WHOOP wearable devices that you choose to connect

We do not collect consumer health data from third-party data brokers, social media, or any source other than those listed above.

3. Purpose of Collection

We collect and process your consumer health data for the following purposes:

• To provide AI-powered wellness observations and educational health insights
• To store your health history so you can track your wellness over time
• To generate trend analyses and visualizations of your health data
• To detect patterns that may warrant a recommendation to consult your healthcare provider
• To prepare wellness summaries for sharing with healthcare providers (only with your explicit, per-instance consent)

4. Who We Share Your Health Data With

We share your consumer health data only in the following circumstances:

We do not sell your consumer health data. We do not share your consumer health data for advertising purposes.

5. How to Withdraw Consent

You may withdraw your consent for the collection and use of your consumer health data at any time by:

• Using the Settings > Privacy controls within the Panora Health AI application
• Emailing admin@panorahealth.ai with the subject line "Withdraw Consent"

Upon withdrawal, we will stop collecting new consumer health data. You may also request deletion of all previously collected data (see Section 6 below).

6. Your Rights

Under the Washington My Health My Data Act, you have the following rights regarding your consumer health data:

• Right to access — You can request and download all consumer health data we hold about you in a portable format
• Right to delete — You can request permanent deletion of all your consumer health data. We will comply within 30 days of your request.
• Right to withdraw consent — You can withdraw your consent for collection and use of your consumer health data at any time, without penalty

To exercise any of these rights, use the in-app settings or email admin@panorahealth.ai with the subject line "MHMDA Request." We will respond within 30 days.

7. Contact