Privacy Policy
Last Updated: December 13, 2025
ReguMe ("we," "our," or "us") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application ReguMe (the "App").
By using the App, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
Account Information
- Email address (required for account creation and authentication)
- Name (optional, from social sign-in providers like Apple or Google)
- Password (hashed, never stored in plaintext)
Optional Demographics
You may optionally provide:
- Age range (e.g., 18-24, 25-34, etc.) - NOT your exact age or date of birth
- Gender (male, female, non-binary, prefer-not-to-say)
- Location region (general region only, NOT precise GPS location)
This information is used for anonymous outcome tracking and aggregate statistics only.
Usage Information
- Wellness protocols you save
- Daily habits and supplements you track
- Folders you create and organize
- Video URLs you import from social media
- Search queries in Discovery feature
- Feature usage and interactions
- Device information (model, OS version)
- App version and crash reports
Health & Wellness Data
- Saved wellness protocols extracted from videos
- Supplement and habit tracking data
- Daily action completion status
- Progress check-in responses (if you opt-in to outcome tracking)
- Outcome tracking data (anonymized and aggregated, only if you opt-in)
Third-Party Data
- Social media video metadata (from TikTok, Instagram, YouTube, Facebook)
- Creator profile information (usernames, follower counts, profile images)
What We DO NOT Collect
- Precise GPS location
- Exact age or date of birth
- Medical records or diagnoses
- Health conditions (only general wellness categories)
- Payment information (handled by Apple/Google)
- Social media passwords
- Device identifiers for cross-app tracking
2. How We Use Your Information
Essential Uses (Required for Service)
Account Management
- Create and maintain your account
- Authenticate your identity
- Reset your password
- Manage your subscription
Core Features
- Extract protocols from videos using AI
- Organize protocols into folders
- Generate daily action checklists
- Track your progress and streaks
- Send notifications (with your permission)
Safety Features
- Analyze supplement combinations
- Provide safety warnings
- Cache analysis results for 24 hours
Optional Uses (With Your Consent)
Outcome Tracking
If you opt-in to outcome tracking:
- Collect anonymous feedback on protocol effectiveness
- Build database of "what actually works"
- Share aggregate (not individual) statistics
- Requires explicit opt-in (default: OFF)
- Can be disabled anytime in Settings
Analytics & Improvement
Anonymous Analytics
- Understand how features are used
- Identify bugs and crashes
- Improve AI extraction accuracy
- Optimize user experience
Tools Used: PostHog (product analytics), Sentry (error tracking) - both anonymized, no PII
What We DON'T Do
- Sell your personal information
- Share your health data with third parties
- Use your data for advertising
- Track you across other apps or websites
- Share with insurance companies
- Share with employers
- Create profiles for marketing purposes
3. Push Notifications
With your permission, we may send push notifications to help you stay on track with your wellness goals.
Notification Types
Daily Reminders
- Morning reminder for your daily habits (default: 7:30 AM, customizable)
- Can be disabled in Settings
Progress Notifications
- Streak milestone celebrations (3, 7, 14, 21, 30+ days)
- Weekly progress summaries (Sunday evenings)
- Can be disabled in Settings
Protocol Notifications
- When AI finishes extracting a protocol (cannot be disabled - essential)
- Check-in requests at key milestones (7, 14, 30, 60, 90 days)
- Reminders if protocols are inactive (3+ days)
- Most can be disabled in Settings
Discovery Notifications
- Reminder to save content after browsing social media
- Can be disabled in Settings
Your Control
You can manage notification preferences in: Profile → Settings → Notifications
Privacy in Notifications
Our notifications:
- Do NOT include protocol names (for privacy)
- Do NOT mention health conditions
- Use generic, motivational messaging
- Require tapping to see details
We follow HIPAA-friendly practices even though we are not a HIPAA-covered entity.
Opt-Out
You can disable notifications:
- During onboarding (decline permission)
- In iOS Settings → ReguMe → Notifications
- In Android Settings → Apps → ReguMe → Notifications
- In app: Profile → Settings → Notifications
4. Third-Party Services
We work with trusted service providers to deliver ReguMe. Here's who we share data with:
1. Supabase (Database & Authentication)
- Purpose: Database hosting, user authentication, file storage
- Data shared: All user data (email, profile, protocols, tracking data)
- Privacy Policy: https://supabase.com/privacy
- Location: United States
2. OpenAI (AI Processing)
- Purpose: Protocol extraction, content analysis, transcription (GPT-4o, Whisper)
- Data shared: Video transcripts, captions (no PII)
- Privacy Policy: https://openai.com/policies/privacy-policy
- Location: United States
3. Anthropic (Claude AI - Fallback)
- Purpose: AI processing backup (Claude 3.5 Sonnet)
- Data shared: Protocol text (no PII)
- Privacy Policy: https://anthropic.com/privacy
- Location: United States
4. Apify (Video Extraction)
- Purpose: Extract video metadata from social media
- Data shared: Public video URLs only
- Privacy Policy: https://apify.com/privacy-policy
- Location: European Union
5. RevenueCat (Subscriptions)
- Purpose: Manage subscriptions and billing
- Data shared: User ID, subscription status
- Privacy Policy: https://revenuecat.com/privacy
- Location: United States
6. PostHog (Analytics)
- Purpose: Product analytics, feature usage tracking
- Data shared: Anonymized usage data (no PII)
- Privacy Policy: https://posthog.com/privacy
- Location: United States
- Note: Can be disabled (coming soon)
7. Sentry (Error Tracking)
- Purpose: Crash reporting, error monitoring
- Data shared: Error logs, device information (no PII)
- Privacy Policy: https://sentry.io/privacy/
- Location: United States
8. Cloudinary (Image Hosting)
- Purpose: Host creator profile images
- Data shared: Public images only
- Privacy Policy: https://cloudinary.com/privacy
- Location: United States
9. Expo Push Notifications
- Purpose: Send push notifications to your device
- Data shared: Device tokens, notification content
- Privacy Policy: https://expo.dev/privacy
- Location: United States
5. Data Security
We implement appropriate technical and organizational security measures:
- Encryption in transit (TLS 1.2+)
- Encryption at rest (AES-256)
- Secure authentication (OAuth 2.0, Supabase Auth)
- Row Level Security on all database tables
- API keys stored server-side only
- Regular security updates
- Access controls and logging
- Rate limiting on all APIs
- Input validation and sanitization
However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
6. Data Retention
We retain your information:
- Account data: Until you delete your account
- Health tracking data: Until you delete your account
- Anonymized analytics: Indefinitely (cannot be linked to you)
- Cached data: 24-48 hours (automatic cleanup)
- Session data: 30 days of inactivity (auto-logout)
You can request deletion of your data at any time through the app or by emailing us.
7. Your Privacy Rights
All Users
Right to Access
- View all your data in the app
- See what protocols you've saved
- Review your tracking history
- Check your account information
Right to Delete
- Delete individual protocols
- Delete daily actions
- Delete your entire account (Profile → Settings → Delete Account)
- All data permanently removed
Right to Control
- Manage notification preferences
- Toggle outcome tracking on/off
- Choose what folders to use
- Decide what to track
European Union Users (GDPR)
You have additional rights under GDPR:
Right to Data Portability
- Request a copy of your data
- Receive in machine-readable format (JSON)
- Transfer to another service
- Contact: privacy@regume.com
Right to Rectification
- Correct inaccurate information
- Update your profile data
- Modify your preferences
Right to Restrict Processing
- Limit how we use your data
- Object to certain processing
Right to Object
- Object to data processing for certain purposes
- Opt-out of analytics
Right to Lodge Complaint
- File complaint with EU supervisory authority
- Contact your local data protection authority
California Users (CCPA)
Right to Know
- What personal information we collect
- Sources of that information
- Purposes for collection
- Third parties we share with
Right to Delete
- Request deletion of personal information
- Some exceptions apply (legal obligations)
Right to Opt-Out
- Opt-out of sale of personal information
- Note: We do NOT sell personal information
Right to Non-Discrimination
- Same service quality regardless of privacy choices
- No penalties for exercising rights
How to Exercise Your Rights
Data Requests:
- Email: privacy@regume.com
- Subject: "Data Request" or "GDPR Request" or "CCPA Request"
- Include: Your registered email address
- Response time: Within 30 days (GDPR) or 45 days (CCPA)
- Cost: Free
We'll verify your identity before fulfilling requests.
8. International Data Transfers
Data Transfer Notice:
Your data may be transferred to and stored on servers in the United States. If you are located outside the United States, your data will be transferred to US servers. We use appropriate safeguards (encryption, access controls) to protect your data.
By using ReguMe, you consent to this transfer. European Users: We comply with GDPR data transfer requirements.
9. Children's Privacy
Age Requirement: 17+
ReguMe is not intended for children under 17. We do not knowingly collect information from children under 13. If we discover we have collected data from a child under 13, we will delete it immediately.
Parents: If you believe your child has provided information to ReguMe, contact privacy@regume.com.
10. Cookies & Tracking
Analytics
- PostHog: Anonymous usage tracking (can be disabled in settings - coming soon)
- Sentry: Crash reports (no personal data)
We Do NOT Use
- Third-party advertising cookies
- Cross-site tracking
- Behavioral profiling for ads
11. Changes to Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of changes by:
- Posting the new policy on this page
- Updating the "Last Updated" date
- Sending an in-app notification (for material changes)
Continued use after changes constitutes acceptance.
12. Contact Us
For privacy questions, data requests, or concerns:
Privacy Email: privacy@regume.com
Data Protection Officer: dpo@regume.com
Response time: Within 30 days
Support: support@regumeapp.com