Privacy Policy
Formulai - Privacy Policy
Last updated: May 14, 2025
Important: Formulai provides general wellness information. We do not diagnose, treat, cure, or prevent any disease. The content and recommendations on our Site are for informational purposes only and are not a substitute for professional medical advice. Always consult a qualified health-care provider regarding any health questions.
By using or accessing any of the Services at myformulai.com (the “Site”) or otherwise communicating with us regarding the Site (the “Services”), you agree to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree, please do not use or access the Services.
1. Changes to This Privacy Policy
We may update this Privacy Policy from time to time (for operational, legal, or regulatory reasons). When we do, we will post the revised policy here, update the “Last updated” date, and take any other steps required by applicable law.
2. Information We Collect
We collect personal information about you to operate our Site and provide our Services. The types of information we collect depend on how you interact with us.
2.1 Information You Provide Directly
-
Contact & Account Details: Name, address, email, phone, username, password, security questions.
-
Order & Shopping Information: Billing/shipping address, payment confirmation, cart contents, loyalty points, gift cards, product reviews, referrals.
-
Customer Support: Any details you include in messages or support tickets.
-
Health & Wellness Data (Sensitive/Special-Category Data):
-
Survey responses (sleep quality, energy levels, diet and supplement goals, self-reported diagnoses, lifestyle habits).
-
Files you upload (lab results, scanned records).
-
Any inferences we derive (e.g., recommended macronutrient targets, supplement stacks).
-
2.2 Information We Collect Automatically
-
Usage Data: Device type, browser, operating system, IP address, network provider, pages viewed, time stamps, clickstream data.
-
Tracking Technologies: Cookies, pixels, web beacons, third-party libraries (including Meta Pixel, Google Analytics, Hotjar) — especially on pages where you provide Health & Wellness Data, though raw survey answers are not captured by these tags.
2.3 Information from Third Parties
-
Platform & Service Providers: Shopify (store operation), payment processors (credit/debit card details, billing address), analytics vendors.
-
Advertising & Analytics Partners: Meta, Google, Klaviyo, Braze, Hotjar, Braintrust — for marketing, personalization, and customer-experience analytics.
3. How We Use Your Information
We use your information to:
-
Provide & Improve Services: Process orders, manage accounts, fulfill shipments, handle returns, protect against fraud, optimize our Site and recommendation engine.
-
Personalized Wellness Insights: Generate AI-driven product, content, and lifestyle recommendations tailored to your survey answers.
-
Marketing & Advertising: Send you targeted email campaigns, newsletters, and on-Site promotions based on your preferences and survey data. Each email includes an unsubscribe link.
-
Security & Fraud Prevention: Detect, investigate, and prevent unauthorized or malicious activity.
-
Customer Support & Service Improvement: Respond to inquiries, debug issues, and refine user experience.
-
Analytics & Research: Conduct aggregated, anonymized analyses to understand user behavior and improve our algorithms (including eventual wearable integrations).
4. Cookies & Tracking Technologies
We use cookies and similar technologies to:
-
Remember your preferences and shopping cart.
-
Run Site analytics (e.g., Google Analytics, Hotjar heat maps).
-
Tailor on-Site and email advertising.
On pages collecting Health & Wellness Data, we prevent tracking scripts from capturing raw survey answers. You may control or block cookies via your browser settings or our Consent Manager. Note that disabling cookies may limit some features or personalized recommendations.
5. Health & Wellness Data
We treat Health & Wellness Data as Sensitive Personal Information under the California Privacy Rights Act (CPRA), Washington’s My Health My Data Act (MHMDA), Nevada SB 370, and—as “special-category data”—under GDPR (EU/UK).
5.1 Legal Basis & Consent
-
U.S. State Laws (CPRA, MHMDA, NV SB 370): We collect and process Health & Wellness Data only after you give affirmative, opt-in consent via a checkbox. You may withdraw consent or limit our use at any time through your Health Data Preferences in your account.
-
EU/UK (GDPR Art. 9(2)(a)): We process your Health & Wellness Data on the basis of your explicit consent.
5.2 Purposes of Processing
-
Generate personalized recommendations via OpenAI’s API.
-
Store encrypted records in our Postgres database on DigitalOcean.
-
Conduct internal analytics and improve our recommendation engine.
-
Send targeted email campaigns (via Klaviyo/Braze).
5.3 Sharing & Data Transfers
-
Service Providers: OpenAI, DigitalOcean, Klaviyo, Braze, Hotjar, Braintrust — only as processors under data-processing agreements that prohibit secondary use or marketing.
-
Advertising Pixels: Session identifiers (IP, browser) with Meta and Google, never including your raw survey answers.
-
No Sale or Share for Cross-Context Advertising: We do not “sell” or “share” Health & Wellness Data as defined by CPRA, MHMDA, or NV SB 370.
-
International Transfers: Data processed by OpenAI in the U.S. is covered by EU Standard Contractual Clauses (SCCs) or UK International Data Transfer Addendum (IDTA).
5.4 Retention & Deletion
-
We retain Health & Wellness Data until you refresh or delete it, or for five years—whichever is shorter—after which we delete or irreversibly anonymize it.
-
You may request deletion at any time via your account settings or by contacting us (see Section 11).
5.5 Security & Breach Notification
-
Encryption: TLS 1.2+ in transit; AES-256 at rest.
-
Access Controls: Role-based permissions, activity logging, periodic reviews.
-
Third-Party Audits: We plan to obtain SOC 2 Type II and related certifications.
-
Breach Notification: In the event of a breach involving unsecured Health & Wellness Data, we will notify affected individuals (and, if over 500 people, the FTC) within 60 days, pursuant to the FTC Health Breach Notification Rule.
6. How We Disclose Information
We may share your personal information:
-
With Service Providers (Shopify, payment processors, cloud hosts, analytics vendors) strictly to perform Services on our behalf under contractual obligations.
-
With Marketing & Advertising Partners to send or display promotional content on our Site or via email—never for off-Site behavioral advertising using your Health & Wellness Data.
-
With Affiliates for internal business purposes.
-
In connection with a Business Transaction (merger, sale, bankruptcy) subject to confidentiality agreements.
-
To comply with law, respond to subpoenas, or protect our rights or those of our users.
7. Third-Party Websites & Links
Our Site may contain links or integrations with third-party sites (e.g., social media, payment portals). This Privacy Policy does not apply to those platforms. We encourage you to review their privacy notices before submitting any personal data.
8. Children’s Data
Our Services are not directed to children under 18. We do not knowingly collect Health & Wellness Data from anyone under 18. If we learn we have inadvertently collected data from a minor, we will promptly delete it.
9. Security & Retention of Your Information
While we employ robust security measures, no system is impenetrable. We recommend you avoid transmitting especially sensitive information over insecure channels. Retention periods vary by data type, legal requirement, and operational need; see the Health & Wellness Data section above for specifics.
10. Your Privacy Rights
Depending on where you live, you may have the following rights:
| Right | Description | How to Exercise |
|---|---|---|
| Access/Know | Request a copy of personal data we hold about you. | Through your account or contact us (Section 11). |
| Delete | Request deletion of personal data. | Via account settings or contact us. |
| Correct | Request correction of inaccurate data. | Via account settings or contact us. |
| Portability | Receive your data in a structured format. | Contact us. |
| Restrict Processing | Ask us to limit how we use your data. | Contact us. |
| Withdraw Consent | Revoke consent for Health & Wellness Data usage. | Account settings or contact us. |
| Limit Use of Sensitive PI | Under CPRA, opt to limit our use of your sensitive data. | Health Data Preferences link. |
| Opt-Out of Marketing | Stop promotional emails. | Unsubscribe link in emails or contact us. |
| Appeal | Appeal denial of any request. | Reply to denial notice. |
We will not discriminate against you for exercising these rights. We may need to verify your identity before fulfilling requests.
11. International Users
If you are outside the U.S., your data may be transferred to, stored, and processed in the U.S. or other countries. We use safeguards such as EU SCCs and the UK IDTA. By using our Services, you consent to these transfers.
12. Contact Us
For questions or to exercise your rights, please contact:
-
Email: info@myformulai.com
-
Mail: 14818 North 74th Street, Scottsdale, AZ 85260, USA
Thank you for trusting Formulai with your wellness journey. We’re committed to protecting your privacy while delivering personalized, insightful recommendations.
Formulai makes it simple to reach your health goals. With personalized insights and expertly curated products, you get clear, trusted guidance for what works. Smarter health starts here.
Formulai makes it simple to reach your health goals. With personalized insights and expertly curated products, you get clear, trusted guidance for what works. Smarter health starts here.