Privacy Policy
Finesis LLC
Last Updated: June 21, 2026
IMPORTANT NOTICE FOR US USERS: Finesis LLC operates strictly as a general wellness platform. We are not a HIPAA “Covered Entity,” and the data you sync to our platform is classified as consumer wellness data under US federal and state laws, governed primarily by the Federal Trade Commission (FTC).
This Privacy Policy describes how Finesis LLC (“the Company,” “we,” “us,” or “our”) collects, uses, stores, and protects the information of users who register on our portal at https://chatbot.health (the “Service”).
1. Information We Collect
We only collect data that is necessary to run the fitness portal or that you explicitly choose to sync with us. This includes:
- Account Profile Data: Email address, hashed password, and date of birth.
- Connected Health & Wellness Data: If you explicitly authorize the connection, we pull the following biometric metrics from Apple Health and Android Health Connect:
- Step count
- Blood pressure
- Heart rate
- Oxygen saturation (SpO2)
- Body mass
- Associated timestamps for each metric
2. How We Use Your Information
We use the information we collect for the following purposes:
- To provide dashboard functionality and display your wellness data
- To generate AI-powered summaries, insights, and fitness-related responses
- To authenticate and secure your account
- To improve, develop, and operate the Service, including analytics, aggregation, and de-identified machine learning systems
3. Data Sharing and Commercial Use
Your trust is paramount. We enforce strict safeguards regarding the handling of your personal information.
No Sale of Personal Identifiable Data
We do not sell, rent, lease, or license your personally identifiable information (such as your email address, login credentials, or directly linked account identifiers) to insurance companies, data brokers, or marketing networks. Nothing in this Policy restricts our ability to use or commercialize de-identified or aggregated data.
Use of De-Identified and Aggregated Data
We may transform user data into de-identified, aggregated, or statistical datasets by removing direct and indirect identifiers. We use reasonable technical and organizational measures to de-identify data in accordance with applicable law, and we do not attempt to re-identify such data. De-identified Data means data that has been modified to remove direct and indirect identifiers such that the data cannot reasonably be used to identify an individual.
We may use, license, sell, or otherwise commercialize de-identified and aggregated datasets, provided such datasets are processed in accordance with applicable law, for purposes including but not limited to:
- health and wellness trend analysis
- population-level insights
- product development and research
- machine learning model development and evaluation
- commercial partnerships and data licensing
Third-Party Service Providers
We may share both personal and de-identified data with trusted service providers who assist in operating the Service, including hosting, analytics, and AI processing.Service providers may process and store data on our behalf, including in jurisdictions outside your country of residence.
4. Compliance with the FTC Health Breach Rule
As a vendor of a general wellness platform in the United States, we are subject to the FTC Health Breach Notification Rule. In the event of a security exploit, database leak, or unauthorized third-party acquisition of your wellness data, we will fulfill our federal obligation to notify you and the Federal Trade Commission directly within the legally mandated timeframe.
5. Your Rights and Data Deletion
You maintain ultimate control over your data. At any time, you may request the permanent elimination of your records:
- Disconnecting APIs: You can revoke our portal’s permission to read from Apple Health or Android Health Connect directly through your mobile device operating system settings.
- Account Deletion: You can request a full account wipe by contacting us through our platform. Upon receiving your deletion request, we delete or de-identify your personal data from our active systems within a reasonable period of time, subject to legal, security, and compliance retention requirements.
6. Security
We implement reasonable administrative, technical, and organizational safeguards designed to shield your data from unauthorized access. This includes using industry-standard transport layer encryption protocols for data in motion and encrypting user databases at rest. However, no internet-based transmission is completely impervious, and we cannot guarantee absolute security.
7. Contact
For any privacy inquiries or to execute data deletion requests, please contact us at the appropriate administrative portal at https://chatbot.health.
