Privacy Policy

Last updated: April 2026

Information We Collect

We collect personal information you provide when creating an account, including your name, email address, date of birth, and billing details. We also collect health data you choose to share with us, such as wearable device metrics, lab results uploaded or ordered through our platform, and information you provide during provider consultations. Usage data such as log files, device identifiers, and interaction patterns are collected automatically to maintain and improve our services.

How We Use Your Information

Your information is used to deliver and personalize our longevity telehealth services, generate health insights through our AI coaching tools, facilitate consultations with licensed providers, and fulfill prescriptions and lab orders. We may also use aggregated, de-identified data to improve our algorithms and service quality. We will never sell your personal health data to advertisers or data brokers.

Wearable Device Data

Pymander integrates with wearable devices including Apple Watch, Whoop, Oura Ring, and Garmin. Wearable data, such as heart rate variability, sleep stages, recovery scores, activity metrics, and blood oxygen levels, is synced only with your explicit consent. This data is used exclusively to support your care, power personalized health insights, and inform provider consultations. You may disconnect any wearable integration at any time from your account settings.

Google User Data

When you choose to connect your Google Calendar to Pymander Health, we request access to two scopes:

• https://www.googleapis.com/auth/calendar.readonly — read-only access to events on your primary calendar. We use this to give your coach context about your day so it can recommend bedtime adjustments before early meetings, modify workout intensity around travel, schedule recovery practices on light-meeting days, and avoid recommending early-morning workouts before flights.
• https://www.googleapis.com/auth/calendar.events — write access used only when you explicitly ask the coach to put something on your calendar (for example, "schedule a 30-minute walk at 4pm" or "put a sauna session on Thursday morning"). The coach never creates, modifies, or deletes events on its own. It does not modify or delete events created by other apps or by you.

Pymander Health's use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, we commit that data accessed through Google's APIs is:

• used only to provide and improve features visible to the user inside Pymander Health (the coach's context-aware recommendations and explicit user-requested calendar writes);
• never used for advertising or sold to advertisers;
• never shared with third parties except as necessary to provide or improve user-facing features (e.g. our infrastructure providers, under contractual confidentiality), or as required by law;
• never accessed by humans except where necessary for security, to comply with applicable law, when we have explicit user consent to do so, or where the data has been aggregated and anonymized so it can no longer be linked to an individual;
• never used to develop, improve, or train generalized AI / machine learning models. (Calendar data is read at request time to construct your individual coaching response, not used to retrain coach models.)

Tokens issued by Google are stored encrypted in our database and used solely to call Google's APIs on your behalf. You can revoke access at any time from Settings → Connections in the Pymander Health iOS app, or from myaccount.google.com/permissions. Revoking access immediately stops all calendar reads and writes by Pymander; existing event references in your past coaching conversations remain in your message history but no new calendar data is fetched.

Data Security

We employ industry-standard security measures to protect your information, including encryption in transit (TLS 1.3) and at rest (AES-256). Our infrastructure and practices are aligned with HIPAA requirements for the handling of protected health information. Access to personal health data is restricted to authorized personnel and your designated care providers. We conduct regular security audits and vulnerability assessments.

Third-Party Services

We work with trusted third-party partners to deliver certain aspects of our service, including CLIA-certified laboratory partners for diagnostic testing, licensed pharmacy partners for prescription fulfillment, and secure payment processors for billing. These partners receive only the minimum information necessary to perform their services and are bound by contractual obligations to protect your data.

Your Rights

You have the right to access, correct, and delete your personal data at any time. You may also request a portable export of your health data in a standard format. To exercise any of these rights, contact us at hello@pymanderhealth.com or through your account settings. We will respond to all data requests within 30 days.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes via email or through a notice on our platform. Your continued use of Pymander after any changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at hello@pymanderhealth.com.

This policy will be updated prior to public launch.