Privacy Policy

Last updated: April 28, 2025

Welcome to Embody. We are committed to protecting your privacy and handling your information transparently.

This Privacy Policy explains how we collect, use, and protect information through the Embody mobile application (the “App”) and website (the “Site”).

By using the App or Site, you agree to the practices described in this Policy.

Summary 

  • Our App is private-by-default and offline first. When you download and interact with the Embody App, we only collect information with your explicit consent.

  • We do not collect any information for the express purpose of identifying individuals. 

  • Your personal data is saved locally on your phone’s storage, and is not uploaded to a cloud or centralized server unless you explicitly opt in. 

  • Embody can’t and won’t share any user data with third parties because it is impossible for us to access it. 

  • No sign in required and no identification data is collected when downloading and using the App. 

  • Users may choose to opt into encrypted cloud backup, which stores a copy of their data securely on their own cloud account or on Embody’s encrypted server, depending on the implementation. 

Information We Collect 

App 

When downloading the App 

Please note that when you download Embody via the Apple App Store or Google Play Store, these platforms may collect certain information beyond our control, such as individual users’ IP addresses, install and crash statistics or user engagement patterns. We have no control of or access to that and do not actively try to access such information. This data collection is governed by the respective app stores’ privacy policies. Please see Google Play and Apple’s app store policy for more information. 

Information collected with consent

Our App is private-by-default and offline first. When you interact with the Embody App, we only collect personal information with your explicit consent. 

With your explicit consent, we may collect anonymized usage information to improve the App. This may include: how often you open the App, the number of symptoms logged, and time spent on each section of the App. This usage information is anonymized and collected solely for the purpose of enhancing App functionality. You can provide or withdraw your consent within the App settings at any time.

Site and socials 

When you interact with the Embody Site or Embody’s social media, we collect only information that you provide us directly as well as limited, non-identifiable usage information that is collected automatically. 

The Embody Site is currently hosted on Google Cloud servers based in the United States. Consequently, any minimal user data processed may be subject to U.S. laws, including The Clarifying Lawful Overseas Use of Data Act (“CLOUD”). For users in the European Union (EU), this means your data is processed in the United States, which may not offer the same level of protection as under GDPR.

Information we collect automatically

We use open source and/or self-hosted analytics providers such as Matomo and PostHog to collect information like Site activity (e.g. time on site, pages visited) and device information (e.g. browser type, OS, hardware model, language settings).

Information we never collect

We do not collect any of the following information: calendar information, details about your menstrual cycle, types of symptoms logged, location data, identification data, information about other applications, or protected personal data, such as details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health information, and genetic or biometric data. 

Please note that if you opt into encrypted cloud backup, your App data may be stored off-device in encrypted form. Embody cannot decrypt this data. 

Under the General Data Protection Regulation (GDPR) and equivalent international laws, the lawful bases for processing your data include: your explicit consent (for optional analytics and marketing); our legitimate interest in ensuring App functionality and security. 

Information you provide

You may choose to give us information about yourself by subscribing to our newsletter, completing a survey, or contacting us via email or platforms such as WhatsApp, Instagram, GitHub, or Twitter. The scope of this information may include:

  • Contact Information - Such as your email address or social media handle.

  • Survey responses - Including product feedback and broad demographic information (e.g. geographic region, age, reason for tracking)

  • Correspondence - Any information you give us in direct correspondence, such as for technical support or employment opportunities.

  • Marketing preferences - Includes your preferences in receiving marketing from us, such as whether you would like to receive our newsletter and how you engage with them.

How We Use Your Information 

We use the information we collect for the following purposes: to provide, operate, and maintain our App and services; to improve, personalize, and expand our offerings; to understand and analyze user engagement and usage trends; to develop new products, features, or services; to communicate with users when requested (e.g., for support or feedback); and to comply with legal obligations or enforce our rights.

App

We use your data only with your explicit consent and solely to improve your experience with the App. Below is a summary of what we collect and why:

Purpose: To analyze how users interact with the App, so we can identify bugs, improve usability, and design better features.

Types of data collected: Number of times the App is opened, number of symptoms logged, and the time spent on each screen.

Lawful basis for processing: Your explicit consent, which you may give or withdraw at any time in the App settings.

Site and Socials

We collect limited information when you interact with our Site or social media. We use this information only to support your experience, maintain our services, and improve our offerings. Below is a summary of the types of data we collect, why we collect it, and the legal basis under GDPR and equivalent international laws.

Purpose: To ensure you get the most out of our Site and keep everything running smoothly (including troubleshooting, data analysis, testing, and support)

  • Contact information – lawful basis: legitimate interests (responding to user inquiries)

  • Correspondence – lawful basis: legitimate interests (providing support or responding to user questions)

  • Site activity – lawful basis: legitimate interests (ensuring proper functioning and troubleshooting)

Purpose: To use data analytics to improve our product, Site, and overall user experience

  • Site activity – lawful basis: consent (for non-essential analytics, such as usage trends)

  • Marketing preferences – lawful basis: consent (for storing and honoring preferences)

  • Product usage data – lawful basis: legitimate interests (for internal service improvements, if anonymized)

Purpose: To build and maintain our relationship with you

  • Contact information – lawful basis: consent (for email updates) or performance of a contract (e.g., paid user or support request)

  • Correspondence – lawful basis: legitimate interests (maintaining communications)

  • Survey responses – lawful basis: consent (voluntary data provided by the user)

  • Marketing preferences – lawful basis: consent

Purpose: To create aggregate data to better understand and improve user experience

  • Site activity – lawful basis: legitimate interests (when anonymized and used solely internally)

  • Product usage – lawful basis: legitimate interests (when anonymized and not used for profiling or targeted marketing)

How We (Don’t) Share Your Information

Information that you provide in-App will not be collected without your explicit consent. If you choose to share your information, we may share your information in the following ways:

  • Inside the Embody organization - Including our subsidiaries, affiliates, our ultimate holding company, and its subsidiaries and affiliates.

  • With partners and service providers - If you choose to share your information, we may share limited information with contractors, service providers, and other third parties we use to support our business. If we offer a co-branded promotion, your information may be shared with our partner.

  • With your express consent - We may share your information any other time you provide us with your consent to do so.

  • Stated purpose - For additional purposes, so long as they are stated when you provide us with the information.

We may also disclose information that you have offered with consent:

  • To comply with our legal obligations - To comply with any court order, law, or legal process, including responding to any government or regulatory request. To investigate suspected violations of any law, rule, or regulation, or the terms or policies for our App and Site. However, since we do not collect personally identifiable information via the App, this would only include the data you have consented to provide us.

  • Safety and security - To protect the rights, property, or safety of our business, our employees, our users, or others. This includes exchanging information with other companies and organizations for the purposes of cybersecurity or fraud protection.

Cloud Back-Up

If you opt into encrypted cloud backup, your App data (still encrypted and inaccessible to us) will be stored securely using Google Cloud infrastructure. Cloud backups are optional, and users control encryption keys. Cloud backups are not linked to user identity unless users voluntarily associate their backup with an email or identifier, which is currently not required. App data backed up to Google Cloud is hosted on servers in the United States. This means even encrypted data is technically subject to U.S. legal jurisdiction, including the CLOUD Act. If you are located in the EU, this constitutes a transfer of data outside the EEA. We rely on Google’s participation in appropriate international transfer mechanisms, such as Standard Contractual Clauses.

Cookies and Automatic Data Collection Technologies

Our Site uses essential cookies necessary for its operation and analytics cookies to understand how visitors engage with our site. You can manage your cookie preferences through your browser settings.

Your Rights and Choices

You have the right to control your data. You can opt out of marketing communications via provided links or by contacting us. You can opt out of analytics by adjusting your consent settings. You can refuse or delete cookies via your browser. 

To request a download of your data or to delete it, please contact [email protected] and follow the verification instructions we provide.

To request a copy of your data or ask for it to be deleted, contact [email protected] and follow the instructions we provide. If you’ve used cloud backup, please specify if the deletion should include your cloud backup.

Children’s Data

We do not knowingly collect personal information from individuals under the age of 18. If we become aware that we have collected personal information from a user under 18, we will promptly delete that information.

Retention

We only retain your information as long as needed to fulfill the purposes for which it was collected. If you opt into cloud backup, you may delete those backups through the App’s backup settings. You may also email [email protected] for support.

Data Security

We use appropriate administrative, physical, and technical safeguards to protect your information. While no system is completely secure, we take your privacy seriously and review our practices regularly. You are responsible for safeguarding access to your phone and personal data stored on it.

Third-Party Links

Some content or applications on our Site and in our App may be served by third parties, content providers, and application providers including the following:

  • Third-party links. Our Site and App may contain links to other sites, which we do not control. Those websites have their own privacy policies and terms, and we encourage you to read those terms before interacting with third-party sites.

  • User content. Our Site and social media may allow you to upload your own content to public areas. Any information you submit becomes public information, and we do not control how others may use the content you submit. We are not responsible for uses that may violate our privacy policy, the law, or your intellectual property rights.

Changes to Our Privacy Policy

We may update this policy from time to time. Material changes will be highlighted when they occur. The “Last Updated” date reflects the most recent revision.

Contact Us

If you have any questions about our privacy policy, please contact us at [email protected]