Privacy Policy

Last updated June 10, 2026

This Privacy Policy explains how InFive Health, Inc., a Delaware corporation (“InFive,” “we,” “us,” or “our”) collects, uses, and shares information when you use InFive. It is written for users in the United States. Health information is sensitive, so we keep what we collect narrow and tied to providing the Service.

1. Information we collect

  • Account information. Your email address, used for passwordless sign-in. We do not store a password.
  • Health profile. The details you choose to enter about yourself, such as your age, sex, conditions, medications, family history, and symptoms you describe.
  • Health content you submit. Lab-report PDFs and photos and the biomarkers extracted from them, meal photos, reminders, and your doctor-visit prep list, along with the AI coaching generated from them.
  • Audio. Voice notes, recordings of doctor visits, and voice-call audio that you provide. We use this audio to transcribe what was said and to power the coaching conversation.
  • Service data. Basic technical and usage data needed to operate the Service securely, such as session identifiers and rate-limit counts.

We do not ask for, and you should not submit, government identification numbers, financial account numbers, or insurance identifiers. We do not knowingly collect information from anyone under 18.

2. How we use information

  • to produce your coaching and operate the Service;
  • to transcribe the audio you submit and respond within the coaching conversation;
  • to keep your content organized and private to your account;
  • to secure the Service, enforce usage limits, and prevent abuse; and
  • to comply with law and respond to your requests.

We do not sell your data. We do not share your data for cross-context behavioral advertising. We do not use your health content or audio to train our own models or to advertise to you.

3. Service providers we use

We rely on a small set of providers to run the Service. They act as processors and handle information on our behalf to provide their service to us, not for their own marketing. Your data is not sold and is not used for advertising or tracking:

  • Anthropic (Claude): receives the content you submit to generate your coaching responses.
  • OpenAI: transcribes your audio (speech-to-text) and generates spoken replies (text-to-speech).
  • Vapi: connects and processes live voice calls with the coach.
  • Supabase and Neon: authentication and database storage for your account and content.
  • Infrastructure: Vercel (hosting) and Resend (transactional email such as sign-in codes).

We may also disclose information if required by law, to protect rights and safety, or in connection with a business transfer, in which case we will continue to protect the information consistent with this Policy.

4. Retention and deletion

We keep your account and health content until you delete it or ask us to delete it, or until it is no longer needed to provide the Service. You can delete your account and all of its data. We may retain limited records where required by law or to resolve disputes. Backups and provider logs may persist for a short period before being overwritten.

5. Security

We use reasonable administrative and technical safeguards to protect your information, and our providers maintain their own security programs. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

6. Your US privacy rights

Depending on where you live, including under the California Consumer Privacy Act as amended by the CPRA, you may have the right to:

  • know what personal information we hold about you;
  • access or receive a copy of it;
  • correct inaccurate personal information;
  • delete your personal information; and
  • not receive discriminatory treatment for exercising these rights.

Because we do not sell personal information or share it for cross-context behavioral advertising, there is nothing to opt out of in that respect. To make a request, email privacy@infive.health. We will verify your request using the email associated with your account before acting on it. You may use an authorized agent where the law allows.

7. HIPAA and regulatory posture

InFive is a consumer health coaching product. It does not provide medical advice and is not a substitute for care from a licensed clinician. InFive is not a HIPAA covered entity and is not a substitute for care from a HIPAA-covered provider. Information you submit to InFive is governed by this Policy, not by HIPAA.

8. Children

InFive is intended for adults. We do not knowingly collect personal information from children under 18. If you believe a child has provided us information, contact privacy@infive.health and we will delete it.

9. Changes to this Policy

We may update this Policy from time to time. If we make material changes we will update the date above and, where reasonable, give notice in the Service. Your continued use after changes take effect means you accept the updated Policy.

10. Contact

InFive Health, Inc. is a Delaware corporation. For privacy questions or to exercise your rights, contact privacy@infive.health. Written notices may be sent to our registered agent, Legalinc Corporate Services Inc., 131 Continental Dr, Suite 305, Newark, New Castle County, Delaware 19713, United States.