Legal

How we handle your information

Flourish Daily Ltd
Effective Date: December 17, 2025

Introduction

Flourish ("we," "our," or "us") is a personalized AI fitness and wellness guide designed to help you achieve your long-term goals. This Privacy Policy explains how Flourish Daily Ltd, a company registered in the United Kingdom (Company No. 16541416), collects, uses, shares, and protects your information when you use our mobile application and services.

For the purposes of the UK General Data Protection Regulation (UK GDPR), Flourish Daily Ltd is the Data Controller of your personal information.

Company Information: Flourish Daily Ltd

15 Penzance Pl, London, W11 4PG, UK

Email: privacy@flourishdaily.io

1. Information We Collect

1.1 Information You Provide

Account Information:

  • Phone number
  • Name
  • Timezone

Fitness and Wellness Data (Only with your explicit consent):

We do not collect this data unless you explicitly connect a third-party service (like Apple Health or Strava) or manually input it.

  • Activity Data: Steps, distance, flights climbed, cycling, swimming.
  • Workout Details: Activity types (running, yoga, HIIT, cycling) including duration, calories, and heart rate.
  • Sleep Data: Sleep stages, start/end times, and sleep quality.
  • Mindfulness: Meditation sessions and mindfulness minutes.
  • Self-Reported Notes: Wellness reflections and subjective feedback you provide.

Voice Conversations:

  • Real-time voice input during calls with your AI guide (audio is streamed for processing, not stored).
  • Transcripts of your conversations.

Insights Entries (Note taking):

  • Text entries.
  • Photos you upload.
  • Voice Memos: Audio recordings you explicitly create and upload to your journal.

Goals & Plans:

  • Your fitness and wellness goals.
  • Daily and weekly objectives.
  • Plan drafts and progress tracking.

1.2 Automatically Collected Information

Usage Data:

  • Features you use.
  • Session duration and frequency.
  • In-app navigation patterns.

Device Information:

  • Device type and model.
  • Operating system version.
  • Unique device identifiers.
  • Push notification tokens.

Performance Data:

  • Crash reports and error logs.
  • API response times.

1.3 Information from Third Parties

Calendar Services (With your permission):

  • Google Calendar events and schedules (to help you plan workouts).

Fitness Integrations (Only if you explicitly connect them):

  • Strava: Workout and activity data.
  • Apple HealthKit (iOS): Fitness, workout, sleep, and mindfulness data.
  • Health Connect (Android): Fitness, workout, sleep, and mindfulness data.

Google Health Connect Disclosure:

The use of information received from Health Connect will adhere to the Google Health Connect Permissions Policy, including the Limited Use requirements.

1.4 Cookies and Tracking Technologies

We and our service providers may use cookies, mobile device identifiers (such as IDFA or Android Advertising ID), and local storage to operate the app, remember your settings (like authentication tokens), and analyze usage. You can control cookie preferences through your device settings.

2. How We Use Your Information

2.1 Primary Purposes

To Provide Our Service:

  • Power AI-driven fitness and wellness conversations.
  • Analyze your voice input to generate helpful responses.
  • Track your metrics and progress toward goals.
  • Send reminders and motivational notifications.

To Improve Our Service:

  • Enhance AI response accuracy.
  • Identify and fix bugs.
  • Understand feature usage to prioritize improvements.

2.2 AI and Machine Learning

Real-Time AI Processing:

  • Your conversations are processed by AI models to generate personalized guidance.
  • Voice recordings are transcribed in real-time.

AI Training:

Your data is NOT used for AI training by default. We do not use your personal fitness or conversation data to train our foundational AI models.

2.3 Communications

  • Service Communications: Account updates, support responses.
  • Marketing (Optional): Tips and newsletters. You can opt-out anytime by using the unsubscribe link in our emails or contacting privacy@flourishdaily.io.

3. How We Share Your Information

We do NOT sell your personal information. We do NOT share your fitness data for advertising purposes.

3.1 Third-Party AI Services

IMPORTANT DISCLOSURE:

Your personal data, including fitness information and voice transcripts, is shared with the following third-party AI services to power Flourish's features. We obtain your explicit permission before sharing data with these AI providers.

OpenAI (Conversational AI)

  • Receives: Conversation transcripts, fitness context, goals.
  • Purpose: Powers the AI guide that responds to your questions.
  • Location: United States.
  • Training: Your data is NOT used for AI training by default.

Deepgram (Speech Recognition)

  • Receives: Real-time voice streams during calls and uploaded Voice Memos.
  • Purpose: Transcribes your speech into text for AI processing.
  • Retention: Audio is processed in real-time and not stored by Deepgram.
  • Location: United States.

ElevenLabs (Voice Synthesis)

  • Receives: Text responses generated by our AI.
  • Purpose: Converts AI responses into natural-sounding speech.
  • Note: Does NOT receive your personal information, only AI-generated text.
  • Location: United States.

Mem0 (AI Memory)

  • Receives: Conversation history and user context.
  • Purpose: Maintains continuity so the AI remembers your goals and preferences.
  • Location: United States.

3.2 Infrastructure & Service Providers

  • Supabase (USA): Database hosting, authentication, and secure storage.
  • LiveKit (USA): Real-time voice call infrastructure.
  • Sentry (USA): Error tracking and crash reporting.
  • Mixpanel (USA): Product analytics and user behavior tracking.
  • Firebase/Expo (USA): Push notifications.
  • Twilio (USA): SMS and WhatsApp messaging.
  • Logfire (USA): Backend performance monitoring.

3.3 Integrations (With Your Permission)

You can manage the following integrations directly within the App Settings:

  • Google Calendar: Sync events and schedules.
  • Strava: Import fitness activities.
  • Apple Health / Health Connect: Import fitness and sleep data.
  • Gmail: (Coming Soon) Connect email for scheduling assistance.
  • Location: Permission for location-based features.

3.4 Legal Disclosures

We may share information when required by law, such as in response to subpoenas or court orders, or to protect our rights and safety.

3.5 Business Transfers

If Flourish Daily Ltd is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before this occurs.

4. Data Retention

We keep your data only as long as necessary.

Data TypeRetention PeriodReason
User Data (Account, Fitness, Notes, Transcripts, Voice Memos)Until account deletion + 30 daysBackup recovery buffer
Usage Analytics2 years, then anonymizedProduct improvement
Crash Reports90 daysBug fixing (Sentry default)

Automatic Deletion:

To request the deletion of your account and all associated data, please email privacy@flourishdaily.io. We will process your request within 30 days.

5. Your Rights and Choices

5.1 For All Users

To exercise your rights to Access, Correct, or Delete your data, please contact us at privacy@flourishdaily.io.

5.2 For UK and EU/EEA Residents (GDPR/UK GDPR)

Since we are based in the UK, you have specific rights under the UK GDPR.

Legal Basis for Processing:

  • Explicit Consent: We rely on your explicit consent to process "Special Category Data" (which includes your fitness, biometric, and physiological data synced from Apple Health/Strava) and for voice processing. You may withdraw this consent at any time by disconnecting these services in App Settings or contacting us.
  • Contract Performance: Managing your account and delivering the service.
  • Legitimate Interests: Security, fraud prevention, and service improvement.

Your Rights:

  • Right to Access: Request a copy of your data.
  • Right to Rectification: Correct inaccurate data.
  • Right to Erasure: Delete your data ("right to be forgotten").
  • Right to Restrict Processing: Limit how we use your data.
  • Right to Data Portability: Receive data in a structured format.
  • Right to Withdraw Consent: Disconnect Apple Health/Strava in App Settings or delete your account to withdraw consent for fitness data processing.

Supervisory Authority:

You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's independent authority for information rights.
Website: ico.org.uk

5.3 For U.S. Residents (California & Others)

  • Right to Know/Delete: Request details or deletion of your data via email.
  • No Sale of Data: We do not sell your personal information.
  • Limit Sensitive Data: You can limit the use of fitness data by removing permissions in App Settings.

6. Data Security

We use industry-standard measures to protect your information:

  • Encryption: TLS 1.3 for data in transit; AES-256 for data at rest.
  • Access Control: Strict role-based access for employees.
  • Audits: Regular security reviews.

Note: No method of transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. AI-Specific Disclosures

7.1 AI Usage in Fitness and Wellness Guidance

  • Nature of AI: Flourish uses AI to generate personalized suggestions based on your fitness data and goals.
  • Not Medical Advice: The AI is a wellness guide, not a doctor. Recommendations are for informational purposes only. Always consult a healthcare professional before starting a new fitness regime.
  • Accuracy: AI may occasionally produce incorrect information ("hallucinations"). Please verify critical information.

7.2 Voice Recording and Transcription

  • Live Calls (No Recording): We do not record the audio of live conversations with your AI guide. Your voice is streamed in real-time to our transcription provider (Deepgram) to generate text for the AI, and the audio is immediately discarded after processing. We only retain the text transcript of the conversation.
  • Voice Memos (Insights): If you choose to use the "Insights" feature to record and upload a Voice Memo (journal entry), this specific audio file is stored securely so you can play it back later. You can delete these Voice Memos at any time.

7.3 AI Memory System

We use Mem0 to help the AI remember your context (e.g., "User injured their knee last week").

Control: To view specific data stored in the AI memory or to request a full context reset, please contact us at privacy@flourishdaily.io.

8. International Data Transfers

For UK/EU Users:

Our servers and third-party service providers (like OpenAI and Supabase) are primarily located in the United States.

To comply with UK and EU data protection laws, we ensure your data is protected through:

  • The UK-US Data Bridge: Where applicable, we rely on the UK Extension to the EU-US Data Privacy Framework.
  • Standard Contractual Clauses (SCCs) / UK IDTA: For providers not covered by the Data Bridge, we utilize the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU SCCs to ensure your data rights are preserved.

By using Flourish, you acknowledge and consent to this transfer.

9. Children's Privacy

Flourish is intended for users 18 years and older. We do not knowingly collect information from anyone under 18. If we discover we have collected such data, we will delete it immediately.

10. Changes to This Policy

We may update this policy to reflect changes in our practices. Material changes will be communicated via email or in-app notifications. Continued use of Flourish constitutes acceptance of the updated policy.

11. Contact Us

For questions, data requests, or concerns, please contact us:

Flourish Daily Ltd

Email: privacy@flourishdaily.io

Address: 15 Penzance Pl, London, W11 4PG, United Kingdom