Privacy Policy

Last updated: January 13, 2026

1. Introduction

OsteoCore (“we,” “our,” or “us”) is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our osteoporosis risk assessment and bone health management platform, including our mobile application, web application, and related services (collectively, the “Service”).

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect
We collect various types of information to provide and improve our Service

2.1 Personal Information

  • Account Information: Name, email address, date of birth, gender
  • Profile Information: Profile images, user preferences, and settings
  • Authentication Data: Passwords (hashed), session tokens, and verification tokens
  • Contact Information: Email addresses for communication and notifications

2.2 Health Information

  • Health Assessment Data: Responses to osteoporosis risk assessment questions
  • Medical History: Information about medical conditions, medications, and family history
  • Physical Measurements: Height, weight, and other biometric data
  • Risk Evaluation Results: Calculated osteoporosis risk scores and categories
  • AI Chat Interactions: Conversations with our AI assistant regarding health questions

2.3 Payment Information

  • Subscription Data: Stripe customer IDs, subscription status, and plan information
  • Billing Information: Payment method details (processed securely through Stripe)
  • Transaction History: Records of payments and subscription renewals

2.4 Technical Information

  • Device Information: Device type, operating system, and unique device identifiers
  • Usage Data: How you interact with our Service, features used, and time spent
  • Log Data: IP addresses, browser type, access times, and referring URLs
  • Session Data: Session tokens, user agents, and security-related information
3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Provision: To provide osteoporosis risk assessment and bone health management services
  • AI Chat Functionality: To power our AI assistant for health-related conversations and guidance
  • Risk Assessment: To calculate and provide personalized osteoporosis risk evaluations
  • Account Management: To create and maintain your user account and profile
  • Payment Processing: To process subscription payments and manage billing through Stripe
  • Communication: To send you important updates, notifications, and support communications
  • Service Improvement: To analyze usage patterns and improve our Service features
  • Security: To protect against fraud, unauthorized access, and other security threats
  • Compliance: To comply with legal obligations and enforce our terms of service
4. Information Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties except in the following circumstances:

4.1 Service Providers

  • Stripe: For payment processing and subscription management
  • Google Cloud Storage: For secure file storage and data hosting
  • AWS SES: For email delivery and notifications
  • Database Services: For data storage and management

4.2 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to protect our rights, property, or safety, or that of our users.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction, with appropriate privacy protections maintained.

5. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Secure password hashing and authentication mechanisms
  • Regular security assessments and updates
  • Access controls and user authentication
  • Secure cloud infrastructure through Google Cloud Platform
  • Compliance with industry-standard security practices

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as necessary to provide our Service and fulfill the purposes outlined in this Privacy Policy. Specifically:

  • Account Information: Retained while your account is active and for a reasonable period after account closure
  • Health Assessment Data: Retained to provide ongoing risk assessment and historical analysis
  • Payment Information: Retained as required by law and for billing purposes
  • Session Data: Retained for security purposes and automatically deleted after expiration
  • Support Communications: Retained for customer service purposes
7. Your Rights and Choices

You have certain rights regarding your personal information:

  • Access: Request access to your personal information we hold
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal requirements)
  • Portability: Request a copy of your data in a portable format
  • Objection: Object to certain processing of your personal information
  • Withdrawal of Consent: Withdraw consent where processing is based on consent

To exercise these rights, please contact us using the information provided in the “Contact Us” section below.

8. Third-Party Services

Our Service integrates with third-party services that have their own privacy policies:

We encourage you to review the privacy policies of these third-party services to understand how they handle your information.

9. Children's Privacy

Our Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we discover that we have collected information from a child under 13, we will take steps to delete such information promptly.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure that such transfers comply with applicable data protection laws and implement appropriate safeguards to protect your information, including standard contractual clauses and other legally recognized transfer mechanisms.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated Privacy Policy on our Service and updating the “Last updated” date. Your continued use of the Service after such changes constitutes acceptance of the updated Privacy Policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

OsteoCore Privacy Team

Email: privacy@osteocore.com

Address: [Your Business Address]

Phone: [Your Contact Number]

We will respond to your inquiry within a reasonable timeframe as required by applicable law.

Important Notice

Medical Disclaimer: The information provided by OsteoCore is for educational and informational purposes only and is not intended as medical advice. Always consult with a qualified healthcare professional for medical advice, diagnosis, or treatment. Our AI assistant and risk assessments are tools to help you understand your bone health, but they do not replace professional medical consultation.