Privacy

Privacy Policy

Effective date: April 15, 2026

1. Scope

This Privacy Policy explains how Emersus AI collects, uses, discloses, and protects personal information when you use the Emersus website, contact forms, authentication flows, chat product, workout and nutrition features, and related services (collectively, the "Services").

This policy applies to information we collect directly from you, automatically through your use of the Services, and from vendors that help us operate the product.

2. What Emersus Is and Is Not

Emersus is research-backed fitness, nutrition, and performance software. It is not a hospital, doctor, therapist, dietitian, medical device, emergency service, or health insurer. Using Emersus does not create a clinician-patient relationship.

Emersus is not intended to replace medical advice, diagnosis, or treatment. If you believe you have a medical issue or emergency, contact a qualified professional or emergency services right away.

Unless we expressly state otherwise for a specific program, Emersus is not acting as a HIPAA covered entity or business associate, and this policy is not a HIPAA Notice of Privacy Practices.

3. Information We Collect

We collect different categories of information depending on which parts of the Services you use.

  • Account and identity data: email address, authentication identifiers, and basic account records created through Supabase Auth or supported sign-in methods.
  • Profile and onboarding data: full name, goal, experience level, primary use case, equipment access, available training days and session length, dietary preferences, injuries or limitations, sleep and stress context, preferred sports, unit preferences, and similar profile settings.
  • Body and wellness inputs: body weight, height, date of birth, biological sex as a metabolic-calculation input, activity level, and other health or wellness details you choose to provide.
  • Training and nutrition data: workout plans, workout logs, session details, meal plans, meal journal entries, food selections, supplement-related inputs, progress views, and saved training or nutrition preferences.
  • Chat and AI interaction data: prompts, saved chat threads, thread titles and previews, generated outputs, citations, structured widgets, and related safety or usage metadata.
  • Support and contact data: name, email, category, message contents, page URL, and device information you send through contact forms or support requests.
  • Waitlist data: email address and, if you provide them, name, surname, company, source page, referrer, and confirmation metadata.
  • Location and route data: if you enable geolocation features for supported workout modes, we may process GPS path points, route-derived distance, and privacy settings such as a map-cropping radius for shared route cards.
  • Technical and device data: IP address, browser type, session and token metadata, user agent, referrer, page URLs, timestamps, request logs, and browser storage used to keep you signed in or preserve app state.

4. How We Use Information

We use personal information to operate, secure, and improve Emersus, including to:

  • create and manage accounts, authenticate users, and keep sessions active;
  • build and update profiles, workout plans, meal plans, saved chats, and progress views;
  • generate AI-assisted responses and personalize recommendations using the profile, workout, nutrition, and context data relevant to your request;
  • retrieve and rank scientific literature and show citations, evidence summaries, and supporting context;
  • send operational emails, support responses, and important service messages;
  • detect abuse, enforce guardrails, investigate incidents, and protect the Services and users;
  • debug, maintain, and improve product quality, reliability, and performance; and
  • comply with legal obligations and enforce our agreements.

5. AI and Research Workflow

Emersus uses retrieval, ranking, and model-provider infrastructure to answer questions and generate plans. To provide those features, we may send the prompt you submit, relevant profile or plan context, and supporting evidence context to third-party model and infrastructure providers acting on our behalf.

AI output can be incomplete, incorrect, outdated, or inappropriate for your situation. The fact that a response includes citations or sounds confident does not make it medical advice or a guarantee of safety or effectiveness.

We may also keep usage and safety metadata, such as thread identifiers, token usage, refusal events, or abuse signals, to operate and protect the Services.

6. How We Share Information

We do not disclose personal information except as described in this policy or with your direction.

  • Service providers: We may share information with vendors that help us run Emersus, including hosting, database, authentication, email delivery, mapping, observability, and model-provider services. Current providers or provider categories may include Supabase, OpenAI, Mapbox, and Resend where relevant to the feature you use.
  • User-directed sharing: If you choose to create or share a workout card, route card, or similar public output, the information included in that shared asset may be visible to others.
  • Legal and safety disclosures: We may disclose information if we believe it is reasonably necessary to comply with law, respond to valid legal process, protect the rights or safety of users or others, or investigate fraud, security, or abuse.
  • Business transfers: We may disclose information as part of a merger, financing, acquisition, reorganization, or sale of assets, subject to applicable law.

7. Data Retention

We retain information for as long as reasonably necessary for the purposes described above.

  • Account and profile data are generally kept while your account remains active and for a reasonable period afterward to comply with legal, tax, security, backup, and dispute-resolution needs.
  • Saved chats, plans, workout logs, and meal journal data may remain in your account until you delete them, request deletion, or we no longer need them to operate the Services.
  • Waitlist and contact records may be retained for communications, launch operations, recordkeeping, and fraud prevention.
  • Technical logs, safety events, and similar operational records may be retained for shorter or longer periods depending on security, troubleshooting, and legal needs.

8. Your Choices and Rights

Depending on where you live, you may have rights to request access to, correction of, export of, or deletion of certain personal information.

  • You can update some profile information inside the product.
  • You can control browser permissions such as geolocation from your browser or device settings.
  • You can clear certain browser-stored data by clearing site storage or signing out, although doing so may affect how the product works on that device.
  • You can contact us to request access, correction, export, or deletion at info@emersus.ai.
  • If your request concerns consumer health data, see our separate Consumer Health Data Privacy Policy for additional rights, request steps, response timing, and appeal details.

We may need to verify your identity before fulfilling a request, and we may keep limited information as required by law or for legitimate security and recordkeeping purposes.

9. Consumer Health Data Notice

Some data processed by Emersus may qualify as consumer health data under certain U.S. state laws, including data about your wellness goals, injuries or limitations, workout history, meal and nutrition history, body measurements, activity level, sleep or stress context, generated health-related inferences, and precise location data if you enable GPS-based workout tracking.

We maintain a separate Consumer Health Data Privacy Policy that describes the categories of consumer health data we collect, the sources of that data, the third parties with whom we share it, and the rights and appeal process available under applicable law.

10. Tracking Signals and Cross-Site Collection

At this time, Emersus does not respond to browser "Do Not Track" signals with a universal change in behavior because there is no single accepted industry standard for those signals.

We do not knowingly allow other parties to collect personally identifiable information or consumer health data about your activities over time and across unaffiliated websites through the public Emersus site for their own independent cross-site advertising purposes.

11. Security

We use administrative, technical, and organizational safeguards designed to protect personal information. No service, however, can guarantee absolute security, and you use the internet and connected services at your own risk.

12. International Processing

Emersus and its vendors may process information in countries other than the one where you live. Those countries may have data-protection rules that differ from those in your jurisdiction.

13. Children's Privacy

Emersus is not directed to children under 13, and children under 13 may not use the Services. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us information, contact us and we will take appropriate steps, including deletion where appropriate.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date above and may provide additional notice when required by law.

15. Contact

For privacy questions or requests, email info@emersus.ai.