Your Privacy, Our Promise

1. What Information Do We Collect?

When you create an account with Mother Nature AI, we ask for some basic information. We also gather data on how you interact with our AI tools so we can make your experience even better.

Information you provide directly

• Account registration information (name, email address, date of birth)
• Health data you submit — symptoms, medications, supplements, health goals, and medical history
• Lab results, diagnostic reports, and medical records you upload
• Genomic and DNA data, if you connect a genetic testing service or upload raw data files
• Mental health information shared in conversations with Sylvia AI
• Dietary logs, food intake records, and nutrition information
• Responses to health assessments and intake questionnaires

Data we collect automatically

• Wearable and biometric data synced from connected devices — heart rate, HRV, SpO₂, sleep stages, activity levels
• Platform usage data — features accessed, session duration, and navigation patterns
• Device identifiers, browser type, IP address, and approximate geolocation

Data from third parties

• Apple Health, Google Health Connect, and compatible health data platforms (with your explicit authorization)
• Connected wearable manufacturers — Apple Watch, Garmin, Oura Ring, Whoop, and CGM providers
• Genetic testing partners (with your explicit authorization and consent)

2. How We Use Your Info

We use your information to:

• Personalize your AI experience and generate health insights
• Provide supplement protocols, interaction screening, and clinical decision support
• Deliver herbal medicine consultation, toxicology, and drug-herb interaction analysis via AskMN
• Deliver mental health support and crisis escalation protocols via Sylvia
• Perform nutrigenomic analysis and dietary personalization via NutriGen
• Perform genomic variant interpretation and pharmacogenomic profiling via Genlyy
• Maintain platform security, detect fraud, and prevent abuse
• Communicate service-critical updates and respond to your support requests

That's it. Nothing sneaky. We do not use your health information for advertising, data brokerage, or anything unrelated to providing our Services to you.

3. We Never Train Our AI on Your Data

Our AI models — AskMN v3, Sylvia 2.1, NutriGen 1.0, and Genlyy 1.3 — are trained exclusively on licensed and publicly available medical literature, botanical databases, clinical guidelines, and research datasets.

If we ever introduce a voluntary research data contribution program, participation will be strictly opt-in with full disclosure, and you may withdraw consent at any time.

4. Keeping Your Data Safe

Your data is encrypted and anonymized. We use cutting-edge security measures to protect your information:

• Encryption at rest: AES-256 encryption for all stored health data and genetic information
• Encryption in transit: TLS 1.3 for all data transmitted between your device and our servers
• HIPAA-conscious architecture: Access controls, audit logging, workload isolation, and PHI boundary enforcement
• Zero-trust network: Internal services operate on a least-privilege model with mutual TLS
• Role-based access control: No employee has unrestricted access to user health records
• Regular penetration testing: Third-party security assessments conducted at minimum annually

No personal details are tied to your AI interactions. While we apply rigorous security controls, no system is perfectly immune to all threats. If a security incident ever affects your data, we will notify you as required by law.

5. We Never Sell or Share Your Data

Your data stays with us. We don't sell, share, or rent any of your information to anyone.

We may share your information only in these limited cases:

• Service providers: Vendors who help us run the platform (cloud infrastructure, authentication) under strict data protection agreements
• Healthcare providers: Only when you explicitly authorize sharing a specific report with a named provider
• Legal compliance: When required by law or valid court order — we'll notify you when legally allowed
• Business transfers: In connection with a merger or acquisition, with prior notice and data protections maintained
• With your consent: Any other purpose requires your explicit, informed consent

6. Sensitive Health Data Gets Extra Protection

Certain categories of health data receive enhanced protections:

• Genomic and genetic data: Never disclosed to insurance companies, employers, or law enforcement without a valid court order. Deleted when you close your account.
• Mental health data: Conversations with Sylvia AI receive the strictest privacy protections. Never disclosed to third parties except to comply with mandatory reporting (imminent risk of serious harm).
• Substance use data: Subject to 42 CFR Part 2 protections where applicable. Never disclosed without your explicit consent.
• Reproductive health data: Treated as sensitive data and never disclosed to third parties.

7. Your Rights & Control

You're in control of your data. Depending on your jurisdiction, you have the right to:

• Access: Request a copy of the personal data we hold about you
• Correct: Fix any inaccurate or incomplete information
• Delete: Request deletion of your personal data (“right to be forgotten”)
• Export: Get your health data in a machine-readable format
• Restrict: Limit processing of your data in certain circumstances
• Object: Object to processing for specific purposes
• Withdraw consent: Take back previously given consent at any time

You can access, update, or delete your information anytime by logging into your account. If you ever want your personal data removed, just reach out through our contact page and we'll take care of it.

We respond to verified requests within 30 days (or the legally required timeframe in your jurisdiction).

8. Data Retention & Deletion

We keep your data for as long as your account is active. You can delete your account and all associated data at any time through your account settings.

Account deletion initiates a 30-day deletion window, after which all personal data — health records, conversation history, genomic data, and wearable sync data — is permanently and irreversibly deleted. Genetic and genomic data is purged from our processing systems immediately upon account deletion.

De-identified, aggregated statistical data (with no re-identification risk) may be retained for platform analytics. Audit logs required by law are retained only for the legally required period.

9. California Residents (CCPA)

California residents have specific rights under the CCPA, including the right to know what personal information we collect, the right to delete it, and the right to opt out of data sales. Mother Nature AI does not sell personal information.

To submit a CCPA request, contact us via our contact page. You may also designate an authorized agent to make requests on your behalf.

10. European Users (GDPR)

If you're in the European Economic Area, UK, or Switzerland, we process your data under the GDPR. Our lawful bases include: contract performance, your explicit consent (for sensitive health data), and legitimate interests in providing our Services.

Data transfers outside the EEA use Standard Contractual Clauses (SCCs) as approved by the European Commission. You have the right to lodge a complaint with your local data protection authority.

For GDPR inquiries, contact us through our contact page.

11. Cookies & Tracking

We use cookies for authentication, session management, security, and platform analytics. We do not use tracking cookies for behavioral advertising. We don't track you across the web.

Analytics data is used solely to understand how people use our platform so we can make it better. You can manage cookie preferences through your browser settings.

12. Children's Privacy

Our Services are intended for individuals 18 years of age and older. We do not knowingly collect personal health information from anyone under 18. If you believe a child has provided us with personal information, please contact us immediately — we will delete it promptly.

13. Updates to This Policy

We might update this policy occasionally to keep things current. For material changes, we'll give you at least 30 days' notice within the platform and via email before changes take effect. By continuing to use our Services, you're agreeing to any updates.

14. Need Help?