Aegis Health — Privacy Policy
Last updated: May 21, 2026
1. Who We Are
Aegis Health ("Aegis", "the App") is a personal health and lifestyle assistant operated by App Solutions LLC ("we", "us"). This Privacy Policy explains what data we collect, how we use it, and the rights you have over your information.
2. Information We Collect
We collect only the information needed to operate the App on your behalf:
Account data — email address, password (stored as a bcrypt hash), and basic profile fields (age, sex, height, weight, goals).
Health data you authorize — lab results, biomarkers, wearable metrics, and clinical records from Health Connect (Android), Apple HealthKit (iOS), Gmail (lab PDFs), or files you upload directly.
Grocery & product data — photos you take with your device's camera for barcode scanning and product label analysis. These images are processed locally on your device and via AI vision models (Claude, GPT-4o) to extract product information. Barcode lookups are performed against the Open Food Facts database (open-source, CC-licensed).
Device and usage data — basic technical information (device model, OS version, crash logs) needed for reliability and support.
Location Data
When you use Aegis's GPS workout tracking features (such as recording a run, ride, or walk), the app collects precise location data from your device to map your route and calculate distance, pace, and elevation. This data is collected only while you are actively recording a workout and requires your permission. Your route information is stored securely and associated with your account so you can review your activity history. We do not use your location data for advertising, and we do not sell or share it with third parties or data brokers. You can disable location access at any time in your device settings; doing so will turn off GPS workout tracking.
3. How We Use Your Information
Your data is used exclusively to deliver insights and recommendations inside your personal Aegis account, including:
Computing your biological age, optimization score, and lifestyle recommendations.
Scoring grocery and food products for nutritional quality.
Categorizing your grocery and food purchases to surface nutrition and budget insights.
Sending you in-app or push notifications about your own data.
We do not sell your personal information, do not share it with advertisers, and do not use it to train third-party models.
AI‑Powered Coaching and Third‑Party AI Providers
Aegis uses artificial intelligence to generate your personalized coaching, including Coach answers, daily briefings (Today's Edge / Evening Recap), and meal, supplement, and workout suggestions. To do this, we share the specific health data needed to answer your request with third‑party AI providers that act as our data processors.
What we share: Only the health data relevant to generating your response — for example your vitals (heart‑rate variability, resting heart rate, sleep, steps, glucose), lab biomarkers, logged workouts and nutrition, your supplement list, and profile details such as age, sex, height, weight, diet, and goals. We do not share your name, email address, or payment information with these providers.
Who we share it with: Anthropic, PBC (the "Claude" models) and OpenAI, L.P. (the "GPT" models), processing data on servers in the United States.
Why: Solely to generate the coaching content you request or that appears in your briefings. Aegis remains the controller of your health data at all times.
Protection: These providers process your data under their commercial API terms as our processors. Under those terms, your data is used only to return your result and is not used to train their models. See Anthropic's Privacy Policy (anthropic.com/legal/privacy) and OpenAI's Privacy Policy and API data‑usage policies (openai.com/policies).
Your permission and control: We ask for your explicit consent before any of your health data is sent to these AI providers. If you decline, the AI‑powered features are disabled and no health data is shared with them; the rest of the app continues to work. You can change this choice at any time in the app.
Educational Use and Sources
The health and wellness guidance Aegis provides is for educational and informational purposes only. It is not medical advice and Aegis is not a medical device. Always consult a qualified healthcare professional for medical decisions. Our guidance is grounded in publicly available, evidence‑based sources from organizations including the CDC, WHO, NIH and its Office of Dietary Supplements, the USDA Dietary Guidelines for Americans, the American Heart Association, the American Diabetes Association, the American College of Sports Medicine, and the National Sleep Foundation. These sources are listed with links inside the app under "Sources & references."
4. Data Security
All data in transit is protected with TLS 1.3.
Sensitive fields (Apple HealthKit tokens, Health Connect tokens, Gmail tokens, wearable tokens) are encrypted at rest using AES-256-GCM.
Databases and backups are hosted on managed infrastructure with AES-256 at-rest encryption and access restricted to the founding team via SSO and phishing-resistant MFA (passkeys / hardware keys).
Camera photos used for barcode/label scanning are processed immediately and not stored on our servers unless you explicitly save a product to your list.
We follow the principle of least privilege and maintain automated dependency vulnerability scanning.
5. Data Retention & Deletion
We retain data only as long as needed:
Account data, health data, biomarkers: retained while your account is active; deleted within 30 days of account deletion.
Grocery product scans & photos: retained only while referenced in your active lists; deleted when you remove them or delete your account.
Logs and telemetry: 90 days.
Encrypted backups: maximum 30 days.
You may delete your account at any time from inside the App or by emailing support@appsolutionsllc.com. You may also request a copy of your data at the same address.
6. Sharing
We share data only with the service providers that operate the App on our behalf:
Apple HealthKit / Health Connect (for health data retrieval on your device)
Open Food Facts (open-source database for product lookups)
AI vision providers (Claude 3.5 Sonnet via Anthropic; GPT-4o via OpenAI) — only for label and barcode analysis; images are processed and discarded, not stored by these providers
Cloud hosting provider (Supabase / Railway for backend operations)
These providers are bound by contract to use the data only to provide their service to us. We may also disclose information when required by law.
7. Children
Aegis is not directed to children under 16, and we do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.
8. HIPAA
Aegis operates as a personal health record application under the HIPAA Personal Health Record exception. You direct all data flows to and from your own account.
9. Your Rights
Depending on where you live (including under the GDPR and CCPA), you may have the right to access, correct, export, or delete your personal information, and to object to or restrict certain processing. Email support@appsolutionsllc.com to exercise any of these rights.
10. International Transfers
Aegis is operated from the United States. If you access the App from outside the U.S., your data will be processed in the U.S. under the safeguards described above.
11. Changes
We may update this Privacy Policy. Material changes will be announced in the App or by email before they take effect.
12. Contact
App Solutions LLC · support@appsolutionsllc.com ·
appsolutionsllc.com