Privacy Policy

Formula Health is a consumer wellness company. The Service is intended to support general health, fitness, and lifestyle optimization. Formula Health is not a medical provider and does not, by itself, deliver medical care, diagnosis, treatment, or prescriptions.

Where the Service connects you with licensed physicians (“Independent Physicians”), those physicians operate as independent professionals through their own practices or affiliated medical groups. Independent Physicians are not employees or agents of Formula Health. Any doctor-patient relationship is established between you and the Independent Physician, not with Formula Health. Their handling of any protected health information they receive is governed by their own notices of privacy practices.

• Account information: name, email, date of birth, password or magic-code login token, and billing details processed by our payment provider (Stripe).
• Wellness inputs you provide: goals, lifestyle data, self-reported metrics, lab uploads, meals, photos, and any content you submit to CORA or to the app.
• Wearable and device data (with your permission): activity, sleep, heart-rate, HRV, and similar signals from Apple Health, Whoop, Oura, Google Health, and other integrations you choose to connect.
• Usage and device data: IP address, device identifiers, browser/OS, app version, log files, crash reports, and interaction events used to operate and improve the Service.
• Communications: messages you send through forms, email, or in-app chat with CORA or support.

We do not knowingly collect information from children under 13 (or under 16 in jurisdictions that require it). If you believe a child has provided us data, please contact privacy@formula-health.com and we will delete it.

• To operate the Service, calculate your HOM Score, and surface personalized wellness insights.
• To power CORA's responses, including educational content based on the data you submit.
• To process payments, manage subscriptions, and prevent fraud.
• To send transactional messages (login codes, receipts, security alerts) and, with your consent, product updates.
• To improve product performance, debug issues, and develop new features.
• To comply with legal obligations and enforce our Terms of Service.

We do not sell your personal information. We do not use your wellness or health data for third-party advertising.

Where the GDPR or UK GDPR applies, we process your data on the bases of (i) performance of our contract with you, (ii) your consent (which you may withdraw at any time), (iii) our legitimate interests in operating and improving the Service, and (iv) compliance with legal obligations.

We share information only as needed and only with:

• Service providers that help us run the Service (e.g., cloud hosting, analytics, email delivery, Stripe for payments) under contractual confidentiality and data-processing terms.
• Independent Physicians you choose to consult with, with your authorization, so they can provide you care. Their handling of your information is governed by their own privacy practices.
• Authorities when required by law, subpoena, or to protect our rights, users, or the public.
• Acquirers in the event of a merger, acquisition, or sale of assets, with notice to you.

If you grant the app access to Apple Health (HealthKit) or another wearable provider, we receive only the data categories you explicitly authorize and use them solely to provide and personalize the Service. Consistent with Apple's requirements, we do not use HealthKit data for advertising, marketing, data-broker purposes, or for any disclosure to third parties for those purposes. You can revoke access at any time in your device settings.

Formula Health, in its capacity as a wellness platform, is generally not a HIPAA covered entity. When an Independent Physician provides care to you through the Service, that physician is the covered entity for the protected health information they create or receive in the course of treatment, and we may act as a business associate solely with respect to that physician's data, governed by an applicable Business Associate Agreement.

We protect all personal information using industry-standard encryption in transit (TLS) and at rest, role -based access controls, audit logging, and routine security review.

We retain personal information for as long as your account is active or as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. You may request deletion at any time, subject to legal retention requirements (for example, tax records).

Depending on where you live, you may have the right to access, correct, export, restrict, object to, or delete your personal information, and to withdraw consent. California residents have additional rights under the CCPA/CPRA, including the right to know, delete, correct, and limit use of sensitive personal information. We do not sell or share personal information in the CCPA/CPRA sense.

To exercise any right, email privacy@formula-health.com. We will respond within the time required by applicable law.

Formula Health operates from the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States and other jurisdictions where our service providers operate, with appropriate safeguards (such as standard contractual clauses) where required.

Our website uses essential cookies to operate, and limited analytics cookies to understand traffic. We do not use advertising cookies. You can control cookies through your browser settings.

We work hard to protect your information, but no system is perfectly secure. Please use a strong password, keep your magic-code emails private, and notify us immediately at security@formula-health.com if you believe your account has been compromised.

We may update this Privacy Policy. Material changes will be communicated through the Service or by email. The “Effective” date at the top will reflect the latest version.

Questions, requests, or complaints? Email privacy@formula-health.com. For general support, visit our Support page.