What Iris collects
Iris collects information you provide directly, such as account details, onboarding answers, messages, goals, preferences, and support requests.
When you connect optional services, Iris may process health, wellness, calendar, activity, device, billing, messaging, and usage data needed to provide the product. Examples include Garmin, Oura, WHOOP, Strava, Google Calendar, Screen Time-style summaries, subscription status, and communication metadata.
Iris may also collect technical data such as device, browser, approximate location from network signals, logs, diagnostics, and security events.
How Iris uses data
We use data to provide and improve Iris: authentication, onboarding, syncing connected services, generating personalized insights, maintaining subscriptions, sending product messages, preventing abuse, debugging issues, and meeting legal obligations.
Iris is not emergency care, a medical device, or a replacement for a clinician. Health-related outputs are informational and should not be used as the sole basis for medical decisions.
Google user data
If you connect Google Calendar, Iris requests read-only Calendar access so the product can understand your schedule and provide context-aware guidance.
Iris uses Google user data only to provide user-facing features. We do not sell Google user data, use it for advertising, or allow humans to read it unless necessary for security, support with your permission, legal compliance, or abuse prevention.
Iris’ use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Sharing and processors
We share data with service providers that help operate Iris, such as hosting, databases, authentication, analytics/observability, email, messaging, payments, and AI infrastructure. These providers may include Vercel, Railway, Neon, Clerk, Google, Stripe, Resend, Meta/WhatsApp, and AI model providers depending on the features you use.
We may disclose information if required by law, to protect rights and safety, or as part of a business transfer.
Retention and deletion
We keep data only as long as reasonably needed for the product, security, legal obligations, and legitimate business purposes.
You can request access, correction, export, or deletion of your data by contacting us. Disconnecting a provider stops future syncs, but previously processed data may remain until deleted or expired according to retention rules.
Security
We use reasonable technical and organizational measures to protect data, including encryption in transit, access controls, and separation between authentication and product data where appropriate.
No system is perfectly secure. Please contact us if you believe your account or data may be at risk.
Contact
For privacy requests or questions, contact hello@irishealth.bio.