CONSUMER HEALTH DATA NOTICE
Last updated: April 28, 2026
Your Health Data Rights
This notice supplements our Privacy Policy and specifically addresses your rights under consumer health data privacy laws, including the Washington State My Health My Data Act and Nevada's Consumer Health Data Privacy Law. We extend these protections to all users regardless of location.
1. About This Notice
AI Agent B.V., operating as Goated ("we," "us," or "our") operates the Goated mobile application and website (collectively, the "Service"). This Consumer Health Data Notice explains how we collect, use, and protect your consumer health data.
This notice is provided in compliance with:
- Washington State My Health My Data Act (effective March 31, 2024)
- Nevada Consumer Health Data Privacy Law (SB 370)
- Other applicable state health privacy laws
This notice should be read alongside our Privacy Policy, which provides comprehensive details about our data practices.
2. What Is Consumer Health Data
Under applicable laws, "consumer health data" means personal information that is linked or reasonably linkable to you and that identifies your past, present, or future physical or mental health status. This includes:
- Health conditions, diseases, or diagnoses
- Bodily functions, vital signs, and biometric data
- Nutrition and dietary information
- Exercise and fitness information
- Attempts to acquire health services or products
- Health-related inferences derived from non-health data
3. Consumer Health Data We Collect
We collect the following categories of consumer health data when you use Goated:
3.1 Data You Provide Directly
| Category | Examples |
|---|---|
| Body Measurements | Height, weight, body fat percentage, waist/hip measurements |
| Nutrition Data | Food logs, meal photos, calorie intake, macronutrients |
| Exercise Data | Workout logs, exercise types, sets, reps, weights |
| Health Goals | Weight loss/gain goals, fitness objectives, dietary preferences |
| Medical Information | Allergies, dietary restrictions, health conditions (if disclosed) |
| Blood Test Results | Cholesterol, glucose, vitamin levels, biomarkers |
| Progress Photos | Body transformation images (if uploaded) |
3.2 Data from Connected Services
With your permission, we may collect data from:
- Apple Health / HealthKit: Steps, active energy, workouts, body weight
Important: We adhere to Apple HealthKit permission policies. HealthKit data is used solely to provide our Service and is never shared with third parties for advertising or marketing purposes, and is never used by our advertising or marketing partners.
3.3 Inferred Health Data
We may derive health-related insights from data you provide, such as:
- TDEE (Total Daily Energy Expenditure) calculations
- BMR (Basal Metabolic Rate) estimates
- Macro and calorie recommendations
- Progress trends and projections
4. How We Use Your Health Data
We use your consumer health data for the following purposes:
- Providing the Service: To track your nutrition, workouts, and progress
- Personalization: To generate personalized meal plans, workout routines, and recommendations
- AI Features: To power natural language food logging and AI-generated plans
- Coach Communication: To share relevant data with your chosen coach (if applicable)
- Progress Tracking: To calculate your Goated Status points and display progress charts
- Service Improvement: To improve our algorithms and user experience (in aggregated, de-identified form)
We do NOT use your consumer health data for advertising, marketing to third parties, or selling to data brokers.
5. Who We Share Health Data With
We may share your consumer health data with the following categories of recipients:
| Recipient | Purpose |
|---|---|
| Your Coach | If you subscribe to coaching, your coach can view your logs and progress |
| Supabase (Database) | Secure storage of your data |
| xAI (Grok AI) | Processing natural language food/exercise logging |
| Apple HealthKit | Syncing data with Apple Health (with your permission) |
| Payment Processors | Apple/Google for subscription management (no health data shared) |
We do NOT sell your consumer health data. We do NOT share your health data for third-party advertising.
6. Your Rights
Under applicable consumer health data privacy laws, you have the following rights:
6.1 Right to Know
You have the right to know what consumer health data we collect, how we use it, and who we share it with. This notice and our Privacy Policy provide this information.
6.2 Right to Access
You can access your consumer health data at any time through the Goated app. You may also request a portable copy of your data by contacting us.
6.3 Right to Delete
You have the right to delete your consumer health data. You can:
- Delete individual entries (food logs, workouts, etc.) within the app
- Delete your entire account and all associated data in Settings
- Request deletion by emailing contact@goatedcoaching.app
Please note: Deleting your data may affect the personalized feedback and features we can provide. Some data may be retained as required by law or for legitimate business purposes (e.g., fraud prevention).
6.4 Right to Withdraw Consent
You may withdraw your consent to the collection of consumer health data at any time. This can be done by:
- Revoking Apple Health permissions in your iOS device settings
- Deleting your account
- Contacting us to request withdrawal
6.5 Right to Non-Discrimination
We will not discriminate against you for exercising any of your rights under applicable health data privacy laws.
7. How to Exercise Your Rights
To exercise your rights regarding your consumer health data:
- In-App: Use the Settings menu to access, modify, or delete your data
- Email: Contact us at contact@goatedcoaching.app
- Response Time: We will respond to verifiable requests within 45 days
We may need to verify your identity before processing your request. If we deny your request, we will explain the reason and inform you of your right to appeal.
8. Data Security
We implement robust security measures to protect your consumer health data:
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- Row-level security in our database
- Regular security audits and penetration testing
- Strict access controls and employee training
- Secure authentication (Sign in with Apple/Google)
9. Data Retention
We retain your consumer health data for as long as your account is active or as needed to provide you with our Service. When you delete your account:
- Your consumer health data is deleted within 30 days
- Backup copies are purged within 90 days
- Aggregated, de-identified data may be retained for analytics
10. Children's Health Data
Goated is intended for users aged 13 and older (or the minimum age required to consent to online services in your country, if higher). Users under 18 require parental or guardian consent. We do not knowingly collect consumer health data from children under 13. If you believe we have collected data from a child under 13, please contact us immediately at contact@goatedcoaching.app and we will delete it.
11. Changes to This Notice
We may update this Consumer Health Data Notice from time to time. We will notify you of material changes by:
- Posting the updated notice on our website
- Updating the "Last updated" date
- Sending you a notification through the app (for significant changes)
12. Contact Us
If you have questions about this Consumer Health Data Notice or wish to exercise your rights, please contact us:
Company: AI Agent B.V. (operating as Goated)
Email: contact@goatedcoaching.app
Data Protection Contact: contact@goatedcoaching.app
If you are not satisfied with our response, you may have the right to file a complaint with your state attorney general or relevant supervisory authority.