Privacy Policy | WeightEasy

Part 1 — WeightEasy Privacy Policy

Introduction

We built WeightEasy to help people taking GLP-1 medications feel supported, informed, and in control of their health journey. Using WeightEasy means sharing some information with us — and in some cases with a small number of trusted service providers that help us run the app. We take that responsibility seriously.

This Privacy Policy explains what we collect, how we use it, who we share it with, your rights and choices, and how to contact us. We have also created a separate Health Data Privacy Policy (Part 2 of this document) with additional details about how we handle sensitive health information, as required by Washington’s My Health My Data Act, Nevada’s Consumer Health Data Privacy Law, and California’s CPRA.

Where This Policy Applies

Platform	How It Works
iOS App	Your individual health entries are stored on AWS (Amazon Web Services). You do not need a separate account — your data is linked to a secure, anonymised user ID. All data is encrypted in transit and at rest.
Android App	Requires Google Sign-In for account creation. Your app data is stored securely on AWS so you can sync across devices and recover your account.
Website	Our marketing website uses limited analytics to understand traffic and improve the site. We do not collect health data through the website. If you submit health information through a support form, we use it only to respond to you and treat it as sensitive.

Key Terms — Plain English

Term	What It Means
Health data	Information about your health that you enter or import into the app — for example, GLP-1 injections, side effects, weight, and nutrition.
Anonymous usage data	Analytics data we design to be non-identifiable. Used only in aggregated form to understand how the app is used and to improve it.
Aggregated analysis	Looking at patterns across groups of users — counts, averages, distributions — not individual records.
AWS	Amazon Web Services — our secure cloud infrastructure provider used for all data storage.

Google Sign-In Data

WeightEasy uses Google Sign-In as an authentication method. When you choose to sign in with Google, we receive the following data from Google:

Your name (as set in your Google account)
Your email address


What we access	Your name and email address from your Google account. Nothing else — no Drive, Contacts, Calendar, or other Google services.
How we use it	To create and identify your WeightEasy account, allow you to sign in securely across devices, and send important account notifications.
How we store it	Your email is stored in our secure database hosted on AWS (ap-south-1 region) and in Keycloak (our identity provider), both encrypted at rest. It is tied to your platform-generated user ID.
How we share it	We do not sell, rent, or share your Google account data with third parties for advertising, marketing, or any other purpose beyond operating WeightEasy.
How to delete it	Delete your account in-app (My Account → Delete Account) or at weighteasy.app/delete-account. Your email and all associated data are permanently removed within 30 days.

Limited Use disclosure:WeightEasy's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Google user data is not used for serving advertisements, is not used for any purpose not disclosed in this policy, and is not transferred to third parties except as necessary to provide the WeightEasy service.

What We Collect and Why

Account Information

Google Sign-In email address and name (when using Google Sign-In)
Phone number or email (when using OTP sign-in)
A platform-generated user ID associated with your account

Why? To let you log in, sync your data, and recover your account across devices.

Health Data (Optional)

If you choose to track your health in WeightEasy, we process the information you enter, including:

GLP-1 medication name, dose, injection date, time, and site
Side effects, symptoms, and wellness notes
Body weight and weight trends
Protein intake, calories, and water intake
Exercise and activity logs
AI coach conversations

Why? To provide WeightEasy's core features and help you track your progress throughout your GLP-1 journey.

Apple Health / Health Connect (Optional)

With your explicit permission, we can import data such as weight or nutrition from Apple Health (iOS) or Health Connect (Android). You can revoke this permission at any time in your device settings.

Why? To give you a more complete picture of your health without duplicate manual entry.

Anonymous Usage Data

We collect anonymous usage data to understand how the app is used and to improve it. This data is designed to be non-identifiable. We specifically exclude all free-text fields — including notes, AI coach conversations, and any custom side effect names — because free text may contain identifying information.

We do not attempt to reidentify this data. You can opt out at any time in Privacy Settings within the app.

Device and Technical Information

We and our service providers may automatically collect limited technical information to keep the app reliable, secure, and working correctly:

Device type and operating system version
App version and basic diagnostics
Crash reports and performance logs
Network metadata processed by service providers for security, abuse prevention, and routing

Payment and Subscription Information

Subscriptions are handled by the Apple App Store (iOS) or Google Play Store (Android). We do not receive your full payment card details. We use Apple IAP, Google IAP and RevenueCat to manage subscription status and support WeightEasy Plus features.

Non-Health Analytics

We use analytics tools to understand how the app is used and how people discover WeightEasy. We take steps to minimise data sharing and do not intentionally send health entries — including injection logs, dosage, side effects, weight entries, or wellness notes — through analytics tools used for product or website measurement.

Service	Purpose	What We Send
PostHog	Product analytics	Non-health app interactions, feature usage, onboarding flow, app version
PostHog	Product analytics and install attribution	Non-health app interactions, feature usage, onboarding flow, app version, and limited device/app context
Google Analytics	Website analytics and SEO measurement	Pages visited, approximate region, browser and device info
PostHog Session Replay	App troubleshooting and product improvement	Limited replay of app screens and interactions with text inputs and images masked by default; not intended for health entries

Where and How We Store Your Data

Platform / Service	Storage Details
iOS App — Health Data	Amazon Web Services (AWS) — encrypted at rest and in transit. Data is linked to an anonymised user ID, not your personal identity.
Android App — Health Data	Amazon Web Services (AWS) — encrypted at rest and in transit. Linked to your account and a platform-generated user ID.
Subscription Management	Apple IAP, Google IAP and RevenueCat — subscription status and purchase metadata only. No health data stored here.
Crash Reporting	PostHog — crash and performance logs for debugging only. Retained for a limited period then deleted.
Analytics	PostHog — anonymous, aggregated usage data only. No health entries.
Customer Support	Support communications handled by WeightEasy support channels, including email and in-app support requests, and any information you choose to share when contacting us. Treated as sensitive if health-related.
Website	Google Analytics — website usage data only. No health data.

All data stored on AWS is protected using industry-standard encryption (AES-256 at rest, TLS 1.2+ in transit). Access is restricted to authorised personnel only.

How Long We Keep Your Data

Data Type	Retention Period
iOS and Android health data (AWS)	Until you delete your account or request deletion. Delete via My Account → Delete Account in the app, or at weighteasy.app/delete-account.
Anonymous usage data	Retained only as long as reasonably necessary for product improvement and security, then deleted or permanently aggregated.
Support communications	Retained as long as reasonably necessary to provide support, maintain records, and comply with legal obligations.
Crash and performance logs	Retained for a limited debugging period (typically 30–90 days), then deleted or aggregated.
Website analytics	Retained according to Google Analytics standard settings and policies.
Subscription metadata	Retained as long as your subscription is active and for a reasonable period thereafter for record-keeping.

Your Privacy Rights

Depending on where you live, you may have the right to:

Access the personal data we hold about you
Export your data in a portable format
Correct inaccurate or incomplete data
Delete your data and account
Restrict or object to certain uses of your data
Withdraw consent at any time
Appeal a denied privacy request

You can manage most of these rights directly in Settings within the WeightEasy app. You can also submit a formal request by emailing care@weighteasy.app. We will respond within 45 days as required by applicable law.

If we deny a request, you can appeal by replying to our response email. If you remain unsatisfied, you may contact your state Attorney General or applicable data protection authority.

State-Specific Privacy Rights

Washington — My Health My Data Act (MHMDA)

If you are a Washington resident, you have the right to confirm whether we collect your consumer health data, access it, withdraw consent for its collection or sharing, and request its deletion. To exercise these rights, contact care@weighteasy.app. We will respond within 45 days. You will not face retaliation for exercising any of these rights.

California — CCPA / CPRA

If you are a California resident, you have the right to know what personal information we collect about you, to opt out of its sale or sharing, to request its deletion, to correct inaccurate information, and to not be discriminated against for exercising your rights. WeightEasy does not sell or share personal information for targeted advertising.

Nevada — Consumer Health Data Privacy Law

If you are a Nevada resident, you have the right to opt out of the sale of your personal information and to request deletion of your consumer health data. WeightEasy does not sell personal information.

Legal Bases for Processing (EEA / UK Users)

If you are in the European Economic Area, the United Kingdom, or another region requiring a legal basis for processing, we process your information under the following bases:

Legal Basis	When We Use It
Contract	To provide WeightEasy's core features — saving and syncing your data, enabling exports, and delivering subscription features.
Legitimate interests	To keep WeightEasy reliable and secure, prevent fraud, debug issues, improve performance, and understand how the app is used through anonymous analytics.
Consent	For optional features requiring consent — Apple Health / Health Connect imports, and certain analytics where applicable. You can withdraw consent at any time in the app, website, or device settings depending on the feature.
Legal obligations	To comply with applicable laws and respond to lawful requests from regulators, courts, or law enforcement.

Who We Share Data With

We share data only with trusted vendors who help us operate WeightEasy. All providers are permitted to use data only to provide services to us — not for their own independent commercial purposes.

Vendor / Service	Purpose
Amazon Web Services (AWS)	Primary data storage for all iOS and Android health data — encrypted at rest and in transit
Apple IAP / Google IAP / RevenueCat	Subscription status and purchase metadata management
PostHog	Crash reporting, app performance monitoring, and anonymous product analytics — non-health interactions only; install attribution and acquisition analytics
Google Analytics	Website traffic and usage analytics
WeightEasy support channels	Customer support ticketing and communications
Apple App Store	iOS subscription and payment processing
Google Play Store	Android subscription and payment processing

Our Absolute Data Commitments

✓We do not sell your data — ever.
✓We do not share your health data for targeted advertising — ever.
✓We do not share your data with data brokers.
✓We do not use your health data for any purpose beyond operating and improving WeightEasy.

Support Communications

If you contact us through WeightEasy support channels, by email, or through the app, we will use the information you provide to respond and resolve your issue. If your support request includes health-related details, we treat that information as sensitive and use it only to help you. We do not use support communications for marketing purposes.

Legal Requirements

We may disclose information if required by law, subpoena, court order, or similar legal process, or if we believe in good faith that disclosure is necessary to protect the rights, safety, or security of WeightEasy, our users, or the public.

Corporate Transactions

If Tapfinity Technologies Private Limited or the WeightEasy product is involved in a merger, acquisition, financing, reorganisation, or sale of assets, your information may be transferred as part of that transaction. We will provide notice as required by applicable law, and any successor entity will be bound by the commitments in this policy.

Security

We use Amazon Web Services with AES-256 encryption at rest and TLS 1.2+ encryption in transit. We implement access controls, authentication requirements, and regular security reviews. No method of transmission or storage is 100% secure, but we continuously work to improve our protections and respond promptly to any identified vulnerabilities.

Children's Privacy

WeightEasy is not intended for anyone under the age of 18. GLP-1 medications are prescribed to adults, and WeightEasy is designed exclusively for adult users. We do not knowingly collect personal data from anyone under 18. If we become aware that we have inadvertently collected data from a minor, we will delete it promptly. Contact care@weighteasy.app if you have concerns.

International Data Transfers

Tapfinity Technologies Private Limited is incorporated in India. Your data may be stored or processed in the United States (on AWS infrastructure) or other locations where our service providers operate. Where required by applicable law — such as under GDPR — we use appropriate safeguards including Standard Contractual Clauses (SCCs) approved by regulators to protect your data during international transfers.

Cookies

Our website uses cookies and similar technologies, including Google Analytics, to understand site traffic and improve the site. You can control cookies through your browser settings. Some analytics providers may collect information about your online activities across different websites when you visit our site.

Exporting or Deleting Your Data

You can delete your account and all associated data at any time using any of the methods below. Deletion is permanent and irreversible. We process all deletion requests within 30 days as required by GDPR Article 17 (Right to Erasure).

Method	How to Delete
In-app (iOS & Android)	My Account → Delete Account → Confirm. Your account and all data are deleted immediately.
Website form	Visit weighteasy.app/delete-account, enter your email, and submit. We will process within 30 days and confirm by email.
Email request	Email care@weighteasy.app with subject 'Account Deletion Request'. Include your registered email address. We will process within 30 days.

When your account is deleted, we permanently remove: your profile, weight logs, injection records, dose history, side effect logs, education progress, notification settings, device tokens, and your account credentials. Anonymised, non-identifiable aggregate statistics may be retained for product analytics.

Changes to This Policy

We may update this policy from time to time as our practices or applicable laws change. We will post the latest version at weighteasy.app/privacy-policy with an updated 'Last Updated' date. For material changes, we will provide additional notice via in-app notification or email where applicable.

Contact Us

Privacy Contact

Tapfinity Technologies Private Limited

GH5/11B, Orchid Garden, Suncity, Sector-54, DLF QE, Gurgaon – 122002, Haryana, India

Email: care@weighteasy.app

Website: weighteasy.app/privacy-policy

Response time: Within 45 days of receiving your request

Part 2 — Health Data Privacy Policy

Last Updated: March 19, 2026

This Health Data Privacy Policy supplements our main Privacy Policy (Part 1) and provides additional detail about how we handle sensitive health information, as required by Washington’s My Health My Data Act, Nevada’s Consumer Health Data Privacy Law, and California’s CPRA. In the event of any conflict between this policy and our main Privacy Policy on the topic of health data, this policy governs.

What Counts as Health Data in WeightEasy

Health data includes any information you enter or import related to your physical health, including:

GLP-1 medication name, dose, injection date, time, and site
Side effects, symptoms, and wellness notes
Body weight and weight trends over time
Protein intake, calorie intake, and water intake
Exercise and activity logs
AI coach conversations that contain health-related content
Any other health or wellness information you choose to store in the app

How We Store Health Data

We store health data securely and separately from basic contact and account information.

Platform	Storage Details
iOS	Amazon Web Services (AWS) — your health entries are stored in a secure, encrypted database on AWS. Data is linked to an anonymised user ID and is not associated with your name, email, or Apple ID credentials.
Android	Amazon Web Services (AWS) — your health entries are stored in a secure, encrypted database on AWS. Data is tied to your account and a platform-generated user ID. We do not store your Google Sign-In credentials.

All health data on AWS is encrypted using AES-256 at rest and TLS 1.2+ in transit. Access is restricted to authorised personnel under strict access controls.

Sources of Health Data

We collect health data from:

You directly — when you manually enter information in the app
Apple Health — if you enable the Apple Health import (iOS only)
Health Connect — if you enable the Health Connect import (Android only)
Your AI coach conversations — treated as health-sensitive in their entirety

Why We Use Health Data

We use health data solely for the following purposes:

To provide WeightEasy's core tracking, education, and AI coaching features
To personalise your experience and support your progress on your GLP-1 journey
To improve app reliability, security, and performance
To comply with legal obligations

What We Never Do With Your Health Data

✗We do not use health data for targeted advertising.
✗We do not sell health data to any third party, under any circumstances.
✗We do not share health data with data brokers.
✗We do not send health entries to our analytics or attribution tools.
✗We do not use health data to train AI models that are shared externally.

Anonymous Usage Data and Health Data

WeightEasy collects anonymous usage data to understand trends and improve the product. For health data specifically:

We exclude all free-text fields — notes, AI coach conversations, and custom side effect names — from anonymous analytics because free text may contain identifying information
We do not send injection logs, dosage records, side effect entries, weight entries, or wellness notes to any analytics platform
Anonymous analytics data is used only in aggregated form — we look at patterns across users, never at individual records
We do not attempt to reidentify anonymous data

You can opt out of anonymous analytics at any time in Privacy Settings in the app. If you opt out, we stop collecting it going forward.

How We Share Health Data

We share health data only in the following strictly limited circumstances:

Circumstance	Detail
Service providers necessary to operate the app	AWS for storage; Apple IAP, Google IAP and RevenueCat for subscription status; and PostHog for app analytics, reliability, and limited session replay used for troubleshooting. All under appropriate contractual and access controls.
Customer support (WeightEasy support channels)	Only if you contact us and the health information is needed to resolve your specific issue. Used only to help you — not for any other purpose.
Legal requirements	If required by law, court order, subpoena, or similar legal process, or to protect the safety and security of our users or the public.
Corporate transactions	If WeightEasy or Tapfinity Technologies is acquired, merged, or reorganised. We will provide notice as required, and any successor entity will be bound by these commitments.

We do not share health data with third-party advertisers, marketing platforms, or data brokers under any circumstances.

Third-Party Collection on the Website

When you use our website, analytics providers such as Google Analytics may collect information about your online activities. We do not allow third parties to collect health data from you on the website. WeightEasy's website is a marketing site and is not designed to collect or process health information.

Your Rights Over Your Health Data

Right	How to Exercise It
Access	Request a copy of the health data we hold about you
Export	Export your health data in a portable format directly from app Settings
Correction	Correct inaccurate health data directly in the app or by contacting us
Deletion	Delete specific entries in the app, or request full account and data deletion
Withdraw consent	Withdraw consent for Apple Health / Health Connect integration at any time in device settings
Opt out of analytics	Opt out of anonymous usage data collection in app Privacy Settings
Appeal	If we deny a request, appeal by replying to our response email

To submit a formal request: care@weighteasy.app — subject line 'Health Data Request'. We will respond within 45 days. You will not face any retaliation or service degradation for exercising these rights.

Washington Residents — My Health My Data Act

Your MHMDA Rights

If you are a Washington resident, you have the right to:

→Confirm whether WeightEasy collects your consumer health data
→Access a list of all third parties we have shared your health data with
→Withdraw consent for collection or sharing of your health data
→Request deletion of your health data and any data shared with third parties
→Not face retaliation for exercising any of these rights

To exercise these rights: care@weighteasy.app | Response within 45 days

Nevada Residents — Consumer Health Data Privacy Law

If you are a Nevada resident, you have the right to opt out of the sale of your consumer health data and to request its deletion. WeightEasy does not sell consumer health data. To exercise your rights, contact care@weighteasy.app.

California Residents — CPRA

If you are a California resident, your sensitive personal information — which includes health data — receives additional protections under the CPRA. You have the right to limit the use of your sensitive personal information to only what is necessary to provide the services you requested. WeightEasy uses health data only to operate the app and will never use it for advertising or profiling.

Data Retention for Health Data

We retain your health data only for as long as you maintain your WeightEasy account or until you request deletion. When you delete your account, we delete or permanently anonymise your health data within 30 days, except where we are required to retain it by law. Anonymous aggregated data derived from your health entries — from which you cannot be identified — may be retained indefinitely for product improvement purposes.

Changes to This Health Data Privacy Policy

We may update this policy as our practices or applicable laws change. We will post the updated version at weighteasy.app/privacy-policy and notify you via in-app notification for material changes. Continued use of WeightEasy after the effective date of changes constitutes acceptance of the updated policy.

Contact for Health Data Questions

Health Data Privacy Contact

Tapfinity Technologies Private Limited

GH5/11B, Orchid Garden, Suncity, Sector-54, DLF QE, Gurgaon – 122002, Haryana, India

Email: care@weighteasy.app

Subject line: 'Health Data Request' or 'Health Data Privacy Question'

Response time: Within 45 days of receiving your request

WeightEasy is a companion app, not a medical service. Always follow your prescriber's guidance.

Pre-Publish Checklist

Placeholders — Confirm All Before Publishing

The following items must be confirmed and updated before this document goes live on your website or app store:

Placeholder	Status
Effective Date	March 19, 2026 — confirmed
Analytics Tool	PostHog — confirmed and updated throughout document
Subscription Manager	Apple IAP, Google IAP and RevenueCat — confirmed and updated throughout document
Crash Reporting Tool	PostHog — confirmed and updated throughout document
weighteasy.app/privacy-policy	Confirm this is your live policy URL before publishing
Legal Review	Have a qualified US privacy attorney review before publication
GDPR / Indian DPDPA	If you have EEA or Indian users, confirm additional obligations under GDPR and India's Digital Personal Data Protection Act 2023