Privacy Policy

1. Introduction

Honour Health ("we," "our," or "us") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, store, and protect your personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

By using the Honour Health platform, website, and services (collectively, the "Service"), you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy.

This Privacy Policy should be read in conjunction with our Terms of Service. Please review this Privacy Policy carefully. If you do not agree with our practices, please do not use the Service.

2. Information We Collect

2.1 Personal Information

We collect the following categories of personal information:

• Account Information: Name, email address, password (encrypted), date of birth, and contact details
• Profile Information: User preferences, dietary preferences, and profile settings
• Communication Information: Records of your communications with us, including support inquiries and feedback

2.2 Health Information

We collect sensitive health information that you voluntarily provide, including:

• Height, weight, and body measurements
• Age and gender
• Activity levels and exercise habits
• Dietary restrictions, allergies, and food preferences
• Health goals and objectives
• Pregnancy or breastfeeding status (if provided)
• Any other health-related information you choose to share

Important: Under Australian privacy law, health information is considered "sensitive information" and receives additional protection. We will only collect and use your health information with your explicit consent and for the purposes outlined in this Privacy Policy.

2.3 Meal and Nutrition Data

We collect information about your dietary intake, including:

• Meal descriptions and ingredients
• Portion sizes and quantities
• Meal timing and frequency
• Nutritional analysis results
• Food preferences and eating patterns

2.4 Usage and Technical Data

We automatically collect certain information when you use the Service:

• Device Information: Device type, operating system, browser type and version, unique device identifiers
• Usage Information: Pages visited, features used, time spent on pages, access times and dates, referring URLs
• Technical Information: IP address, geolocation data (country/city level), cookies and similar technologies
• Performance Data: Error logs, diagnostic information, and application performance metrics

2.5 Information from Third Parties

We may receive information about you from third-party services if you choose to connect them to your Honour Health account, such as:

• Authentication providers (if you sign in using third-party services)
• Payment processors (for billing information)
• Analytics and marketing partners

3. How We Use Your Information

We use your personal information for the following purposes:

3.1 Service Provision

• Creating and managing your account
• Providing nutritional analysis and meal tracking functionality
• Generating personalized health reports and recommendations
• Processing your meal data through our AI-powered analysis systems
• Storing and managing your health and nutrition data

3.2 Service Improvement and Development

• Improving the accuracy and functionality of our nutritional analysis
• Developing new features and services
• Training and enhancing our artificial intelligence and machine learning models
• Conducting research and analytics (using anonymized or aggregated data)
• Testing new features and functionality

3.3 Communication

• Sending service-related notifications and updates
• Responding to your inquiries and providing customer support
• Sending important notices about changes to our Service or policies
• Providing educational content and health tips (if you opt in)
• Sending marketing communications (with your consent, and with the ability to opt out)

3.4 Security and Legal Compliance

• Protecting the security and integrity of the Service
• Detecting and preventing fraud, abuse, and unauthorized access
• Complying with legal obligations and responding to lawful requests
• Enforcing our Terms of Service and other agreements
• Protecting our rights, property, and the safety of our users

4. Legal Basis for Processing

Under Australian privacy law, we process your personal information based on:

• Consent: When you provide explicit consent for us to process your personal information, particularly sensitive health information
• Contract Performance: To provide the Service you have requested and fulfill our contractual obligations
• Legitimate Interests: To improve our Service, conduct research, and ensure security (where these interests are not overridden by your privacy rights)
• Legal Obligations: To comply with applicable laws, regulations, and legal processes

5. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Service Providers and Partners

We share information with trusted third-party service providers who assist us in operating the Service:

• OpenAI: We use OpenAI's services to analyze nutritional content and generate insights. Your meal data is processed by OpenAI's systems in accordance with their privacy policy and data processing agreements. OpenAI may be located outside Australia (primarily in the United States).
• Cloud Hosting Providers: We use cloud infrastructure providers to store and process data securely
• Analytics Services: We may use analytics providers to understand Service usage and improve user experience
• Payment Processors: If applicable, payment information is processed by secure third-party payment providers
• Email and Communication Services: For sending transactional emails and notifications

These service providers are contractually bound to protect your information and use it only for the specific purposes we authorize.

5.2 Legal Requirements

We may disclose your information if required by law or in response to:

• Subpoenas, court orders, or legal processes
• Requests from law enforcement or government authorities
• Legal obligations under Australian or international law
• Emergencies involving potential harm to individuals

5.3 Business Transfers

If Honour Health is involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such change and provide options regarding your information.

5.4 Aggregated and De-identified Data

We may share aggregated, de-identified, or anonymized data that cannot reasonably be used to identify you. This may include research findings, industry reports, or insights shared with partners or the public.

6. International Data Transfers

Your information may be transferred to and processed in countries outside Australia, including the United States and other jurisdictions where our service providers operate.

In accordance with APP 8 (Australian Privacy Principle 8), when we transfer your personal information overseas, we take reasonable steps to ensure that:

• The overseas recipient does not breach the Australian Privacy Principles
• We have contractual arrangements in place that require overseas recipients to protect your information
• The recipient country has substantially similar privacy protections to Australia, or
• You have consented to the transfer after being informed of the risks

Notably, your meal and health data may be processed by OpenAI in the United States for nutritional analysis purposes.

7. Data Security

We implement appropriate technical and organizational security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. These measures include:

• Encryption of data in transit and at rest
• Secure authentication and access controls
• Regular security assessments and audits
• Employee training on data protection and privacy
• Incident response and breach notification procedures
• Restricted access to personal information on a need-to-know basis

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information using industry-standard practices, we cannot guarantee absolute security.

You are responsible for maintaining the confidentiality of your account credentials. Please notify us immediately if you believe your account has been compromised.

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

8.1 Retention Periods

• Account Information: Retained while your account is active and for a reasonable period after account closure (typically up to 2 years) to comply with legal obligations and resolve disputes
• Health and Meal Data: Retained while your account is active for service provision. After account deletion, may be retained in anonymized or aggregated form for research and development purposes indefinitely
• Communication Records: Customer support communications retained for up to 3 years
• Usage and Technical Data: Typically retained for up to 2 years for analytics and service improvement
• Financial Records: Retained for 7 years in compliance with Australian tax and financial reporting requirements

8.2 Account Deletion

When you delete your account, we will:

• Delete or anonymize your personal information within a reasonable timeframe (typically 30 days)
• Retain certain information as required by law or for legitimate business purposes
• Maintain anonymized or aggregated data that cannot identify you for research purposes

9. Your Privacy Rights

Under Australian privacy law, you have the following rights regarding your personal information:

9.1 Right to Access

You have the right to request access to the personal information we hold about you. We will provide you with a copy of your information within a reasonable timeframe (typically 30 days).

9.2 Right to Correction

You have the right to request correction of any inaccurate, incomplete, or out-of-date personal information. You can update most of your information directly through your account settings.

9.3 Right to Deletion

You have the right to request deletion of your personal information, subject to certain exceptions (such as legal retention requirements). You can delete your account through the Service settings.

9.4 Right to Restrict Processing

You may request that we restrict or limit how we use your personal information in certain circumstances, such as when you contest the accuracy of the information.

9.5 Right to Data Portability

You may request a copy of your personal information in a structured, commonly used, machine-readable format for transfer to another service provider.

9.6 Right to Object

You have the right to object to certain processing of your information, including:

• Marketing communications (you can opt out at any time)
• Processing based on legitimate interests (we will cease unless we have compelling grounds to continue)

9.7 Right to Withdraw Consent

Where we process your information based on consent (particularly sensitive health information), you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing before withdrawal.

9.8 How to Exercise Your Rights

To exercise any of these rights, please contact us using the contact information provided in Section 14. We will respond to your request within 30 days.

We may require verification of your identity before processing certain requests. In some cases, we may charge a reasonable fee for processing complex or repetitive requests.

10. Cookies and Tracking Technologies

10.1 What Are Cookies

Cookies are small text files stored on your device that help us provide and improve the Service. We use both session cookies (which expire when you close your browser) and persistent cookies (which remain until deleted or expired).

10.2 Types of Cookies We Use

• Essential Cookies: Required for the Service to function properly (e.g., authentication, security)
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand how users interact with the Service
• Marketing Cookies: Used to deliver relevant advertisements (if applicable)

10.3 Managing Cookies

You can control and manage cookies through your browser settings. However, disabling certain cookies may affect the functionality of the Service. Most browsers allow you to:

• View and delete cookies
• Block third-party cookies
• Block all cookies
• Delete all cookies when you close your browser

10.4 Other Tracking Technologies

We may also use web beacons, pixels, and similar technologies to track user behavior and measure the effectiveness of our Service and communications.

11. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly.

12. Third-Party Links and Services

The Service may contain links to third-party websites, services, or resources that are not owned or controlled by Honour Health. This Privacy Policy does not apply to third-party websites or services.

We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services you access through our Service.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Service features. We will notify you of material changes by:

• Posting the updated Privacy Policy on the Service with a new "Last Updated" date
• Sending you an email notification (for significant changes)
• Displaying a prominent notice on the Service

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

For significant changes that affect how we handle sensitive health information, we may seek your renewed consent.

14. Contact Information and Complaints

14.1 Contact Us

If you have any questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about how we handle your personal information, please contact us at:

14.2 Privacy Complaints

If you have a complaint about how we have handled your personal information, please contact us first using the details above. We will:

• Acknowledge your complaint within 7 days
• Investigate the matter thoroughly
• Provide you with a response within 30 days
• Work with you to resolve the issue

14.3 Office of the Australian Information Commissioner (OAIC)

If you are not satisfied with our response to your privacy complaint, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

15. Consent to Collection and Use

By using the Service and providing your personal information (including sensitive health information), you consent to:

• The collection, use, and disclosure of your information as described in this Privacy Policy
• The processing of your health information for nutritional analysis and service provision
• The transfer of your information to overseas recipients (including OpenAI in the United States) for the purposes described in this Privacy Policy
• The use of your anonymized or aggregated data for research and development purposes

You can withdraw your consent at any time by contacting us or deleting your account, subject to our legal obligations and legitimate business interests.

16. Australian Privacy Principles Compliance

Honour Health is committed to complying with the 13 Australian Privacy Principles (APPs) outlined in the Privacy Act 1988 (Cth):

• APP 1: Open and transparent management of personal information
• APP 2: Anonymity and pseudonymity (where practicable)
• APP 3: Collection of solicited personal information
• APP 4: Dealing with unsolicited personal information
• APP 5: Notification of collection
• APP 6: Use or disclosure of personal information
• APP 7: Direct marketing
• APP 8: Cross-border disclosure of personal information
• APP 9: Adoption, use or disclosure of government related identifiers
• APP 10: Quality of personal information
• APP 11: Security of personal information
• APP 12: Access to personal information
• APP 13: Correction of personal information