Privacy Policy
Last updated: June 30, 2026
Introduction
HeatherAI ("we," "us," or "our") is operated by Many Brains, Inc., located in Westport, CT. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the HeatherAI application at ai.heatherbauer.com and our marketing website at getheatherai.com (together, the "Service").
By using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.
Information We Collect
Account Information
When you create an account, we collect:
- Name and email address
- Mobile phone number (optional, for SMS notifications)
- Profile picture (optional)
- Date of birth, gender, and location
Health & Nutrition Data
To provide personalized coaching, we collect health-related information you choose to share:
- Current weight, target weight, and height
- Health goals and dietary preferences
- Dietary restrictions and food allergies
- Medical conditions and medications (including GLP-1 medication status)
- Behavioral triggers and eating patterns
- Exercise preferences and goals
Coaching & Conversation Data
When you use HeatherAI's coaching features, we collect:
- Chat messages between you and HeatherAI
- Photos you upload (meals, menus, grocery items, nutrition labels)
- Meal logs, beverage tracking, and weight entries
- Session metadata (timestamps, message counts)
AI-Generated Coaching Profiles
HeatherAI automatically generates coaching profiles based on your conversations and activity. These include synthesized summaries of your background, motivations, behavioral patterns, and coaching preferences. These profiles are used solely to improve the personalization and quality of your coaching experience.
Usage & Analytics Data
We automatically collect:
- Login and session activity
- Device type and browser information
- Pages visited and features used
- Analytics data via Google Analytics and Microsoft Clarity (see "Analytics" below)
How We Use Your Information
We use your information to:
- Provide coaching: Deliver personalized nutrition guidance, meal plans, and behavioral coaching through the HeatherAI platform
- Improve personalization: Build and refine your coaching profile so HeatherAI can adapt to your goals, triggers, and patterns over time
- Analyze food and images: Process photos you upload to identify foods, estimate nutritional content, and provide meal guidance
- Generate insights: Analyze your health data to identify trends, patterns, and coaching opportunities
- Communicate with you: Send coaching check-ins, notifications, and personalized video coaching
- Improve the Service: Analyze aggregate usage patterns to improve HeatherAI's coaching quality and features
- Process payments: Manage subscriptions and billing for paid plans
Third-Party Services
We use the following third-party services to operate HeatherAI. We require every third-party provider with whom we share user data to protect that data to the same or a higher standard than described in this policy, and to use it only to provide services to us:
AI Processing
Your chat messages and uploaded images are processed by third-party AI services (currently OpenAI) to generate coaching responses, analyze food photos, and estimate nutritional content. These services process your data according to their own privacy policies and data processing agreements. We do not use your data to train third-party AI models.
Cloud Infrastructure
Your data is stored on Amazon Web Services (AWS) infrastructure, including DynamoDB (database), S3 (file storage), and Cognito (authentication). All data is encrypted in transit and at rest.
Analytics
Our marketing website uses Google Analytics (GA4) and Microsoft Clarity to understand how visitors interact with our pages. These services collect anonymized usage data including pages visited, time on site, and general device/browser information. Microsoft Clarity may record anonymized session replays. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
Error Monitoring & Product Analytics
We use Sentry to detect and diagnose technical errors. Error reports may include account identifiers (such as your user ID and email) and limited technical context, and Sentry may record anonymized session replays in which text is masked and media is blocked. We configure these tools to avoid capturing your health data, and we do not use them for advertising or marketing.
The HeatherAI app also sends basic product-usage events (such as sign-in, session start, and feature usage) to our own servers to help us understand how the Service is used and improve it. This first-party usage data is not shared with third-party advertising or analytics networks.
Data Sharing
We do not sell your personal information, and we never use or disclose your health, nutrition, or coaching data for advertising, marketing, or use-based data mining, whether by us or by any third party. We share your data only in these circumstances:
- Third-party service providers: As described above, to operate the Service
- AI + Human Coach sessions: If you subscribe to the AI + Human Coach plan, your coaching profile and relevant health information will be shared with the registered dietitian assigned to your sessions
- Legal requirements: If required by law, subpoena, or legal process
- Safety: If we believe disclosure is necessary to protect the safety of you or others
- Business transfers: In connection with a merger, acquisition, or sale of assets
Data Retention
We retain your account and coaching data for as long as your account is active. This includes your conversation history, uploaded images, health data, and coaching profiles. Retaining this data is essential to HeatherAI's ability to provide personalized, longitudinal coaching.
You can delete your account at any time by emailing us at support@heatherbauer.com. When you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or compliance purposes. Anonymized, aggregated data that cannot be linked back to you may be retained indefinitely to improve the Service.
Data Security
We implement industry-standard security measures to protect your data, including:
- Encryption in transit (TLS/HTTPS) and at rest (AWS encryption)
- Authentication via AWS Cognito with secure token management
- Access controls limiting data access to authorized services
- Regular security monitoring via Sentry
No system is 100% secure. While we take reasonable steps to protect your information, we cannot guarantee absolute security.
Your Rights
Depending on your location, you may have the following rights:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate personal data
- Deletion: Request deletion of your personal data
- Portability: Request your data in a portable format
- Opt-out: Opt out of SMS or email communications at any time
To exercise any of these rights, contact us at support@heatherbauer.com.
California Residents
Under the California Consumer Privacy Act (CCPA), California residents have additional rights including the right to know what personal information is collected, the right to delete personal information, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your CCPA rights, contact us at support@heatherbauer.com.
Children's Privacy
HeatherAI is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.
Health Data Disclaimer
HeatherAI is a nutrition coaching tool, not a medical device or healthcare provider. We are not currently a HIPAA-covered entity, though we are actively working toward HIPAA-compliant infrastructure as part of our longer-term plan to serve clinical and payer-covered care pathways. Regardless of formal status, we apply industry-standard security measures — encryption in transit and at rest, access controls, and secure authentication — to all user data, including health-related information.
The health information you share is used solely to personalize your coaching experience. HeatherAI is not a substitute for professional medical advice, diagnosis, or treatment. Always consult with a qualified healthcare professional regarding medical conditions or medications.
Historical Coaching Material
HeatherAI's coaching methodology was developed using historical material from Heather Bauer's 25-year nutrition practice. Before any of this material was used in building the AI, it was fully de-identified — names, phone numbers, and any other personally identifiable information were removed. The AI is trained on patterns of how Heather coaches, not on individual conversations or records. No content from any past client is reproduced, attributed, or made identifiable in HeatherAI's responses.
If you were a past client of Heather Bauer's practice and have questions about how historical material has been handled, please contact us at support@heatherbauer.com.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.
Contact Us
If you have questions about this Privacy Policy or your personal data, contact us at:
Many Brains, Inc.
21 Bridge Square, Westport, CT 06880
support@heatherbauer.com