Privacy Policy

Last updated: April 12, 2026

Introduction

HeatherAI ("we," "us," or "our") is operated by Many Brains, Inc., located in Westport, CT. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the HeatherAI application at ai.heatherbauer.com and our marketing website at getheatherai.com (together, the "Service").

By using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.

Information We Collect

Account Information

When you create an account, we collect:

  • Name and email address
  • Mobile phone number (optional, for SMS notifications)
  • Profile picture (optional)
  • Date of birth, gender, and location

Health & Nutrition Data

To provide personalized coaching, we collect health-related information you choose to share:

  • Current weight, target weight, and height
  • Health goals and dietary preferences
  • Dietary restrictions and food allergies
  • Medical conditions and medications (including GLP-1 medication status)
  • Behavioral triggers and eating patterns
  • Exercise preferences and goals

Coaching & Conversation Data

When you use HeatherAI's coaching features, we collect:

  • Chat messages between you and HeatherAI
  • Photos you upload (meals, menus, grocery items, nutrition labels)
  • Meal logs, beverage tracking, and weight entries
  • Session metadata (timestamps, message counts)

AI-Generated Coaching Profiles

HeatherAI automatically generates coaching profiles based on your conversations and activity. These include synthesized summaries of your background, motivations, behavioral patterns, and coaching preferences. These profiles are used solely to improve the personalization and quality of your coaching experience.

Usage & Analytics Data

We automatically collect:

  • Login and session activity
  • Device type and browser information
  • Pages visited and features used
  • Analytics data via Google Analytics and Microsoft Clarity (see "Analytics" below)

How We Use Your Information

We use your information to:

  • Provide coaching: Deliver personalized nutrition guidance, meal plans, and behavioral coaching through the HeatherAI platform
  • Improve personalization: Build and refine your coaching profile so HeatherAI can adapt to your goals, triggers, and patterns over time
  • Analyze food and images: Process photos you upload to identify foods, estimate nutritional content, and provide meal guidance
  • Generate insights: Analyze your health data to identify trends, patterns, and coaching opportunities
  • Communicate with you: Send coaching check-ins, notifications, and personalized video coaching
  • Improve the Service: Analyze aggregate usage patterns to improve HeatherAI's coaching quality and features
  • Process payments: Manage subscriptions and billing for paid plans

Third-Party Services

We use the following third-party services to operate HeatherAI:

AI Processing

Your chat messages and uploaded images are processed by third-party AI services (currently OpenAI) to generate coaching responses, analyze food photos, and estimate nutritional content. These services process your data according to their own privacy policies and data processing agreements. We do not use your data to train third-party AI models.

Cloud Infrastructure

Your data is stored on Amazon Web Services (AWS) infrastructure, including DynamoDB (database), S3 (file storage), and Cognito (authentication). All data is encrypted in transit and at rest.

Analytics

Our marketing website uses Google Analytics (GA4) and Microsoft Clarity to understand how visitors interact with our pages. These services collect anonymized usage data including pages visited, time on site, and general device/browser information. Microsoft Clarity may record anonymized session replays. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

Error Monitoring

We use Sentry for error tracking to identify and fix technical issues. Error reports may include anonymized technical context but do not contain your personal health data or conversation content.

Data Sharing

We do not sell your personal information. We share your data only in these circumstances:

  • Third-party service providers: As described above, to operate the Service
  • AI + Human Coach sessions: If you subscribe to the AI + Human Coach plan, your coaching profile and relevant health information will be shared with the registered dietitian assigned to your sessions
  • Legal requirements: If required by law, subpoena, or legal process
  • Safety: If we believe disclosure is necessary to protect the safety of you or others
  • Business transfers: In connection with a merger, acquisition, or sale of assets

Data Retention

We retain your account and coaching data for as long as your account is active. This includes your conversation history, uploaded images, health data, and coaching profiles. Retaining this data is essential to HeatherAI's ability to provide personalized, longitudinal coaching.

If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or compliance purposes. Anonymized, aggregated data that cannot be linked back to you may be retained indefinitely to improve the Service.

Data Security

We implement industry-standard security measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS) and at rest (AWS encryption)
  • Authentication via AWS Cognito with secure token management
  • Access controls limiting data access to authorized services
  • Regular security monitoring via Sentry

No system is 100% secure. While we take reasonable steps to protect your information, we cannot guarantee absolute security.

Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate personal data
  • Deletion: Request deletion of your personal data
  • Portability: Request your data in a portable format
  • Opt-out: Opt out of SMS or email communications at any time

To exercise any of these rights, contact us at support@heatherbauer.com.

California Residents

Under the California Consumer Privacy Act (CCPA), California residents have additional rights including the right to know what personal information is collected, the right to delete personal information, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your CCPA rights, contact us at support@heatherbauer.com.

Children's Privacy

HeatherAI is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

Health Data Disclaimer

HeatherAI is a nutrition coaching tool, not a medical device or healthcare provider. We are not currently a HIPAA-covered entity, though we are actively working toward HIPAA-compliant infrastructure as part of our longer-term plan to serve clinical and payer-covered care pathways. Regardless of formal status, we apply industry-standard security measures — encryption in transit and at rest, access controls, and secure authentication — to all user data, including health-related information.

The health information you share is used solely to personalize your coaching experience. HeatherAI is not a substitute for professional medical advice, diagnosis, or treatment. Always consult with a qualified healthcare professional regarding medical conditions or medications.

Historical Coaching Material

HeatherAI's coaching methodology was developed using historical material from Heather Bauer's 25-year nutrition practice. Before any of this material was used in building the AI, it was fully de-identified — names, phone numbers, and any other personally identifiable information were removed. The AI is trained on patterns of how Heather coaches, not on individual conversations or records. No content from any past client is reproduced, attributed, or made identifiable in HeatherAI's responses.

If you were a past client of Heather Bauer's practice and have questions about how historical material has been handled, please contact us at support@heatherbauer.com.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or your personal data, contact us at:

Many Brains, Inc.
21 Bridge Square, Westport, CT 06880
support@heatherbauer.com