Sign in

Home

Privacy policy

Last updated July 15, 2026

Your health data stays yours. We do not sell it, and you can ask us to export or delete it at any time.

Who we are

Labess is a personal health decision intelligence product at labess.app. This policy explains what we collect, why we collect it, and the choices you have.

What we collect

  • Account details you give us, such as your email address for magic-link sign in.
  • Health and activity data you choose to bring in: imports, connected services (for example Whoop), and facts you log in chat (meals, workouts, weight, steps, and similar readings).
  • Messages and images you send to the coach, used to parse logs and answer your questions.
  • Technical data needed to run the service: session cookies, basic request logs, and device or browser information.
  • If you use Labess AI, usage needed to operate and meter the built-in engine. If you bring your own API key, that key is stored encrypted for your account and used only to call the provider you chose.

How we use it

  • To sign you in and keep your session secure.
  • To store your readings, show them in Labess, and compute plan assessments and coaching from your own data.
  • To sync or import from sources you connect, and to show where each reading came from.
  • To send transactional email, such as sign-in codes.
  • To keep the product reliable and secure.

We do not use your health data to sell ads. We do not sell personal information.

AI processing

Coach turns, screenshot parsing, and similar features may send the content of a turn (and related context) to an AI provider so Labess can respond. With Labess AI, that runs on the product's built-in engine. With a bring-your-own key, it runs on the provider and model you configured. Provider processing is governed by that provider's terms and privacy policy as well as yours with Labess.

Integrations and third parties

When you connect a source (for example Whoop) or upload a file, we receive the data that connection or file provides, under your authorization. Those services have their own policies. Hosting, email delivery, and similar infrastructure providers process data only to run Labess for you.

Cookies and sessions

We use a signed session cookie so you stay signed in. We do not use advertising cookies.

Retention

We keep your account and health history while your account is active. Chat conversations older than 90 days may be deleted automatically. You can ask us to delete your account and associated data.

Your choices

  • Connect or disconnect integrations, and choose what you upload or log.
  • Ask for an export of your data.
  • Ask us to delete your account and associated data.
  • Stop using Labess and sign out at any time.

Security

We use encryption in transit, encrypt sensitive fields such as API keys and OAuth tokens at rest where the product stores them, and limit access to production systems. No method of transmission or storage is perfectly secure; if we learn of a breach that affects you, we will notify you as the law requires.

Children

Labess is not directed at children under 16. We do not knowingly collect their personal information.

Changes

If this policy changes in a material way, we will update the date above and, when appropriate, notify you in the product or by email.

Contact

Questions about privacy: hello@labess.app.