What we collect
We collect the following categories of data when you use HEYLZY:
- Account data: Name, email address, password (hashed), gender (optional)
- Wellness logs: Mood, sleep, energy, stress, hydration, nutrition, fitness activity
- Health profile: Age range, conditions (optional), fitness level, nutrition goals
- Women's wellness: Menstrual cycle dates, symptoms, fertility data (only when you opt in to Luna)
- Usage data: Pages visited, features used, session length (no advertising use)
- Device data: Browser type, operating system (for compatibility)
How we use your data
Your data is used exclusively to provide and improve the HEYLZY service:
- To provide personalised AI coaching and wellness insights
- To show you your own wellness trends and analytics
- To send you important account and billing notifications
- To maintain and improve platform reliability and performance
We never sell your data. We never use your health data for advertising.
How we protect your data
- All data is transmitted over TLS (HTTPS)
- Passwords are hashed using bcrypt — we cannot see your password
- Health data is stored on HIPAA-compliant infrastructure
- We do not share your personal health data with third parties
- Face descriptors and biometric data (if enrolled) are encrypted at rest
Women's wellness data (Luna)
Menstrual cycle, symptom, and fertility data is among the most sensitive personal data there is. For Luna users:
- You must give explicit consent before Luna collects any data
- This data is never shared with employers, insurers, or third parties
- You can delete all Luna data at any time from Profile → Women's Wellness → Delete All Data
- Deleting Luna data does not affect your main account
Third-party services
We use the following third-party services:
- Stripe / Razorpay: Payment processing (we never see your full card number)
- OpenAI / Anthropic: AI coaching responses (messages are processed but not used to train models)
- Email provider: Transactional emails (account, billing notifications only)
Your rights
You have the right to:
- Access: Download all your data from Settings → Data Export
- Delete: Request full account deletion at any time — we delete your data within 30 days
- Correct: Update any inaccurate information from your Profile settings
- Withdraw consent: Stop using any feature and delete its associated data independently
For EU/UK residents (GDPR), you also have rights to restriction of processing and data portability. Email privacy@heylzy.com to exercise these rights.
Data retention
We retain your data for as long as your account is active. On account deletion, all personal data is deleted within 30 days. Billing records are retained for 7 years as required by law (anonymised where possible).