Privacy Policy

GLP-1 Support by Dr Onyx MD PhD  |  Effective date: April 7, 2026  |  Last updated: April 7, 2026

This Privacy Policy describes how Casa de Sante ("we", "us", or "our") collects, uses, stores, and shares information when you use the GLP-1 Support by Dr Onyx MD PhD mobile application (the "App") on iOS and Android devices.

By downloading or using the App you agree to the practices described in this policy. If you do not agree, please do not use the App.

1. About the App

GLP-1 Support is a personal wellness companion designed for people using GLP-1 routines. It helps users track medication schedules, nutrition, body metrics, workouts, and wellness notes. The App also offers optional AI-powered features such as meal plan generation, meal photo scanning, wellness reflections, health document extraction, and personalized workout programs.

The App is intended for informational and wellness-tracking purposes only. It is not a medical device and does not provide medical advice, diagnosis, or treatment.

2. Information We Collect

2.1 Information You Enter Directly

When you use the App you may enter the following information, which is stored locally on your device:

• Profile data — name, gender, height, weight, body composition, dietary restrictions, fitness level, and wellness goals entered during onboarding
• Medication / routine logs — medication name, dose, injection site, and timestamp
• Nutrition logs — meal name, protein, carbohydrates, fat, and calorie entries
• Workout logs — exercise name, sets, reps, weight, and notes
• Wellness / symptom notes — symptom descriptions, severity ratings, and free-text notes
• Body metric logs — weight, lean mass, fat mass, muscle mass, and body fat percentage
• Health documents — photos or PDFs of personal health documents uploaded for text extraction
• Manual health record entries — test name, value, unit, reference range, and date

2.2 Health Data from Apple HealthKit (iOS only)

On iOS, you may optionally connect Apple Health to import health metrics. When enabled, the App requests read access to the following HealthKit data types:

• Body mass (weight)
• Body fat percentage
• Lean body mass
• Height
• Body mass index (BMI)
• Step count
• Active energy burned
• Heart rate
• Dietary protein
• Dietary energy consumed (calories)
• Workouts

This data is used only to pre-fill your in-app wellness profile and reduce manual entry. It is stored locally on your device and is never uploaded to our servers or shared with third parties.

2.3 Health Data from Google Health Connect (Android only)

On Android, you may optionally connect Google Health Connect to import health metrics. When enabled, the App requests read access to the following Health Connect data types:

Permission	Data type	Purpose
READ_WEIGHT	Body weight	Pre-fill weight in wellness profile and weight tracking log
READ_BODY_FAT	Body fat percentage	Pre-fill body composition in wellness profile
READ_LEAN_BODY_MASS	Lean body mass	Pre-fill body composition in wellness profile
READ_NUTRITION	Dietary protein and calories	Complement in-app nutrition logs
READ_EXERCISE	Exercise sessions / workouts	Complement in-app workout logs

Health Connect data is stored locally on your device only. It is never uploaded to our servers, never shared with third parties, and never used for advertising or analytics. You can disable Health Connect sync at any time from the App's Settings screen.

2.4 Camera and Photo Library

The App requests camera and photo library access for two optional features:

• Meal photo scanning — take or select a photo of a meal to automatically estimate nutritional content via AI
• Health document scanning — take or select a photo or PDF of a personal health document to extract text notes

Photos are processed in the moment and are not stored permanently by the App. On Android, the App uses the system photo picker, which does not require broad media storage permissions.

2.5 Authentication Data (Google Sign-In)

The App supports optional Google Sign-In for account creation. When you sign in with Google, we receive your Google account email address and display name. This information is used solely to create and identify your account within the App. We do not access your Google contacts, Google Drive, or any other Google services.

2.6 Push Notifications

If you enable medication reminders or progress alerts during onboarding, the App requests permission to send push notifications. Notification preferences can be changed at any time in your device settings or within the App's Settings screen.

2.7 Information We Do Not Collect

• We do not collect precise location data
• We do not collect device identifiers for advertising purposes
• We do not use third-party analytics SDKs
• We do not track your behavior across other apps or websites
• We do not sell your data to any third party

3. How We Use Your Information

Data	How it is used
Profile & onboarding data	Personalize your dashboard, calculate wellness metrics (BMI, protein targets), and generate AI features tailored to your profile
Health Connect / HealthKit data	Pre-fill your wellness profile; display body metric trends
Medication, nutrition, workout, symptom logs	Display your personal history, streaks, and progress within the App
Meal photos / document images	Sent to OpenAI's API to extract nutritional information or document text (see Section 4)
Google account email / name	Identify your account and allow sign-in

4. Third-Party Services

4.1 OpenAI (AI Features)

The following optional features send data to OpenAI's API for processing:

• Meal photo scanning — an image of your meal is sent to OpenAI to estimate macronutrient content
• AI meal plan generation — your dietary preferences, protein target, and restrictions are sent to OpenAI to generate a suggested meal plan
• Wellness reflections — your logged symptom name, severity, and optional notes are sent to OpenAI to generate non-clinical wellness reflections
• Health document extraction — an image or PDF of a personal health document is sent to OpenAI to extract text
• AI workout program generation — your fitness level, goals, and schedule preferences are sent to OpenAI to generate a workout program
• AI coach chat — messages you type in the coach chat are sent to OpenAI for a response

All AI features are initiated manually by you — no data is sent to OpenAI automatically in the background. Health Connect or HealthKit data is never sent to OpenAI. Data sent to OpenAI is subject to OpenAI's Privacy Policy.

4.2 Google Sign-In / Firebase Authentication

Sign-in is handled via Google Sign-In and Firebase Authentication. Your authentication data is subject to Google's Privacy Policy and Firebase's Privacy Policy.

4.3 Apple HealthKit (iOS)

Data read from Apple HealthKit is governed by Apple's HealthKit framework policies. HealthKit data will not be used for advertising or sold to data brokers.

4.4 Google Health Connect (Android)

Data read from Google Health Connect is used exclusively within the App for the purposes declared in Section 2.3. Health Connect data is not used for advertising, is not sold, and is not shared with any third party other than as described in this policy.

5. Data Storage and Security

The vast majority of your data — including all health logs, wellness notes, medication records, and imported health metrics — is stored locally on your device using encrypted on-device storage. This data is not transmitted to Casa de Sante servers.

Authentication data (email address) associated with your Google Sign-In account is stored securely using Firebase Authentication, which uses industry-standard encryption in transit and at rest.

We implement reasonable technical and organizational measures to protect your information. However, no method of electronic storage is 100% secure and we cannot guarantee absolute security.

6. Data Retention and Deletion

Locally stored data (logs, notes, health metrics) remains on your device until you delete the App or manually reset your data from the App's Settings screen.

If you created an account using Google Sign-In, you may request deletion of your authentication data by contacting us at Casa@casadesante.com. We will process deletion requests within 30 days.

Data sent to OpenAI for AI feature processing is subject to OpenAI's data retention policies. OpenAI does not use API-submitted data to train its models by default.

7. Children's Privacy

The App is not directed at children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children. If you believe a child has provided personal information through the App, please contact us and we will promptly delete it.

8. Your Rights

Depending on your location, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Withdraw consent at any time (e.g. disable Health Connect or HealthKit sync)
• Lodge a complaint with your local data protection authority

To exercise any of these rights, contact us at Casa@casadesante.com.

9. International Data Transfers

If you use AI features, data you submit is processed by OpenAI, which operates in the United States. By using AI features, you consent to your data being transferred to and processed in the United States, which may have different data protection laws than your country of residence.

10. California Privacy Rights (CCPA)

If you are a California resident, you have the right to know what personal information we collect, the right to request deletion of your personal information, and the right to opt out of the sale of your personal information. We do not sell personal information. To exercise your rights, contact us at Casa@casadesante.com.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. We encourage you to review this page periodically. Continued use of the App after changes are posted constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us: