HAVIT Privacy Policy
Introduction
AI CONNECT Inc. ("HAVIT," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, store, use, disclose, and safeguard your personal data when you use the HAVIT mobile application, websites (including aihavit.com), and all related services, features, and content (collectively, the "Services").
Service Provider:
AI CONNECT Inc.
B-426, Daesung D-Polis, 606, Seobusaet-gil,
Geumcheon-gu, Seoul, 08504, Republic of Korea
Business Registration No.: 306-86-03160
E-Commerce Registration No.: 2024-Seoul Geumcheon-1855
Representative: Ryan Yun
Contact: privacy@aiconnects.me
For the purposes of this Privacy Policy, AI CONNECT Inc. acts as the Data Controller of your personal data.
Any translation of the English version of this Privacy Policy is provided solely for your convenience. In case of any differences between the English version and any other translation, the English version shall prevail and shall be the only legally binding version.
If you do not want us to process your personal data as it is described in this Privacy Policy, please do not use our Services.
US State Supplements:
- If you are a resident of the U.S. State of California, please see our California Notice at Collection and Privacy Notice (Section 16.2).
- If you are a resident of the U.S. State of Connecticut, Colorado, or Commonwealth of Virginia, please see our U.S. State Privacy Supplement (Section 16.3).
1. What Personal Data We Collect and Why
When you use our Services, we collect the following data about you:
1.1 Account & Profile Information
| Purpose of collection and processing | Data categories | Collection means | Legal basis |
|---|---|---|---|
| To create and manage your account with HAVIT | Nickname/display name, email address, country/region of residence, preferred language/locale, unique user ID, device data, subscription data | You provide it to us; preferred language is detected from your device settings or selected by you; unique user ID assigned automatically; device data collected automatically | Contract |
| We match the data about you with user ID as a means of pseudonymization | User ID | We generate it automatically | Legitimate interest |
1.2 Onboarding Questionnaire Data
| Purpose of collection and processing | Data categories | Collection means | Legal basis |
|---|---|---|---|
| To provide AI body composition estimation and personalized wellness plans (core features of the App) | Date of birth, biological sex, height, weight, waist circumference (if provided), visual body type selection, ethnic background, target weight, weight management goals, motivation factors, past diet experiences, challenges faced | You provide it to us during onboarding questionnaire (Q1–Q30) | Contract; Consent for special category data (see Section 7) |
| To assess your lifestyle habits and generate your personalized S-L-M profile (Body type / Lifestyle / Medical classification) | Activity levels (daily movement, exercise frequency, exercise types), sleep patterns (average hours, quality), dietary habits (meal frequency, eating patterns, ultra-processed food consumption, late-night eating), hydration patterns, stress levels, alcohol consumption frequency | You provide it to us during onboarding questionnaire (Q1–Q30) | Contract; Consent for special category data |
1.3 Health Information (Sensitive Data)
IMPORTANT: This category requires your explicit, separate consent before collection. See Section 7 for details.
| Purpose of collection and processing | Data categories | Collection means | Legal basis |
|---|---|---|---|
| AI body composition estimation and risk classification | Ethnic background (for body composition model calibration using ethnicity-specific thresholds) | You provide it to us | Explicit consent for special category data |
| Personalized safety guidance and medication-aware recommendations (M-Type classification: M0/M1/M2) | Health conditions (metabolic conditions, cardiovascular conditions, hormonal conditions, musculoskeletal conditions), GLP-1 agonist usage status, medication duration, side effects experienced | You provide it to us | Explicit consent for special category data |
| Safety screening and appropriate content filtering | Allergies, eating disorder history | You provide it to us | Explicit consent for special category data |
1.4 User-Generated Tracking Logs
| Purpose of collection and processing | Data categories | Collection means | Legal basis |
|---|---|---|---|
| Meal tracking and nutritional analysis | Food photos (uploaded for AI nutritional analysis), meal type (breakfast/lunch/dinner/snack), meal time, estimated calories, estimated protein/carb/fat/fiber intake, ultra-processed food indicators, emotional eating indicators | You provide meal photos, meal type, and meal time; calorie and nutrient values are estimated by our AI service from your food photos (see Section 2) | Contract |
| Exercise and movement tracking | Exercise category, specific exercise type, duration (minutes), MET value, self-reported efficiency/intensity/mood ratings, calculated calories burned | You provide exercise type, duration, and self-reported ratings; MET value is assigned automatically based on exercise type; calories burned are calculated automatically by our system using your body weight, MET value, duration, and self-reported ratings | Contract |
| Step tracking | Daily step count, sync time, estimated calories from steps | Collected automatically from device sensors or synced from connected health apps (Apple HealthKit / Google Health Connect); calories from steps are calculated automatically by our system | Contract |
| Water and hydration tracking | Beverage type, volume consumed (ml), hydration ratio | You provide beverage type and volume; hydration ratio is calculated automatically by our system based on the beverage type | Contract |
| Sleep tracking | Sleep duration (hours), sleep quality (1–5 scale), bedtime, wake time | You provide it to us manually, or sleep duration/bedtime/wake time are synced automatically from connected health apps (Apple HealthKit / Google Health Connect) | Contract |
| Weight tracking | Body weight measurements, measurement date | You provide it to us | Contract |
| Fasting tracking | Fasting start/end time, fasting duration, fasting type | You provide fasting start/end time and fasting type; fasting duration is calculated automatically by our system | Contract |
| Feeling and mood tracking | Feeling score (1–5), stress level (1–5), notes | You provide it to us | Contract |
1.5 Havi AI Coach Data
IMPORTANT: This section describes how your data is used by our AI coaching features. See Section 2 for detailed information about AI data processing.
| Purpose of collection and processing | Data categories | Collection means | Legal basis |
|---|---|---|---|
| AI coaching safeguards to prevent harm and personalize responses | Your name, S-L-M profile type, current achievement rates, streak days, current mood, all tracking logs (meal, exercise, steps, water, sleep, weight, fasting, feeling), health conditions, medication status (M-Type), target calories/protein/hydration/steps/sleep goals, weight predictions, body composition estimates (such as BMI, body fat percentage, muscle mass, visceral fat level, waist circumference, metabolic rate), health and wellness scores (such as Health Score, Biological Age), lifestyle wellness indicators, and your selected AI coach character preference | Collected from your account data and tracking logs; provided as context to AI service | Contract; Consent for special category data |
| Messages exchanged with Havi AI coach | Conversation content (your questions, AI responses), conversation history within session | You provide it to us | Contract |
1.6 Gamification & Engagement Data
| Purpose of collection and processing | Data categories | Collection means | Legal basis |
|---|---|---|---|
| To provide gamification features (quests, challenges, avatar system) | Quest completions, challenge participation status, challenge verification photos (workout selfies, meal prep photos, weigh-in screenshots, activity completion evidence), achievement badges | You provide it to us or collected automatically based on your activity | Contract |
| To calculate and display engagement metrics | Power Score (composite of health score and engagement), XP points, streaks, avatar level, avatar customizations | Calculated automatically from your activity data | Contract |
| To provide social and community features | Follows, nudges, leaderboard participation, public profile display (username, avatar, streak count, XP, step count) | You provide it to us or collected automatically | Contract |
1.7 Connected Services Data
| Purpose of collection and processing | Data categories | Collection means | Legal basis |
|---|---|---|---|
| To sync health data from your device | Steps, active energy, sleep analysis, workouts (from Apple HealthKit or Google Health Connect) | Synced with your explicit permission via system prompt | Consent |
| To enable Havi coach communication via messaging apps | Phone number, message content (for WhatsApp integration) | You provide it to us | Contract |
1.8 Social Login Data
If you register or log in using third-party authentication services, we receive:
| Provider | Data received |
|---|---|
| Apple | Display name, phone number, email address (or Apple's private relay email), profile nickname, profile image |
| Kakao | Display name, phone number, Kakao account ID, email address, profile nickname, profile image |
| LINE | Display name, phone number, LINE user ID, email address, profile nickname, profile image |
| Display name, phone number, Facebook user ID, email address, profile nickname, profile image |
We access only the data necessary for authentication. We do not access your social media contacts, posts, or activity beyond authentication, and we do not post to your social media accounts without explicit permission.
1.9 Technical Data
| Purpose of collection and processing | Data categories | Collection means | Legal basis |
|---|---|---|---|
| To operate, maintain, and improve the Services | Device type, operating system, app version, IP address, connection type, app interactions, feature usage, session duration | Collected automatically | Legitimate interest |
| For US users: tax calculation purposes | Zip/Post Code | You provide it to us or collected automatically | Legal obligation |
Note about access to camera. When uploading food photos or challenge verification photos, you grant permission to access your camera or photo library via a system prompt. You can revoke this permission anytime in your device settings:
- iOS: Go to Settings > Privacy > Camera/Photos, then toggle permissions for HAVIT.
- Android: Go to Settings > Apps > HAVIT > Permissions, then select "Allow" or "Don't allow."
Note about payment data. When you make payments through the Services, you provide payment data to our third-party payment processors. We do not collect or store full credit card numbers, though we may receive limited information including redacted card data (secure token), purchase details, date/time/amount, and payment method type.
Aggregated information. We may aggregate, anonymize, or de-identify your personal data so that it cannot be reasonably used to identify you. We may use such data for statistical purposes, academic research, or to improve our Services. For example, we may share general demographic information and aggregate statistics about certain activities or health patterns in articles, blog posts, and scientific publications.
2. AI-Powered Features and Third-Party AI Data Sharing
IMPORTANT: This section explains what personal data is sent to third-party AI services, who receives it, and how it is used. Your explicit consent is required before any data is shared with these services.
2.1 AI Service Providers
We use the following third-party AI services to power features of the App:
| Provider | Role | Purpose | Data protection |
|---|---|---|---|
| Anthropic (Claude) — USA | Data Processor | Primary AI engine for Havi coach conversations, body composition diagnostic insights, personalized coaching messages, and nutritional analysis | Anthropic's Data Processing Agreement; data not used for model training; data deleted after processing |
| OpenAI — USA | Data Processor | Supplementary AI engine for specific coaching scenarios and natural language processing | OpenAI's Data Processing Agreement (API/Business tier); zero data retention policy; data not used for model training |
| Google — USA | Data Processor | AI features for specific analytical functions | Google Cloud Data Processing Terms; data not used for model training; data processed in accordance with their DPA |
2.2 What Data is Sent to AI Services
When you interact with Havi AI coach or use AI-powered features, the following data is sent to our AI service providers as context to generate personalized responses:
Category A — Profile Context (sent with each AI interaction):
- Your display name and preferred language
- Biological sex, age, height (cm), current weight (kg)
- Ethnic background classification (for ethnicity-specific health thresholds)
- AI-estimated body composition metrics (such as BMI, body fat percentage, muscle mass, visceral fat level, waist circumference, metabolic rate)
- Health and wellness scores (such as Health Score, Biological Age)
- S-L-M profile classification (body type / lifestyle pattern / medical-medication status)
- M-Type medication status (M0: no medication, M1: active GLP-1, M2: past GLP-1)
- Target weight, target calories, target protein, target hydration, target steps, target sleep hours
- Current Power Score, streak days, achievement rate
- Other system-generated wellness indicators and classifications used to personalize coaching
Category B — Tracking Log Context (sent when relevant to the coaching scenario):
- Recent meal logs (meal type, estimated calories, estimated protein/carb/fat/fiber, meal time, ultra-processed food indicators, emotional eating indicators)
- Recent exercise logs (exercise category, exercise type, duration, calories burned, mood/efficiency/intensity ratings)
- Recent step count data
- Recent water intake data (volume, beverage type, hydration ratio)
- Recent sleep data (hours, quality, bedtime/wake time)
- Recent weight measurements and trends
- Recent fasting logs (duration, type)
- Recent feeling/mood logs (feeling score, stress level)
Category C — Conversation Content (sent during chat interactions):
- Your current message/question to Havi
- Conversation history within the current session
- Quick Reply selections
Category D — Food Photos (sent during meal logging):
- Food/meal photos you upload are sent to AI services for nutritional analysis
- Photos are processed in real-time for calorie and nutrient estimation
- Photos are not retained by AI service providers after processing
2.3 How AI Processing Works
- When you interact with Havi or use AI features, your input is sent to our servers.
- Our servers assemble relevant context (Categories A–D above) based on the specific coaching scenario.
- The assembled data is sent to the AI service provider via encrypted API connection.
- The AI service generates a response based on this context.
- The response is returned to our servers, validated for safety, and delivered to you through the App.
While communicating with Havi, do not provide any information that may directly identify you or any other people beyond what is already in your profile.
2.4 How AI Providers Handle Your Data
- No model training: Your personal data is NOT used by any AI provider to train, improve, or fine-tune their AI models. We use API/Business-tier agreements that contractually prohibit this.
- No data retention by AI providers: AI providers process your data in real-time and do not retain your personal data after generating a response, except for temporary processing logs (typically deleted within 30 days) required for abuse monitoring and service reliability.
- Encryption: All data transmitted to AI providers is encrypted in transit using TLS 1.3.
- Contractual safeguards: Each AI provider is bound by a Data Processing Agreement (DPA) that requires them to provide protection standards equivalent to or exceeding those described in this Privacy Policy.
2.5 Your Consent and Control
- Explicit consent required: Before your data is shared with any AI service provider, we obtain your explicit consent through a dedicated in-app consent screen during onboarding (separate from general Terms of Service acceptance).
- Withdraw consent: You can withdraw your consent for AI data sharing at any time by contacting us at privacy@aiconnects.me. Withdrawing consent will disable AI-powered features including Havi coach conversations, AI nutritional analysis from food photos, and personalized coaching messages.
- Delete conversations: You can delete all your Havi conversation history at any time by contacting us at privacy@aiconnects.me.
2.6 HAVIT Staff Access to AI Conversations
HAVIT staff may read, access, and process anonymized chat communications with Havi to improve the product and check that it communicates properly. We take measures to protect your confidentiality during that process: our staff have no access to information about the specific account that is communicating with Havi. Food photos uploaded in communications with Havi may be used for quality assurance after delinking the photos from your personal identifiers.
3. Inferences and Calculated Data
Based on information you provide, we generate the following derived metrics. These calculations are performed on our servers (not by AI providers). The resulting values are used to personalize your experience and are shared with AI service providers as part of your Profile Context (see Section 2.2, Category A) to enable personalized coaching responses:
3.1 Body Composition Estimates
| Metric | Description | Input data used |
|---|---|---|
| Body Fat Percentage (PBF) | AI-estimated body fat percentage | Height, weight, age, sex, ethnic background, lifestyle survey responses |
| Skeletal Muscle Mass (SMM) | AI-estimated skeletal muscle mass | Height, weight, age, sex, ethnic background, lifestyle survey responses |
| Visceral Fat Level (VFL) | AI-estimated visceral fat level | Height, weight, age, sex, ethnic background, waist circumference estimate |
| Waist Circumference (WC) | AI-estimated waist circumference | Height, weight, age, sex, ethnic background, visual body type |
| Waist-to-Height Ratio (WHtR) | Calculated from estimated WC and height | WC estimate, height |
| Basal Metabolic Rate (BMR) | Estimated daily caloric expenditure at rest | Height, weight, age, sex |
| Body Mass Index (BMI) | Standard BMI calculation | Height, weight |
3.2 Health and Wellness Scores
| Metric | Description |
|---|---|
| Health Score (0–100) | Comprehensive health indicator based on body composition and lifestyle factors |
| Biological Age | Estimated biological age based on body composition and lifestyle patterns |
| Power Score | Composite score combining health score, engagement metrics, and streak data |
| CID Code | Body composition classification type (combining BMI range + muscle-fat balance) |
3.3 Personalized Targets (10 Quantitative Prescriptions)
| # | Target | Description |
|---|---|---|
| 1 | Daily calorie target (kcal) | Based on BMR, activity score, M-Type, and weight goal |
| 2 | Protein intake target (g) | Based on body weight and activity level |
| 3 | Carbohydrate target (g) | Balanced macronutrient distribution |
| 4 | Fat intake target (g) | Balanced macronutrient distribution |
| 5 | Dietary fiber target (g) | Based on calorie target |
| 6 | Daily step count target | Based on current activity level and goals |
| 7 | Exercise calorie burn target (kcal) | Based on activity score and weight goal |
| 8 | Daily hydration target (L) | Based on body weight and activity level |
| 9 | Sleep duration target (hours) | Based on age and lifestyle assessment |
| 10 | Weekly weigh-in target | Frequency recommendation based on program phase |
3.4 Profile Classifications
| Classification | Description |
|---|---|
| S-Type (S1–S7) | Body type classification based on BMI and body composition |
| L-Priority | Lifestyle problem priority (e.g., L_Nutrition, L_Activity, L_Sleep) |
| M-Type (M0/M1/M2) | Medical-medication status classification |
| S-L-M Profile | Combined archetype from 126+ possible combinations, determining personalized solution path |
4. Personal Data Retention
We retain your personal data for as long as your account is active or as needed for the purposes of processing.
4.1 Retention Periods
| Data Category | Retention while account active | Post-deletion retention |
|---|---|---|
| Account & profile data | Until account deletion | Primary systems: 30 days; Backup systems: 90 days |
| Health & tracking logs | Until account deletion | Primary systems: 30 days; Backup systems: 90 days |
| Sensitive health data | Until deletion or consent withdrawal | Primary systems: 30 days; Backup systems: 90 days |
| Havi AI conversations | Until deletion | Immediate deletion from our servers; AI provider logs: up to 30 days |
| Food photos (meal logging) | Until account deletion | Primary systems: 30 days |
| Challenge verification photos | Until account deletion | Primary systems: 30 days; Backup systems: 90 days |
| Analytics data | N/A | Anonymized and retained indefinitely |
| Consent records | Duration of account + 5 years | Retained for legal compliance |
| Social login data | Until disconnection | 30 days after account deletion |
4.2 Statutory Retention (Korea)
Under Korean law, certain data may be retained longer:
| Data Type | Retention Period | Legal Basis |
|---|---|---|
| Contract/Transaction Records | 5 years | E-Commerce Act |
| Payment Records | 5 years | E-Commerce Act |
| Consumer Complaints | 3 years | E-Commerce Act |
| Login/Access Records | 3 months | Network Act |
4.3 Data Destruction
At any time, you can delete your account and all associated personal data by sending a request to privacy@aiconnects.me. We will address your deletion request within one month. It may take up to 90 days for full erasure from backup systems. When data is deleted:
- Primary systems: Data is removed within 30 days
- Backup systems: Data is removed within 90 days
- Anonymized data: May be retained indefinitely for research and service improvement
5. Your Data Protection Rights
5.1 Universal Rights
All users have the right to:
| Right | Description |
|---|---|
| Access | Request a copy of your personal data |
| Correction | Request correction of inaccurate data |
| Deletion | Request deletion of your data |
| Portability | Receive your data in a portable format |
| Withdrawal | Withdraw consent at any time |
| Restriction | Demand restriction of processing |
| Objection | Object to processing based on legitimate interest |
5.2 Exercising Your Rights
By Email:
Send requests to privacy@aiconnects.me. Include your account email and specific request. We will respond within 10 business days (Korea) or 30 days (other regions). We may extend this period by up to an additional two months where necessary, taking into account the complexity and number of requests.
5.3 Identity Verification
To protect your privacy, we may verify your identity before processing requests. This may include confirming your account email or requesting additional identification for sensitive requests. We will not discriminate against you for exercising your rights under the law.
6. Sharing of Your Personal Data
We may disclose the information we process about you, including your personal data, as follows:
6.1 Service Providers
| Recipient | Role | Purpose | Data shared |
|---|---|---|---|
| Amazon Web Services (USA) | Data Processor | Cloud infrastructure and data storage | All data (encrypted at rest and in transit) |
| Anthropic (USA) | Data Processor | Primary Havi AI coach engine and AI-powered features | See Section 2.2 (Categories A–D) |
| OpenAI (USA) | Data Processor | Supplementary AI coaching and NLP | See Section 2.2 (Categories A–D) |
| Google (USA) | Data Processor | AI features for specific analytical functions | See Section 2.2 (Categories A–D) for applicable features |
| Payment processors (e.g., Stripe, Apple IAP, Google Play Billing) | Data Processor / Controller | Subscription and payment processing | Payment details (not health data) |
| Email delivery providers | Data Processor | Transactional and marketing emails | Email address, name |
| Analytics providers | Data Processor | Service improvement | Anonymized usage data only |
6.2 What We Never Do
- Sell your personal data to advertisers or data brokers
- Share health data for advertising purposes
- Provide data to insurance companies or employers
- Use health data for credit or lending decisions
- Access your social media contacts, posts, or activity beyond authentication
- Post to your social media accounts without explicit permission
- Use data from Apple HealthKit or Google Health Connect for advertising, marketing, or sale to third parties
6.3 Community and Social Features
If you use social features, certain information may be visible to other users:
If your account is public (default): Your display name, avatar, achievement badges, leaderboard rankings, challenge participation, streaks, XP, and step count may be visible to other users and may appear in leaderboards.
If your account is private: No other user can view your activity.
You may change your privacy settings and/or opt out of appearing on leaderboards at any time by contacting privacy@aiconnects.me.
Your account may be shared with others via a link which includes your handle (e.g., aihavit.com/user/@my_handle). If your account is public, people using the link can view your username, avatar, handle, and activity indicators. If private, only your username, avatar, and handle are visible.
6.4 Other Disclosures
We may also disclose your personal data:
- To businesses that are legally part of the same group of companies ("Affiliates"), who act as our data processors and are bound by contractual safeguards.
- In the event of a merger, acquisition, divestiture, sale, or dissolution.
- In response to legal requests (search warrants, court orders, subpoenas) or to prevent harm, detect fraud, or protect our rights.
7. Sensitive Health Data (Special Category Data)
7.1 What is Sensitive Data?
Under various privacy laws, certain health-related information is classified as "sensitive" or "special category" data. HAVIT collects the following sensitive data categories:
| Category | Specific data | Purpose |
|---|---|---|
| Health conditions | Metabolic, cardiovascular, hormonal, musculoskeletal conditions | Personalized safety guidance, contraindication alerts |
| Medications | GLP-1 agonist usage, medication duration, side effects | M-Type classification (M0/M1/M2), medication-aware calorie targets and recommendation adjustments |
| Medical history | Allergies, eating disorder history | Safety screening, appropriate content filtering |
| Ethnic origin | Ethnic background | Body composition model calibration (ethnicity significantly affects body composition norms and risk thresholds per published research) |
7.2 Explicit Consent Requirement
IMPORTANT: We collect sensitive health data ONLY after obtaining your explicit, informed consent.
How we obtain consent:
Your consent is obtained through a dedicated consent screen during onboarding that:
- Is separate from the general Terms of Service acceptance
- Clearly lists the specific sensitive data categories being collected
- Explains the purpose for each data category
- Requires affirmative action (tapping "Agree & Continue")
- Cannot be bypassed — consent is required to access personalized features
Consent records:
We maintain records of your consent including date/time, version of consent form, method (in-app button tap), IP address, and device information.
7.3 AI Data Sharing Consent
IMPORTANT: In addition to sensitive health data consent, we obtain separate explicit consent for sharing your personal data with third-party AI service providers (Section 2). This consent:
- Is presented as a dedicated in-app consent screen
- Clearly identifies which data categories (A–D) are shared
- Names the specific AI providers (Anthropic, OpenAI, Google)
- Explains the purpose and how your data is protected
- Requires affirmative action (tapping "Agree & Continue")
7.4 Your Control Over Sensitive Data
You can:
- Withdraw health data consent at any time by contacting us at privacy@aiconnects.me
- Withdraw AI data sharing consent at any time by contacting us at privacy@aiconnects.me
- Request deletion of all sensitive data
- Export your sensitive data in a portable format
Important: Withdrawing consent will affect your ability to use personalized features including AI body composition estimates, personalized calorie/nutrition/hydration targets, M-Type (medication-aware) recommendations, S-L-M based coaching, and Havi AI coach conversations.
8. Connected Health Apps
8.1 Apple HealthKit and Google Health Connect
Provided you give express permission on your device, we may read and/or write data from/to Apple HealthKit and Google Health Connect (the "Health Apps"). The specific data includes: steps, active energy, sleep analysis, and workouts.
Data from Health Apps is:
- NEVER used for advertising or marketing
- NEVER sold to third parties or data brokers
- NEVER shared for advertising purposes
- NEVER used for credit-worthiness, lending, or insurance decisions
- Only used to enhance your HAVIT wellness experience (step tracking, exercise syncing, sleep data)
You can withdraw our access to read/write data at any time directly in the Health Apps settings.
Before deciding to share your data with Health Apps, we encourage you to review their privacy policies:
- Apple HealthKit: http://www.apple.com/ios/health/
- Google Health Connect: https://health.google/health-connect-android/
9. Security Measures
9.1 Technical Measures
| Measure | Description |
|---|---|
| Encryption in transit | TLS 1.3 for all data in transit |
| Encryption at rest | AES-256 for all data at rest |
| Access control | Role-based access, multi-factor authentication for staff |
| Monitoring | 24/7 security monitoring, intrusion detection |
| Auditing | Regular security audits and penetration testing |
| Incident response | Documented incident response procedures |
| AI API security | All AI provider communications encrypted via TLS 1.3; API keys secured in environment variables; no sensitive data logged in plain text |
9.2 Your Responsibilities
You can help protect your data by:
- Using a strong, unique password (or secure social login)
- Enabling device-level security (PIN, biometrics)
- Not sharing your account credentials
- Logging out on shared devices
- Keeping your app updated
- Maintaining security of your social login accounts
9.3 Breach Notification
In the event of a data breach affecting your personal information, we will: notify affected users promptly, report to relevant authorities as required by law, and take immediate steps to mitigate harm.
10. Children's Privacy
Our Services are not intended for or directed at users under 18 years of age. We do not knowingly collect or solicit information from anyone under 18.
If you are under 18, do not use our Services or provide any information to us. If you are a parent or guardian and believe we have collected information from your child under 18, please contact us at privacy@aiconnects.me. If we learn that we have collected personal information from a user under 18, we will delete the account and associated data promptly.
11. Cross-Border Data Transfers
11.1 Where Data is Processed
Your data may be processed in:
- Republic of Korea (primary data center)
- United States (AI service providers: Anthropic, OpenAI, Google; cloud infrastructure: AWS)
- Other locations as necessary for service delivery
11.2 Transfer Safeguards
We implement appropriate safeguards including:
- Standard Contractual Clauses (SCCs) approved by the European Commission (Decision 2021/914) for EEA transfers
- UK International Data Transfer Addendum where applicable for UK transfers
- Data Processing Agreements (DPAs) with all processors
- Encryption in transit and at rest
- Access controls limiting who can access your data
12. Cookies, SDKs, and Other Tracking Technologies
12.1 What We Use
| Technology | Purpose | Your control |
|---|---|---|
| Essential cookies | App functionality | Cannot be disabled |
| Analytics SDKs | Service improvement (anonymized data only) | Can opt-out via device settings (see Section 12.2) |
| Session storage | Temporary data | Cleared on logout |
We use third-party analytics tools to measure traffic and usage trends. Such analytics tools collect information via SDKs incorporated into the App, including features you visit, actions you take, and subscription information. We never use health data for advertising purposes.
12.2 Interest-Based Advertising
We may partner with ad networks for non-health, non-sensitive advertising. You can opt out via:
- iOS: Settings > Privacy > Tracking
- Android: Settings > Privacy > Ads
- DAA WebChoices: www.aboutads.info
- NAI Consumer Opt-out: http://optout.networkadvertising.org/
12.3 Google Analytics
We use Google Analytics. To opt out, visit http://tools.google.com/dlpage/gaoptout.
13. Your Choices About Communications
Technical notices and updates: We send these as necessary for contract performance (subscription updates, security alerts, policy changes).
Marketing and promotional emails: If required by law, we ask for your consent first. To stop receiving marketing emails, follow the "Unsubscribe" link in any marketing email.
Push notifications: To stop push notifications, go to your device Settings > Notifications > HAVIT and toggle off.
We never share your personal data with third parties for their own direct marketing purposes without your consent.
14. Medical Disclaimer
14.1 Not Medical Advice
Information provided through HAVIT, including AI body composition estimates, personalized recommendations, and Havi coach responses, is for general wellness purposes only and does not constitute medical advice.
14.2 Consult Healthcare Professionals
Always consult qualified healthcare professionals for medical diagnoses, treatment decisions, medication adjustments, and any health concerns.
14.3 Emergency Situations
If you experience a medical emergency, contact emergency services immediately. Do not rely on HAVIT for emergency medical guidance.
15. Contact Us
15.1 Privacy Questions
Email: privacy@aiconnects.me
Address: B-426, Daesung D-Polis, 606, Seobusaet-gil, Geumcheon-gu, Seoul, 08504, Republic of Korea
15.2 Data Protection Officer
Name: Wonho Lim (임원호)
Email: privacy@aiconnects.me
15.3 Response Time
- Korea: 10 business days
- EU/EEA: 1 month (extendable to 3 months for complex requests)
- Other regions: 30 days
16. Regional Supplements
16.1 European Union / European Economic Area (GDPR)
Legal basis for processing:
| Processing activity | Legal basis |
|---|---|
| Account creation | Contract performance |
| Service personalization | Legitimate interest |
| Health data processing | Explicit consent (Article 9(2)(a)) |
| AI data sharing | Explicit consent |
| Marketing communications | Consent |
| Analytics | Legitimate interest |
| Legal compliance | Legal obligation |
Your additional rights:
- Right to lodge a complaint with a supervisory authority
- Right to object to processing based on legitimate interest
- Right to restrict processing
- Right not to be subject to automated decision-making with legal effects
Note on automated processing: HAVIT does not make automated decisions that produce legal or similarly significant effects on you. AI-generated body composition estimates, personalized recommendations, and coaching messages are provided as wellness guidance only and do not constitute medical, legal, or financial decisions.
Supervisory authority: You may contact your local data protection authority.
16.2 United States (CCPA/CPRA — California Residents)
Categories of personal information collected:
- Identifiers (name, email, device IDs)
- Health information (with explicit consent)
- Commercial information (purchases)
- Internet activity (app usage)
- Inferences (profiles, recommendations)
Your rights: Right to know, right to delete, right to correct, right to opt-out of sale/sharing (we do not sell your data), right to non-discrimination, right to limit use of sensitive personal information.
We do NOT: Sell personal information, use personal information for cross-context behavioral advertising, or process sensitive personal information for purposes beyond those disclosed.
16.3 US State Privacy Supplement (Non-California)
Residents of Connecticut, Colorado, and Virginia have rights similar to California residents as described in Section 16.2. Please contact privacy@aiconnects.me to exercise these rights.
16.4 Republic of Korea (PIPA)
정보주체의 권리 (Rights of Data Subjects):
- 개인정보 열람 요구권
- 개인정보 정정·삭제 요구권
- 개인정보 처리정지 요구권
- 개인정보 이동권
민감정보 처리 (Sensitive Information Processing):
개인정보보호법 제23조에 따라, 당사는 귀하의 건강정보(민감정보)를 수집하기 전에 별도의 동의를 받습니다.
수집하는 민감정보 항목:
- 건강 상태 (대사질환, 심혈관질환, 호르몬질환, 근골격계질환)
- 복용 약물 (GLP-1 계열 약물 포함)
- 의료 이력 (알레르기, 섭식장애 이력)
- 인종 정보 (체성분 모델 보정 목적)
수집 및 이용 목적:
- AI 기반 체성분 예측
- 개인화된 칼로리, 단백질, 수분 섭취 처방
- S-L-M 프로파일 기반 맞춤형 웰니스 코칭
- 약물 사용자 특화 안전 가이드 제공 (M-Type)
보유 및 이용 기간:
- 회원 탈퇴 또는 동의 철회 시까지
- 탈퇴/철회 후 주 시스템 30일, 백업 시스템 90일 이내 파기
개인정보 보호책임자 (Data Protection Officer):
성명: 임원호
직위: 개인정보 보호책임자
연락처: privacy@aiconnects.me
개인정보 처리의 위탁 (Processing Delegation):
| 수탁업체 | 위탁업무 | 연락처 |
|---|---|---|
| Amazon Web Services | 클라우드 인프라 및 데이터 저장 | aws.amazon.com |
| Anthropic | AI 기반 개인화 코칭 메시지 생성 및 영양 분석 (주 엔진) | anthropic.com |
| OpenAI | AI 기반 코칭 메시지 생성 및 자연어 처리 (보조 엔진) | openai.com |
| AI 기반 분석 기능 처리 | google.com |
권익침해 구제방법:
- 개인정보분쟁조정위원회: (국번없이) 1833-6972
- 개인정보침해신고센터: (국번없이) 118
- 대검찰청 사이버수사과: (국번없이) 1301
- 경찰청 사이버수사국: (국번없이) 182
16.5 Japan (APPI)
Under the Act on the Protection of Personal Information, health-related data and ethnic origin are classified as "Special Care-Required Personal Information" (要配慮個人情報). We obtain your explicit consent before collecting such information.
16.6 Canada (PIPEDA)
Health information is considered sensitive under PIPEDA and requires express consent. We obtain your explicit consent through a dedicated consent mechanism before collecting health-related data.
17. Changes to This Policy
17.1 Notification of Changes
We may update this Privacy Policy from time to time. For material changes, we will:
- Notify you via in-app notification
- Send an email to your registered address
- Post a notice on our website
- Provide at least 30 days' notice before changes take effect
17.2 Changes Requiring Re-Consent
If we make material changes to how we collect or process sensitive health data, or how we share data with AI service providers, we will request your consent again through a dedicated consent screen and will not process your data under new terms until you provide new consent.
17.3 Version History
| Version | Date | Key changes |
|---|---|---|
| 1.0 | 2025.12.01 | Initial release |
| 1.1 | 2026.02.01 | Social login data, gamification features |
| 2.0 | 2026.02.18 | Comprehensive AI data sharing disclosure (Section 2); explicit AI consent mechanism; detailed data collection tables; connected health apps section; enhanced regional supplements |
| 2.1 | 2026.02.18 | AI-estimated body composition metrics and health scores added to Category A disclosure; Section 3 clarification on AI data sharing; tracking log details enhanced (Category B); email contacts unified; analytics opt-out and regional supplements corrected |
Previous versions of this Privacy Policy are available upon request at privacy@aiconnects.me.
18. Third-Party Links and SDKs
The Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. When you use social login (Apple, Kakao, LINE, Facebook), you are also subject to those providers' privacy policies. Our app may include third-party SDKs for analytics and crash reporting, which have their own data practices.
Document Information
| Item | Details |
|---|---|
| Document Title | HAVIT Privacy Policy |
| Version | 2.1 |
| Effective Date | 2026.03.01 |
| Last Updated | 2026.02.18 |
| Approved By | AI CONNECT Inc. |
| Language | English |
Thank you for trusting HAVIT with your wellness journey. Your privacy matters to us.