Privacy Policy

This Privacy Policy explains how WhileLoop Labs collects, uses, and shares information when you use the Sidekick mobile app and related website.

1. Information we collect

Depending on how you use Sidekick, we may collect:

• Account details such as your email address, name, and authentication method.
• Content you choose to log, including food, hydration, exercise, weight, notes, goals, and profile fields such as height or date of birth.
• Time zone and related local-time context you provide or that the app sends (for example to place logs on the correct calendar day and to personalize coach tips).
• Basic technical information needed to operate the service, such as app version, device type, network connectivity signals, and server-side diagnostic logs (which may include IP addresses for security and abuse prevention).
• Data stored on your device when you use the app, such as sign-in session tokens and preferences, using your operating system’s secure storage where available.
• Feedback or support messages you send to us.

2. How we use information

We use this information to:

• Operate your account and authenticate sign-in.
• Process logs and generate daily summaries, weekly statistics, and coach tips.
• Send verification emails and respond to support or feedback requests.
• Maintain, secure, and improve the product.

3. AI processing

Sidekick uses AI to interpret natural-language entries (for example food, exercise, or hydration descriptions) and to generate structured log fields, estimates, and short coaching-style messages. To do this, relevant text and limited context (such as your stated goals, selected date, and time zone) may be sent to our AI infrastructure provider. AI-generated nutrition, exercise, hydration, and coaching outputs are estimates only and are provided for general informational purposes. They are not medical advice, diagnosis, or treatment.

Model providers process requests according to their own terms and privacy policies. We do not use your content to train our own models; whether a third-party model provider uses data for training is governed by that provider’s policies and our commercial settings with them where applicable.

4. Service providers

We use industry-standard vendors so Sidekick can function. Examples include:

• Email delivery providers for transactional messages such as verification and, where configured, routing support or feedback mail.
• Google when you choose Google sign-in, subject to Google’s terms and privacy policy.
• AI and machine-learning platforms (including any routing or API layer we use to reach model providers) for the features described in the AI processing section above.
• Cloud hosting, databases, and operational tooling for reliability and security.

Specific vendors may change as we improve the service; the categories of processing described here stay the same unless we update this policy.

5. Notifications

If you enable reminders (for example meal reminders), the app may schedule notifications on your device using your operating system’s notification APIs. You can turn these off in the app or your device settings. As of this policy, we do not operate a separate marketing push service that collects push tokens on our servers for that feature; scheduling is handled on-device where that is how the product is implemented.

6. Security

We use technical and organizational measures appropriate to the service, including encryption of data in transit (such as HTTPS), access controls on our systems, and hashed password storage for email-based accounts. No method of transmission or storage is completely secure; we work to follow reasonable industry practice.

7. International processing

We may process and store information in the United States and other countries where we or our service providers operate. Those countries may have data protection laws that differ from your own.

8. Data sharing

We do not sell your personal information. We may share data with service providers acting on our behalf, or where disclosure is required by law or necessary to protect the service, our users, or our rights.

9. Data retention

We retain account and log data for as long as needed to provide the service, comply with legal obligations, resolve disputes, and enforce agreements. If you want your account or data deleted, contact us at hey@whileloop.app.

10. Your choices

You can contact us to request access, correction, or deletion of your information. If you are in the European Economic Area, United Kingdom, or other regions with privacy laws, you may have additional rights (such as objection or portability) subject to local law; contact us and we will respond in line with applicable requirements.

11. Children’s privacy

Sidekick is not intended for children under 13, and we do not knowingly collect personal information from children under 13.

12. Changes to this policy

We may update this Privacy Policy from time to time. The current version is always the text posted on this page. For material changes, we may also provide notice in the app or by email where appropriate.