Privacy Policy

Datable, Inc. ("Datable," "we," "us," or "our") operates the Datable mobile application, the website at datable.me, and related services (collectively, the "Service"). We are a relationship health and longevity platform that combines biometric data with relationship intelligence to help users understand how their relationships affect their biological health.

This Privacy Policy describes how we collect, use, store, share, and protect your personal information when you use our Service. By using Datable, you agree to the practices described in this policy. If you do not agree, please do not use our Service.

This policy specifically addresses:

• Personal and health data collected through the Datable app
• Biometric and wearable data from connected devices including Oura Ring and Apple Health
• How data is used to generate your Bio-Social Health Score™
• Your rights under HIPAA, GDPR, CCPA/CPRA, and other applicable laws
• Our obligations as a third-party developer using the Oura API

2.1 Account Information

When you create a Datable account, we collect:

• Name, email address, and password
• Date of birth and general location (city/state)
• Profile information you choose to provide
• Subscription and payment information (processed by our payment provider; we do not store full card numbers)

2.2 Relationship and Behavioral Data

The core of Datable's service involves data you actively provide about your relationships:

• Relationship check-in responses and mood logs
• Conflict event logs and resolution notes
• Relationship quality assessments and self-reported scores
• Conversations with Jules AI (our AI relationship coach)
• Relationship archetypes and Loveprint™ profile data
• PACT framework and attachment style assessments

This data is highly sensitive. We treat all relationship data as confidential and do not share it with third parties for advertising, marketing, or commercial purposes.

2.3 Usage and Technical Data

• Device type, operating system, and app version
• IP address and general geographic region
• App usage patterns, feature interactions, and session duration
• Crash reports and error logs
• Cookies and similar tracking technologies on our website

Datable integrates with wearable health platforms to correlate biometric signals with relationship health patterns. This integration is central to our Bio-Social Health Score™. We currently support or are developing integrations with:

3.1 Oura Ring (via Oura API)

When you connect your Oura Ring account to Datable, you expressly authorize Datable to access your Oura data through the Oura API. The data we access may include:

• Sleep data (duration, stages, efficiency, readiness score)
• Heart rate variability (HRV)
• Resting heart rate
• Body temperature
• Activity and movement data
• Readiness and resilience scores

Oura data usage: We use Oura data solely to provide you with personalized insights within Datable — specifically to calculate your Bio-Social Health Score™ and to identify correlations between your biometric readings and your relationship health patterns. We do not sell, license, or transfer Oura data to any third party, including advertisers or data brokers.

Data retention: Oura data is cached for a maximum of 60 days in accordance with the Oura API Agreement. If you revoke Datable's access to your Oura account, we will delete all Oura data associated with your account from our systems within 30 days.

Oura usage disclosure: Oura may collect certain usage data related to your use of the Oura API through Datable. This usage data is governed by Oura's Privacy Policy, available at ouraring.com/privacy-policy.

Revoking Oura access: You can disconnect your Oura account from Datable at any time through the Datable app settings or through your Oura account settings at cloud.ouraring.com.

3.2 Apple Health

When you grant Datable access to Apple Health (HealthKit), we may access the following data types with your explicit permission:

• Heart rate and heart rate variability (HRV)
• Sleep analysis and sleep stages
• Mindfulness and meditation minutes
• Respiratory rate
• Active energy and step count

Apple Health data is used exclusively to provide features within the Datable app. We do not share Apple Health data with third parties, use it for advertising, or disclose it in a manner inconsistent with Apple's HealthKit guidelines. You can revoke Apple Health access at any time through your iPhone Settings → Privacy & Security → Health → Datable.

3.3 Biometric Data Protections

All biometric and health data is classified as sensitive personal information under applicable law. We apply the following protections:

• All data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
• Biometric data is never used for advertising targeting
• Biometric data is never sold to data brokers or third parties
• Access to biometric data within Datable is role-restricted and logged
• You can request deletion of all biometric data at any time

We use the data we collect for the following purposes:

4.1 Providing the Service

• Generating your Bio-Social Health Score™ by correlating biometric data with relationship patterns
• Powering Jules AI personalized coaching and check-in responses
• Creating and maintaining your Loveprint™ relationship profile
• Delivering insights, trends, and longitudinal health reports
• Processing your subscription and managing your account

4.2 Improving the Service

• Analyzing aggregated, de-identified usage patterns to improve features
• Training and improving Jules AI models (using de-identified data only)
• Conducting internal research on the relationship between social health and biometric outcomes
• Debugging, testing, and quality assurance

4.3 Communications

• Sending transactional emails (account confirmation, password reset, billing)
• Sending product updates and feature announcements (with opt-out available)
• Responding to support requests

4.4 Legal and Safety

• Complying with applicable laws and regulations
• Enforcing our Terms of Service
• Protecting the rights, property, or safety of Datable, our users, or others

We do not use your personal data for targeted advertising. We do not sell your data. We do not share your relationship data, biometric data, or health information with advertisers, data brokers, or marketing platforms.

We do not sell your personal data. We share data only in the following limited circumstances:

5.1 Service Providers

We work with trusted third-party vendors who process data on our behalf under strict data processing agreements. These include cloud hosting providers, payment processors, analytics services, and customer support tools. These vendors are prohibited from using your data for any purpose other than providing services to Datable.

5.2 Therapist / Provider Dashboard (with your consent)

If you are connected to a licensed therapist or healthcare provider through Datable's Provider Dashboard, you may choose to share specific data with your provider. This sharing is always opt-in and requires your explicit consent. You can revoke provider access at any time.

5.3 Legal Requirements

We may disclose your data if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect the rights, property, or safety of Datable, our users, or the public.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. We will notify you via email and/or prominent notice on our website before your data is transferred and becomes subject to a different privacy policy. If we are acquired by or merge with a third party, we will notify Oura as required by the Oura API Agreement.

5.5 Aggregated Research Data

We may share aggregated, de-identified data with academic researchers, public health organizations, or in published research. This data cannot be used to identify any individual user.

We never share Oura data, Apple Health data, or any biometric data with advertisers, data brokers, or any third party for commercial purposes.

We retain your data for as long as your account is active or as needed to provide the Service. Specific retention periods:

• Account data: Retained until you delete your account, then deleted within 30 days
• Oura Ring data: Cached for a maximum of 60 days per Oura API requirements; deleted within 30 days of account deletion or Oura access revocation
• Apple Health data: Retained while your account is active; deleted upon account deletion
• Relationship and behavioral data: Retained while your account is active; deleted within 30 days of account deletion
• Jules AI conversation data: Retained for up to 12 months to provide continuity; you may request earlier deletion
• Aggregated, de-identified data: May be retained indefinitely for research and product improvement purposes
• Financial records: Retained for 7 years as required by law

You may request deletion of your data at any time by contacting us at [email protected] or through the account deletion feature in the app.

You have the following rights with respect to your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data ("right to be forgotten")
• Portability: Request your data in a structured, machine-readable format
• Restriction: Request that we restrict processing of your data in certain circumstances
• Objection: Object to processing of your data for certain purposes
• Withdraw consent: Withdraw consent at any time where processing is based on consent
• Disconnect integrations: Revoke access to Oura, Apple Health, or any connected service at any time

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing your request.

Marketing opt-out: You can opt out of marketing communications at any time by clicking "unsubscribe" in any email or by contacting us directly. Transactional emails (billing, account security) cannot be opted out of while your account is active.

Datable is designed with HIPAA compliance as a foundational principle. To the extent that Datable qualifies as a Business Associate or Covered Entity under the Health Insurance Portability and Accountability Act (HIPAA), we comply with all applicable HIPAA Privacy Rule and Security Rule requirements.

• We implement administrative, physical, and technical safeguards to protect Protected Health Information (PHI)
• We enter into Business Associate Agreements (BAAs) with healthcare providers and covered entities as required
• We limit use and disclosure of PHI to the minimum necessary to accomplish the intended purpose
• We maintain audit logs of access to PHI
• We notify affected individuals and the Department of Health and Human Services (HHS) in the event of a breach of unsecured PHI, as required by the HIPAA Breach Notification Rule

Note: The HIPAA Privacy Rule applies to covered entities and their business associates. Consumer-facing wellness apps that are not contracted with covered entities may not be subject to HIPAA. However, Datable voluntarily applies HIPAA-equivalent protections to all user health data as a matter of policy.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and applicable national data protection laws apply to your data. Datable complies with GDPR requirements including those referenced in the Oura API Agreement (GDPR Article 32(1) security measures).

Legal Basis for Processing

We process your personal data under the following legal bases:

• Contractual necessity: Processing required to provide the Service you signed up for
• Explicit consent: For processing special category data including health and biometric data (Article 9 GDPR)
• Legitimate interests: For product improvement, security, and fraud prevention
• Legal obligation: Where required by applicable law

Special Category Data

Health data, biometric data, and data concerning a person's physical or mental health are classified as "special category data" under GDPR Article 9. We process this data only with your explicit consent, which you can withdraw at any time.

International Data Transfers

Datable is based in the United States. If you are located in the EEA, your data will be transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission for such transfers.

Data Protection Officer

For GDPR-related inquiries, contact us at [email protected]. You also have the right to lodge a complaint with your local data protection authority.

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you the following rights:

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you
• Right to Delete: Request deletion of your personal information, subject to certain exceptions
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising. You do not need to opt out.
• Right to Limit Use of Sensitive Personal Information: You may limit our use of sensitive personal information (including health and biometric data) to what is necessary to provide the Service
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights

We do not sell personal information. We do not share personal information with third parties for cross-context behavioral advertising.

To exercise your California rights, contact us at [email protected] or submit a request through the Datable app. We will respond within 45 days.

Datable is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected] and we will promptly delete such information.

Users between the ages of 13 and 17 may use Datable only with verifiable parental consent.

We take the security of your data seriously and implement industry-standard measures to protect it:

• All data is encrypted in transit using TLS 1.2 or higher
• All data is encrypted at rest using AES-256
• All Oura data is transmitted and stored over secure, encrypted channels as required by the Oura API Agreement
• Access to personal data is restricted to authorized personnel on a need-to-know basis
• We maintain audit logs of access to sensitive health data
• We conduct regular security assessments and vulnerability testing
• We maintain an incident response plan for data breaches

Breach notification: In the event of a security breach involving your personal data, we will notify you and applicable regulatory authorities as required by law (including within 72 hours under GDPR and within 24 hours for Oura data breaches as required by the Oura API Agreement).

While we implement robust security measures, no system is completely secure. If you discover a security vulnerability, please report it responsibly to [email protected].

Our website (datable.me) uses cookies and similar tracking technologies to improve your experience. We use:

• Essential cookies: Required for the website to function (authentication, session management)
• Analytics cookies: To understand how visitors use our website (e.g., page views, session duration). We use privacy-respecting analytics.
• Preference cookies: To remember your settings and preferences

We do not use advertising or third-party tracking cookies. You can control cookies through your browser settings. Disabling essential cookies may affect website functionality.

Our Service may contain links to third-party websites or integrate with third-party services (including Oura, Apple Health, and others). This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you connect to Datable.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new "Last Updated" date, and by sending an email notification to your registered email address for significant changes.

Your continued use of Datable after the effective date of any changes constitutes your acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

For Oura API-related privacy inquiries, you may also contact Oura directly at [email protected].