Privacy Policy

Visualize Technologies ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy.

This biometric data is used solely to generate body measurements, 3D visualizations, transformation predictions, and related fitness or wellness insights for you. Biometric data is never sold, rented, leased, or used for advertising purposes.

By using the body scanning features of the Service, you consent to the collection, processing, and storage of this biometric information for the purpose of providing the Service. Biometric data is retained only for as long as necessary to provide the Service and is deleted when you delete your account or within a reasonable retention period consistent with applicable law.

Personal Information

• Email address (when you create an account)
• Name (optional, for display purposes)
• Apple ID information (if you use Sign in with Apple)

Body and Health Data

• 3D body scans and measurements (chest, waist, hips, etc.)
• Height and weight information you provide
• Body composition estimates
• Fitness goals and preferences
• HealthKit data (only if you grant permission)

Usage Data

• Device information (model, operating system)
• App usage patterns and feature interactions
• Crash reports and performance data

• To provide and maintain our Service
• To process your 3D body scans and generate measurements
• To create body transformation predictions
• To sync your data across devices
• To improve our algorithms and Service
• To communicate with you about your account
• To provide customer support

Your data is stored securely using Amazon Web Services (AWS):

• In Transit: All data transmitted between your device and our servers uses TLS 1.3 encryption
• At Rest: Data stored on our servers is encrypted using AES-256 encryption
• Authentication: Secure token-based authentication protects your account

3D body scans and measurements are stored in encrypted cloud storage. Server processing is protected by AWS security controls including VPC isolation and access logging.

When you capture a body scan:

1. Sensor data is processed on your device
2. A 3D model is created locally
3. If signed in, scan data is securely uploaded
4. Predictions, enhancements, and body composition analysis are processed on our secure AWS servers
5. Results are encrypted and returned to your device

Access to your data is managed as follows:

• Only you can access your scans and measurements through the app
• Trainers can only see data you explicitly share via pairing
• Authorized personnel may access data stored on our servers for technical support, debugging, or to respond to your requests
• All employee access is logged and audited
• No third parties have access without your consent

We do not sell your personal information. We may share data only in these circumstances:

• With your consent: When you choose to share scans with trainers or gyms
• Service providers: AWS for hosting, Apple for authentication
• Legal requirements: When required by law or to protect our rights

The Service relies on the following third-party providers to operate. These providers may process limited data as necessary to deliver their services:

• Amazon Web Services (AWS): Cloud hosting, storage, and server-side processing of scans and data
• Apple: Sign in with Apple authentication, App Store subscription management, HealthKit integration
• Stripe (if applicable): Payment processing for web-based transactions

We do not share your personal data with analytics providers, advertising networks, or data brokers.

If you choose to connect HealthKit, we may read data such as weight, body fat percentage, and workout information. This data is used solely to enhance your experience and provide more accurate predictions.

We never share HealthKit data with third parties for advertising or marketing purposes.

If you are a resident of Washington, Nevada, or Connecticut, the following additional protections apply to your consumer health data (including body measurements, fitness data, body composition estimates, and information derived from body scans):

• We obtain your opt-in consent before collecting consumer health data
• We obtain separate consent before sharing consumer health data with any third party
• We will never sell your consumer health data
• You may withdraw consent and request deletion of consumer health data at any time
• We will respond to deletion requests within 45 days

This notice is provided in compliance with the Washington My Health My Data Act (RCW 19.373), Nevada SB 370, and the Connecticut Consumer Health Data provisions (SB 3).

For all users: Health data collected through this Service is subject to the FTC Health Breach Notification Rule. In the event of a breach of your health information, we will notify you within 60 days as required by federal law.

You have the right to:

• Access your personal data
• Export your data in a portable format (JSON, CSV, or both)
• Request correction of inaccurate data
• Request deletion of your data
• Opt out of marketing communications
• Revoke HealthKit permissions at any time

Data Export

To request a copy of your data, email vtprivacy@visualizetechnologies.com with your User ID (found in Support Info) and preferred format. Data export includes all body scans, 3D models, measurement history, and profile information.

Account Deletion

To delete your account and all associated data, email vtprivacy@visualizetechnologies.com with subject "Account Deletion Request" and include your User ID and account email. Your account will be deactivated immediately, personal data deleted within 30 days, and backup copies purged within 90 days.

We will respond to all requests within 30 days (45 days for complex requests).

The Service is intended only for users who are at least eighteen (18) years of age. By creating an account, you represent and warrant that you are at least 18 years old. We do not knowingly permit minors to create accounts or upload body images. Accounts discovered to belong to individuals under the age of 18 may be suspended or deleted.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at vtprivacy@visualizetechnologies.com.

Depending on where you reside, you may have additional privacy rights under your state's consumer privacy law:

California (CCPA / CPRA)

• Right to know what personal information is collected, used, and shared
• Right to delete personal information
• Right to correct inaccurate personal information
• Right to opt out of the sale or sharing of personal information
• Right to limit the use of sensitive personal information (including biometric data)
• Right to non-discrimination for exercising privacy rights

We do not sell or share personal information as defined under the CCPA/CPRA.

Virginia, Colorado, Connecticut, Utah, Oregon, Texas, Montana, Delaware, Iowa, New Hampshire, New Jersey, Nebraska, Tennessee, Maryland, Minnesota, Indiana, Kentucky, Rhode Island

Residents of these states may have the following rights under their respective consumer privacy laws:

• Right to access your personal data
• Right to correct inaccurate data
• Right to delete your data
• Right to data portability
• Right to opt out of targeted advertising, sale of data, or profiling
• Right to appeal a denial of your request

Biometric Data Rights (All States with Biometric Laws)

Under Illinois BIPA, Texas CUBI, Washington HB 1493, Colorado CPA, the New York SHIELD Act, and other applicable biometric privacy laws, you have the right to:

• Be informed before biometric data is collected
• Know the specific purpose and duration of biometric data storage
• Consent to or refuse collection of biometric data
• Request destruction of your biometric data

Global Privacy Control

We honor Global Privacy Control (GPC) signals. If your browser or device sends a GPC signal, we will treat it as a valid opt-out request for the sale or sharing of personal information, as required by applicable law (California, Colorado, Connecticut, Oregon, Minnesota, and others).

To exercise any of these rights, contact us at vtprivacy@visualizetechnologies.com with your User ID and specific request. We will respond within 30 days (45 days for complex requests, with notice). We will not discriminate against you for exercising your privacy rights.

In the event of a data breach that compromises your personal information, we will notify affected users as required by applicable state and federal law. All 50 states, the District of Columbia, and U.S. territories have data breach notification laws that we comply with.

• Notification will be provided within the shortest timeframe required by applicable law (as few as 30 days in Colorado and Florida)
• We will notify applicable state Attorneys General as required by each state's law
• For health data breaches, we will also notify the Federal Trade Commission (FTC) within 60 days as required by the FTC Health Breach Notification Rule
• Notification will include details of what data was affected and guidance on protective steps you should take

Our encryption of data at rest (AES-256) and in transit (TLS 1.3) qualifies for safe harbor provisions under most state breach notification laws.

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

If you have questions about this Privacy Policy, please contact us:

• Email: vtprivacy@visualizetechnologies.com
• Website: visualizetechnologies.com