Back to home

Privacy Policy

Last updated: May 2026

1. Introduction

Arlo Health (“we”, “our”, or “us”) is an AI-powered health and fitness companion. We take the privacy of your health data extremely seriously. This Privacy Policy explains what we collect, how we use it, and the control you have over your own information.

2. Information we collect

We collect only what we need to coach you well:

  • Account information: name, email, phone number, date of birth, timezone.
  • Stated profile: goals, schedule, diet, food preferences, lifestyle, sleep patterns, movement baseline.
  • Conditional sub-profiles: if you opt into skin, gut, or hair coaching, the related details you share for those goals.
  • Medical profile: allergies, conditions, medications, and supplements, used as hard constraints for any recommendation.
  • Health data from connected sources: Apple Health, Health Connect, and any device that writes to those stores — steps, heart rate, workouts, sleep stages, body measurements, glucose, and similar metrics.
  • Conversation data: messages, voice notes, and follow-up call interactions with Arlo.
  • Device information: device type, OS version, app version.

3. How we use your information

  • Building and continuously updating your personalized plan.
  • Following up via notifications, in-app messages, and voice calls when you opt in.
  • Detecting safety constraints (allergies, drug interactions, ED-sensitive language).
  • Improving Arlo's coaching quality in aggregate — never by training models on your individual conversations.
  • Complying with applicable laws and regulations.

4. Medical data is treated differently

Allergies, medical conditions, medications, and supplements are stored separately from the rest of your profile and access is more tightly controlled. They are used as hard safety constraints — Arlo will never recommend a meal containing a logged allergen, for example — and are not used for marketing, analytics, or any other purpose.

5. Data sharing

We share data only when strictly necessary:

  • Infrastructure providers: hosting, database, and email/notification delivery providers, bound by strict data processing agreements.
  • AI model providers: de-identified prompts where required to generate responses. No training on your data.
  • Legal authorities: only when required by valid legal process.

We never sell your data. We never share your medical profile with advertisers or marketers.

6. Security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Medical data is stored in a logically separated dataset with stricter access controls and full audit logging. See our Security page for more.

7. Data retention

We keep your data for as long as your account is active. If you delete your account, your personal profile and conversations are removed within 30 days, subject to legal retention requirements. Aggregated, anonymized data may be retained to improve Arlo overall.

8. Your rights

You can, at any time:

  • Access and download a copy of your data.
  • Correct any field you've told us.
  • Delete your account and the data tied to it.
  • Disconnect any health data source (Apple Health, Health Connect) — your historical data from those sources will be removed.
  • Withdraw consent for voice calls or specific notification categories.

9. Children

Arlo is not intended for users under 18. We do not knowingly collect data from minors. If you believe a minor has signed up, please contact us so we can remove the account.

10. Changes to this policy

We may update this policy over time. We'll post the revised version here and bump the “Last updated” date. Material changes will be surfaced in the app before they take effect.

11. Contact

Questions or requests about your data? Email hello@arlohealth.app or visit the Contact page.