Privacy Policy
Last updated: March 2, 2026
Our Commitment: Wake is built on the principle that your health and fitness data belongs to you. We collect only what we need to provide our service, and we never sell your personal information.
1. Information We Collect
Account Information
When you create a Wake account, we collect:
- Email address
- Name (optional)
- Profile photo (optional)
- Authentication credentials (securely hashed)
Videos & Movement Data
When you upload videos for analysis, we process:
- Video content for AI movement analysis
- Metadata (duration, resolution, upload time)
- Extracted pose estimation and body geometry data
- 3D body mesh and body composition estimates
- Performance metrics derived from analysis
Health & Wellness Data
To provide personalized wellness services, we collect:
- Nutrition data (meal photos, macronutrient tracking, dietary logs)
- Workout data (exercise type, duration, intensity, sets, reps)
- Wearable device data (heart rate, sleep, recovery, stress, steps) via Garmin and Apple Health integrations
- Meditation and mindfulness session data
- Goal-setting and progress tracking data
- AI assistant (Sammy) conversation history
Usage Data
We automatically collect:
- App usage patterns (features used, session duration)
- Device information (model, OS version)
- Crash reports and performance data
- Anonymous analytics to improve our service
2. Biometric & Body Measurement Data
Biometric Data Notice: Wake processes body geometry, 3D mesh data, and pose estimation keypoints from your uploaded videos. This data may constitute biometric identifiers under applicable state laws including the Illinois Biometric Information Privacy Act (BIPA).
Types of biometric data we collect:
- Body geometry measurements
- 3D body mesh models
- Pose estimation keypoints (joint positions)
- Body composition estimates
- Movement pattern analysis
How It Is Collected
Biometric data is extracted from videos you upload using intelligent video analysis.
Purpose
We use biometric data to provide movement analysis, body composition tracking, fitness progress monitoring, and to improve our systems (with anonymized data only).
Protection
Biometric data is encrypted at rest (AES-256) and in transit (TLS 1.3), access-controlled, and stored separately from account identifiers where feasible.
3. How We Use Your Information
We use your information to:
- Provide our service: Analyze your videos, track nutrition, generate workout insights, and deliver personalized wellness recommendations
- Improve accuracy: Train and refine our AI models (with anonymized data only). Important: Data shared through social features (Follow interface, shared goals, social fitness feeds) is never used for AI model training regardless of anonymization status
- Communicate: Send service updates, wellness tips, and support responses
- Ensure safety: Monitor for potential safety issues
- Prevent abuse: Detect and prevent fraudulent or harmful activity
- Research: Conduct anonymized health and fitness research to improve our algorithms
4. Data Storage and Security
Your data is protected by:
- Industry-standard encryption (AES-256) for data at rest
- TLS 1.3 encryption for data in transit
- Secure cloud infrastructure hosted on Google Cloud Platform
- Regular security audits and penetration testing
- Access controls limiting who can view your data
5. Data Retention Schedule
We retain your data for the following periods:
| Data Type | Retention Period |
|---|---|
| Biometric data (body geometry, 3D mesh, pose keypoints) | Maximum 3 years from last interaction or upon account deletion, whichever is sooner |
| Uploaded videos | Personal: 30 days; Coach: 1 year; Facility: per agreement |
| Nutrition and workout data | Duration of active account |
| Wearable device data | Duration of active account |
| AI assistant conversations | 1 year, then anonymized |
| Account information | 90 days after account deletion |
| Anonymized analytics | Indefinite (cannot be linked to individuals) |
You can delete your data at any time from the app or by contacting support@wakeai.app.
6. Data Sharing
We do not sell your personal information, including biometric data, to any third party. We share data only:
- With your consent: When you explicitly share content with coaches or teammates
- Service providers: Cloud hosting and analytics partners under strict data protection agreements
- Legal requirements: When required by law or to protect safety
- Business transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your data may be transferred. We will notify you via email and/or prominent notice on our website before your data is transferred and becomes subject to a different privacy policy. You will have the opportunity to opt out of such transfer.
California Shine the Light (Civil Code § 1798.83)
California residents may request information about any disclosure of personal information to third parties for their direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes. For questions, contact legal@wakeai.app.
7. Third-Party Service Providers
We use the following third-party services to operate Wake:
- Google Cloud Platform (GCP): Data processing and secure storage
- Firebase: Authentication and app analytics
- Garmin Connect API: Wearable data synchronization (when you connect your Garmin device)
- Apple HealthKit: Health data integration (when you grant HealthKit permissions)
- Google Gemini: AI-powered wellness insights and assistant capabilities
- Apple App Store: Subscription management and payment processing
All third-party providers are bound by data protection agreements.
Apple HealthKit Data
When you grant Wake access to Apple HealthKit, the following commitments apply in addition to the general privacy practices described above:
- HealthKit data (heart rate, sleep, workouts, steps, active energy) is used solely to provide personalized wellness insights within the Wake app
- We will NOT use HealthKit data for advertising or marketing purposes
- We will NOT sell HealthKit data to third parties, including data brokers
- We will NOT share HealthKit data with third parties for their marketing or advertising purposes
- We will NOT use HealthKit data to build user profiles unrelated to health and fitness
- HealthKit data is stored securely using the same encryption standards (AES-256 at rest, TLS 1.3 in transit) as all other health data
- You may disconnect Apple HealthKit at any time through your device Settings, which will stop future data collection but will not automatically delete previously synced data — to delete, contact support@wakeai.app
8. Your Rights
You have the right to:
- Access: Request a copy of your personal data
- Correct: Update or fix inaccurate information
- Delete: Request deletion of your account and data
- Export: Download your health and fitness data and analytics
- Opt-out: Disable non-essential data collection
To exercise these rights, contact us at legal@wakeai.app.
9. BIPA Disclosure — Illinois Residents
Illinois Residents: This section provides the required disclosures under the Illinois Biometric Information Privacy Act (BIPA), 740 ILCS 14/1 et seq.
- Biometric identifiers collected: Body geometry, 3D body mesh, pose estimation keypoints extracted from uploaded videos
- Purpose: To provide movement analysis, body composition estimation, and fitness tracking services
- Retention: Biometric identifiers and information are retained for a maximum of three (3) years from your last interaction with the Service, or within 30 days of account deletion request, whichever is sooner. After this period, biometric data is permanently destroyed.
- No sale or profit: Wake AI LLC does not sell, lease, trade, or otherwise profit from your biometric identifiers or biometric information
- Disclosure to third parties: Biometric data is not disclosed to third parties without your prior written consent, except as required by law or court order, or as necessary for service operation with contractual protections equivalent to this policy
- Consent: By uploading video content to Wake, you provide your informed written consent to the collection, use, and storage of your biometric identifiers and information as described in this Privacy Policy
- Revocation of consent: You may revoke your consent at any time by emailing legal@wakeai.app. Upon revocation, we will permanently destroy your biometric data within 30 days. Note that revocation may limit certain Service features that depend on biometric data processing.
- Data security: Biometric data is stored using industry-standard encryption (AES-256 at rest, TLS 1.3 in transit) with access controls and regular security audits
10. Consumer Health Data Policy — Washington Residents (MHMDA)
Washington Residents: This section constitutes our Consumer Health Data Policy as required by the Washington My Health My Data Act (MHMDA), RCW 19.373.
- Categories of consumer health data collected: Body measurements and composition data, movement and exercise data, nutrition and dietary information, sleep and recovery metrics, heart rate and physiological data (via wearables), meditation and mental wellness data
- Purposes for collection: Providing health and fitness analysis services, generating personalized wellness recommendations, improving our AI models (anonymized only), communicating service updates
- Categories of third parties with whom we share: Cloud infrastructure providers (Google Cloud Platform), authentication services (Firebase), wearable device platforms (Garmin, Apple) — only as necessary to provide the Service
- No sale of consumer health data: We do not sell or offer to sell consumer health data
- Your rights under MHMDA: Right to confirm whether we are collecting/sharing your consumer health data, right to access your consumer health data, right to delete your consumer health data, right to withdraw consent for collection
- How to exercise rights: Email legal@wakeai.app with subject line "MHMDA Request" or use the in-app data management features
- Appeals: If we deny a request, you may appeal by emailing legal@wakeai.app with subject line "MHMDA Appeal"
11. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
- Right to Know: Request disclosure of what personal information we collect, use, disclose, and sell
- Right to Delete: Request deletion of your personal information
- Right to Correct: Request correction of inaccurate personal information
- Sensitive Personal Information: We collect sensitive personal information including biometric data and health data. This data is used only to provide the Service and is not used for profiling or advertising.
- No Sale or Sharing: We do not sell or share your personal information for cross-context behavioral advertising
- Non-Discrimination: We will not discriminate against you for exercising your privacy rights
- Authorized Agents: You may designate an authorized agent to make requests on your behalf
Categories of Personal Information Collected
| CCPA Category | Examples | Sold? |
|---|---|---|
| Identifiers | Name, email, device ID | No |
| Biometric Information | Body geometry, 3D mesh, pose keypoints | No |
| Health Information | Nutrition, workouts, wearable metrics, sleep | No |
| Internet/Electronic Activity | App usage, session duration, features used | No |
| Sensory Data | Videos, images uploaded for analysis | No |
| Inferences | Body composition estimates, workout patterns | No |
To exercise your rights, contact legal@wakeai.app or use the in-app privacy controls. We will respond within 45 days.
12. State-Specific Privacy Rights Summary
- California (CCPA/CPRA): Right to know, delete, correct, opt-out of sale. Contact: legal@wakeai.app
- Illinois (BIPA): Biometric data consent, purpose limitation, 3-year retention max, no sale, right to revoke. Contact: legal@wakeai.app
- Washington (MHMDA): Consumer health data rights, access, deletion, withdraw consent. Contact: legal@wakeai.app
- Colorado (CPA): Right to access, correct, delete, data portability, opt-out of targeted advertising. Contact: legal@wakeai.app
- Connecticut (CTDPA): Right to access, correct, delete, data portability, opt-out of sale and targeted advertising. Contact: legal@wakeai.app
- Virginia (VCDPA): Right to access, correct, delete, data portability, opt-out of targeted advertising and sale. Contact: legal@wakeai.app
For all states: We respond to verified requests within the timeframes required by applicable law.
13. Consent Architecture
We obtain your consent for data collection at these points:
- Account creation: By creating an account, you consent to collection of account information and usage data as described in this policy
- First video upload: Before processing your first video, we present an in-app biometric data consent dialog explaining what data is collected and how it is used
- Wearable device connection: When you connect Garmin or Apple Health, we request specific permissions and explain what data will be synced
- AI training opt-in: Use of anonymized data for AI model improvement is disclosed during onboarding; you may opt out at any time via app settings or by contacting legal@wakeai.app
14. Health Breach Notification
In the event of a breach involving your health data or biometric information:
- We will notify affected individuals within 60 days of discovering the breach, as required by the FTC Health Breach Notification Rule (16 CFR Part 318)
- Notification will be provided via email to the address associated with your account and via in-app notification
- Where required, we will notify the Federal Trade Commission (FTC)
- Notification will include: description of the breach, types of data involved, steps we are taking, steps you can take to protect yourself, and contact information for questions
15. Cookies & Tracking Technologies
Wake uses limited tracking technologies:
- Essential cookies: Required for authentication and basic app/website functionality
- Analytics: We do not currently use analytics cookies on this website
- No advertising cookies: We do not use third-party advertising cookies or tracking pixels
Do Not Track
We honor Do Not Track (DNT) browser signals. When we detect a DNT signal, we disable non-essential analytics collection for that session. Note that essential functionality cookies are still used regardless of DNT settings.
16. Children's Privacy
Wake is designed to be used by people of all ages, including children. If a user is under 13:
- Verifiable parental consent is required per COPPA before account creation
- We collect minimal data necessary for the service
- We comply with COPPA requirements
- Parents can review, modify, or delete their child's data
For parental data requests, contact legal@wakeai.app.
17. International Data Transfers
Wake operates globally. Your data may be processed in the United States and other countries where our servers are located. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses where required.
18. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification. Continued use of Wake after changes constitutes acceptance of the updated policy. Material changes to biometric data or health data practices will be communicated with at least 30 days notice.
19. Contact Us
For privacy-related questions or concerns:
- Legal inquiries: legal@wakeai.app
- General support: support@wakeai.app
- Support page: wakeai.app/support
Questions? We're committed to transparency. If anything in this policy is unclear, please reach out and we'll explain it in plain language.