Privacy Policy

Version 1.6 — Effective March 24, 2026

Baig Innovations, LLC ("we," "us," or "our") operates Penny, a pelvic health wellness tracking application. This Privacy Policy explains how we collect, use, disclose, and safeguard your information.

Your Privacy Matters

At Penny, we believe your health information is deeply personal and should always remain under your control.

Our Core Privacy Commitment:

• We will never sell your data. Period.
• You own your data. You can export or delete it anytime.
• You control sharing. Nothing leaves your device without your explicit action.
• We prioritize security. We voluntarily implement industry-standard security practices to protect your health information.

1. Who We Are

Penny is a general wellness tracking application operated by Baig Innovations, LLC, a Florida limited liability company.

Company Information:

• Legal Name: Baig Innovations, LLC
• Location: Orange County, Florida
• Privacy Inquiries: privacy@baig-innovations.com
• General Email: hello@baig-innovations.com
• Legal Matters: legal@baig-innovations.com
• Website: penny.baig-innovations.com

What Penny Is: Penny is a personal wellness tracking companion designed to help you document pelvic health experiences and lifestyle factors. Penny is NOT a medical device, does NOT provide medical advice, and is NOT a substitute for healthcare professional consultation.

Who This Policy Applies To: This Privacy Policy applies to all users of the Penny mobile application and website who are 18 years of age or older and located in the United States.

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

• Email address (required for account creation and communication)
• Name (optional - you may use a nickname or pseudonym)
• Password (encrypted and never visible to us)
• Authentication Methods: Email/password login, Apple Sign-In (iOS), and Google Sign-In (Android)
• Account preferences and settings

Health & Wellness Tracking Data: This is the core of Penny - everything you choose to track about your health and wellness:

• Experience descriptions, severity ratings, and timing
• Bathroom visit frequency and characteristics
• Pain levels, locations, and quality
• Medication and treatment tracking
• Diet and nutrition logs
• Sleep patterns and quality
• Energy levels and mood
• Exercise and activity
• Menstrual cycle data (completely optional)
• Notes, observations, and contextual information

Important: You decide what to track. All health data entry is voluntary and within your control.

2.2 Information Collected Automatically

Usage Information:

• App features you use and how often
• Time spent in different sections of the app
• Navigation patterns within the app
• Device type, operating system, and app version
• Crash reports and error logs (to improve app stability)

Technical Information:

• IP address (for security, fraud prevention, and geographic verification)
• Device identifiers (for account security)
• Timezone and language settings
• Network connection type

Geographic Verification: We may verify your geographic location using IP-based and device-based methods to confirm compliance with our geographic availability requirements (Penny is currently available in the United States only). Verification attempts may be logged for security and compliance purposes, including the verification method used, country code detected, and whether verification succeeded or failed.

What We DON'T Collect:

• We do NOT use advertising trackers
• The Penny app uses only privacy-preserving analytics (Plausible and Fathom) that do not collect personal data or share your health data
• We do NOT track your location unless you explicitly enable it for a specific feature
• We do NOT access your contacts, photos, or other apps without explicit permission

2.3 Information from Third Parties

We do NOT purchase or receive data about you from data brokers or third parties. If you choose to integrate Penny with other health apps or services (future features), you will provide explicit consent for each integration, and we will only access the specific data you authorize.

3. How We Use Your Information

3.1 Primary Purposes

To Provide the Penny Service:

• Store and organize your health tracking data
• Generate visualizations and insights based on patterns in YOUR data
• Create exportable reports and summaries
• Sync your data across your devices (if you enable cloud sync)
• Local Data Caching: Store your data locally on your device for offline access, with automatic synchronization when connectivity is restored
• Remember your preferences and settings

To Improve Penny:

• Identify and fix bugs and technical issues
• Understand which features are most valuable
• Develop new features based on aggregate usage patterns
• Optimize app performance and user experience

To Communicate With You:

• Send important service announcements and updates
• Respond to your support requests
• Notify you of changes to our terms or privacy policy
• Send optional educational content (only if you opt in)

To Protect Security:

• Prevent fraud and unauthorized access
• Enforce our Terms of Service
• Comply with legal obligations

3.2 What We DON'T Do With Your Data

We Will NEVER:

• Sell your personal information or health data to anyone
• Share your data with advertisers
• Use your health data to target you with ads
• Share your data with insurance companies
• Automatically send your data to healthcare providers (you control all sharing)
• Use your data to train AI models. Our AI provider (Anthropic) is contractually prohibited from using API inputs for model training. Your health data sent for AI processing is not retained or used for any purpose beyond generating your requested summary or insight. (see Section 3.3 for details)
• Share your data with employers or schools
• Make your health information public

3.3 AI-Powered Features

Penny offers optional AI-powered features to help you understand your health data. These features use Anthropic's Claude AI model and are available to premium subscribers:

• Episode AI Summaries: AI-generated plain-language summaries of your tracked episodes, helping you identify patterns and communicate with healthcare providers
• Appointment Next-Steps: AI extraction of action items from your appointment notes to help you track follow-up tasks
• Stats Narrations: AI conversion of your tracking statistics into plain-English descriptions for easier understanding

How AI Processing Works:

• Data Sent: Only health narrative text with direct identifiers removed or redacted is sent to the AI provider. Personal identifiers (email addresses, account IDs) are redacted before transmission.
• No Training: Your data is NOT used to train AI models. Anthropic's API terms prohibit using API inputs for model training.
• No Storage by Provider: AI-processed text is not retained by the AI provider after generating your response.
• Rate Limits: AI features have usage limits to ensure service quality (e.g., 30 summary generations per period with a 30-second cooldown between requests).

Important: AI-generated summaries and insights are for informational purposes only and do not constitute medical advice. Always consult a qualified healthcare provider for medical decisions.

For AI feature usage limits, content ownership, and disclaimers, see our Terms of Service (Sections 2.3–2.5 and 7.3).

4. How We Share Your Information

4.1 User-Controlled Sharing

You Choose When to Share: Penny is designed around YOUR control. Your data never leaves your device automatically. You decide if and when to share through exports, reports, or showing your phone to your healthcare provider.

4.2 Service Providers (Limited & Necessary)

We work with a small number of trusted service providers who help us operate Penny. These providers are bound by strict data protection agreements.

Current Service Providers:

• Database & Backend: Supabase - encrypted data storage and user authentication
• Payment Processing: Apple/Google - PCI-compliant subscription processing (does NOT receive health data)
• Subscription Management: RevenueCat - manages subscription status and billing (does NOT receive health data)
• Email Communications: Resend - transactional email delivery (receives only your email address)
• Anthropic (Claude AI): AI-powered features including Episode AI Summaries, Stats Narrations, and Appointment Next-Steps Extractions (receives only health narrative text with direct identifiers removed or redacted; does not receive your name, email, or account identifiers)
• Privacy-Preserving Analytics: Plausible Analytics and Fathom Analytics - privacy-preserving website and app analytics (does NOT receive health data, does NOT use cookies, does NOT collect personal information)

4.3 Legal Requirements

We may disclose your information if required by law, such as in response to a valid subpoena or court order, to protect rights and safety, or to comply with valid legal process. If legally permitted, we will notify you before disclosing your information.

4.4 Business Transfers

If Baig Innovations, LLC is acquired by or merged with another company, your information may be transferred. You will be notified via email and in-app notice, and the new owner must continue to honor this Privacy Policy or give you the option to delete your data.

5. Data Security

How We Protect Your Data:

• Encryption in Transit: All data transmitted between your device and our servers uses TLS 1.3 encryption
• Encryption at Rest: Your data is encrypted when stored on our servers
• Secure Authentication: Industry-standard authentication with optional multi-factor authentication
• Access Controls: Strict internal access controls; only authorized personnel can access systems
• Regular Security Reviews: Ongoing security assessments and updates

Important: While we implement strong security measures, no system is 100% secure. You play a role in protecting your data by using a strong password and keeping your device secure.

6. Your Rights & Choices

6.1 Right to Access

You can access all data you've entered into Penny at any time through the app. You can also request a complete copy of your data by emailing privacy@baig-innovations.com.

6.2 Right to Export

You can export your data at any time in machine-readable formats (CSV files packaged in a ZIP archive) for data portability and personal records. You can also generate PDF reports for sharing with healthcare providers. Data export requests are verified via email for your security and are limited to 2 exports per 12-month period.

6.3 Right to Delete

You can delete your account and all associated data using the "Delete My Account" feature in settings or by emailing privacy@baig-innovations.com. Your data will be permanently deleted within 45 days, with backups purged within six months.

6.4 Opt-Out Rights

You can opt out of optional communications (newsletters, tips) and optional data collection (usage analytics) through app settings or by clicking unsubscribe in any marketing email.

6.5 State-Specific Privacy Rights

California Residents (CCPA/CPRA): You have additional rights including the right to know what personal information is collected, the right to opt out of the sale of personal information (not applicable, as Penny does not sell personal information), and the right to non-discrimination for exercising privacy rights.

Sensitive Personal Information Disclosure: Under the CCPA/CPRA, health-related data qualifies as "sensitive personal information." Penny collects and processes sensitive personal information (specifically, health information you voluntarily provide) for the purpose of providing our wellness tracking services. We do not use or disclose this sensitive personal information for purposes other than providing the Service. You have the right to limit the use and disclosure of your sensitive personal information as described in this Privacy Policy.

Washington Residents (My Health My Data Act): Washington's My Health My Data Act (RCW 19.373) provides additional protections for consumer health data. As a wellness tracking application that collects health-related information, Penny is committed to compliance with this law. Washington residents have the right to know what consumer health data is collected and why; the right to withdraw consent for the collection or sharing of consumer health data; and the right to have consumer health data deleted. For full details, see our Consumer Health Data Privacy Policy at penny.baig-innovations.com/wa-health-privacy. To exercise your rights under Washington law, contact privacy@baig-innovations.com. We will respond within 45 days of receiving a verified request.

Other States: If your state has enacted comprehensive privacy legislation (Virginia, Colorado, Connecticut, Utah, or others), you may have additional rights. Contact privacy@baig-innovations.com for information specific to your state.

7. Data Retention

7.1 How Long We Keep Your Data

• Active Accounts: We retain your data as long as your account is active
• Data Access by Tier: Free accounts can access the most recent 30 days of tracked data; premium subscribers can access up to 365 days. All data is retained on our servers regardless of tier, but display access varies by subscription level.
• Deleted Accounts: Personal and health data deleted within 45 days; backups purged within six months
• Legal Records: Retained as required by law (typically 7 years for financial records)
• De-Identified Data: We may retain aggregated, anonymous usage statistics indefinitely

7.2 Inactive Accounts

If your account has been inactive for 2 consecutive years, we will send email notifications before deleting your account and data: a first notice at 60 days before deletion, a second notice at 30 days before deletion, and a final notice at 7 days before deletion. You can prevent this by logging in at least once every 2 years.

8. Children's Privacy

Penny is NOT intended for anyone under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn that we have collected information from someone under 18, we will delete that information immediately. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@baig-innovations.com.

9. International Users

Penny is Currently Available to U.S. Users Only. If you access Penny from outside the United States, your data will be transferred to and processed in the United States. We are not currently offering Penny in the European Union, UK, or other regions with specific data protection requirements.

10. Cookies & Tracking Technologies

Our website uses cookies for session management and security. We use Plausible Analytics and Fathom Analytics for website and app analytics, which are privacy-preserving and do not use cookies or collect personal data. The Penny mobile app does NOT use advertising trackers, social media tracking pixels, or cross-app tracking technologies.

11. Third-Party Links

Penny may contain links to third-party websites or resources. We are not responsible for the privacy practices of third-party sites. Before sharing personal information with any third party, please review their privacy policy.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of changes via email and in-app notification. For material changes that reduce your privacy protections, we will provide at least 30 days' notice and give you the option to delete your account before the changes take effect.

13. Contact Us

Questions or Concerns?

• Privacy Inquiries: privacy@baig-innovations.com
• General Questions: hello@baig-innovations.com
• Legal Matters: legal@baig-innovations.com

Mailing Address: Baig Innovations, LLC, Orange County, Florida

Response Time: We aim to respond to all privacy inquiries within 5 business days and resolve requests within 45 days.

14. Regulatory Compliance

14.1 Security Standards

While Baig Innovations, LLC is not a "covered entity" under HIPAA, we prioritize the security of your health information. We voluntarily implement industry-standard security measures—such as encryption in transit and at rest—designed to protect your data. However, because Penny is a general wellness application and not a medical provider, your data is not subject to the specific administrative requirements of HIPAA.

14.2 FTC Health Breach Notification Rule

Baig Innovations, LLC complies with the Federal Trade Commission's Health Breach Notification Rule (16 CFR Part 318). In the event of a breach of security involving your unsecured identifiable health information, we will:

Notify You within 60 calendar days of discovering the breach (or sooner if warranted), via email to your registered email address, or if we do not have a valid email address, by posting a conspicuous notice on our website for 90 days.

Notify the FTC via the FTC's online breach reporting form at the same time we notify affected individuals.

Notify Prominent Media Outlets in any state where more than 500 residents are affected, concurrent with individual notification.

Notice Content: Our breach notification will include a description of the types of information involved, the date or estimated date of the breach, steps you can take to protect yourself, contact information for questions, and a description of what we are doing in response.

Definition: "Breach of Security" means the unauthorized acquisition of unsecured PHR identifiable health information.

14.3 General Wellness App

Penny is a general wellness app as defined by FDA guidance. We do not diagnose, treat, cure, or prevent any disease or medical condition. We are not a medical device.

Consent & Agreement

By creating a Penny account and using our services, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree with this Privacy Policy, please do not use Penny.

Health Data Consent: By using Penny, you affirmatively consent to the collection and processing of your health-related information as described in this Privacy Policy. You understand that: (1) the information you enter into Penny constitutes health data under applicable privacy laws; (2) this health data will be used to provide you with wellness tracking services, generate insights, and create reports; (3) your health data will be stored securely and protected as described in this Privacy Policy; and (4) you may withdraw your consent at any time by deleting your account, which will result in the permanent deletion of your health data as described in Section 6.3.

AI Feature Consent: AI-powered features (described in Section 3.3) require separate, explicit consent. During onboarding, you will be presented with an AI consent screen that explains what data is processed, how it is used, and that processing occurs through a third-party AI provider (Anthropic). AI features are entirely optional — declining AI consent does not affect your access to Penny's core tracking, reporting, or data export features. If you initially consent and later change your mind, you can disable AI features at any time through your app settings, which will stop all future AI data processing. Previously generated AI content (summaries, narrations, extracted next steps) will remain accessible in your account but no new AI processing will occur.

For AI feature usage limits, content ownership, and disclaimers, see our Terms of Service.

— End of Privacy Policy v1.6 —

© 2026 Baig Innovations, LLC. All rights reserved.