Privacy Policy

Version 1.4 — Effective January 19, 2026

Baig Innovations, LLC ("we," "us," or "our") operates Penny, a pelvic health wellness tracking application. This Privacy Policy explains how we collect, use, disclose, and safeguard your information.

Your Privacy Matters

At Penny, we believe your health information is deeply personal and should always remain under your control.

Our Core Privacy Commitment:

• We will never sell your data. Period.
• You own your data. You can export or delete it anytime.
• You control sharing. Nothing leaves your device without your explicit action.
• We prioritize security. We voluntarily implement industry-standard security practices to protect your health information.

1. Who We Are

Penny is a general wellness tracking application operated by Baig Innovations, LLC, a Florida limited liability company.

Company Information:

• Legal Name: Baig Innovations, LLC
• Location: Orange County, Florida
• Privacy Inquiries: privacy@baig-innovations.com
• General Email: hello@baig-innovations.com
• Legal Matters: legal@baig-innovations.com
• Website: penny.baig-innovations.com

What Penny Is: Penny is a personal wellness tracking companion designed to help you document pelvic health experiences and lifestyle factors. Penny is NOT a medical device, does NOT provide medical advice, and is NOT a substitute for healthcare professional consultation.

Who This Policy Applies To: This Privacy Policy applies to all users of the Penny mobile application and website who are 18 years of age or older and located in the United States.

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

• Email address (required for account creation and communication)
• Name (optional - you may use a nickname or pseudonym)
• Password (encrypted and never visible to us)
• Account preferences and settings

Health & Wellness Tracking Data: This is the core of Penny - everything you choose to track about your health and wellness:

• Experience descriptions, severity ratings, and timing
• Bathroom visit frequency and characteristics
• Pain levels, locations, and quality
• Medication and treatment tracking
• Diet and nutrition logs
• Sleep patterns and quality
• Energy levels and mood
• Exercise and activity
• Menstrual cycle data (completely optional)
• Notes, observations, and contextual information

Important: You decide what to track. All health data entry is voluntary and within your control.

2.2 Information Collected Automatically

Usage Information:

• App features you use and how often
• Time spent in different sections of the app
• Navigation patterns within the app
• Device type, operating system, and app version
• Crash reports and error logs (to improve app stability)

Technical Information:

• IP address (for security and fraud prevention)
• Device identifiers (for account security)
• Timezone and language settings
• Network connection type

What We DON'T Collect:

• We do NOT use advertising trackers
• The Penny app does NOT use third-party analytics that share your health data (our website uses Google Analytics for general traffic analysis)
• We do NOT track your location unless you explicitly enable it for a specific feature
• We do NOT access your contacts, photos, or other apps without explicit permission

2.3 Information from Third Parties

We do NOT purchase or receive data about you from data brokers or third parties. If you choose to integrate Penny with other health apps or services (future features), you will provide explicit consent for each integration, and we will only access the specific data you authorize.

3. How We Use Your Information

3.1 Primary Purposes

To Provide the Penny Service:

• Store and organize your health tracking data
• Generate visualizations and insights based on patterns in YOUR data
• Create exportable reports and summaries
• Sync your data across your devices (if you enable cloud sync)
• Remember your preferences and settings

To Improve Penny:

• Identify and fix bugs and technical issues
• Understand which features are most valuable
• Develop new features based on aggregate usage patterns
• Optimize app performance and user experience

To Communicate With You:

• Send important service announcements and updates
• Respond to your support requests
• Notify you of changes to our terms or privacy policy
• Send optional educational content (only if you opt in)

To Protect Security:

• Prevent fraud and unauthorized access
• Enforce our Terms of Service
• Comply with legal obligations

3.2 What We DON'T Do With Your Data

We Will NEVER:

• Sell your personal information or health data to anyone
• Share your data with advertisers
• Use your health data to target you with ads
• Share your data with insurance companies
• Automatically send your data to healthcare providers (you control all sharing)
• Use your data to train AI models without your explicit, separate consent
• Share your data with employers or schools
• Make your health information public

4. How We Share Your Information

4.1 User-Controlled Sharing

You Choose When to Share: Penny is designed around YOUR control. Your data never leaves your device automatically. You decide if and when to share through exports, reports, or showing your phone to your healthcare provider.

4.2 Service Providers (Limited & Necessary)

We work with a small number of trusted service providers who help us operate Penny. These providers are bound by strict data protection agreements.

Current Service Providers:

• Database & Backend: Supabase - encrypted data storage and user authentication
• Payment Processing: Apple/Google - PCI-compliant subscription processing (does NOT receive health data)
• Subscription Management: RevenueCat - manages subscription status and billing (does NOT receive health data)
• Email Communications: Resend - transactional email delivery (receives only your email address)
• Privacy-Preserving Analytics: Google Analytics - website analytics only (does NOT receive health data); we may add privacy-preserving, anonymous analytics to the app in the future

4.3 Legal Requirements

We may disclose your information if required by law, such as in response to a valid subpoena or court order, to protect rights and safety, or to comply with valid legal process. If legally permitted, we will notify you before disclosing your information.

4.4 Business Transfers

If Baig Innovations, LLC is acquired by or merged with another company, your information may be transferred. You will be notified via email and in-app notice, and the new owner must continue to honor this Privacy Policy or give you the option to delete your data.

5. Data Security

How We Protect Your Data:

• Encryption in Transit: All data transmitted between your device and our servers uses TLS 1.3 encryption
• Encryption at Rest: Your data is encrypted when stored on our servers
• Secure Authentication: Industry-standard authentication with optional multi-factor authentication
• Access Controls: Strict internal access controls; only authorized personnel can access systems
• Regular Security Reviews: Ongoing security assessments and updates

Important: While we implement strong security measures, no system is 100% secure. You play a role in protecting your data by using a strong password and keeping your device secure.

6. Your Rights & Choices

6.1 Right to Access

You can access all data you've entered into Penny at any time through the app. You can also request a complete copy of your data by emailing privacy@baig-innovations.com.

6.2 Right to Export

You can export your data at any time in PDF format for sharing with healthcare providers or for your own records.

6.3 Right to Delete

You can delete your account and all associated data using the "Delete My Account" feature in settings or by emailing privacy@baig-innovations.com. Your data will be permanently deleted within 30 days, with backups purged within 90 days.

6.4 Opt-Out Rights

You can opt out of optional communications (newsletters, tips) and optional data collection (usage analytics) through app settings or by clicking unsubscribe in any marketing email.

6.5 State-Specific Privacy Rights

California Residents (CCPA/CPRA): You have additional rights including the right to know what personal information is collected, the right to opt out of sales (not applicable - we don't sell data), and the right to non-discrimination for exercising privacy rights.

Sensitive Personal Information Disclosure: Under the CCPA/CPRA, health-related data qualifies as "sensitive personal information." Penny collects and processes sensitive personal information (specifically, health information you voluntarily provide) for the purpose of providing our wellness tracking services. We do not use or disclose this sensitive personal information for purposes other than providing the Service. You have the right to limit the use and disclosure of your sensitive personal information as described in this Privacy Policy.

Other States: If your state has enacted comprehensive privacy legislation (Virginia, Colorado, Connecticut, Utah), you may have additional rights. Contact privacy@baig-innovations.com for information specific to your state.

7. Data Retention

7.1 How Long We Keep Your Data

• Active Accounts: We retain your data as long as your account is active
• Deleted Accounts: Personal and health data deleted within 30 days; backups purged within 90 days
• Legal Records: Retained as required by law (typically 7 years for financial records)
• De-Identified Data: We may retain aggregated, anonymous usage statistics indefinitely

7.2 Inactive Accounts

If your account has been inactive for 2 consecutive years, we will send email notifications before deleting your account and data: a first notice at 60 days before deletion, a second notice at 30 days before deletion, and a final notice at 7 days before deletion. You can prevent this by logging in at least once every 2 years.

8. Children's Privacy

Penny is NOT intended for anyone under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn that we have collected information from someone under 18, we will delete that information immediately. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@baig-innovations.com.

9. International Users

Penny is Currently Available to U.S. Users Only. If you access Penny from outside the United States, your data will be transferred to and processed in the United States. We are not currently offering Penny in the European Union, UK, or other regions with specific data protection requirements.

10. Cookies & Tracking Technologies

Our website uses cookies for session management, security, and Google Analytics (for general traffic analysis). The Penny mobile app does NOT use advertising trackers, third-party analytics that share health data, social media tracking pixels, or cross-app tracking technologies.

11. Third-Party Links

Penny may contain links to third-party websites or resources. We are not responsible for the privacy practices of third-party sites. Before sharing personal information with any third party, please review their privacy policy.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of changes via email and in-app notification. For material changes that reduce your privacy protections, we will provide at least 30 days' notice and give you the option to delete your account before the changes take effect.

13. Contact Us

Questions or Concerns?

• Privacy Inquiries: privacy@baig-innovations.com
• General Questions: hello@baig-innovations.com
• Legal Matters: legal@baig-innovations.com

Mailing Address: Baig Innovations, LLC, Orange County, Florida

Response Time: We aim to respond to all privacy inquiries within 5 business days and resolve requests within 30 days.

14. Regulatory Compliance

14.1 Security Standards

While Baig Innovations, LLC is not a "covered entity" under HIPAA, we prioritize the security of your health information. We voluntarily implement industry-standard security measures—such as encryption in transit and at rest—designed to protect your data. However, because Penny is a general wellness application and not a medical provider, your data is not subject to the specific administrative requirements of HIPAA.

14.2 FTC Health Breach Notification Rule

Baig Innovations, LLC complies with the Federal Trade Commission's Health Breach Notification Rule (16 CFR Part 318). In the event of a breach of security involving your unsecured identifiable health information, we will:

Notify You within 60 calendar days of discovering the breach (or sooner if warranted), via email to your registered email address, or if we do not have a valid email address, by posting a conspicuous notice on our website for 90 days.

Notify the FTC via the FTC's online breach reporting form at the same time we notify affected individuals.

Notify Prominent Media Outlets in any state where more than 500 residents are affected, concurrent with individual notification.

Notice Content: Our breach notification will include a description of the types of information involved, the date or estimated date of the breach, steps you can take to protect yourself, contact information for questions, and a description of what we are doing in response.

Definition: "Breach of Security" means the unauthorized acquisition of unsecured PHR identifiable health information.

14.3 General Wellness App

Penny is a general wellness app as defined by FDA guidance. We do not diagnose, treat, cure, or prevent any disease or medical condition. We are not a medical device.

Consent & Agreement

By creating a Penny account and using our services, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree with this Privacy Policy, please do not use Penny.

Health Data Consent: By using Penny, you affirmatively consent to the collection and processing of your health-related information as described in this Privacy Policy. You understand that: (1) the information you enter into Penny constitutes health data under applicable privacy laws; (2) this health data will be used to provide you with wellness tracking services, generate insights, and create reports; (3) your health data will be stored securely and protected as described in this Privacy Policy; and (4) you may withdraw your consent at any time by deleting your account, which will result in the permanent deletion of your health data as described in Section 6.3.

— End of Privacy Policy v1.4 —

© 2026 Baig Innovations, LLC. All rights reserved.