Privacy, consent, and compliance.
The product handles data of an inherently sensitive kind: health-related signals derived from movement, longitudinal activity records, financial inputs, and personal trajectories. We treat the careful handling of this data as a first-order responsibility, not a marketing item.
We do not present this as a finished compliance posture. We present it as a posture appropriate to the product's current stage, deliberately scaled to its trajectory, and treated with the seriousness that handling sensitive data calls for.
Principles in place from day one.
These hold across every audience and stage and are not stage-dependent.
Explicit, revocable consent
Data is collected with explicit consent, and consent is revocable at any time.
Counterparty isolation
An advisor sees only their own clients' data, with each client's consent. A pension provider sees only the users it has provisioned.
No raw medical signals
The product avoids storing regulated medical signals such as raw heart-rate or electrocardiogram data. It works from locomotor activity records that do not require medical-device classification.
Sponsorship ≠ data sharing
In the advisor channel, sponsorship of a client's premium subscription is an independent act from any data-sharing consent. Sponsoring does not, by itself, grant the sponsoring advisor visibility into the client's data.
Non-prescriptive recommendations
Recommendations and signals are non-prescriptive: the product produces information; it does not make decisions on behalf of regulated processes.
Scaling with the business
Beyond these starting principles, the depth of the privacy and compliance programme grows with the business.
- ·As new markets enter scope, the data-protection requirements specific to those markets are addressed.
- ·As advisor relationships scale, the contractual frameworks appropriate to those relationships are formalised.
- ·As regulated provider integrations are pursued, the additional rigour those relationships demand — data residency, formal partner agreements, audit and certification expectations — is met on the timeline those relationships set.