Consumer Health Data Privacy Policy

Effective date: June 10, 2026

This Consumer Health Data Privacy Policy explains how Mardania LLC (“Pilora,” “we,” “us,” or “our”) collects, uses, and shares “consumer health data” as defined by the Washington My Health My Data Act, the Nevada Consumer Health Data Privacy Law, the Connecticut Data Privacy Act, and other applicable U.S. state consumer health data laws (together, the “Consumer Health Data Laws”).

This policy applies only to consumer health data and is separate from our general Privacy Policy and our Terms of Use. Where this policy conflicts with our general Privacy Policy regarding consumer health data, this policy controls.

Pilora is a consumer mobile application that helps you track the supplements and medications you take, check them for interactions, and get general informational guidance. Pilora is not a healthcare provider and is not a HIPAA-covered entity.

1. Categories of Consumer Health Data We Collect

We collect the following categories of consumer health data, all of which you provide to us directly through the app:

  • Identifying details used with your health information: your date of birth and sex at birth.
  • Reproductive health information: pregnancy status, only if you choose to provide it.
  • Health conditions and allergies: any health conditions and allergies you choose to enter.
  • Supplements and medications: the supplements and medications you add to your account, including product names, ingredients, and doses, and your dosing schedule.
  • Adherence and logs: records of which doses you log and when.
  • Wellness diary: optional entries you choose to record, such as energy, sleep, mood, digestion, pain ratings, and symptom notes.
  • Optional profile details: health goals, diet type, activity level, and body weight, only if you choose to provide them.
  • Health data we generate for you:interaction-check results and guidance generated by our in-app AI assistant, which are derived from the information above to provide the app's features to you.

We do not collectprecise or real-time geolocation, biometric identifiers (such as fingerprint, face, or voice templates), or laboratory or biomarker measurements (such as blood glucose, A1c, blood pressure, or cholesterol values). You may select general condition labels (for example, “high cholesterol”) from a preset list; these are stored as condition tags, not measured values.

2. Categories of Sources

We collect consumer health data from a single source: directly from you, when you enter it into the app or scan a supplement or medication label with your device camera.

3. How We Use Consumer Health Data

We use consumer health data only to provide the app's features that you request, including to:

  • Read the labels you scan and build your supplement and medication list.
  • Create and display your dosing schedule and reminders.
  • Check your supplements and medications for interactions and surface relevant warnings.
  • Provide guidance through our in-app AI assistant when you choose to use it.
  • Operate safety features that account for your age, pregnancy status, allergies, and conditions.
  • Maintain your account and provide customer support.

We do not use consumer health data for advertising, and we do not sell consumer health data. We do not use your identifiable consumer health data to train artificial-intelligence models.

4. Categories of Consumer Health Data We Share, and With Whom

We share consumer health data only as needed to provide the features you use. The specific recipients are:

Service providers that process data on our behalf (processors):

  • Our AI provider. When you scan a label, the image is sent to our AI provider to read it and extract the product and ingredient details, and the image is then discarded. When you use our in-app AI assistant, your message and relevant parts of your supplement list are sent to our AI provider to generate a response. Our AI provider processes this data only to provide these features to you, under contract, and does not use it to train its models.
  • Hosting and database providers. Our database and application are hosted on infrastructure providers (including Supabase, hosted on Amazon Web Services, and Vercel) that store and process data solely to operate the app on our behalf.
  • Notification and email providers. We use providers to deliver push notifications (Apple Push Notification service) and transactional emails (Resend), which receive only the information needed to deliver those messages.
  • Payment and subscription providers. Purchases are processed by Apple and/or Stripe, and subscription status is managed through RevenueCat. These providers receive the information needed to process payments and manage your subscription; we do not store full payment card numbers.

These service providers act on our behalf and are contractually limited to processing data only for the purposes described above.

Supplement marketplace (only if you choose to shop):

  • Fullscript. If you are on a paid plan and choose to shop for supplements through the app, we share your name, email address, subscription tier, and the names of the supplement products you search for or order, so that Fullscript can fulfill your order. We do not share your health conditions, allergies, age, pregnancy status, body weight, your overall supplement list, or your conversations with our AI assistant. Fullscript processes the information it receives under its own privacy policy.

Legal and safety:

  • We may disclose consumer health data when required by law or valid legal process, or to protect the rights, safety, or property of our users, the public, or us.

5. Your Rights

If you are a resident of a state with applicable Consumer Health Data Laws, you have the right to:

  • Confirm and access whether we collect, share, or sell your consumer health data, and to obtain a copy of that data, including a list of the specific third parties and affiliates with whom we have shared it.
  • Withdraw consent to our collection or sharing of your consumer health data.
  • Delete your consumer health data.
  • Appeal a denial of any of the above requests.

We will not discriminate against you for exercising these rights.

How to exercise your rights. You can delete your account and associated data at any time within the app's Settings. For any other request — access, a list of third parties, withdrawal of consent, or to appeal a decision — email us at privacy@pilora.app. You do not need to create a new account to make a request. We may need to verify your identity before responding, using information already associated with your account.

Our response. We will respond to your request within 45 days of receiving it. If we need more time, we may extend by an additional 45 days and will tell you why within the first 45 days. Requests are free up to twice per year.

Deletion. When you delete your account, we delete your consumer health data from our active systems, including your profiles, supplement and medication lists, schedules, logs, diary entries, AI-assistant messages, and scan records. We instruct our service providers to delete the corresponding data. Copies of data residing in encrypted backups are removed in the ordinary course of our backup cycle and no later than six months after your request. Note: Apple App Store subscriptions must be cancelled separately in your iPhone Settings; we cannot cancel them on your behalf.

Appeals. If we deny your request, you may appeal by replying to our decision or emailing privacy@pilora.app. We will respond to your appeal in writing within 45 days. If we deny your appeal, you may contact the Washington State Attorney General at https://www.atg.wa.gov/file-complaint.

6. How We Protect Consumer Health Data

We restrict access to consumer health data to the personnel and service providers who need it to provide the app's features to you. We maintain administrative, technical, and physical safeguards designed to protect consumer health data, including encryption of data in transit and encryption at rest provided by our database platform, and account-level isolation so that you can access only your own data and the profiles of family members on your own account.

7. Changes to This Policy

We may update this policy. If we change the categories of consumer health data we collect, the purposes for which we use it, or the parties with whom we share it, we will update this policy, update the effective date above, and where required obtain your renewed consent before the new collection, use, or sharing.

8. Contact Us

For any question or request regarding this policy or your consumer health data:

Email: privacy@pilora.app
Entity: Mardania LLC