Privacy Policy

1. Who We Are

Penny is a general wellness tracking application operated by Baig Innovations, LLC, a Florida limited liability company.

Company Information:

• Legal Name: Baig Innovations, LLC
• Location: Orange County, Florida
• Privacy Inquiries: privacy@baig-innovations.com
• General Email: hello@baig-innovations.com
• Legal Matters: legal@baig-innovations.com
• Website: pennypelvic.app

What Penny Is:

Penny is a personal wellness tracking companion designed to help you document pelvic health symptoms and lifestyle factors. Penny is NOT a medical device, does NOT provide medical advice, and is NOT a substitute for healthcare professional consultation.

Who This Policy Applies To:

This Privacy Policy applies to all users of the Penny mobile application and website who are:

• 18 years of age or older
• Located in the United States

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

• Email address (required for account creation and communication)
• Name (optional - you may use a nickname or pseudonym)
• Password (encrypted and never visible to us)
• Account preferences and settings

Health & Wellness Tracking Data:

This is the core of Penny - everything you choose to track about your health and wellness:

• Symptom descriptions, severity ratings, and timing
• Bathroom visit frequency and characteristics
• Pain levels, locations, and quality
• Medication and treatment tracking
• Diet and nutrition logs
• Sleep patterns and quality
• Energy levels and mood
• Exercise and activity
• Menstrual cycle data (completely optional)
• Notes, observations, and contextual information
• Any other health-related data you choose to enter

Important: You decide what to track. All health data entry is voluntary and within your control.

2.2 Information Collected Automatically

Usage Information:

• App features you use and how often
• Time spent in different sections of the app
• Navigation patterns within the app
• Device type, operating system, and app version
• Crash reports and error logs (to improve app stability)

Technical Information:

• IP address (for security and fraud prevention)
• Device identifiers (for account security)
• Timezone and language settings
• Network connection type

What We DON'T Collect:

• We do NOT use advertising trackers
• We do NOT use third-party analytics that share your data
• We do NOT track your location unless you explicitly enable it for a specific feature
• We do NOT access your contacts, photos, or other apps without explicit permission

2.3 Information from Third Parties

We do NOT purchase or receive data about you from data brokers or third parties.

If you choose to integrate Penny with other health apps or services (future features), you will provide explicit consent for each integration, and we will only access the specific data you authorize.

3. How We Use Your Information

3.1 Primary Purposes

To Provide the Penny Service:

• Store and organize your health tracking data
• Generate visualizations and insights based on patterns in YOUR data
• Create exportable reports and summaries
• Sync your data across your devices (if you enable cloud sync)
• Remember your preferences and settings

To Improve Penny:

• Identify and fix bugs and technical issues
• Understand which features are most valuable
• Develop new features based on aggregate usage patterns
• Optimize app performance and user experience

To Communicate With You:

• Send important service announcements and updates
• Respond to your support requests
• Notify you of changes to our terms or privacy policy
• Send optional educational content (only if you opt in)

To Protect Security:

• Prevent fraud and unauthorized access
• Enforce our Terms of Service
• Comply with legal obligations

3.2 What We DON'T Do With Your Data

We Will NEVER:

• Sell your personal information or health data to anyone
• Share your data with advertisers
• Use your health data to target you with ads
• Share your data with insurance companies
• Automatically send your data to healthcare providers (you control all sharing)
• Use your data to train AI models without your explicit, separate consent
• Share your data with employers or schools
• Make your health information public

4. How We Share Your Information

4.1 User-Controlled Sharing

You Choose When to Share:
Penny is designed around YOUR control. Your data never leaves your device automatically. You decide if and when to share:

• Export & Print: You can generate reports to print or save as PDF
• Show Your Provider: You can bring your phone to appointments to show your healthcare team
• Manual Email: You can export data and email it yourself to whomever you choose

We Never Auto-Share: We do not have features that automatically email, text, or transmit your health data to anyone - including your healthcare providers.

4.2 Service Providers (Limited & Necessary)

We work with a small number of trusted service providers who help us operate Penny. These providers are bound by strict data protection agreements and can only use your data to provide services to us.

Current Service Providers:

• Development Platform: Bolt.new - rapid development platform
• Database & Backend: Supabase - encrypted data storage and user authentication
• Code Repository: GitHub - version control only (no user data stored)
• Payment Processing: Stripe - PCI-compliant subscription processing when launched (does NOT receive health data)
• Analytics: Privacy-focused analytics (if implemented) - receives only anonymous, aggregate usage data

We Do NOT Share Your Health Tracking Data with Service Providers Unless Technically Required to Operate the App (e.g., Encrypted Cloud Storage)

4.3 Legal Requirements

We may disclose your information if required by law, such as:

• In response to a valid subpoena or court order
• To protect the rights, property, or safety of Penny, our users, or the public
• To prevent fraud or illegal activity
• To comply with valid legal process

We Will Fight for Your Privacy: If legally permitted, we will notify you before disclosing your information and will challenge overly broad requests.

4.4 Business Transfers

If Baig Innovations, LLC is acquired by or merged with another company, your information may be transferred to the new owner. You will be notified via email and in-app notice, and the new owner must continue to honor this Privacy Policy. You will have the option to delete your account before any transfer.

5. Data Security

5.1 How We Protect Your Data

We implement security measures that exceed industry standards for health-related apps:

Encryption:

• In Transit: All data transmitted between your device and our servers is encrypted using TLS 1.3
• At Rest: All health data stored on our servers is encrypted using AES-256 encryption
• Passwords: Your password is hashed using bcrypt and is never stored in plain text

Access Controls:

• Multi-factor authentication (MFA) available for your account
• Role-based access control within our company (minimal employees have access)
• Regular security audits and penetration testing
• Monitoring for suspicious activity

Data Isolation:

• Your data is logically separated from other users' data
• No employee can view your health data without explicit authorization for support purposes
• All data access is logged and monitored

5.2 Your Role in Security

You Can Help Protect Your Data:

• Use a strong, unique password
• Enable multi-factor authentication
• Don't share your account credentials
• Log out on shared devices
• Keep your app updated
• Be cautious of phishing emails claiming to be from Penny

5.3 Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will:

1. Notify you via email within 72 hours of discovering the breach
2. Provide details about what information was affected
3. Explain what steps we've taken to address the breach
4. Advise you on steps you can take to protect yourself
5. Comply with all applicable data breach notification laws

6. Your Privacy Rights

6.1 Access & Portability

You Have the Right to:

• Access: View all personal information we have about you
• Export: Download your complete data in a machine-readable format (JSON or CSV)
• Port: Transfer your data to another service of your choice

How to Exercise This Right:

• Use the "Export My Data" feature in the app settings, or
• Email privacy@baig-innovations.com with your request
• We will respond within 30 days

6.2 Correction & Accuracy

You Have the Right to:

• Correct inaccurate personal information
• Update your account information
• Edit your health tracking entries

How to Exercise This Right:

• Most corrections can be made directly in the app
• For account-level changes, email privacy@baig-innovations.com

6.3 Deletion & Account Closure

You Have the Right to:

• Delete individual health tracking entries
• Delete your entire account and all associated data
• Request deletion of specific data categories

How to Exercise This Right:

• Use the "Delete My Account" feature in settings (permanent and immediate), or
• Email privacy@baig-innovations.com with your request

What Happens When You Delete:

• Your account and all health data are permanently deleted within 30 days
• We may retain minimal information for legal compliance (e.g., transaction records for tax purposes)
• Backups containing your data are deleted within 90 days
• Deletion is irreversible - we cannot recover your data after deletion

What We Keep:

• Aggregated, de-identified usage statistics (no personally identifiable information)
• Records required by law (e.g., tax records, legal disputes)

6.4 Opt-Out Rights

You Have the Right to:

• Opt out of optional communications (newsletters, tips, feature updates)
• Opt out of optional data collection (location tracking, usage analytics)
• Restrict how we use your data

How to Exercise This Right:

• Adjust preferences in app settings, or
• Click "unsubscribe" in any marketing email, or
• Email privacy@baig-innovations.com

Note: You cannot opt out of essential service communications (security alerts, policy updates, account notifications).

6.5 State-Specific Privacy Rights

California Residents (CCPA/CPRA):
California residents have additional rights under the California Consumer Privacy Act:

• Right to know what personal information is collected
• Right to know if personal information is sold or shared (it's not)
• Right to opt out of sales (not applicable - we don't sell data)
• Right to limit use of sensitive personal information
• Right to non-discrimination for exercising privacy rights

Other State Laws:
If your state has enacted comprehensive privacy legislation (e.g., Virginia, Colorado, Connecticut, Utah), you may have additional rights. Contact privacy@baig-innovations.com for information specific to your state.

7. Data Retention

7.1 How Long We Keep Your Data

Active Accounts:

• We retain your data as long as your account is active
• You can delete specific entries or your entire account anytime

Deleted Accounts:

• Personal and health data deleted within 30 days
• Backups purged within 90 days
• Legal records retained as required by law (typically 7 years for financial records)

De-Identified Data:

• We may retain aggregated, anonymous usage statistics indefinitely
• This data cannot be linked back to you and helps us improve Penny for everyone

7.2 Inactive Accounts

If your account has been inactive for 3 consecutive years:

1. We will send email notifications at 2.5 years, 2 years 10 months, and 2 years 11 months
2. If you don't log in or respond, we will delete your account and data
3. You can prevent this by logging in at least once every 3 years

8. Children's Privacy

Penny is NOT intended for anyone under 18 years of age.

We do not knowingly collect personal information from children under 18. If we learn that we have collected information from someone under 18, we will delete that information immediately.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@baig-innovations.com.

9. International Users

Penny is Currently Available to U.S. Users Only

If you access Penny from outside the United States:

• Your data will be transferred to and processed in the United States
• U.S. privacy laws may be different from laws in your country
• By using Penny, you consent to the transfer of your data to the U.S.

We are not currently offering Penny in the European Union, UK, or other regions with specific data protection requirements. If you are located in these regions, please do not use Penny at this time.

10. Cookies & Tracking Technologies

10.1 Website Cookies

Our website (pennypelvic.app) uses minimal cookies:

Essential Cookies:

• Session management (required for website functionality)
• Security and fraud prevention

Analytics Cookies (Optional):

• Privacy-focused analytics (e.g., Plausible, Fathom)
• No personal information collected
• No cross-site tracking
• You can opt out via browser settings

10.2 Mobile App Tracking

The Penny mobile app does NOT use:

• Advertising trackers
• Third-party analytics that share data
• Social media tracking pixels
• Cross-app tracking technologies

We use only privacy-preserving analytics to understand app usage in aggregate.

11. Third-Party Links

Penny may contain links to third-party websites or resources (e.g., educational articles, support groups).

We Are Not Responsible For:

• The privacy practices of third-party sites
• The content of external websites
• Data collection by linked sites

Before Sharing Personal Information with Any Third Party, Please Review Their Privacy Policy.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

• New features or services
• Changes in legal requirements
• Improvements to our privacy practices

How We'll Notify You:

• Email notification to your registered email address
• In-app notification upon next login
• Updated "Last Updated" date at the top of this policy
• Previous versions available upon request

Material Changes: If we make material changes that reduce your privacy protections, we will provide at least 30 days' notice and give you the option to delete your account before the changes take effect.

Your Continued Use: By continuing to use Penny after changes take effect, you accept the updated Privacy Policy.

13. Contact Us

Questions or Concerns?

We're here to help with any privacy questions or concerns.

Email:

• Privacy Inquiries: privacy@baig-innovations.com
• General Questions: hello@baig-innovations.com
• Legal Matters: legal@baig-innovations.com

Mailing Address:
Baig Innovations, LLC
Orange County, Florida

Response Time: We aim to respond to all privacy inquiries within 5 business days and resolve requests within 30 days.

14. Regulatory Compliance

14.1 HIPAA

Important: Baig Innovations, LLC and Penny are NOT HIPAA-covered entities or business associates. We are a consumer wellness application, not a healthcare provider, health plan, or healthcare clearinghouse.

However: We voluntarily implement HIPAA-level security and privacy standards as best practices to protect your health information, even though we are not legally required to do so.

14.2 FTC Health Breach Notification Rule

We comply with the FTC Health Breach Notification Rule for personal health records. In the event of a breach affecting your health information, we will notify you as required by law.

14.3 General Wellness App

Penny is a general wellness app as defined by FDA guidance. We do not diagnose, treat, cure, or prevent any disease or medical condition. We are not a medical device.