← Rhiza Health

Privacy Policy

Version 1.0 — 2026

This policy explains how Jordan Rosario Giacobbe, d/b/a Rhiza Health (“we”) collects, uses, and protects your information when you use our website, dashboard, and coaching services.

1. What we collect

Contact & account information: name, email, phone (optional), and login credentials.

Intake and health-related information you provide: goals, schedule, food preferences and allergies, exercise history, injuries or limitations you disclose, and similar details gathered on calls or forms.

Tracking data you log: meals and macros, workouts, habits (such as steps or sleep), progress metrics, and messages you send to the AI insights assistant.

Call records: coaching and discovery calls may be transcribed and summarized with your consent (you are notified at the start of each call) using a meeting-notes service.

Payment data is processed by Stripe; we never store full card numbers. We also collect basic usage data such as device and browser type.

We are a wellness service, not a healthcare provider — we are not a HIPAA-covered entity. We nonetheless treat your health-related information as sensitive.

2. How we use it

To build and personalize your system, operate the dashboard, generate AI insights, prepare your coach for calls, process payments, provide support, and improve the Services. We do not sell your personal information, and we do not use your identifiable health information for advertising.

3. AI processing

Your system context and logged data are processed by AI models (via Anthropic's API) to generate your program drafts, insights, and chat responses. Data sent for these features is used to serve you, not to train the provider's models per our API agreement. Your data is never placed in another client's AI context.

4. Who can access it

Your coach and the service's administrative systems can access your data to deliver the Services.

Subprocessors: Supabase (database and auth hosting), Vercel (application hosting), Stripe (payments), Anthropic (AI processing), Google Workspace (email/calendar), Cal.com (scheduling), Granola (call transcription and notes), and Whop (curriculum delivery). Each receives only what its function requires.

5. Security

Data is stored with per-account isolation (row-level security), encrypted in transit and at rest by our hosting providers, with access limited to your coach and audited administrative agents. No system is perfectly secure; we will notify you of any breach affecting your data as required by law.

6. Retention & deletion

Active account data is retained while your account is open. After cancellation, your data is retained for 90 days for reactivation and export, then deleted or de-identified, except records we must keep (such as payment/tax records and signed agreements). You may request export or deletion anytime at jordigiac08@gmail.com.

7. Your rights

Depending on your state (for example, California's CCPA/CPRA), you may have rights to access, correct, delete, or port your data, and to non-discrimination for exercising those rights. Contact jordigiac08@gmail.com; we respond within 30 days.

8. Other

We do not knowingly serve minors under 18. This policy may be updated with 14 days' notice for material changes. Governing law: State of Washington.