Last updated: April 2026
Sirpi ("Company," "we," "us," or "our") is committed to maintaining robust privacy protections for its users. Our Privacy Policy ("Privacy Policy") is designed to help you understand how we collect, use and safeguard the information you provide to us and to assist you in making informed decisions when using our Service.
For purposes of this Agreement, "Site" refers to the Company's website, which can be accessed at sirpi.life. "App" refers to the Company's mobile application available on the Apple App Store. "Service" refers to the Company's health advocacy services accessed via the Site or the App, in which users can receive personalized health guidance tailored for South Asian health risks and genetic predispositions. The terms "we," "us," and "our" refer to the Company. "You" refers to you, as a user of our Site, our App, or our Service.
By accessing our Site or our Service, you accept our Privacy Policy and Terms of Service, and you consent to our collection, storage, use and disclosure of your Personal Information as described in this Privacy Policy.
We collect "Non-Personal Information" and "Personal Information." Non-Personal Information includes information that cannot be used to personally identify you, such as anonymous usage data, general demographic information we may collect, referring/exit pages and URLs, platform types, preferences you submit and preferences that are generated based on the data you submit and number of clicks. Personal Information includes your email address, name, and health-related information, which you submit to us through the registration process at the Site or the App.
To activate the Service you do not need to submit any Personal Information other than your email address. To use the Service thereafter, you may choose to submit further Personal Information, which may include: name, health goals, family medical history, current symptoms, and lifestyle information. However, in an effort to improve the quality of the Service, we track information provided to us by your browser or by our software application when you view or use the Service, such as the website you came from (known as the "referring URL"), the type of browser you use, the device from which you connected to the Service, the time and date of access, and other information that does not personally identify you. We track this information using cookies, or small text files which include an anonymous unique identifier.
The Company may use both persistent and session cookies; persistent cookies remain on your computer after you close your session and until you delete them, while session cookies expire when you close your browser.
To become a subscriber to the Service you will need to create a personal profile. You can create a profile by registering with the Service and entering your email address or signing in with a supported authentication provider (such as Google). By registering, you are authorizing us to collect, store and use your email address in accordance with this Privacy Policy.
Any health information you provide through our chat services, health assessments, profile setup, food photo analysis, activity tracking, or sleep logging will be treated with the highest level of confidentiality and security. This includes but is not limited to: symptoms, family medical history, lifestyle factors, health goals, food and nutrition data, activity and exercise records, sleep patterns, and conversations with our AI health coaching system across web, mobile app, and WhatsApp channels. We are committed to following applicable health privacy laws and regulations.
When you connect Apple Health through our mobile app, we request read access to the following HealthKit data types:
We also request write access to HealthKit for nutrition data (calories, protein, carbohydrates, fat, fiber, and sugar) so that food entries logged in Sirpi can appear in Apple Health. HealthKit data is processed locally on your device and synced to our servers only to provide you with health insights. We do not sell HealthKit data or use it for advertising. HealthKit data is not shared with third parties except as described in this policy for the purpose of providing the Service.
When you connect WHOOP, we receive recovery scores, strain scores, sleep performance, heart rate variability, and workout data via OAuth. When you connect Oura Ring, we receive readiness scores, sleep stages, activity scores, and biometric data via OAuth. You can disconnect these integrations at any time from the Connected Apps screen in the mobile app, which revokes our access.
Sirpi uses artificial intelligence to provide health coaching, food photo analysis, activity insights, and personalized recommendations. When you use these features, the following data may be sent to our AI providers for processing:
PII Anonymization: Before sending your data to AI providers, Sirpi applies an automated anonymization process that removes or masks personally identifiable information (PII) such as email addresses, phone numbers, social security numbers, insurance IDs, and other personal identifiers. Health-relevant data such as lab values, medications, medical conditions, and body measurements are preserved to ensure accurate health coaching. This anonymization is performed using a dedicated privacy service with context-aware policies tailored for health data, chat conversations, and file processing.
Our AI providers process anonymized data solely to generate responses for your use within the Service. Sirpi does not use your data to train AI models. Each AI provider processes data under their own data processing agreements. See Section II for a full list of AI providers and the data shared with each.
We offer messaging services via WhatsApp and voice calls for health coaching and account security purposes. When you opt in to these features, your phone number and message content are processed through Twilio. Health coaching messages may include AI-generated insights based on your health data. We do not use WhatsApp for marketing purposes.
When you choose to enable WhatsApp for your Sirpi account, you will be asked to provide your WhatsApp-enabled phone number and explicitly consent to receive messages via WhatsApp. WhatsApp is used for security verification and AI-powered health coaching conversations. This opt-in process includes:
This consent covers security verification and health coaching messages. It cannot be used for marketing or promotional purposes. Your consent is not transferable to other messaging programs. We will send you a confirmation message when you first opt in via WhatsApp Business API.
Verification codes are sent when you request account verification (such as during login or password reset). Health coaching messages are sent based on your interactions and preferences. Message frequency varies based on your account activity. You may opt out of WhatsApp communications at any time by:
Data rates from your mobile carrier may apply based on your internet usage. We are not responsible for any charges from your mobile carrier or delays in message delivery due to carrier or service limitations.
The Site, the App, and the Service are not directed to anyone under the age of 18. We do not knowingly collect or solicit information from anyone under the age of 18, or allow anyone under the age of 18 to sign up for the Service. In the event that we learn that we have gathered personal information from anyone under the age of 18 without the consent of a parent or guardian, we will delete that information as soon as possible. If you believe we have collected such information, please contact us at legal@sirpi.life.
Except as otherwise stated in this Privacy Policy, we do not sell, trade, rent or otherwise share for marketing purposes your Personal Information with third parties without your consent. We do share Personal Information with vendors who are performing services for the Company as described below. Those vendors use your Personal Information only at our direction and in accordance with our Privacy Policy.
We share data with the following third-party services to provide and improve the Service:
| Service | Data Shared | Purpose |
|---|---|---|
| Anthropic (Claude) | Health profiles (age, gender, height, weight), food photos, chat history, medical conditions, wearable vitals (steps, heart rate, HRV, sleep), activity details, and recent health history (up to 7 days) | AI health coaching and food analysis |
| OpenAI (GPT) | Health profiles, food photos, chat history, medical conditions, wearable vitals, activity details, and recent health history (up to 7 days) | AI health coaching and food analysis |
| Google (Gemini) | Health profiles, food photos, chat history, medical conditions, wearable vitals, activity details, and recent health history (up to 7 days) | AI health coaching and food analysis |
| WHOOP | OAuth tokens; receives recovery, strain, sleep, HRV data | Wearable health data integration |
| Oura | OAuth tokens; receives readiness, sleep, activity data | Wearable health data integration |
| Twilio | Phone numbers, WhatsApp/voice message content | Health coaching messaging and account verification |
| Clerk | Email address, name, authentication tokens | User authentication and account management |
| Vercel | Request logs, IP addresses | Application hosting and deployment |
| Neon (PostgreSQL) | Account data, health records, chat history | Encrypted database hosting |
| Cloudflare | CDN traffic, image URLs | Content delivery and image hosting |
| Resend | Email addresses, email content | Transactional email delivery |
| PostHog | Usage events, device info, IP addresses | Product analytics and improvement |
| RevenueCat | User ID, purchase history, subscription status | In-app subscription and purchase management |
| Inngest | Background job payloads (health data for async processing) | Background task processing |
All third-party AI service providers (Anthropic, OpenAI, and Google) are contractually obligated to provide the same or equal protection of your personal data as described in this Privacy Policy. Your data shared with these providers is processed under their respective API terms of service, which prohibit the use of API data for model training. Personal identifiers (name, email, phone number) are removed before your data is sent to any AI provider.
In general, the Personal Information you provide to us is used to help us communicate with you and provide personalized health advocacy services. For example, we use Personal Information to contact users in response to questions, provide AI-powered health guidance tailored to South Asian health risks, solicit feedback from users, provide technical support, and send security verification codes or health coaching messages via WhatsApp when enabled.
We will never share, sell, or transfer your mobile phone number or messaging consent information to third parties for marketing or promotional purposes. Your phone number is used for health coaching communications and security verification, and is protected with the same security measures as other personal information in your account.
WhatsApp Business API services are provided by Meta through Twilio integration and are subject to their data protection standards. WhatsApp message content is stored while your account is active to provide continuity in health coaching conversations, and is deleted upon account deletion request.
We may share Personal Information with outside parties if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to meet any applicable legal process or enforceable governmental request; to enforce applicable Terms of Service, including investigation of potential violations; address fraud, security or technical concerns; or to protect against harm to the rights, property, or safety of our users or the public as required or permitted by law.
In general, we use Non-Personal Information to help us improve the Service and customize the user experience. We also aggregate Non-Personal Information in order to track trends and analyze use patterns on the Site and the App. We may use Non-Personal Information internally to improve the Service. We do not sell or share Non-Personal Information with third parties for advertising or marketing purposes.
In the event we undergo a business transaction such as a merger, acquisition by another company, or sale of all or a portion of our assets, your Personal Information may be among the assets transferred. You acknowledge and consent that such transfers may occur and are permitted by this Privacy Policy, and that any acquirer of our assets may continue to process your Personal Information as set forth in this Privacy Policy.
We implement security measures designed to protect your information from unauthorized access, including encryption, firewalls and secure socket layer technology. Your account is protected by your account password and we urge you to take steps to keep your personal information safe by not disclosing your password and by logging out of your account after each use. We further protect your information from potential security breaches by implementing certain technological security measures. However, these measures do not guarantee that your information will not be accessed, disclosed, altered or destroyed by breach of such firewalls and secure server software. By using our Service, you acknowledge that you understand and agree to assume these risks.
You have the right at any time to prevent us from contacting you for marketing purposes. When we send a promotional communication to a user, the user can opt out of further promotional communications by following the unsubscribe instructions provided in each promotional e-mail. You can also indicate that you do not wish to receive marketing communications from us in the Settings section of the Site. Please note that notwithstanding the promotional preferences you indicate by either unsubscribing or opting out in the Settings section of the Site, we may continue to send you administrative emails including, for example, periodic updates to our Privacy Policy.
You also have the right to:
As part of the Service, we may provide links to or compatibility with other websites or applications. However, we are not responsible for the privacy practices employed by those websites or the information or content they contain. This Privacy Policy applies solely to information collected by us through the Site and the Service. Therefore, this Privacy Policy does not apply to your use of a third party website accessed by selecting a link on our Site or via our Service. To the extent that you access or use the Service through or on another website or application, then the privacy policy of that other website or application will apply to your access or use of that site or application. We encourage our users to read the privacy statements of other websites before proceeding to use them.
We retain your information as described below, or as required by law:
You may request deletion of your account and associated data at any time by contacting us at legal@sirpi.life. Upon receiving a deletion request, we will permanently remove your health data, chat history, preferences, and profile information within 30 days. Consent records may be retained for a reasonable period after account closure for legal compliance purposes.
If you believe your data has not been handled in accordance with this policy, you may contact us or lodge a complaint with a supervisory authority.
The Company reserves the right to change this policy and our Terms of Service at any time. We will notify you of significant changes to our Privacy Policy by sending a notice to the primary email address specified in your account or by placing a prominent notice on our site. Significant changes will go into effect 30 days following such notification. Non-material changes or clarifications will take effect immediately. You should periodically check the Site and this privacy page for updates.
If you have any questions regarding this Privacy Policy or the practices of this Site, please contact us by sending an email to legal@sirpi.life. We aim to respond to privacy inquiries promptly.