Privacy

Privacy Policy

Last updated: June 25, 2026

This policy explains how Iris handles personal data when you use the Iris website, app, and connected services.

What Iris collects

Iris collects information you provide directly, such as account details, onboarding answers, messages, goals, preferences, and support requests.

When you connect optional services, Iris may process health, wellness, calendar, activity, device, billing, messaging, and usage data needed to provide the product. Examples include Garmin, Oura, WHOOP, Strava, Google Calendar, Screen Time-style summaries, subscription status, and communication metadata.

Iris may also collect technical data such as device, browser, approximate location from network signals, logs, diagnostics, and security events.

How Iris uses data

We use data to provide and improve Iris: authentication, onboarding, syncing connected services, generating personalized insights, maintaining subscriptions, sending product messages, preventing abuse, debugging issues, and meeting legal obligations.

Iris is not emergency care, a medical device, or a replacement for a clinician. Health-related outputs are informational and should not be used as the sole basis for medical decisions.

Google user data

If you connect Google Calendar, Iris requests read-only Calendar access so the product can understand your schedule and provide context-aware guidance.

Iris uses Google user data only to provide user-facing features. We do not sell Google user data, use it for advertising, or allow humans to read it unless necessary for security, support with your permission, legal compliance, or abuse prevention.

Iris’ use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Sharing and processors

We share data with service providers that help operate Iris, such as hosting, databases, authentication, analytics/observability, email, messaging, payments, and AI infrastructure. These providers may include Vercel, Railway, Neon, Clerk, Google, Stripe, Resend, Meta/WhatsApp, and AI model providers depending on the features you use.

We may disclose information if required by law, to protect rights and safety, or as part of a business transfer.

Retention and deletion

We keep data only as long as reasonably needed for the product, security, legal obligations, and legitimate business purposes.

You can request access, correction, export, or deletion of your data by contacting us. Disconnecting a provider stops future syncs, but previously processed data may remain until deleted or expired according to retention rules.

Security

We use reasonable technical and organizational measures to protect data, including encryption in transit, access controls, and separation between authentication and product data where appropriate.

No system is perfectly secure. Please contact us if you believe your account or data may be at risk.

Contact

For privacy requests or questions, contact hello@irishealth.bio.