Stacked Health logoStacked Health

Privacy Policy

Stacked Health Group, Inc.

Effective Date: August 11, 2025
Last Updated: August 11, 2025

Your privacy matters to us. This Privacy Policy explains how Stacked Health Group, Inc. ("Stacked Health," "we," "our," or "us") collects, uses, and protects your personal information when you use our website, mobile app, and related services (together, the "Services").

IMPORTANT:

By using our Services, you agree to this Policy. If you do not agree, please do not use the Services. This Policy is part of our Terms & Conditions.

1

Who We Are & Scope

This Policy applies to personal information collected through our Services, both online and offline. It applies to users in the United States, the European Economic Area (EEA), Switzerland, and the United Kingdom.

It does not apply to third-party websites, tools, or services we don't control (for example, Beehiiv for our newsletter).

Headquarters: 60 West 20th Street, New York, NY 10011, USA

EU Representative (Art. 27 GDPR): Alberto Finardi, Castel Rozzone (BG) 24040, Italy – alberto@stacked-health.com

2

Information We Collect

We collect information in a few ways:

2.1 Information You Provide

  • Account data: name, email, phone number, login details, age/date of birth, and optional profile photo.
  • User content: logs, preferences, and other information you add to your profile.
  • Payments: subscription details and payment confirmations (processed securely by Stripe, Apple, Google, or others — we do not store full credit-card numbers).
  • Support: messages, feedback, and survey responses.

2.2 Information We Receive from Others

  • Integrations: if you connect services (e.g. Apple Health, Google Fit, wearables, SSO), we only receive the categories of data you approve.
  • Partners: marketing partners or co-branded programs may share limited information with us.

2.3 Information Collected Automatically

  • Device & usage: IP address, device type, browser, OS, app version, crash logs.
  • Activity: pages or features you use, time and date of access, referring sites.
  • Cookies & similar tech: see Section 5.

2.4 Sensitive Data

Some information (like health metrics or location, if you enable it) may be considered "sensitive" under law. We only collect this with your consent and use it as described in this Policy.

3

How We Use Your Information

We use your information to:

  • • Provide and operate the Services.
  • • Personalize your experience and recommendations.
  • • Improve and develop our products and features.
  • • Communicate with you about updates, security, and support.
  • • Send marketing (only if you've opted in).
  • • Detect and prevent fraud, abuse, or illegal activity.
  • • Meet our legal obligations.
  • • Support a business transfer (like a merger or acquisition).

Legal bases (GDPR/UK GDPR): contract, consent, legitimate interests, and legal obligations.

We do not sell your personal information.

4

How We Share Your Information

We share personal information only as needed:

  • Service providers: hosting, analytics, payment processors, and customer support.
  • Integration partners: when you connect third-party services (you control this access).
  • Research partners: with de-identified or aggregated data only.
  • Legal & safety: if required by law or to protect rights, safety, or property.
  • Business transfers: if our company is acquired or merged, your data may transfer with it.

We may also share aggregated data that cannot identify you.

5

Cookies & Analytics

We and our partners use cookies and similar tools to understand usage and improve performance.

Your choices: most browsers let you block or delete cookies. Mobile devices may allow you to reset identifiers or limit tracking.

Do Not Track: we honor Global Privacy Control (GPC) signals where required by U.S. state law.

We do not use personal health data for targeted advertising.

6

Your Rights

Depending on where you live, you may have rights over your data, including:

  • • Access your personal data.
  • • Correct or update inaccurate information.
  • • Delete data we no longer need.
  • • Port your data to another service.
  • • Restrict or object to certain processing.
  • • Withdraw consent (for things like marketing).

EU/UK/Swiss users may also contact their supervisory authority.

U.S. state residents (e.g. CA, CO, VA) may opt out of targeted advertising and request access, correction, or deletion.

You can exercise these rights by emailing privacy@stacked-health.com.

7

Children's Privacy

Our Services are not directed to children under 13 (or under 16 in some parts of Europe). We do not knowingly collect their data. If we become aware, we'll delete it.

8

Data Security

We use administrative, technical, and physical safeguards to protect your information. No system is 100% secure, but we work to minimize risks.

9

Data Retention

We keep your information as long as needed for the purposes described in this Policy, to comply with legal requirements, and to resolve disputes. Retention periods vary depending on the data type.

10

International Transfers

We are based in the United States. If we transfer your data internationally, we use safeguards such as Standard Contractual Clauses (SCCs) and the EU-U.S./UK-U.S. Data Privacy Framework.

11

Changes to This Policy

We may update this Policy from time to time. If changes are significant, we will notify you (e.g. by email or in-app notice).

12

Contact Us

Email (Privacy): privacy@stacked-health.com

EU Representative: Alberto Finardi – alberto@stacked-health.com

Mail: 60 West 20th Street, New York, NY 10011, USA