Privacy Policy

This Privacy Policy explains how Axis ("Axis", "we", "us", or "our") collects, uses, shares, and protects your personal information when you visit our website, join the waitlist, or — once available — use the Axis mobile application (collectively, the "Service").

We've tried to write this in plain language. Where we use defined terms, they're explained where they appear. If anything is unclear, you can always reach us at the contact address at the bottom of this page.

1.Who we are

Axis is a wellbeing application designed to help women 35+ build and follow a personalized health system. The "controller" of your personal data — the entity that decides why and how it is processed — is the company operating the Service.

If you're located in the European Economic Area (EEA), the United Kingdom, or Switzerland, references to GDPR apply equally to the UK GDPR and the Swiss FADP where relevant.

2.Information we collect

Information you give us directly

• Waitlist email address. When you join the waitlist, we collect your email address.
• Account information. Once Axis launches, we collect the information you provide when you create an account — for example, name, age range, and broad goals you describe.
• Health and wellbeing inputs. Information you choose to share inside the Service — including journal entries, mood logs, symptoms, cycle and hormone-related data, medications, supplements, sleep, food, exercise, and any uploaded documents such as lab results.
• Voice or text descriptions. If you use voice-to-app or text-to-app to describe your situation, the audio or text content you submit to build your system.
• Communications. If you write to us, we keep a record of the message and any reply.

Information we receive from your device or third parties

• Device and usage information. Technical details such as device type, operating system version, app version, language, time zone, and information about how you use the Service.
• Connected health platforms. If you choose to connect Apple Health, Google Health Connect, or similar platforms, we receive only the data categories you authorize.
• Calendar. If you grant access, we may write reminders to your default calendar — we do not read calendar contents at MVP.
• Analytics. Aggregated, non-identifying analytics that help us understand how the Service is used.

3.How we use your information

We use your information to:

• Send you a welcome email when Axis is ready and, if you've opted in, periodic launch updates.
• Provide and personalize the Service — including building your wellbeing system, generating routines, dashboards, and starting suggestions for movement and supplements.
• Surface insights, weekly recaps, and pattern analysis that depend on your tracked parameters.
• Improve the Service through aggregated, de-identified analysis of usage patterns and unmet needs.
• Communicate with you about the Service, security notices, and legal changes.
• Detect and prevent fraud, abuse, and security incidents.
• Comply with applicable law, court orders, and lawful requests from public authorities.

We do not sell your personal information. We do not use your health data, journal content, or voice recordings to train third-party advertising models, and we do not run third-party advertising inside the Service.

4.Legal basis (for users in the EEA, UK, and Switzerland)

If you're in the EEA, UK, or Switzerland, we rely on the following legal bases under the GDPR / UK GDPR / FADP:

Consent (Art. 6(1)(a))

For the waitlist email, marketing communications, processing of health data (special category, Art. 9(2)(a)), and any optional integrations or AI processing of uploaded documents.

Contract (Art. 6(1)(b))

To provide the core Service you've requested once you become a user.

Legitimate interests (Art. 6(1)(f))

To improve the Service, prevent abuse, and keep our systems secure — balanced against your rights and freedoms.

Legal obligation (Art. 6(1)(c))

To comply with laws that apply to us.

You may withdraw consent at any time. Withdrawal does not affect processing carried out before withdrawal.

5.How we share information

We share personal information only with the following categories of recipients, and only as needed:

• Service providers ("processors"). Hosting, email delivery, analytics, error monitoring, and AI inference providers we use to operate the Service. They act under our instructions and are bound by data-processing agreements.
• Professional advisors. Lawyers, accountants, and auditors when needed.
• Authorities. When legally required to comply with valid requests, court orders, or to protect our rights, your safety, or the safety of others.
• Successors. If Axis is involved in a merger, acquisition, or sale of assets, your information may transfer to the successor entity, which will continue to be bound by this Policy unless you're notified otherwise.

We do not sell or rent your personal information, and we do not share health-related data with third-party advertisers.

6.Data retention

• Waitlist emails: kept until launch; afterwards converted to your account email or deleted within 90 days if you don't sign up.
• Account and health data: kept while your account is active. You can export or delete your data at any time from in-app settings.
• Backups: deleted data may persist in encrypted backups for up to 30 days before being purged.
• Logs and operational data: typically retained 30–90 days, longer where required for security investigations.

7.Security

We use industry-standard technical and organizational measures to protect your information, including encryption in transit (TLS) and at rest, access controls, audit logging, and the principle of least privilege. Where possible, we process data on-device or in a privacy-preserving way.

No system is perfectly secure. If we ever experience a breach that affects your personal information, we will notify you and the relevant authorities as required by law.

8.Your privacy rights

Depending on where you live, you may have some or all of the following rights:

• Access — request a copy of the personal information we hold about you.
• Correction — ask us to correct information that is inaccurate or incomplete.
• Deletion — ask us to delete your information, subject to certain legal exceptions.
• Portability — receive a structured, machine-readable copy of your data.
• Objection & restriction — object to certain processing or request that we restrict it.
• Withdraw consent — at any time, where we rely on consent.
• Lodge a complaint — with your local data protection authority. EEA residents can also contact the supervisory authority of their country of residence.

To exercise any of these rights, contact us at the address in Section 14. We will respond within the time limits set by applicable law (typically 30 days under GDPR, 45 days under CCPA).

California residents have specific rights under the CCPA/CPRA, including the right to know what personal information we collect, the right to delete it, the right to correct inaccuracies, and the right to opt out of the "sale" or "sharing" of personal information (we do not sell or share personal information as defined by the CCPA). We do not discriminate against you for exercising any of these rights.

9.International data transfers

Your personal information may be transferred to and processed in countries other than the one where you live. Where we transfer personal data out of the EEA, UK, or Switzerland, we use appropriate safeguards — typically the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, and (where applicable) supplementary measures.

10.Cookies & tracking

On our website we use a small number of cookies and similar technologies:

• Strictly necessary cookies for the site to work (e.g. preserving form state).
• Analytics cookies to understand how visitors use the site, in aggregate. We do not use analytics for advertising profiling.

If we add advertising or remarketing cookies in the future, we will surface a consent banner allowing you to accept or reject non-essential cookies before they are set. You can also control cookies through your browser settings.

11.Children's privacy

The Service is intended for adults 18 and older and is not directed to children. We do not knowingly collect personal information from anyone under 18. If you believe a child has provided us with personal information, please contact us and we will take prompt steps to delete it.

12.Health information

Some information you share with Axis — symptoms, medications, cycle data, lab results — qualifies as "special category" personal data under GDPR (sometimes called sensitive personal information). We process it only with your explicit consent, only for the purposes described in this Policy, and we apply additional protections, including:

• Storing health data in encrypted form, separated from non-sensitive identifiers where feasible.
• Restricting internal access to authorized personnel on a need-to-know basis.
• Never using health data to train third-party AI advertising models.
• Never sharing health data with advertisers, data brokers, or any third party for marketing purposes.

Axis is a wellbeing app, not a medical device. Insights surfaced inside the Service are observations for your personal awareness and are not a substitute for advice from a qualified healthcare professional.

13.Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we'll update the "Last updated" date at the top, and — where required — notify you in the Service or by email at least 30 days before the changes take effect. Continued use of the Service after the effective date means you accept the updated Policy.

14.How to contact us

If you have questions, want to exercise a privacy right, or want to report a concern, write to us — we read every email.