Privacy Policy
Last updated: June 7, 2026
Our Health Data Promise
Your protocols, doses, weights, measurements, and progress photos are encrypted and never sold, shared with advertisers, or used for marketing purposes. We do not monetize your health data in any way. Your data belongs to you — you can export or delete it at any time.
Not a HIPAA-covered entity. Regimen is a personal health tracking tool, not a healthcare provider, health plan, or healthcare clearinghouse. We are not a covered entity or business associate under HIPAA, and HIPAA does not apply to data you enter into the Service. We protect your data under this Privacy Policy and applicable consumer privacy laws (such as GDPR, CCPA, and the New York SHIELD Act).
Your Privacy Matters
At Regimen, we take your privacy seriously. This Privacy Policy explains how we collect, use, and protect your information.
Regimen is operated by Awaken Labs LLC, a New York limited liability company ("Awaken Labs," "we," "us," or "our").
Information We Collect
We collect information you provide directly to us. Only your email address is required to create an account. All other data is entirely optional — you choose what to share:
- Required: Email address for account creation, authentication, and account-related communications
- Optional, user-provided: Health and protocol tracking information you enter (which may include items such as protocols you track, doses, schedules, body measurements, progress photos, notes, and similar personal health information)
- Optional, third-party integrations: Health data you choose to sync from Apple Health, Google Health Connect, or other third-party services
- Automatic: Anonymized usage and diagnostic data to maintain, improve, and develop the Service
Specific categories of data we collect may evolve as the Service evolves. You are in full control of what you share. The Service works with as much or as little data as you choose to enter, beyond the minimum required for an account.
Information from Apple Health & Google Health Connect
If you choose to connect Apple Health or Google Health Connect, we may read health metrics you explicitly authorize (such as weight, body measurements, and activity data) to display alongside your tracking data in the App. We do not write data to Apple Health or Google Health Connect without your permission. Health data accessed through these integrations is:
- Only used to display correlations and trends within the Regimen app
- Never shared with third parties, advertisers, or data brokers
- Never used for marketing or ad targeting
- Processed in accordance with Apple's and Google's health data policies
You can disconnect Apple Health or Google Health Connect at any time through your device settings or within the Regimen app. Disconnecting immediately stops all health data access.
How We Use Your Information
We use your information for purposes including:
- Providing, maintaining, and developing the Service
- Authenticating your account and securing access
- Sending reminders and notifications you have configured
- Displaying analytics, trends, insights, correlations, and other information back to you
- Calculating and displaying estimates such as medication levels, projections, and protocol summaries
- Improving the Service and developing new features
- Responding to your support requests
- Sending essential service communications (security notices, terms updates, billing-related messages)
- Conducting internal research, analytics, and product development
- Detecting and preventing fraud, abuse, or violations of our Terms
- Complying with legal obligations
We do not use your information to:
- Serve advertisements
- Build advertising profiles
- Sell or share your personal health information with third parties for marketing or data brokerage purposes
- Train artificial intelligence or machine learning models on your personal health data without your explicit consent
Aggregated and De-identified Data
We may use aggregated, de-identified data that cannot reasonably be linked back to any individual user for purposes such as:
- Publishing aggregate statistics about our user base (e.g., "Regimen users have logged X million doses")
- Identifying trends to improve the Service
- Research and product development
- Marketing materials and case studies
We will not attempt to re-identify de-identified data and will not publish data in a form that could reasonably identify any individual user.
Data Security
Your data is encrypted both in transit (TLS 1.2+) and at rest using industry-standard encryption. We use trusted cloud infrastructure providers for encrypted data storage and processing. Access to user data is restricted to essential service operations only.
Progress photos are stored securely and are only accessible to you. They are never used for marketing, shared publicly, or accessible to other users.
We regularly review our security practices and infrastructure to protect against unauthorized access, alteration, or destruction of your personal information. If we become aware of a security incident that affects your personal data, we will notify you as required by applicable law, including the New York SHIELD Act.
We Don't Sell Your Data — Ever
We never sell, rent, license, or share your personal health information with third parties for marketing, advertising, or data brokerage purposes. This includes your protocols, doses, weight, measurements, progress photos, side effect logs, and any data accessed through Apple Health or Google Health Connect.
This is not a temporary policy — it is a core principle of how Regimen operates. We make money from app subscriptions, not from your data.
Third-Party Services
We work with a small number of trusted service providers to operate Regimen. These may include providers for categories such as:
- Authentication and account security: Email-based authentication infrastructure
- Cloud infrastructure: Industry-standard cloud providers for encrypted data storage and processing
- Subscription and payment processing: Subscription management platforms and payment processors used by Apple, Google, or our website checkout
- Analytics: Anonymous usage analytics for our website and app (no personally identifiable health information is shared)
- Marketing measurement: We use AppsFlyer to measure which marketing brings people to Regimen, using your device advertising ID and app install events — never your health data. You can opt out anytime in your device settings.
- Push notifications: Standard iOS and Android push notification infrastructure
The specific providers we use may change over time. All providers we engage are selected for their security standards and compliance with applicable data protection regulations, and are contractually obligated to handle data only in service of our operations.
We do not share your personal health data with advertisers, data brokers, or marketing partners.
Data Retention
We retain your data for as long as your account is active. Upon account deletion, your data is permanently removed within 30 days. You can request account deletion at any time through the app settings or by contacting us.
Aggregated and de-identified data may be retained indefinitely.
Children's Privacy
Regimen is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child under 18 has provided us with personal information, please contact us at support@helloregimen.com and we will promptly delete that information.
International Users & Your Privacy Rights
Regimen serves users worldwide. If you are located in the European Economic Area (EEA), United Kingdom, Brazil, or other jurisdictions with data protection laws, you have specific rights regarding your personal data.
Your rights include:
- Access: Request a copy of all personal data we hold about you
- Rectification: Request correction of inaccurate personal data
- Deletion: Request deletion of your account and all associated data
- Data Portability: Request your data in a structured, machine-readable format
- Withdraw Consent: Withdraw consent for data processing at any time
- Restriction: Request that we limit how we use your data
- Objection: Object to processing of your data for specific purposes
Legal basis for processing (GDPR):
- Consent: You consent to data collection when you create an account and configure health integrations
- Contract: Processing is necessary to provide the Regimen service you signed up for
- Legitimate Interest: Anonymous analytics to improve the app experience
Data location: Your data is stored on servers operated by our cloud infrastructure providers, primarily in the United States. By using Regimen, you consent to the transfer of your data to the United States for processing and storage.
To exercise any of these rights, contact us at support@helloregimen.com. We will respond within 30 days.
California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act, including:
- Right to Know: what personal information we collect, use, and disclose
- Right to Delete: your personal information (with certain exceptions)
- Right to Correct: inaccurate personal information
- Right to Opt Out: of the sale or sharing of personal information — note that we do not sell your personal information
- Right to Non-Discrimination: for exercising your privacy rights
To exercise these rights, contact us at support@helloregimen.com with the subject "CCPA Request." We will verify your identity before responding.
Cookies and Analytics
We use Google Analytics to understand how visitors interact with our website. This helps us improve your experience. Google Analytics uses cookies to collect anonymous usage data such as page views, scroll depth, and button clicks. No personally identifiable information is shared with Google.
You can opt out of Google Analytics by using browser settings, privacy-focused browser extensions, or Google's opt-out tool. We also use essential cookies required for authentication and to keep you logged in securely.
The Regimen mobile application itself does not use browser cookies.
Your Rights Summary
All Regimen users, regardless of location, have the right to:
- Access your personal data
- Request deletion of your account and all data
- Export your personal data
- Opt out of notifications and non-essential communications
- Disconnect Apple Health and Google Health Connect integrations at any time
For additional rights specific to your jurisdiction (including GDPR and CCPA rights), see the "International Users & Your Privacy Rights" and "California Privacy Rights" sections above.
Changes to This Policy
We may update this Privacy Policy from time to time. We will update the "Last updated" date at the top of this Policy. For changes that materially affect your rights, we may provide additional notice as required by applicable law.
Medical Disclaimer
Regimen is a tracking tool and is not intended to provide medical advice, diagnosis, or treatment. Always consult a qualified healthcare provider before starting, stopping, or modifying any protocol. We are not responsible for any health outcomes resulting from your use of the Service. See our Terms of Service for the full medical disclaimer.
Contact Us
If you have questions about this Privacy Policy or want to exercise your data rights, contact us at:
Awaken Labs LLC
support@helloregimen.com
We aim to respond to all privacy-related inquiries within 30 days.