Privacy Policy
Last updated: March 18, 2026
All American Atlas LLC ("Unbound," "we," "us," or "our") operates the Unbound mobile application and associated services. This privacy policy explains how we collect, use, store, share, and protect your information when you use Unbound.
Unbound is a wellness companion for people using GLP-1 medications. It is not a medical device and does not provide medical advice, diagnosis, or treatment.
By using Unbound or providing personal information to us, you consent to the collection, use, storage, and disclosure practices described in this policy.
1. Information We Collect
Information You Provide
Account Information
- Name and email address (when you sign in with Apple or Google)
- Nickname and avatar (for community features)
Health Data
- Medication name, dose, unit, and start date
- Injection schedule and injection logs (date, body site, dose)
- Weight entries and goal weight
- Height
- Daily check-in data: mood, food noise level, symptoms, exercise, protein/fiber/water goals, sleep quality, stress level, alcohol consumption
- Symptom entries (type and severity)
- Journal entries (free-form text)
- Progress photos
AI Interaction Data
- Messages you send to the AI companion
- Voice conversations with the AI companion
- Meal photos submitted for nutritional analysis
Community Data
- Posts and comments you create in the social feed
- Content reports you submit
Support Data
- Messages you send through the in-app support chat
Information Collected Automatically
Usage Analytics
We collect pseudonymous app usage events (such as "check-in completed" or "lesson opened") to understand how features are used and improve the app. These events are linked to a randomly generated account identifier, not your name or email. Health values (your actual weight, mood scores, symptom names, or medication details) are never included in analytics events.
Technical Data
- App version, build number, and platform
- Device type and operating system version
- Crash reports and performance logs
Attribution Data
- Install source and campaign data (to measure advertising effectiveness)
- Advertising identifier (only if you grant App Tracking Transparency permission)
Information We Derive
We calculate the following from data you provide: days on medication, check-in streak, weekly progress summaries (habit adherence rates, average mood, symptom counts), next injection date, and estimated medication level.
2. How We Use Your Information
| Purpose | Data Used |
|---|---|
| Provide core tracking features | Health data (stored on your device and private iCloud) |
| Power AI companion chat | Your message, health context summary, and recent conversation history — sent to our servers for AI processing |
| Power AI voice companion | Your voice audio, health context summary, and first name — streamed to our AI voice provider |
| Analyze meal photos | Your food photo — sent to our servers for AI nutritional estimation |
| Display community features | Your nickname, avatar, posts, and comments |
| Improve the app and develop new features | Pseudonymous usage analytics, user behavior patterns, and feature usage data |
| Research and analytics | Anonymized and aggregated health data to understand wellness trends, improve AI quality, and conduct internal research |
| Train and improve AI models | Anonymized and de-identified data to improve the quality of AI responses and develop new AI features |
| Marketing and promotion | Anonymized and aggregated data, community posts, testimonials, and user feedback to promote the Services |
| Measure advertising effectiveness | Install attribution events (sign-up, purchase) |
| Manage your subscription | Account identifier and purchase data |
| Provide customer support | Messages you send in the support chat |
| Generate health reports | All health data compiled locally into PDF/CSV — shared only where you choose |
| Sync data across your devices | Health data synced to your private iCloud database |
We do not use your individually identifiable health data for targeted advertising. We will not sell your personal information or health data to data brokers or advertising networks.
Anonymized and De-Identified Data
We may create anonymized, aggregated, or de-identified data from information we collect, including health data, by removing or altering information that could reasonably be used to identify you. Once data has been anonymized or de-identified so that it can no longer reasonably identify you, it is no longer personal information and we may use and disclose it for any lawful purpose, including research, analytics, product improvement, AI model training, marketing, publishing aggregate wellness trends, and sharing with third parties. Anonymized data is retained indefinitely and is not subject to deletion requests.
3. How We Store Your Information
On Your Device and iCloud
All health tracking data (medications, injections, weight, check-ins, symptoms, journal entries, and chat messages) is stored locally on your device and synced to your private iCloud database. This is Apple's end-to-end encrypted private database — we cannot access it. Only your iCloud account can read this data.
Preferences and settings are stored on your device. Authentication tokens are stored in the iOS Keychain, which is hardware-encrypted by the device's Secure Enclave.
On Our Servers
Our backend server is stateless — it does not have a database and does not persistently store your health data, messages, or photos. Health context passes through to AI services for processing and is discarded. Backend logs record only event types and data lengths (for example, "chat request: len=42"); message content, health values, and AI responses are not logged.
In Third-Party Services
Account information (name, email, nickname) is stored in Google Firebase Firestore for authentication and community features. No health data is stored in Firestore.
4. How We Share Your Information
Third-Party Service Providers
We share information with the following service providers who process data on our behalf:
| Service Provider | Data Shared | Purpose |
|---|---|---|
| Anthropic (Claude API) | Health context in system prompt, user messages | AI companion chat responses |
| Voyage AI | Search queries (may contain medication/symptom keywords) | Knowledge retrieval for AI responses |
| Hume AI | Voice audio, health context, first name | AI voice companion |
| OpenAI (GPT-4o) | Meal photos | Nutritional analysis of food photos |
| Google Firebase (Auth, Firestore, Analytics, Crashlytics) | Account info, social posts, usage events, crash reports | Authentication, community, analytics, reliability |
| Mixpanel | Pseudonymous usage events (no health values) | Product analytics |
| AppsFlyer | Sign-up and purchase events, device identifiers | Marketing attribution |
| RevenueCat | Anonymous app user ID, purchase receipts | Subscription management |
| Apple CloudKit | All health tracking data | Private iCloud sync across your devices |
| Crisp | Support chat messages (user-initiated) | Customer support |
What We Do NOT Share
- We do not sell your personal information or health data to data brokers or advertising networks.
- We do not use your individually identifiable health data for targeted advertising.
- We do not include individually identifiable health values (weight numbers, mood scores, symptom names, medication details) in analytics events sent to third-party analytics providers.
- We do not share your real name or email with other app users. Only your pseudonymous nickname and avatar are visible in community features.
- We may share anonymized, aggregated, or de-identified data that can no longer reasonably identify you with third parties for research, analytics, marketing, or other lawful purposes.
AI Service Data Handling
Our AI providers process your data under their API terms:
- Anthropic: Does not train on API inputs or outputs. Zero data retention on API by default. Privacy Policy
- Voyage AI: Processes and returns embeddings. No long-term retention of query content. Privacy Policy
- Hume AI: Processes voice in real-time. Session data retention per their policy. Privacy Policy
- OpenAI: Does not train on API inputs or outputs (API terms). Privacy Policy
Other Disclosures
We may disclose your information if required by law, regulation, legal process, or governmental request. We may also disclose information to protect the rights, property, or safety of Unbound, our users, or the public.
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you before your information becomes subject to a different privacy policy.
5. Community Features
When you post in the Unbound community:
- Your nickname and avatar are visible to all other users. Your real name and email are never displayed.
- Post content, comments, and likes are stored in Google Firebase Firestore.
- Posts are moderated before appearing in the feed.
- You can block and report other users.
- We may use your community posts, comments, nickname, and avatar in promotional materials, social media, advertising, and on our Website. You may delete any post at any time within the App to prevent its future use.
- Your community content is deleted when you delete your account, except for anonymized or aggregated copies that may have already been created.
6. Data Retention
| Data Category | Retention Period |
|---|---|
| Health tracking data (on-device + iCloud) | Until you delete it or delete your account |
| Chat messages (on-device) | Until you clear chat history or delete your account |
| Health data sent to AI services | Processed in real-time, not persistently stored by our backend |
| Account information (Firebase) | Until you delete your account |
| Community posts and comments | Until you delete your account |
| Usage analytics (Mixpanel) | Per Mixpanel's retention settings |
| Usage analytics (Firebase) | Per Google's retention settings (default 2 months) |
| Attribution data (AppsFlyer) | Per AppsFlyer's retention policy |
| Crash reports (Crashlytics) | Limited retention, then deleted or aggregated |
| Support chat messages (Crisp) | Maintained for support and legal compliance |
| iCloud data after account deletion | May take up to 30 days to fully propagate per Apple's data handling |
| Anonymized and de-identified data | Retained indefinitely; not subject to deletion requests |
7. Your Rights and Choices
All Users
You can:
- Access your health data at any time within the app
- Export your data as a PDF or CSV report via the Track tab
- Delete individual entries (weight, injections, check-ins, journal) within the app
- Delete your account entirely via Settings, which triggers a full deletion cascade (see Section 8)
- Clear chat history in Settings
- Opt out of analytics via the Usage Analytics toggle in Settings > Privacy
- Deny App Tracking Transparency to prevent advertising identifier sharing
- Enable app lock (Face ID / Touch ID) for additional device security
- Choose not to use AI features — all non-AI features (tracking, journal, learn, social) work without AI data sharing consent
California Residents (CCPA/CPRA)
If you are a California resident, you have the right to:
- Know what personal information we collect, use, and disclose
- Request deletion of your personal information
- Opt out of the sale of personal information — we do not sell your personal information
- Non-discrimination — we will not discriminate against you for exercising your rights
- Limit use of sensitive personal information — health data is sensitive personal information under CPRA. We use it only for the purposes disclosed in this policy. You may limit its use by disabling AI features.
To exercise these rights, contact us at support@unboundglp.com or use the in-app account deletion feature. We will respond within 45 days.
Washington Residents
If you are a Washington resident, you have additional rights under the Washington My Health My Data Act (RCW 19.373). Please see our Consumer Health Data Privacy Policy for full details on how we collect, share, and handle consumer health data as required by Washington law.
Virginia, Colorado, Connecticut, and Other State Privacy Laws
If you reside in a state with comprehensive privacy legislation, you may have similar rights to access, correct, delete, and port your data, and to opt out of targeted advertising. We do not engage in targeted advertising using your individually identifiable health data. Contact us at support@unboundglp.com to exercise your rights.
8. Account Deletion
When you delete your account (Settings > Delete Account), the following occurs:
- All local health data (medications, injections, weight, check-ins, symptoms, journal, chat messages) is deleted from your device
- Your social posts, comments, and likes are deleted from Firebase
- Your user profile (name, email, nickname) is deleted from Firebase
- Your Mixpanel analytics profile is deleted server-side
- Your authentication tokens are cleared from the Keychain
- All preferences and consent flags are cleared
- Your Firebase Auth account is deleted
Data that may persist after deletion:
- iCloud data syncs the deletion automatically but may take up to 30 days to fully propagate per Apple's data handling practices
- AppsFlyer attribution data is device-level (not linked to your user account) and is retained per AppsFlyer's policy
- Crashlytics crash reports are device-level and automatically anonymized
- Backend logs contain only event types and data lengths (no user content) and auto-expire per our hosting provider's log retention policy
9. Data Security
We use reasonable administrative, technical, and organizational safeguards to protect your information:
- All network communications use HTTPS (TLS encryption in transit)
- API requests are authenticated with HMAC-SHA256 signatures
- Health data on-device is protected by iOS Data Protection (file-level encryption)
- Health data in iCloud is stored in Apple's private CloudKit database with end-to-end encryption
- Authentication tokens are stored in the iOS Keychain (hardware-encrypted by Secure Enclave)
- Optional biometric app lock (Face ID / Touch ID) is available
- Our backend is stateless and does not persistently store user data
No method of electronic storage or transmission is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.
10. Health Breach Notification
In the event of a breach of security involving your health information, we will:
- Notify affected individuals without unreasonable delay and no later than 60 calendar days after discovery
- Notify the Federal Trade Commission as required by the FTC Health Breach Notification Rule (16 CFR Part 318)
- If the breach affects 500 or more individuals, notify prominent media outlets serving the affected area
- Include in the notification: a description of what happened, the types of information involved, steps we are taking, steps you can take, and how to contact us
11. Children's Privacy
Unbound is not intended for children under 18. GLP-1 medications are prescribed to adults, and the app's content is designed for adult users. We do not knowingly collect personal information from children. If we become aware that a child has provided personal information, we will take steps to delete that information. If you believe a child has provided us with personal information, please contact us at support@unboundglp.com.
12. International Data Transfers
Your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. By using Unbound, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence.
Where required, we rely on Standard Contractual Clauses or other approved transfer mechanisms to ensure adequate protection of your data.
13. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of material changes by posting the updated policy within the app and updating the "Last updated" date. We will provide at least 10 days' notice before material changes take effect. Where required by applicable law, we will obtain your consent before applying materially different practices to previously collected data.
Your continued use of Unbound after any changes to this policy constitutes your acceptance of the updated terms.
14. Contact Us
If you have questions about this privacy policy or want to exercise your privacy rights, contact us:
All American Atlas LLC
Email: support@unboundglp.com
15. Third-Party Privacy Policies
The following third-party services are used by Unbound. Each has its own privacy policy governing how they handle data: