Privacy Policy
Last updated: April 20, 2026 · Version 2026-04-20
Plain-English summary: Sage is an AI nutrition companion. We collect the health details you share (conditions, symptoms, weight, diet, chats) so Sage and your registered dietitian (RD) can help you. We never sell your data. We are not a HIPAA covered entity, but we follow HIPAA-style practices. You can export or delete everything we have at any time.
1. Who we are
Sage is a product of Eatopia (“we,” “our,” “us”), an AI-assisted medical nutrition platform. This policy explains what we collect, why, how we protect it, and the rights you have over your data. Contact us at support@eatopiahealth.com.
2. What we collect
Identity & account
- Email address (for login; required)
- Name and age (optional, for personalization)
- Phone number (only if you opt into SMS coaching)
- IP address and browser user-agent (security + audit)
Health information
- Medical conditions you share (e.g., IBS, SIBO, GERD, PCOS, eating disorder history)
- Symptoms, mood, sleep, and bowel patterns you log
- Height, weight, and weight history
- Foods you eat, drinks, reactions, and food-trigger notes
- Medications and supplements you list
- Allergies, intolerances, dietary preferences, cultural food context
- Messages you send to Sage and to your Registered Dietitian
Automatically collected
- Device + browser metadata
- Usage events (which screens, which features you use)
- Cookies strictly needed to keep you signed in
3. Why we collect it
- Personalized nutrition guidance from Sage (AI) tailored to your health profile.
- Clinical oversight: a Registered Dietitian reviews your data and may add notes and check in.
- Safety escalation: to detect red flags (severe symptoms, crisis language, medical warning signs) and steer you to appropriate care.
- Service improvement: in aggregated, de-identified form only.
- Legal compliance: to meet recordkeeping and audit requirements.
4. How we protect it
- All connections are encrypted in transit (HTTPS/TLS).
- Data is encrypted at rest in our database.
- Server logs are scrubbed of raw email, phone numbers, and names — we hash identifiers before they touch logs.
- Every admin or RD access to your record is written to an immutable audit log.
- Staff with data access are restricted by role; sessions expire; admin access requires strong authentication.
- We store data on Railway (AWS-based infrastructure, US region) with encryption-at-rest enabled.
5. A note on HIPAA
Sage is a direct-to-consumer wellness product. Because we do not (yet) bill insurance or receive Protected Health Information from covered entities, we are not currently a HIPAA covered entity or business associate. That said, we operate at a HIPAA-ready security baseline so that clinical partners and future insurance integrations don't require us to rebuild. When we begin delivering insurance-reimbursed Medical Nutrition Therapy (MNT), we will enter into Business Associate Agreements and update this policy.
6. Who we share data with
- Your assigned Registered Dietitian (RD) — they see your profile, logs, and messages in order to supervise your nutrition care.
- Service providers we rely on (processors only, under contract): Anthropic (for Claude AI inference), Railway (hosting), Resend (transactional email), Stripe (payments), AWS SNS (SMS if you use it). Each handles data on our behalf under strict access controls.
- We do NOT sell your personal information, use it for advertising, or share it with data brokers.
- Legal requirements — if compelled by valid legal process we may be required to disclose data, but we will narrow the scope and notify you when permitted.
7. Your rights
You have these rights over your data, regardless of where you live:
- Access & export — download a complete JSON of everything we have on you, in the app (“Export my data”).
- Correction — update inaccurate fields in your profile anytime.
- Deletion — permanently erase your account and records (“Delete account”). Cascades to all logs, chats, and reports. Irreversible.
- Portability — the exported JSON is machine-readable.
- Withdraw consent — stop using Sage or revoke specific consents anytime.
- California / EU residents — you have CCPA / GDPR-specific rights. Email us to exercise any.
8. Data retention
We keep your data while your account is active. When you delete your account, we remove personal records immediately; aggregated, de-identified statistics may be retained for service-quality purposes. Backups are rotated within 30 days.
9. Children
Sage is intended for users aged 18 and older. We don't knowingly collect data from anyone under 13 and do not market to minors. Adolescent use under a parent/guardian's account is supported but we do not serve as a pediatric clinical record.
10. International users
Data is currently stored in the United States. If you access Sage from the EU/UK, you agree to this transfer and rely on Standard Contractual Clauses with our US-based processors. If you access Sage from mainland China, note that Sage is not yet certified for cross-border health data transfer under PIPL — a dedicated China data region is planned.
11. Cookies
We use strictly-necessary cookies to keep you signed in and to remember your cookie choice. We do not use advertising or tracking cookies. You can manage cookies in your browser.
12. Changes to this policy
We'll notify you of material changes via email or an in-app banner and ask for renewed consent when the change affects how we handle your health data.
13. Contact
Questions, requests, complaints: support@eatopiahealth.com. We respond within 5 business days.
← Back to Sage