GET BLUE’S COMMITMENT TO PRIVACY

At Get Blue, protecting your personal data is a responsibility we take seriously. Our Services are designed to help you understand and improve lifestyle drivers of health—such as habits, recovery, sleep quality, activity, and relevant lab markers—through clarity, prioritization, and adaptive guidance. We recognize that this data is highly personal. That is why we believe you should remain in control of your personal data.

This Privacy Policy (“Policy”) is designed to provide you with the information you need to understand and manage how Get Blue collects, uses, shares, and protects your personal data. Please review it carefully.

ABOUT THIS PRIVACY POLICY

This Policy applies to the processing of personal data by Get Blue, LLC and its affiliates (collectively, “Get Blue,” “we,” “us,” or “our”) when you:

• Visit our websites and other web properties (the “Sites”);
• Use our mobile application, web application, and related services (the “App”);
• Connect devices, wearables, labs, or third-party integrations; and/or
• Use any other Get Blue services, features, or offerings (collectively, the “Services”).
  

This Policy does not apply to third-party sites, services, apps, or devices that you connect to Get Blue. Those third parties operate under their own privacy policies, and we encourage you to review them before connecting.

WHY DOES GET BLUE PROCESS YOUR PERSONAL DATA?

The sections below explain:

• The categories of personal data we process,
• The purposes for which we process it,
• The legal bases we rely on (where applicable), and
• The sources of the data.

DEVICE & APPLICATION USER

1. PROCESSING PURPOSES (WHY WE PROCESS YOUR PERSONAL DATA)

When you use the Services, we may collect and process personal data for the following purposes:

1.1. TO PROVIDE THE SERVICES

We process personal data to operate and deliver the Services, including to:

• Create and administer your account;
• Provide personalized insights, prioritization, and guidance;
• Display trends and summaries across habits, capacities, and biomarkers;
• Enable features you request (e.g., data visualizations, exports);
• Provide relevant in-app notifications, reminders, and service messages.

1.2. TO PROVIDE CUSTOMER SERVICE

We process personal data to support you and manage communications. For example, if you contact support, we may process identifiers and context needed to respond and resolve issues.

1.3. TO PROTECT YOUR PRIVACY AND MAINTAIN TRUST

We may process personal data to protect your privacy and reduce risk, including by using privacy-enhancing techniques. When information is aggregated or de-identified so it is no longer reasonably linkable to you, it is no longer personal data.

1.4. TO IMPROVE THE SERVICES

We process personal data to understand how the Services are used and to improve reliability, usability, and feature performance. Where feasible, we do this using privacy-protective approaches such as pseudonymization, aggregation, and de-identification.

1.5. TO PERFORM ANALYSIS AND DEVELOP INSIGHTS

We process personal data to generate individualized or population-level analyses related to wellbeing, lifestyle patterns, and performance. The Services use automated processing, including rules-based engines and AI-assisted features, to personalize recommendations, explanations, and prioritizations based on inputs you provide (such as goals, constraints, tags, responses, wearable data, and lab values).

Automated processing is used to identify patterns in your data, assess lifestyle priorities, generate natural language guidance, and adapt suggestions over time as your inputs change. The system applies safety guardrails and contraindication checks before presenting any output to you.

No automated process within the Services makes legally or medically significant decisions about you. All outputs are informational and subject to your independent judgment.

Where applicable law requires a specific legal basis for automated decision-making (such as GDPR Article 22), we rely on your explicit consent or the necessity of processing for the performance of a contract. You may exercise rights related to automated processing by contacting privacy@getblue.com.

1.6. TO MARKET THE SERVICES

We may process limited marketing-related data to:

• Send you communications you request or consent to receive;
• Measure marketing effectiveness;
• Create audiences for advertising using cookies/SDKs where permitted.

You may opt out of direct marketing communications at any time (see “Your rights and choices”).

1.7. TO ENABLE THIRD-PARTY INTEGRATIONS AND CONNECTED SERVICES

With your permission, you may connect Get Blue with third-party services (e.g., Apple Health, Google Fit / Health Connect, wearables, lab partners). We process personal data to enable these integrations only when you choose to connect them and provide the required permissions.

Important integration notice: Where required by platform policies (including “limited use” requirements), Get Blue processes data received via such integrations only in accordance with your permissions and applicable platform terms.

1.8. TO COMPLY WITH LEGAL OBLIGATIONS AND DEFEND RIGHTS

We may process personal data to comply with applicable law, accounting and tax rules, respond to lawful requests, and establish, exercise, or defend legal claims. Where legally permissible, we will provide notice if we receive legally binding requests for user data.

2. LEGAL BASES FOR PROCESSING (EEA/UK AND SIMILAR JURISDICTIONS)

Where data protection laws require a lawful basis, our legal bases depend on the processing purpose:

2.1. CONTRACT

We process personal data as necessary to perform a contract with you (e.g., providing the Services once you create an account and accept our terms)

2.2. CONSENT

We process certain data—especially sensitive personal data (including health-related data)—based on your consent, where required by law. Consent may be provided through explicit prompts, account settings, device permissions, and/or your voluntary submission of certain information.

2.3. LEGITIMATE INTERESTS

We may process personal data to:

• Improve our Services,
• Provide customer support,
• Prevent fraud and misuse,
• Market our Services (where permitted),
  when we have a legitimate interest and your privacy rights do not override that interest.

2.4. LEGAL OBLIGATION

We process certain data to comply with legal requirements (e.g., accounting, tax, consumer protection).

3. PROCESSED DATA AND DATA SOURCES

3.1. DATA SOURCES

We typically collect personal data:

• Directly from you (account registration, onboarding, inputs, communications);
• From connected devices/services you authorize; and
• From automated collection (device/app logs, cookies/SDKs, diagnostics).

We also process data derived from the information you provide, such as trends, summaries, correlations, and system outputs.

3.2. CATEGORIES OF PERSONAL DATA WE PROCESS

Depending on your usage and permissions, we may process:

3.2.1. CONTACT INFORMATION

Name, email address, phone number, mailing address (if provided)

3.2.2. ACCOUNT AND USER PROFILE INFORMATION 

User ID, username, date of birth (if provided), gender (if provided), height/weight (if provided), preferences, goals, constraints, membership status

3.2.3. DEVICE AND TECHNICAL INFORMATION

IP address, device identifiers, operating system, app version, browser type, approximate location inferred from IP, crash logs, performance diagnostics, timestamps, and related metadata

3.2.4. USER-PROVIDED ACTIVITY AND CONTEXT

Activities, notes, tags, comments, check-ins, feedback, messages, support communications, and other information you choose to enter

3.2.5. WEARABLE / SENSOR MEASURED DATA (WHEN CONNECTED)

Examples may include: Heart rate, heart rate variability, respiration-related signals, movement/activity signals, temperature-related signals, sleep-related signals

Wearable and sensor data may be collected and routed to Get Blue through a third-party data integration service that acts on our behalf, under contractual protections that limit use of your data to providing the Services

3.2.6. CALCULATED OR INFERRED DATA

We may generate calculated outputs based on measured and user-provided inputs, such as: Sleep patterns, sleep stages summaries (if available via integrations), activity summaries, habit consistency, recovery-related indicators, trends, and personalized prioritization outputs

3.2.7. LAB / BIOMARKER INFORMATION

Biomarker values, lab metadata (collection date, lab panel identifiers), and interpretation outputs.

3.2.8. LOCATION INFORMATION (IF ENABLED)

If you enable location-based features, we may process approximate or precise device location while the feature is active. You may disable location processing using your device settings. Certain features may not function without location permissions.

3.2.9. PAYMENT AND TRANSACTION INFORMATION

Payments are typically processed by third-party payment processors. We may receive limited transaction metadata such as subscription status, payment confirmation, billing country/postal code, and related records required for accounting and support. We do not store full payment card numbers unless explicitly stated and permitted by law (typically handled by processors).

4. SENSITIVE PERSONAL DATA AND HEALTH-RELATED INFORMATION

Some personal data processed by Get Blue may be considered sensitive (including data concerning health). Where required by applicable law, Get Blue processes such data only with your consent or another lawful basis recognized by law.

You can control sensitive data processing by:

• Choosing which integrations to enable,
• Managing permissions through your device settings, and
• Adjusting in-app settings where available.

5. SHARING WITH OTHER USERS

If Get Blue offers optional sharing features (e.g., sharing selected metrics with invited contacts), such sharing will be:

• Opt-in,
• Limited to the scope you choose, and
• Revocable in settings.

You are responsible for what you choose to share and with whom.

GET BLUE CONNECT (DATA SHARING WITH INVITED RECIPIENTS)

6. GET BLUE CONNECT / DATA SHARING INVITATIONS

Get Blue may offer a feature (e.g., “Get Blue Connect”) that allows you to share certain data with a doctor, coach, trainer, employer, researcher, family member, or other entity/person (each, a “Data Recipient”) only after you receive an invitation and provide consent.

6.1. SCOPE AND CONSENT 

When you receive an invitation, you will be informed of:

• The categories of data requested,
• The time period covered, and
• The purpose of sharing (as described by the Data Recipient or the invitation context).

If you consent, the requested data within the authorized scope may become available to the Data Recipient.

6.2. DATA RECIPIENT IS RESPONSIBLE AFTER TRANSFER

Once data is shared to a Data Recipient, the Data Recipient may become an independent controller of your personal data under applicable law. The Data Recipient is responsible for its own privacy practices, security, retention, and compliance. You should review the Data Recipient’s privacy policy before accepting any invitation.

Get Blue is not responsible for a Data Recipient’s handling of data after it is accessed, downloaded, or otherwise extracted.

6.3. WITHDRAWAL AND STOPPING DATA FLOW

You can withdraw your sharing consent at any time through your account settings (where available). Withdrawal stops future data flows but does not affect processing already performed by the Data Recipient or data already extracted.

6.4. AGGREGATED ANALYTICS

Get Blue may use aggregated or de-identified Get Blue Connect usage statistics for internal analytics and service improvement.

ONLINE CUSTOMERS & SITE VISITORS

7. PROCESSING PURPOSES FOR SITES AND ONLINE TRANSACTIONS

If you visit our Sites or purchase a membership, we may process personal data to:

7.1. PROVIDE AND OPERATE OUR SITES

Enable core site functionality, performance, and security.

7.2. COMPLETE AND MANAGE ORDERS AND SUBSCRIPTIONS

Process purchases, manage subscriptions, handle billing support, and facilitate delivery of digital services.

7.3. PROVIDE CUSTOMER SERVICE

Respond to inquiries and resolve issues related to orders, billing, or technical support.

7.4. IMPROVE OUR SITES

Analyze site performance and user experience to improve layout, content, and functionality.

7.5. ADVERTISE AND MARKET

Where permitted, we may use cookies/SDKs to measure campaigns and build audiences. You can opt out of certain tracking as described in our cookie controls (if available) and browser/device settings.

7.6. COMPLY WITH LEGAL OBLIGATIONS

Maintain records required for accounting, tax, consumer protection, and legal claims.

U.S. STATES WITH ENHANCED PRIVACY REQUIREMENTS

8. NOTICE FOR U.S. CONSUMERS

This notice supplements the Policy for residents of U.S. states with enhanced privacy laws (e.g., California, Colorado, Connecticut, Virginia, Utah, and others).

8.1. CATEGORIES COLLECTED, PURPOSES, AND SHARING

We collect and use personal information as described in this Policy. We disclose personal information to:

• Service providers who help us operate the Services (hosting, security, analytics, payment processing, customer support), and
• Other parties only as described in “Sharing and disclosures.”

8.2. NO SALE OF PERSONAL INFORMATION

Get Blue does not sell your personal information. We also do not rent your personal information.

8.3. TARGETED ADVERTISING

If Get Blue engages in targeted advertising as defined by applicable law, we will provide legally required opt-outs. Where applicable, we do not share health-related Service data with third-party advertisers for their independent advertising purposes.

9. CONSUMER RIGHTS (U.S. STATES / CPRA AND SIMILAR LAWS)

Depending on your state, you may have rights to:

9.1. RIGHT TO KNOW / ACCESS

You may request details about:

• Categories of personal information collected,
• Categories disclosed,
• Sources of information,
• Purposes for processing, and
• Categories of third parties with whom information is shared.

9.2. RIGHT TO CORRECTION

You may request correction of inaccurate personal information.

9.3. RIGHT TO DELETION

You may request deletion of personal information, subject to legal exceptions (e.g., required retention, security, fraud prevention).

9.4. RIGHT TO APPEAL

If we deny your request, you may have the right to appeal. We will provide instructions in our response.

9.5. NON-DISCRIMINATION

We will not discriminate against you for exercising privacy rights.

9.6. HOW TO SUBMIT REQUESTS

Submit a request by emailing: privacy@getblue.com

We may request additional information to verify your identity. Authorized agents may submit requests where permitted by law.

We will respond within the timeframes required by applicable law (typically 45 days, with permissible extensions).

10. NOTICE FOR RESIDENTS OF STATES WITH CONSUMER HEALTH DATA LAWS

This supplemental notice applies to residents of U.S. states with consumer health data statutes (including but not limited to Washington, Nevada, and Connecticut) that impose requirements beyond general state privacy laws.

10.1. APPLICABILITY

Get Blue processes “consumer health data” as defined under applicable state laws when you use the Services to input, connect, or generate health-related information (such as wearable data, lab results, activity patterns, and lifestyle insights).

10.2. CONSENT

Where required by applicable consumer health data law, Get Blue obtains your consent before collecting, sharing, or using consumer health data. Consent is obtained through your account registration, explicit in-app prompts, device-level permissions, and your voluntary submission of health-related information. You may withdraw consent at any time by adjusting your permissions or contacting privacy@getblue.com, subject to the functional limitations described in this Policy.

10.3. RESTRICTIONS ON USE

• Get Blue does not sell consumer health data
• Get Blue does not use consumer health data for advertising, marketing, or profiling purposes unrelated to the Services
• Get Blue does not use geofencing technology to identify or track consumers seeking health-related services at physical locations
• Get Blue restricts the processing of consumer health data to the purposes disclosed in this Policy and does not process such data for secondary purposes without additional consent where required by law

10.4. DATA SHARING

Consumer health data is shared only with service providers acting on Get Blue’s behalf under contractual protections, with third parties you expressly authorize (such as through Get Blue Connect), or as required by law. A list of categories of third parties and processors that may receive consumer health data is available upon request by contacting privacy@getblue.com.

10.5. YOUR RIGHTS

Depending on your state of residence, you may have the right to access, correct, delete, or obtain a copy of your consumer health data, and to revoke consent for its collection or sharing. To exercise these rights, contact privacy@getblue.com. We will respond within the timeframes required by applicable law.

10.6. RIGHT OF ACTION

Certain consumer health data statutes provide a private right of action. Nothing in this Policy limits any rights you may have under applicable law.

SHARING, TRANSFERS, AND DISCLOSURES

11. DATA SHARING AND TRANSFERS

We share personal data only as needed to operate and improve the Services, comply with law, and provide integrations you request.

11.1. SERVICE PROVIDERS

We use service providers for:

• Hosting and storage
• Customer support
• Security monitoring and fraud prevention
• Payment processing
• Product analytics and performance measurement
• Marketing operations (limited)
• Wearable and health data integration (third parties that collect, normalize, and route data from connected wearables, sensors, and health platforms on our behalf)

Service providers are contractually required to:

• Use personal data only for authorized purposes, and
• Protect it to appropriate security standards.

11.2. AI AND VOICE PROCESSING

To provide Blue Coach's AI guidance, we send your chat messages and relevant health context to third-party AI providers (OpenAI and Anthropic). When you use voice mode, your voice recording is sent to our transcription provider (Deepgram). These providers process your data solely to deliver the Service's features, do not use it to train their models, and are contractually required to provide the same level of data protection described in this policy. We do not sell this data or use it for advertising.

11.3. THIRD-PARTY INTEGRATIONS YOU CHOOSE

If you connect third-party services, data may flow between Get Blue and those services based on your permissions.

11.4. CONSENT-BASED DISCLOSURES

We may share data with a third party if you expressly consent (e.g., through Get Blue Connect).

11.5. CORPORATE TRANSACTIONS

We may disclose personal data in connection with financing, merger, acquisition, or sale, consistent with law and this Policy.

11.6. LEGAL REQUIREMENTS AND PROTECTION

We may disclose data where required by law or to protect rights, safety, and security. Where legally permissible, we will notify users of legally binding requests and will oppose overly broad or unlawful demands.

INTERNATIONAL TRANSFERS

12. INTERNATIONAL DATA PROCESSING

Get Blue may operate globally. Your personal data may be processed on servers located outside your country of residence. Where required, we use appropriate safeguards (such as contractual protections) for cross-border transfers.

SECURITY, RETENTION, AND COOKIES

13. SAFEGUARDING YOUR DATA

We use administrative, technical, and organizational measures designed to protect personal data, which may include:

• Encryption in transit and at rest (where appropriate)
• Access controls and least-privilege permissions
• Security monitoring and vulnerability testing
• Staff training and confidentiality obligations
• Vendor diligence and security requirements

No system is perfectly secure. You are responsible for maintaining the confidentiality of your login credentials.

14. DATA RETENTION

We retain personal data for as long as reasonably necessary to fulfill the purposes described in this Policy, taking into account your account status, our legal obligations, and our legitimate business needs.

General retention guidelines:

‍

Get Blue is not intended for individuals under 18. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact privacy@getblue.com.

‍

We may retain certain records longer when required for accounting/tax compliance, dispute resolution, fraud prevention, or legal claims. Upon account deletion, we will delete or de-identify your personal data within the timeframes above, except where retention is legally required or necessary to protect our legitimate interests.

You may request deletion of your account by visiting link or by contacting privacy@getblue.com.

15. COOKIES & TRACKING TECHNOLOGIES

We use cookies and similar technologies (including SDKs) to:

• Enable essential functionality
• Keep you signed in
• Measure performance and reliability
• Understand usage and improve features
• Conduct permissible marketing and attribution

You may manage cookies through your browser settings and, where available, our cookie preference tools.

YOUR RIGHTS (GLOBAL)

16. YOUR RIGHTS AS A DATA SUBJECT

Depending on your location, you may have the right to:

• Access: Request a copy of personal data we process about you
• Erasure: Request deletion in certain circumstances
• Rectification: Correct inaccurate or incomplete data
• Portability: Receive certain data in a structured, commonly used format
• Objection: Object to certain processing (including direct marketing)
• Restriction: Request that we restrict processing in certain situations
• Withdraw consent: Where processing is based on consent, you may withdraw it

To exercise rights, contact privacy@getblue.com. We may need to verify identity for security reasons.

If you have unresolved concerns, you may also have the right to lodge a complaint with your local data protection authority.

CHILDREN’S PRIVACY

17. CHILDREN

Get Blue is not intended for individuals under 18. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact privacy@getblue.com.

CONTROLLER CONTACT INFORMATION

18. HOW TO CONTACT GET BLUE

Get Blue LLC
Attn: Privacy / Data Protection
PO Box 20
Hanover, MA 02339
Email: privacy@getblue.com

CHANGES TO THIS POLICY

19. CHANGES TO THIS PRIVACY NOTICE

We may update this Policy at our discretion. If changes are material, we will provide notice via the Services, the Sites, email, and/or push notification as appropriate. Continued use after the effective date of an updated Policy means you accept the changes.