This is a standalone Consumer Health Data Privacy Policy required by Washington's My Health My Data Act (MHMDA). It supplements our general Privacy Policy for Washington residents and for all Zisper users whose personal data includes "consumer health data" as defined by MHMDA.

1. Who we are

David Britz (Germany). Contact: geronimo20023@gmail.com.

2. What consumer health data we collect

MHMDA defines this broadly. For Zisper specifically:

• Bodily measurements: body weight, daily calories, protein, sugar intake you track.
• Health conditions and symptoms: subjective notes you log about pain, sleep quality, energy, mood.
• Biometric data: voice recordings containing your speech (raw audio is deleted immediately after transcription).
• Inferences: daily and weekly nutrition trends computed from what you log.

We do not collect diagnoses, diagnostic tests, medications, reproductive/sexual health information, gender-affirming care information, genetic data, or precise location data.

3. Sources

Only from you (when you type, speak, scan, or enter a weight) and from our own computation (daily totals). We do not buy, rent, license, or otherwise acquire consumer health data from third parties.

4. Purpose of collection and use

1. Deliver the core features you have asked for.
2. Improve the Service on de-identified aggregate data only.
3. Comply with legal obligations.
4. Respond to support requests.

We do not use consumer health data for advertising, marketing, profiling, or AI model training.

5. Third parties

We share your consumer health data only with:

• Supabase Inc. (database + auth + storage)
• Vercel Inc. (hosting)
• OpenAI, L.L.C. (speech-to-text; deleted within 30 days on their side)
• Google LLC (natural-language processing + insight generation — Gemini)

All four have signed Data Processing Agreements meeting MHMDA RCW 19.373.060. We do not share consumer health data with advertisers, data brokers, analytics vendors, or social networks. We do not sell consumer health data.

6. Your rights as a Washington consumer

Under RCW 19.373.050 you have the right to:

• Confirm whether we collect, share, or sell your data — email us.
• Accessyour consumer health data and the list of third-party recipients — click "Export my data" in Settings.
• Withdraw consent— toggle off "Health data processing" in Settings → Privacy.
• Request deletion— use "Delete account" in Settings → Danger Zone.
• Non-discrimination — exercising your rights does not cost you access to the Service.

We respond within 45 days, extendable by another 45 days with written notice. If we deny a request, we provide a reason and, on request, a review.

Deletion propagation: when you delete your data, we hard-delete from our production database immediately, instruct each processor to delete any residual copy, and purge from our backups within 90 days.

7. We do not sell consumer health data

We have never sold it and have no plans to sell it. MHMDA RCW 19.373.040 therefore does not apply — the "Valid Authorization to Sell" form is not needed because we do not sell.

8. Geofencing — we don't do it

Under RCW 19.373.070 it is illegal to implement a geofence within 2,000 ft of a health-care facility to identify, track, or target consumers. We do not collect precise geolocation data and do not implement any geofence.

9. Security

See our Privacy Policy §10 for the technical and organisational measures that protect consumer health data.

10. Breach notification

If we suffer a breach of consumer health data, we notify affected Washington consumers without unreasonable delay, no later than 60 calendar days after discovery, notify the Federal Trade Commission, and notify prominent Washington media if more than 500 Washington residents are affected.

11. Contact

geronimo20023@gmail.com

If you are not satisfied with our response, you may file a complaint with the Washington State Attorney General's Office at atg.wa.gov/file-complaint.