EFFECTIVE DATE: APRIL 6, 2026
CheatCode Health, Inc. (“CheatCode,” “we,” “us,” or “our”) operates the CheatCode health intelligence platform available at startcheatcode.com and through our mobile applications (collectively, the “Service”). We are committed to protecting your privacy and being transparent about how we handle your personal and health information.
This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding your data. By using CheatCode, you agree to the practices described in this policy.
When you create an account, complete onboarding, or use the Service, you may provide: your name, email address, and login credentials; health profile information such as fitness goals, allergies, health conditions, medications, and dietary preferences; nutrition data including meal logs, calorie targets, and macro goals; journal entries including mood, energy, and stress ratings; supplement intake logs; manually entered blood work results, weight, or other health metrics; and any messages you send to our AI health coach.
When you connect third-party health devices and services, we receive data from those platforms on your behalf. This may include sleep data (sleep stages, duration, efficiency, heart rate, HRV, bed temperature) from services such as WHOOP, Eight Sleep, Oura, Garmin, and Fitbit; recovery and activity data (HRV, resting heart rate, strain, steps, calories, workouts, heart rate zones) from wearables; body composition data (weight, body fat percentage, muscle mass, bone mass, water percentage) from smart scales like Withings and Renpho; nutrition data (calories, macronutrients, micronutrients) from services like MyFitnessPal and Cronometer; and blood work biomarkers from Function Health PDF uploads.
We access this data through secure OAuth connections and through Terra API, a health data integration platform. We only access the data categories you authorize during device connection.
When you use CheatCode, we automatically collect device and browser information (device type, operating system, browser type); usage data (pages visited, features used, session duration); IP address and approximate location (country/region level); and cookies and similar technologies for authentication and preferences.
We use your information to provide, maintain, and improve the Service, including powering your health dashboard and syncing data across devices; to provide AI-powered health coaching through Case, our AI health coach, which analyzes your connected health data to provide personalized insights and recommendations; to generate health insights, trends, and cross-platform pattern analysis; to process payments and manage your subscription; to send service-related communications (account verification, billing, feature updates); and to detect, prevent, and address technical issues and security threats.
Important: Our AI health coach processes your health data to provide personalized recommendations. This analysis happens in real-time when you interact with the coach. We use Anthropic's Claude AI models for this purpose, and your data is sent to Anthropic's API for processing. Anthropic does not use your data to train their models.
We do not sell your personal or health information. We share data only in the following limited circumstances:
Service Providers. We work with trusted third-party providers who help us operate the Service. These include Supabase (database hosting), Vercel (application hosting), Stripe (payment processing), Terra API (health device data integration), and Anthropic (AI processing for the health coach). Each provider only receives the data necessary for their specific function and is contractually bound to protect your information.
Connected Device Providers. When you connect a device, data flows from that provider to CheatCode. We do not send your CheatCode data back to device providers.
Legal Requirements. We may disclose your information if required by law, legal process, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
Business Transfers. If CheatCode is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
Your data is stored in secure cloud infrastructure hosted by Supabase (PostgreSQL database) with encryption at rest and in transit. We use HTTPS/TLS encryption for all data transmission, OAuth 2.0 for secure device connections (your device passwords are never stored on our servers), secure token-based authentication for user sessions, and regular security reviews of our infrastructure.
While we implement commercially reasonable security measures, no system is 100% secure. We encourage you to use a strong, unique password for your CheatCode account.
We retain your health data for as long as your account is active so you can track trends over time. If you cancel your subscription, your data is preserved in read-only mode so you can reactivate and pick up where you left off. If you delete your account, we will delete your personal and health data within 30 days, except where retention is required by law. Aggregated, anonymized data that cannot identify you may be retained indefinitely for service improvement.
Depending on your location, you may have the following rights regarding your data:
Access. You can view all your health data at any time through the CheatCode dashboard.
Correction. You can update your profile information and health data through the app.
Deletion. You can request deletion of your account and all associated data by contacting us at drew@startcheatcode.com.
Data Portability. You can request an export of your health data in a machine-readable format.
Disconnect Devices. You can disconnect any device integration at any time through the Integrations tab. This stops new data from flowing in but does not delete previously synced data.
Opt Out of AI Coaching. You can choose not to use the AI health coach. Your data will still be displayed on the dashboard but will not be sent to Anthropic for AI analysis.
CheatCode is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete that information promptly.
CheatCode integrates with third-party services (WHOOP, Garmin, Eight Sleep, Withings, Oura, Fitbit, MyFitnessPal, Cronometer, Function Health, and others). Each of these services has its own privacy policy governing how they collect and use your data. We encourage you to review those policies. Our privacy policy only governs data within CheatCode.
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a notice on the Service before the changes take effect. The “Effective Date” at the top of this page indicates when this policy was last updated.
If you have questions about this Privacy Policy or your data, contact us at:
CheatCode Health, Inc.
Email: drew@startcheatcode.com
Website: startcheatcode.com