Privacy Policy
Wolvec L.L.C.
Effective Date: June 2, 2026 · Last Updated: June 2, 2026
1. Who We Are
Wolvec L.L.C. ("Wolvec," "Company," "we," "us," or "our") is a fitness and wellness technology platform. We connect fitness coaches with their clients through AI-assisted coaching tools.
IMPORTANT DISCLAIMER: Wolvec is NOT a medical provider, health plan, or healthcare clearinghouse. Our platform provides fitness and wellness support only. Nothing on this platform constitutes medical advice, diagnosis, or treatment.
2. Information We Collect
Coach Data
- Name and email address
- Coaching methodology, philosophy, and approach (provided during onboarding interview)
- Uploaded training content and methodology documents
- Nutrition coaching approaches and preferences
- Business preferences and coaching style
- Voice samples (audio recordings for communication style calibration)
- Billing information (processed by third-party payment processors)
Client Data
- Name and email address
- Demographics (age, fitness level, goals)
- Fitness goals and training history
- Training progress, soreness reports, and mood check-ins
- Check-in responses, which may occasionally include mentions of pain, injury, or illness
- Workout logs and program completion data
Automatically Collected Data
- Device type and operating system
- IP address
- Usage data and interaction logs
- Error reports (via Sentry)
3. How We Use Your Information
We use collected information to:
- Generate and operate your AI coaching assistant based on coach methodology and preferences
- Deliver personalized fitness programs and coaching support
- Process check-in responses and provide coaching feedback
- Improve platform performance and reliability
- Communicate with you about your account and our services
- Comply with legal obligations
De-identified behavioral data for platform improvement: Wolvec captures de-identified data about how coaches and clients interact with platform features (for example, which screens are visited, which actions are taken, and session duration). This data does not contain your name, email address, health information, or other direct identifiers. It is used to improve platform design and reliability. If you have questions about this practice, contact privacy@wolvec.ai.
[Wolvec draft - pending attorney review]: Wolvec does not embed third-party analytics or advertising SDKs in the platform. Behavioral interaction data used for platform improvement is derived from Wolvec's own operational logs. Before any such data is used for platform improvement, Wolvec (1) removes direct identifiers, including name, email address, and account identifiers, (2) aggregates the data so that it cannot reasonably be linked to an identified or identifiable individual, (3) publicly commits, in this policy, not to attempt to re-identify the data, and (4) prohibits any recipient of the data from attempting re-identification. This process is intended to satisfy the de-identification standards in RCW 19.373.010 (MHMDA) and the FTC's three-part de-identification test. If counsel concludes this process does not meet the applicable legal standard, Wolvec will obtain opt-in consent before capturing this data.
4. Third-Party Service Providers
Wolvec uses third-party service providers to operate core platform features. Your data is processed by:
- Anthropic (AI text generation and reasoning): Coach and client content, including check-in responses and coaching conversations, is processed through Anthropic's Claude AI to generate coaching responses and program recommendations.
- OpenAI (voice transcription): Voice recordings uploaded by coaches are processed by OpenAI's transcription service.
- OpenAI (text embeddings): Coach onboarding content is processed to generate vector embeddings that power coaching personalization features.
- Resend (email delivery): Agreement confirmation emails containing coach and client names and email addresses are sent via Resend's email delivery service.
- Neon (database storage): Your account data, program data, check-in responses, and coaching content are stored in Wolvec's managed database hosted by Neon, a serverless PostgreSQL provider.
- Vercel (platform operations): The Wolvec application is hosted and served by Vercel. Requests to the platform are processed through Vercel's serverless compute infrastructure.
- Upstash via Vercel KV (early access applications): If you submit the early access application form on our marketing site, your submission (name, email address, and coaching background responses) is stored in a Vercel KV datastore operated by Upstash, a managed Redis provider, until we process your application.
- Cloudflare (security): Cloudflare provides edge security, DDoS protection, and web application firewall services. Cloudflare may process request metadata, including IP addresses, as part of security screening.
- Sentry (error monitoring): Application errors and performance data, which may include technical context about user sessions, are processed by Sentry for debugging and reliability purposes.
- Notion (bug triage and support): If you submit bug reports or feedback through the Platform, or if Wolvec staff engage in internal support workflows related to your account, report content, contact information, and related technical context may be processed in Notion for internal triage, debugging, and product support.
Wolvec uses these providers to process data on Wolvec's behalf and does not authorize them to use the data for unrelated purposes.
We do NOT sell your personal data. We do NOT disclose your data to third parties for purposes unrelated to operating the Wolvec platform.
5. Consumer Health Data
Our platform handles health-adjacent information including fitness goals, training load, and self-reported wellness indicators. Wolvec is not intended to create, receive, maintain, or transmit Protected Health Information as a covered entity or business associate under HIPAA. Wolvec is a fitness and wellness technology platform, not a medical provider, health plan, or healthcare clearinghouse.
However, we take health-adjacent data seriously:
Pre-participation health screening (PAR-Q+): Before using AI-assisted coaching features, clients complete a pre-participation health screening based on the Physical Activity Readiness Questionnaire for Everyone (PAR-Q+). Your responses are stored in Wolvec's database and are accessible to:
- Your assigned coach, for the purpose of understanding your health status and personalizing your program
- Wolvec staff, for the purpose of safety compliance and platform operations
- Anthropic (Claude AI), for the purpose of generating AI-assisted coaching content (your coach reviews all AI-generated content before it reaches you during the onboarding phase)
PAR-Q+ data is retained for the duration of your coaching relationship plus 12 months after account termination. You may request deletion of your PAR-Q+ data by contacting privacy@wolvec.ai. Note that deletion of health screening data will prevent use of AI-assisted coaching features, as the screening is required for safety clearance.
Your PAR-Q+ responses are not shared with any other party, are not sold, and are not used for advertising purposes.
Safety Escalation: If a client mentions pain, injury, illness, or dizziness in a coaching interaction, our platform automatically escalates this to the client's coach and recommends consulting a medical professional. This is a core safety feature, not optional.
FTC Health Breach Notification: Wolvec maintains procedures to evaluate and respond to security incidents involving identifiable health-adjacent data and will provide required notices to affected individuals and regulators where applicable under the FTC Health Breach Notification Rule.
5A. FTC Health Breach Notification
Wolvec is subject to the FTC Health Breach Notification Rule (16 C.F.R. Part 318), as amended effective July 29, 2024. This rule applies to vendors of personal health records and related entities that are not regulated by HIPAA.
What this means for you: If Wolvec discovers a security breach that results in unauthorized acquisition of your health-related data, including PAR-Q+ screening responses, injury or illness disclosures in check-ins or chat, or other health-adjacent information, we are required to notify you within 60 days of discovery. Notification will be sent to your registered email address.
If a breach affects 500 or more residents of a single state, we will also notify prominent media outlets in that state and the FTC simultaneously.
For breaches affecting fewer than 500 individuals in a given state, we will log the breach and report it to the FTC on an annual basis, as required by the rule.
Civil penalty exposure: Violations of the FTC HBNR carry civil penalties of up to $53,088 per violation, as adjusted for inflation effective January 17, 2025. The FTC adjusts this figure annually under the Federal Civil Penalties Inflation Adjustment Act.
[Wolvec draft - pending attorney review]: The figure above reflects the January 2025 inflation adjustment (Federal Register adjustment published January 17, 2025, raising the maximum from $51,744 to $53,088). A further annual adjustment was published in the Federal Register on January 28, 2026. Counsel should confirm the current per-violation maximum against the most recent Federal Register adjustment at time of publication.
Our breach response: We maintain an internal breach response protocol with a designated HBNR officer responsible for overseeing notification. Details of our protocol are available upon written request to privacy@wolvec.ai.
6. Data Retention and Deletion
- Coach account data: retained for the duration of your account plus 12 months after termination
- Client data: retained for the duration of the coaching relationship plus 12 months
- Voice recordings: transcribed and may be retained as text; original audio deleted within 90 days
- Check-in data: retained for the duration of the coaching relationship
- Backup and audit logs: retained up to 12 months
Your Rights: You may request access to, correction of, or deletion of your personal data at any time by contacting us at privacy@wolvec.ai. We will respond within 30 days.
Deletion requests for client data may be fulfilled by the coach (who manages the coaching relationship) or directly by Wolvec upon verified request.
7. Data Security
We implement industry-standard security measures including:
- Encrypted data transmission (HTTPS/TLS)
- Encrypted data storage (Neon managed PostgreSQL with encryption at rest)
- Access controls and authentication requirements
- Error monitoring and incident response (Sentry)
- Regular security assessments
8. California Residents
Wolvec voluntarily offers California residents the access and deletion rights described below, regardless of whether CCPA's revenue or data volume thresholds technically apply to Wolvec at this time.
Your Rights:
- Right to know what personal information we collect
- Right to delete personal information
- Right to opt-out of sale (we do not sell personal data)
- Right to non-discrimination for exercising your rights
Wolvec handles health-adjacent fitness and wellness information. Wolvec does not provide medical care, diagnosis, treatment, or healthcare services.
To exercise your California rights, contact us at privacy@wolvec.ai.
9. Washington State Residents: My Health My Data Act (MHMDA)
Washington's My Health My Data Act (RCW 19.373) applies to consumer health data collected by entities not regulated by HIPAA. This section applies to Washington residents who interact with Wolvec in an individual or household capacity.
Your consumer health data rights under MHMDA are governed by this Privacy Policy. Section 5 (Consumer Health Data) and this Section 9 together describe the categories of consumer health data we collect, our handling practices, and your rights.
Categories of consumer health data we collect from Washington residents: PAR-Q+ health screening responses, injury and illness disclosures in check-in and chat sessions, workout and biometric data, self-reported wellness indicators, health screening status, and date of birth.
Sources: Directly from you during account setup, health screening, check-in submissions, and AI coaching interactions.
Purposes: Safety screening, coach review, AI-assisted program generation, safety escalation, and de-identified platform improvement.
Third parties with access: Anthropic (AI response generation), OpenAI (transcription and embeddings), your assigned coach (coaching services). We do not sell consumer health data. We do not share it for advertising purposes.
Your rights:
- Right to access your consumer health data
- Right to delete your consumer health data
- Right to correct inaccurate consumer health data
- Right to withdraw consent to collection (note: withdrawal prevents use of AI coaching features)
- Right to a list of third parties who have received your consumer health data
- Right to appeal a denial of a rights request (send appeal to privacy@wolvec.ai, subject line: MHMDA Appeal)
Opt-in consent: Wolvec obtains your consent before collecting consumer health data through the health screening and onboarding flow. You may withdraw consent at any time by contacting privacy@wolvec.ai.
[Wolvec draft - pending attorney review]: Wolvec's consent mechanism is a standalone Client Consent and Acknowledgment document presented during client onboarding, before any health screening data is collected. The client must take affirmative action to consent: typing their full legal name as a signature and separately confirming they are at least 18 years old. Consent is recorded with the agreement version, timestamp, and IP address, and a signed PDF copy is emailed to the client. This consent is separate and distinct from acceptance of general terms of use. Counsel should confirm this mechanism satisfies MHMDA's requirements for valid authorization, including that the consent request clearly discloses the categories of consumer health data collected, the purposes of collection, and the entities with which the data is shared.
To exercise your Washington rights, contact us at privacy@wolvec.ai.
10. California Residents: Confidentiality of Medical Information Act (CMIA)
California's Confidentiality of Medical Information Act (Cal. Civ. Code Section 56 et seq.), as amended by AB 1436 (2021), extends certain protections to health-related information collected by mobile applications and digital health platforms.
Wolvec does not disclose your health-related information to third parties for direct marketing or advertising purposes. We do not sell your medical information.
[Wolvec draft - pending attorney review]: Under AB 1436 (Cal. Civ. Code Section 56.06), a business that offers software to consumers for the purpose of allowing them to manage their information regarding their health, or for diagnosis or treatment purposes, is deemed a provider of health care for CMIA purposes. Wolvec's working position is that its PAR-Q+ health screening responses and injury or illness disclosures may qualify as "medical information" under this extension, while general fitness programming, workout logs, and goal data likely do not. Until counsel concludes otherwise, Wolvec applies the rights listed below to all health screening responses and injury or illness disclosures from California residents. Counsel should confirm this scoping.
- Right to access your medical information held by Wolvec
- Right to receive a copy of your medical information
- Right to correct inaccurate medical information
- Right to restrict disclosure of your medical information to third parties
To exercise these rights, contact privacy@wolvec.ai.
In addition to CMIA rights, California residents retain all rights under the California Consumer Privacy Act (CCPA) described in the California section of this Privacy Policy (Section 8).
11. Nevada Residents: Consumer Health Data (SB 370)
Nevada SB 370, effective March 31, 2024, established consumer health data protections for Nevada residents. This law is enforced by the Nevada Attorney General; it does not provide a private right of action.
If you are a Nevada resident, Wolvec's collection and use of your consumer health data is subject to SB 370. Wolvec does not sell consumer health data. Wolvec does not share consumer health data for advertising purposes.
[Wolvec draft - pending attorney review]: Wolvec obtains affirmative, voluntary consent before collecting consumer health data from Nevada residents through the signed Client Consent and Acknowledgment and the health screening flow described in Section 5. Wolvec's review finds that this section, together with Sections 5 and 9, covers the SB 370 disclosure categories: the categories of consumer health data collected, the sources, the purposes of collection, the third parties with which the data is shared, the retention period, and consumer rights. Counsel should confirm whether SB 370 requires a separately maintained consumer health data privacy policy page or a dedicated homepage link, and whether any disclosure category remains unaddressed for Wolvec's current architecture.
Nevada residents may exercise the access, deletion, correction, and consent-withdrawal rights as described in this Privacy Policy, or by contacting privacy@wolvec.ai.
12. Connecticut Residents: Data Privacy Act (CTDPA)
The Connecticut Data Privacy Act (CTDPA), effective July 1, 2023, includes heightened protections for sensitive personal data, including consumer health data. If you are a Connecticut resident, Wolvec is required to obtain your opt-in consent before collecting and processing sensitive health data.
Wolvec obtains your explicit consent through the health screening and client onboarding flow. You may withdraw consent at any time by contacting privacy@wolvec.ai. Withdrawal of consent does not affect the lawfulness of data processing that occurred before withdrawal.
[Wolvec draft - pending attorney review]: Wolvec's consent mechanism for Connecticut residents is the same standalone signed consent described in Section 9: a distinct Client Consent and Acknowledgment requiring a typed full-name signature and an affirmative age attestation, recorded with version, timestamp, and IP address, completed before any sensitive health data is collected. Consent withdrawal requests sent to privacy@wolvec.ai are honored, and Wolvec ceases processing the affected sensitive data within the timeframe the CTDPA requires after receiving a revocation. As of June 2026, Wolvec has not identified Connecticut AG guidance specific to opt-in consent in the fitness and health coaching context. Counsel should confirm both points.
Connecticut residents have the right to appeal a denial of a data rights request. To appeal, contact privacy@wolvec.ai with the subject line: CTDPA Appeal.
To exercise access, deletion, correction, portability, or opt-out rights, contact privacy@wolvec.ai.
13. International Users
Wolvec is intended for users in the United States. We do not currently accept users outside the United States.
14. Children's Privacy
Wolvec is not directed to individuals under 18 years of age. We do not knowingly collect personal information from users under 18. If you believe someone under 18 has provided us with personal information, contact us at privacy@wolvec.ai and we will delete it.
15. Third-Party Links and Services
Our platform may integrate with third-party services. This Privacy Policy does not cover third-party practices. We encourage you to review the privacy policies of any third-party services you use in connection with Wolvec.
16. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated policy on our website
- Sending an email to your registered address
- Displaying a notice in the platform
Continued use of the platform after changes constitutes acceptance of the updated policy.
17. Contact Us
For privacy questions, requests, or concerns:
Wolvec L.L.C.
Email: privacy@wolvec.ai
For data deletion or access requests, include your full name and the email address associated with your account.
This privacy policy was last reviewed in June 2026.