DUO Health ("we," "our," or "the App") is a corporate wellness platform provided by your employer. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the DUO Health mobile application and web platform.

1. Information We Collect

Account Information

When you register, we collect your name, email address, username, department, and location as provided by your organization's invitation system.

Health & Activity Data

With your explicit permission, we collect health and fitness data including:

• Step counts and distance walked/run
• Active minutes and exercise sessions
• Workout logs (exercises, sets, reps, weight)
• Weight logs
• Nutrition and hydration logs

This data may come from manual entries within the app, or from connected third-party services (Apple Health, Google Health Connect, Fitbit, Strava, Garmin, Withings) that you explicitly authorize.

User-Generated Content

Posts, comments, chat messages, recipes, blog entries, shout-outs, and profile information you choose to share within the app.

Device & Usage Information

We collect basic device information (device type, operating system version) and app usage data to improve performance and troubleshoot issues.

2. How We Use Your Information

We use your information solely to:

• Provide wellness tracking, challenges, and leaderboard features
• Display your activity progress and achievements
• Enable social features (feed posts, chat, shout-outs)
• Administer wellness rewards and recognition programs
• Send in-app notifications about challenges, events, and wellness updates
• Generate aggregated, anonymized reports for your organization's wellness program

3. Data Sharing

We do not sell, rent, or share your personal health data with third parties.

Your data is shared only in the following limited ways:

• Within your organization's wellness program: Leaderboard rankings are visible to other participants, but only if you opt in. By default, your individual stats are hidden ("Anonymous Participant").
• Aggregated reports: Your organization may receive anonymized, aggregate wellness statistics (e.g., total company steps). These reports never identify individual users.
• Third-party fitness services: When you connect a service like Fitbit or Strava, data flows from that service to DUO Health. We do not send your data back to those services.

4. Data Storage & Security

• All data is transmitted over encrypted connections (TLS/HTTPS).
• Sensitive credentials (third-party access tokens) are encrypted at rest using AES-256 encryption.
• The application is hosted on secure, access-controlled servers.
• Access to user data is restricted to authorized administrators only.

5. Your Rights & Controls

You have full control over your data:

• Privacy settings: You can choose whether your name and stats appear on leaderboards (opt-in only).
• Disconnect integrations: You can disconnect any third-party fitness service at any time from the Integrations page.
• Delete your account: You can permanently delete your account and all associated data from the Settings page within the app. Account deletion is immediate and irreversible.
• Access your data: Contact your organization's wellness administrator or email support@dutil.com to request a copy of your data.

6. DUO AI Coach & Memory

What the AI does: DUO Health includes an on-premise AI wellness coach ("DUO Coach") that you can chat with, a food-photo analyzer, a recipe parser, and a natural-language workout logger. The AI is powered by Gemma 4 running on DUO Health's own GPU server inside the dutil.com network.

No third-party AI providers. Your data is never sent to OpenAI, Anthropic, Google Gemini, Microsoft, or any other external AI provider. Every AI response is generated on hardware owned and operated by DUO Health. Your messages and wellness data never leave DUO Health infrastructure.

What data is sent to the AI when you use these features:

• The text messages you type in the coach screen
• Your recent wellness statistics (steps, sleep, mood, active minutes, workout counts) — used to personalize responses
• Food photos you explicitly upload for nutrition analysis
• Recipe text you explicitly submit for macro estimation
• Workout descriptions you submit for structured parsing

What the AI does NOT see: your medical records from health plan integrations (e.g. Cigna), direct-message conversations with other users in the chat feature, or posts you make in the feed.

Opt-in required. You must explicitly accept a consent disclosure before any AI feature processes your data for the first time. You can revoke this consent at any time from Settings → AI features. When revoked, every AI endpoint returns an error and your data is not processed. Revoking consent does not delete previously-generated coach replies or memories; use the controls below for that.

Long-term memory. The coach extracts durable facts from your conversations (goals, preferences, limitations, medical conditions) and stores them to give continuity across sessions. Priority memories (allergies, injuries, medications, chronic conditions) are flagged so they're always considered.

Strict user scoping. Every database query that touches coach messages or memories is filtered by your user ID at the data layer. No teammates, HR admins, or DUO Health staff can read your coach conversations, memories, or notes.

Full user control. In the app you can:

• View every memory the coach has about you
• Delete any individual memory
• Clear your entire chat history at any time
• Wipe every coach memory in one tap ("Forget everything")
• Turn AI features off globally (Settings → AI features toggle)

Safety intercept. If your message contains self-harm, eating-disorder, substance-abuse, or crisis language, the coach is bypassed entirely and you receive a hand-authored response with crisis-line resources (988, NEDA, SAMHSA). Only a non-identifying event marker is logged so moderators know an intercept fired — never the underlying message.

No medical advice. The coach is instructed not to diagnose, rank severity, or recommend treatment. Any medical-adjacent topic surfaces a "talk to your doctor" disclaimer. AI-generated content is for general wellness guidance only and is not a substitute for professional medical advice.

7. Third-Party Services

DUO Health integrates with the following optional third-party services. Each has its own privacy policy:

• Apple Health (iOS) — governed by Apple's privacy policy
• Google Health Connect (Android) — governed by Google's privacy policy
• Fitbit — governed by Fitbit/Google's privacy policy
• Strava — governed by Strava's privacy policy
• Garmin Connect — governed by Garmin's privacy policy
• Withings — governed by Withings' privacy policy

Connecting these services is entirely optional. The app functions without any third-party connections.

8. Data Retention

We retain your data for as long as your account is active. If you delete your account, all personal data is permanently removed. Anonymized aggregate data may be retained for program reporting purposes.

9. Children's Privacy

DUO Health is intended for use by employees of participating organizations. We do not knowingly collect data from anyone under the age of 18.

10. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated effective date. Continued use of the app after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this privacy policy or your data, please contact:

support@dutil.com