Privacy Policy

Effective date: April 3, 2026

1. Introduction

Salut is an AI-powered accountability coach with a focus on wellness and health, while also supporting other goals, routines, and forms of follow-through through WhatsApp and Telegram conversations. This Privacy Policy explains how we collect, use, store, and protect your personal data when you interact with our chat bot or visit our website at salut.you.

By using Salut, you agree to the practices described in this policy. If you do not agree, please discontinue use of the service.

2. Data We Collect

We collect the following types of data when you use Salut:

• Phone number or chat ID — used to identify your account and deliver messages via WhatsApp or Telegram.
• Messages — the content of your conversations with the Salut bot, including text you send and responses you receive.
• Health and other tracking data — information you share about weight, meals, exercise, medication, symptoms, sleep, water intake, steps, habits, routines, goals, and any other data you choose to track through conversation.
• Email address (optional) — if you create a web account to access the dashboard.
• Website usage data — when you visit salut.you, we may collect analytics data such as pages visited, clicks, scroll depth, and device information through Microsoft Clarity. In regions that require consent, this data is only collected after you accept analytics cookies.

3. How We Use Your Data

We use the data we collect for the following purposes:

• Coaching — to provide personalized AI-powered coaching and accountability through conversation, with a focus on wellness and health but support for other routines and goals too.
• Tracking — to log and organize the health data and other routines you report, so you can view your progress over time.
• Context and memory — to remember your goals, preferences, and history in order to provide relevant, continuous coaching.
• Service improvement — to understand how the service is used and to improve its quality and reliability.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, our legal basis for processing your personal data is your consent. By initiating a conversation with the Salut bot and sharing your information, you provide explicit consent to the processing of your data as described in this policy.

Health and wellness data — including weight, meals, medication, symptoms, and exercise — is considered sensitive data (special category data) under GDPR Article 9. We process this data only with your explicit consent, which you provide by voluntarily sharing it through conversation with the bot. You may withdraw your consent at any time by contacting us (see Section 12).

5. Third-Party Services

We rely on the following third-party services to operate Salut:

• Meta / WhatsApp — for message delivery via the WhatsApp Cloud API. Meta's own privacy policy governs how they handle message transport.
• Telegram — for message delivery via the Telegram Bot API. Telegram's privacy policy governs how they handle message transport.
• AI language model providers (currently including Anthropic) — for AI processing of your messages in order to provide coaching responses and extract tracking data.
• Supabase — for secure data storage, including your account information, conversation history, and tracking data. Your data is stored on Supabase servers located in Germany (EU).
• Vercel — for web hosting and analytics. Vercel Analytics is cookieless and does not track individual users across sites.
• Microsoft Clarity — for website analytics including heatmaps and session replays. Visitors in the European Economic Area, United Kingdom, and Switzerland are asked for consent before Clarity cookies are set. Dashboard content containing health or account data is masked before it is sent to Clarity. Microsoft may use data collected through Clarity to improve Microsoft products and services. See Clarity's privacy disclosure for details.

6. International Data Transfers

Your data is stored on servers located in Germany (EU) via Supabase. However, some data may be transferred to and processed in countries outside your country of residence, including the United States, for AI processing, web hosting, and website analytics. Anthropic, Vercel, and Microsoft are US-based companies, and Supabase, while hosting your data in the EU, is a US-headquartered company whose personnel may access infrastructure for support and maintenance purposes.

Where data is transferred outside the EEA or UK, we rely on appropriate safeguards such as standard contractual clauses or the service provider's compliance frameworks to ensure your data remains protected.

7. Data Storage & Security

Your data is stored in Supabase, a managed database platform, on servers located in Germany (EU). We implement the following security measures to protect your information:

• All data is encrypted in transit using TLS.
• Access to the database is restricted through role-based access controls.
• API keys and credentials are stored securely and are never exposed to end users.

While we take reasonable precautions to protect your data, no system is completely secure. We cannot guarantee absolute security of your information.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you.
• Rectification — request correction of inaccurate or incomplete data.
• Deletion — request that we delete your personal data.
• Portability — request a machine-readable export of your data.
• Withdraw consent — withdraw your consent to data processing at any time, without affecting the lawfulness of processing carried out before withdrawal.
• Lodge a complaint — you have the right to lodge a complaint with a data protection supervisory authority in your country of residence.

To exercise any of these rights, please contact us at privacy@salut.you.

9. Data Retention

We retain your data for as long as your account is active or as needed to provide the service. Conversation history and tracking data are kept to maintain ongoing coaching context and allow you to view your progress over time.

You may request deletion of your data at any time by contacting privacy@salut.you. Upon receiving a valid deletion request, we will remove your personal data within 30 days, except where retention is required by law.

10. Children's Privacy

Salut is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16 without appropriate consent, we will take steps to delete that information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we make changes, we will update the effective date at the top of this page. We encourage you to review this policy periodically.

12. Contact

If you have any questions about this Privacy Policy or how we handle your data, please contact us at privacy@salut.you.