Effective Date: February 24, 2026
Last Updated: February 24, 2026
Emma Health, Inc. (“Emma Health,” “we,” “us,” or “our”) is committed to protecting the privacy of individuals who use our website at myemmahealth.com, our mobile application at emmahealth.app, and related services (collectively, the “Services”). This Privacy Policy describes how we collect, use, disclose, and protect your information when you use our Services.
By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described here, please do not use our Services.
Table of Contents
- Information We Collect
- How We Use Your Information
- SMS/Text Messaging Privacy
- How We Share Your Information
- Third-Party Service Providers
- Data Security and HIPAA
- Data Retention
- Your Rights and Choices
- California Privacy Rights
- Children’s Privacy
- Cookies and Tracking Technologies
- Changes to This Privacy Policy
- Contact Us
1. Information We Collect
Information You Provide to Us
When you create an account, enroll in our program, or interact with our Services, we may collect:
- Account information: name, email address, phone number, date of birth, mailing address, and account credentials
- Health information: IBS diagnosis, IBS subtype, symptom history, bowel movement patterns, medications, allergies, dietary restrictions, and responses to validated health assessments (such as IBS-SSS, IBS-QOL, and SF-12)
- Daily check-in data: mood, gastrointestinal symptoms, sleep quality, stool characteristics (Bristol Stool Scale), pain levels, and bloating severity
- Lab and test information: microbiome test results from our partner laboratory, Genova Diagnostics
- Payment information: billing address and payment card details (processed securely by Stripe; we do not store your full card number)
- Communications: messages you send to our support team, survey responses, and feedback
Information Collected Automatically
When you use our Services, we automatically collect:
- Device and browser information: device type, operating system, browser type, screen resolution, and unique device identifiers
- Usage information: pages and features accessed, time spent on screens, actions taken within the app, and interaction patterns
- Log data: IP address, access times, referring URLs, and error logs
- Location information: general location derived from your IP address (we do not collect precise GPS location)
2. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve our Services, including generating personalized action plans based on your microbiome test results
- Deliver AI-powered recommendations for diet, supplements, sleep, movement, and stress management tailored to your health profile
- Track your symptoms and progress over time and provide insights into your health trends
- Process your transactions and manage your membership
- Send you program-related communications, including check-in reminders, lab result notifications, action plan updates, and account alerts
- Conduct research to evaluate and improve our microbiome modulation program (in de-identified or aggregated form where possible)
- Respond to your inquiries and provide customer support
- Comply with legal obligations and protect our rights
3. SMS/Text Messaging Privacy
This section describes how we handle your information when you opt in to receive SMS/text messages from Emma Health.
Mobile Information We Collect
When you opt in to our SMS messaging program, we collect:
- Your mobile phone number
- Your consent status (opted in or opted out) and the date and time consent was given or withdrawn
- The version of the consent disclosure you agreed to
- Message delivery and interaction data (such as delivery status and opt-out requests)
How We Use Your Mobile Information
We use your mobile phone number solely to send you program-related messages, including:
- Daily check-in reminders
- Lab result and test kit status notifications
- Action plan updates
- Study milestone alerts
- Account and security notifications
No Sharing of Mobile Information
No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. We will never sell, rent, loan, trade, lease, or otherwise share your mobile phone number or SMS opt-in data with any third party for their own marketing purposes. This applies at all times, without exception.
Opting Out of SMS
You may opt out of receiving SMS messages at any time by:
- Replying STOP to any message you receive from us
- Updating your preferences in the Emma Health app under Settings
- Contacting us at support@myemmahealth.com
After opting out, you will receive one final confirmation message confirming your unsubscription. No further text messages will be sent unless you re-enroll.
Getting Help
For help with our SMS program, reply HELP to any message or contact us at support@myemmahealth.com.
4. How We Share Your Information
We do not sell your personal information to third parties. We may share your information in the following limited circumstances:
- Service providers: We share information with third-party companies that perform services on our behalf, such as payment processing, lab testing, email delivery, SMS delivery, and cloud hosting. These providers are contractually obligated to use your information only as necessary to provide services to us and are bound by confidentiality requirements.
- Laboratory partner: We share necessary health and identification information with Genova Diagnostics to facilitate your microbiome test orders and deliver results.
- Medical oversight: Your health data may be reviewed by our Chief Medical Officer or designated clinical staff to support the development and review of your personalized action plan.
- Research (de-identified): We may use de-identified or aggregated data for research purposes, including evaluating the effectiveness of our microbiome modulation program. De-identified data cannot reasonably be used to identify you.
- Legal requirements: We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
- Business transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change by posting a notice on our website.
5. Third-Party Service Providers
We use the following third-party service providers to operate our Services:
- Stripe — Payment processing. Stripe processes your payment card information securely. See Stripe’s Privacy Policy.
- Twilio — SMS/text message delivery. Twilio transmits text messages on our behalf. See Twilio’s Privacy Policy.
- Brevo (formerly Sendinblue) — Transactional and marketing email delivery. See Brevo’s Privacy Policy.
- Genova Diagnostics — Laboratory testing and analysis of microbiome samples. Genova is a CLIA-certified laboratory. See Genova’s Privacy Policy.
- Microsoft Azure — Cloud infrastructure, hosting, and data storage. All data is stored in United States-based data centers. See Microsoft’s Privacy Statement.
- Amplitude — Product analytics to understand how users interact with our app (usage data only, not health data). See Amplitude’s Privacy Policy.
6. Data Security and HIPAA
We take the security of your information seriously, particularly your health-related data. Our security practices include:
- Encryption: All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security). Data is encrypted at rest in our databases.
- Access controls: Access to personal and health information is restricted to authorized personnel who require it to perform their job functions. We use role-based access controls and audit logging.
- HIPAA alignment: While Emma Health is a wellness platform and not a covered entity under HIPAA, we voluntarily align our data handling practices with HIPAA’s Privacy and Security Rules. This includes implementing administrative, physical, and technical safeguards designed to protect the confidentiality, integrity, and availability of your health information.
- Secure infrastructure: Our Services are hosted on Microsoft Azure’s cloud platform, which maintains SOC 2 Type II, ISO 27001, and HIPAA compliance certifications.
- Incident response: We maintain procedures for detecting, responding to, and reporting security incidents.
While we implement commercially reasonable measures to protect your information, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security.
7. Data Retention
We retain your personal information for as long as your account is active or as needed to provide you with our Services. We may retain certain information for longer periods as required by law, to resolve disputes, enforce our agreements, or for legitimate research purposes (using de-identified data). When your information is no longer needed, we will securely delete or de-identify it.
If you request deletion of your account, we will delete or de-identify your personal information within 30 days, except where we are required by law to retain it or where retention is necessary for legitimate business purposes (such as maintaining records of financial transactions).
8. Your Rights and Choices
Depending on your location, you may have the following rights regarding your personal information:
- Access: You can request a copy of the personal information we hold about you.
- Correction: You can request that we correct inaccurate or incomplete information.
- Deletion: You can request that we delete your personal information, subject to certain exceptions.
- Opt-out of communications: You can opt out of marketing emails by clicking “unsubscribe” in any email, and opt out of SMS messages by replying STOP to any text.
- Data portability: You can request a copy of your data in a commonly used electronic format.
To exercise any of these rights, contact us at support@myemmahealth.com. We will respond to your request within 30 days.
9. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
- Right to know: You may request that we disclose what personal information we have collected, used, disclosed, and sold about you in the preceding 12 months.
- Right to delete: You may request the deletion of your personal information, subject to certain exceptions.
- Right to opt out of sale: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
- Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.
- Right to correct: You may request that we correct inaccurate personal information.
- Right to limit use of sensitive personal information: You may request that we limit our use of your sensitive personal information to purposes that are necessary to provide the Services.
To exercise your California privacy rights, contact us at support@myemmahealth.com or write to us at the address listed in the Contact Us section below.
10. Children’s Privacy
Our Services are intended for adults aged 18 and older. We do not knowingly collect personal information from children under the age of 18. If we become aware that we have collected information from a child under 18, we will take steps to delete that information promptly. If you believe a child under 18 has provided us with personal information, please contact us at support@myemmahealth.com.
11. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to improve your experience on our website. These include:
- Essential cookies: Required for the website to function properly (e.g., authentication, session management).
- Analytics cookies: Help us understand how visitors interact with our website so we can improve it (e.g., Amplitude).
- Functional cookies: Remember your preferences and settings to enhance your experience.
Most web browsers allow you to control cookies through their settings. You can set your browser to refuse cookies or alert you when cookies are being sent. However, disabling cookies may affect the functionality of our website.
We do not respond to Do Not Track signals at this time, as there is no industry-standard method for honoring these requests across all platforms.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated policy on our website with a revised “Last Updated” date. For significant changes, we may also notify you via email or in-app notification.
We encourage you to review this Privacy Policy periodically. Your continued use of our Services after any changes constitutes your acceptance of the updated Privacy Policy.
13. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us:
Emma Health, Inc.
Email: support@myemmahealth.com
Website: www.myemmahealth.com