Third-Party AI Processing

Outliyr uses AI to parse lab PDFs, narrate insights, draft trial protocols, power chat, and generate the weekly digest. AI calls are routed through OpenRouter (San Francisco, USA), which dispatches each request to a single upstream provider chosen for the task. We disclose the upstream providers below because California (CCPA) and similar state privacy laws require listing the categories of third parties that receive personal information, even when those parties are contractually constrained from retaining or training on it.

Upstream AI providers

• Google AI Studio (United States): Text generation (insights narratives, weekly digest, intervention drafts, chat answers) and PDF/lab-report parsing fallback.
• Baidu (China): OCR + structured extraction from lab and health-report PDFs. Used as the primary vision model because it is OCR-purpose-built and roughly 3 seconds on lab documents.

Categories of data routed

• Uploaded lab and health-report PDFs (bloodwork, Viome microbiome, TruDiagnostic epigenetic, Self-Decode genetics, and similar).
• Daily pulse notes and journal entries you write in-app.
• Trial summaries, intervention notes, and protocol descriptions.
• Chat queries and questions you send to the in-app assistant.
• Insights generation context (your recent metric windows; anonymized and time-bounded).
• Weekly digest and brief narrative inputs.

Guarantees we enforce on every request

• Every request is sent with provider.data_collection: deny, so the upstream vendor contractually cannot retain or train on your inputs.
• Crucial PII (your name, email, phone, date of birth, postal address) is stripped from structured request payloads (insights context, narrative inputs, journal entries) before the request leaves Outliyr. Raw uploaded files (lab PDFs) are sent to the vendor for parsing as-is, but the vendor is contractually prohibited from retaining or training on them.
• Outliyr stores only the AI response (for example a parsed lab panel, a generated narrative). Your raw input is not persisted at the AI layer beyond OpenRouter's short-lived billing logs.
• Outliyr is not a HIPAA-covered entity (direct-to-consumer, not a medical provider), so no Business Associate Agreement is required. State privacy laws (CCPA, etc.) still apply and this disclosure is the categories-of-third-parties notice they require.

Operational data Outliyr stores (not routed to AI vendors)

• Outliyr Intelligence event stream. A first-party events stream records which features you use and how you move through the product. We use it to improve your experience (better defaults, smarter recommendations, fewer dead-ends). Stored inside Outliyr; not shared with the AI vendors above and not sold.
• Wearable OAuth tokens. When you connect a wearable (Oura, Whoop, Ultrahuman), the provider issues Outliyr an authorization token so we can fetch your sleep, recovery, and activity data on your behalf. The token is stored encrypted and is only used to talk to that provider. Disconnecting the wearable revokes the token.
• Push notification tokens. When you opt into push notifications on iOS or Android, Apple (APNs) or Google (FCM) issues a device token. Outliyr stores the token so we can deliver the notifications you signed up for (Morning Pulse, daily brief, etc). The token is not used for tracking and is rotated by the OS.

When this list changes

The vendor list is maintained alongside our model selection in the Outliyr codebase, so the policy stays in sync with the providers actually being routed to. If a future model swap adds or removes a vendor, this section updates with it. Material changes are also surfaced in product release notes.