Third-Party AI Processing
Outliyr uses AI to parse lab PDFs, analyze opted-in Mirror scans, narrate insights, draft trial protocols, power chat, and generate the weekly digest. Requests use approved direct providers first, with OpenRouter as a fallback gateway. The services that can receive request data are listed below.
AI services
- Groq (United States): Primary structured text generation and primary image analysis for Mirror scans and lab-report parsing.
- Google AI Studio (United States): Image-analysis fallback for Mirror scans and lab-report parsing.
- Cerebras (United States): Structured text-generation fallback for insights, digests, intervention drafts, and chat answers.
- Cloudflare Workers AI (United States): Structured text-generation fallback for insights, digests, intervention drafts, and chat answers.
- OpenRouter (United States): Fallback gateway to approved text and image models when direct providers are unavailable. The selected upstream model can change as availability changes.
Categories of data routed
- Uploaded lab and health-report PDFs (bloodwork, Viome microbiome, TruDiagnostic epigenetic, Self-Decode genetics, and similar).
- Daily pulse notes and journal entries you write in-app.
- Trial summaries, intervention notes, and protocol descriptions.
- Chat queries and questions you send to the in-app assistant.
- Insights generation context (your recent metric windows; anonymized and time-bounded).
- Weekly digest and brief narrative inputs.
Controls applied to AI requests
- Direct-provider accounts are configured under API terms that prohibit training on API inputs. OpenRouter requests set data_collection to deny, and health-image requests also require zero-data-retention routing.
- Crucial PII (your name, email, phone, date of birth, and postal address) is stripped from structured request payloads before the request leaves Outliyr. Identity masking is also applied to supported lab-report pages before image analysis.
- Outliyr stores the structured result needed to provide the feature. Raw Mirror images are deleted after processing, and failed deletions remain queued for retry instead of losing the deletion reference.
Operational data Outliyr stores (not routed to AI vendors)
- Outliyr Intelligence event stream. A first-party events stream records which features you use and how you move through the product. We use it to improve your experience (better defaults, smarter recommendations, fewer dead-ends). Stored inside Outliyr; not shared with the AI vendors above and not sold.
- Wearable OAuth tokens. When you connect a wearable (Oura, Whoop, Ultrahuman), the provider issues Outliyr an authorization token so we can fetch your sleep, recovery, and activity data on your behalf. The token is stored encrypted and is only used to talk to that provider. Disconnecting the wearable revokes the token.
- Push notification tokens. When you opt into push notifications on iOS or Android, Apple (APNs) or Google (FCM) issues a device token. Outliyr stores the token so we can deliver the notifications you signed up for (Morning Pulse, daily brief, etc). The token is not used for tracking and is rotated by the OS.
When this list changes
The vendor list is maintained alongside our model selection in the Outliyr codebase, so the policy stays in sync with the providers actually being routed to. If a future model swap adds or removes a vendor, this section updates with it. Material changes are also surfaced in product release notes.
Referral Program
Email list defaults at signup
If you sign up for Outliyr through a referral link, the signup form includes a pre-checked option. It adds you to the Outliyr email list. You can uncheck the box during signup to opt out. You can also unsubscribe later. Every email we send carries an unsubscribe link.
What your referrer can see
If you signed up via a referral link, your referrer can see your first and last name. They can also see your activation milestones. Those are: signup, first daily Pulse, and activation. Activation fires once you have logged seven daily Pulses.
We show this so referrers can track their referrals’ progress. We also use it to attribute the referral reward correctly.
If you don’t want your full name visible, change your display name in Outliyr settings. We never share your email address with the person who referred you. We never share your health data with them either.
If you share a referral link
When you share your link, your first and last name may appear to people who arrive through it. So may your written referral profile, if you added one in your Outliyr settings.
If you join the Outliyr Creator Program, your name, profile photo, and short bio may also appear on a public partners listing on outliyr.com. That listing applies once you reach the partner-listing threshold. You can edit or remove your bio at any time in Outliyr settings.
Mobile apps (Coherence and other Outliyr apps)
Outliyr publishes iOS apps, starting with Coherence: Breathing for HRV. This section covers what those apps do with your data.
Sensor data stays on your device
Camera pulse readings, chest strap heart data, and headband signals are processed on your phone. Raw sensor data is never uploaded. Session results are stored on your device and remain there unless you connect an Outliyr account.
Apple Health
With your permission, our apps write data such as mindful minutes, heart rate, heart rate variability, and breathing rate to Apple Health. That data lives in Apple Health under Apple’s protections, and you control access in iOS Settings. We do not read other data from Apple Health.
Optional account sync
If you sign in with an Outliyr account, finished session summaries (for example, coherence scores, session duration, and HRV readings) sync to your Outliyr dashboard so you can run experiments against your other health data. This is the same data covered by the rest of this policy, and you can delete it from your dashboard at any time.
Anonymous usage statistics
Our apps send a small anonymous summary when a session completes: a random install identifier, the breathing pace, session score, duration, sound choice, and app version. It contains no name, email, precise location, or anything that links it to you, and we use it only to understand how the apps perform and to publish aggregate statistics. You can turn this off in the app’s settings at any time.
FoodOS kitchen data
FoodOS lets you deliberately submit photos of your pantry, refrigerator, freezer, groceries, receipts, or cooking area, and lets you select or record short videos. For videos, the FoodOS iOS app extracts still frames on your device. It does not upload or analyze the video’s audio track.
FoodOS sends the selected photos or video frames, along with on-device text-recognition and classification hints, to the FoodOS service. The service may send this material to Google Gemini or Groq to identify food products. FoodOS then asks you to review, correct, select, or reject each proposed item before anything is added to your kitchen inventory.
When you confirm an item, FoodOS stores the confirmed inventory information and may retain the strongest supporting photo or video frame under your Outliyr account. FoodOS uses this information to show why an item was recognized and to personalize kitchen inventory, recipes, meal decisions, preparation plans, and shopping suggestions. Rejected scan candidates are not added to your inventory.
You can edit or delete inventory items and their retained evidence in FoodOS. FoodOS does not use kitchen photos, videos, inventory, or retained evidence for advertising or cross-app tracking.
FoodOS image recognition providers
For FoodOS image recognition, Outliyr may disclose selected photos or video frames and related recognition hints to Google Gemini or Groq. Their applicable service terms and privacy policies govern their processing.
No advertising or tracking
Our apps contain no third-party advertising, no ad identifiers, and no cross-app tracking.