Privacy Policy

Wolvec L.L.C.

Effective Date: June 2, 2026  ·  Last Updated: June 2, 2026

1. Who We Are

Wolvec L.L.C. ("Wolvec," "Company," "we," "us," or "our") is a fitness and wellness technology platform. We connect fitness coaches with their clients through AI-assisted coaching tools.

IMPORTANT DISCLAIMER: Wolvec is NOT a medical provider, health plan, or healthcare clearinghouse. Our platform provides fitness and wellness support only. Nothing on this platform constitutes medical advice, diagnosis, or treatment.

2. Information We Collect

Coach Data

Client Data

Automatically Collected Data

3. How We Use Your Information

We use collected information to:

De-identified behavioral data for platform improvement: Wolvec captures de-identified data about how coaches and clients interact with platform features (for example, which screens are visited, which actions are taken, and session duration). This data does not contain your name, email address, health information, or other direct identifiers. It is used to improve platform design and reliability. If you have questions about this practice, contact privacy@wolvec.ai.

[Wolvec draft - pending attorney review]: Wolvec does not embed third-party analytics or advertising SDKs in the platform. Behavioral interaction data used for platform improvement is derived from Wolvec's own operational logs. Before any such data is used for platform improvement, Wolvec (1) removes direct identifiers, including name, email address, and account identifiers, (2) aggregates the data so that it cannot reasonably be linked to an identified or identifiable individual, (3) publicly commits, in this policy, not to attempt to re-identify the data, and (4) prohibits any recipient of the data from attempting re-identification. This process is intended to satisfy the de-identification standards in RCW 19.373.010 (MHMDA) and the FTC's three-part de-identification test. If counsel concludes this process does not meet the applicable legal standard, Wolvec will obtain opt-in consent before capturing this data.

4. Third-Party Service Providers

Wolvec uses third-party service providers to operate core platform features. Your data is processed by:

Wolvec uses these providers to process data on Wolvec's behalf and does not authorize them to use the data for unrelated purposes.

We do NOT sell your personal data. We do NOT disclose your data to third parties for purposes unrelated to operating the Wolvec platform.

5. Consumer Health Data

Our platform handles health-adjacent information including fitness goals, training load, and self-reported wellness indicators. Wolvec is not intended to create, receive, maintain, or transmit Protected Health Information as a covered entity or business associate under HIPAA. Wolvec is a fitness and wellness technology platform, not a medical provider, health plan, or healthcare clearinghouse.

However, we take health-adjacent data seriously:

Pre-participation health screening (PAR-Q+): Before using AI-assisted coaching features, clients complete a pre-participation health screening based on the Physical Activity Readiness Questionnaire for Everyone (PAR-Q+). Your responses are stored in Wolvec's database and are accessible to:

PAR-Q+ data is retained for the duration of your coaching relationship plus 12 months after account termination. You may request deletion of your PAR-Q+ data by contacting privacy@wolvec.ai. Note that deletion of health screening data will prevent use of AI-assisted coaching features, as the screening is required for safety clearance.

Your PAR-Q+ responses are not shared with any other party, are not sold, and are not used for advertising purposes.

Safety Escalation: If a client mentions pain, injury, illness, or dizziness in a coaching interaction, our platform automatically escalates this to the client's coach and recommends consulting a medical professional. This is a core safety feature, not optional.

FTC Health Breach Notification: Wolvec maintains procedures to evaluate and respond to security incidents involving identifiable health-adjacent data and will provide required notices to affected individuals and regulators where applicable under the FTC Health Breach Notification Rule.

5A. FTC Health Breach Notification

Wolvec is subject to the FTC Health Breach Notification Rule (16 C.F.R. Part 318), as amended effective July 29, 2024. This rule applies to vendors of personal health records and related entities that are not regulated by HIPAA.

What this means for you: If Wolvec discovers a security breach that results in unauthorized acquisition of your health-related data, including PAR-Q+ screening responses, injury or illness disclosures in check-ins or chat, or other health-adjacent information, we are required to notify you within 60 days of discovery. Notification will be sent to your registered email address.

If a breach affects 500 or more residents of a single state, we will also notify prominent media outlets in that state and the FTC simultaneously.

For breaches affecting fewer than 500 individuals in a given state, we will log the breach and report it to the FTC on an annual basis, as required by the rule.

Civil penalty exposure: Violations of the FTC HBNR carry civil penalties of up to $53,088 per violation, as adjusted for inflation effective January 17, 2025. The FTC adjusts this figure annually under the Federal Civil Penalties Inflation Adjustment Act.

[Wolvec draft - pending attorney review]: The figure above reflects the January 2025 inflation adjustment (Federal Register adjustment published January 17, 2025, raising the maximum from $51,744 to $53,088). A further annual adjustment was published in the Federal Register on January 28, 2026. Counsel should confirm the current per-violation maximum against the most recent Federal Register adjustment at time of publication.

Our breach response: We maintain an internal breach response protocol with a designated HBNR officer responsible for overseeing notification. Details of our protocol are available upon written request to privacy@wolvec.ai.

6. Data Retention and Deletion

Your Rights: You may request access to, correction of, or deletion of your personal data at any time by contacting us at privacy@wolvec.ai. We will respond within 30 days.

Deletion requests for client data may be fulfilled by the coach (who manages the coaching relationship) or directly by Wolvec upon verified request.

7. Data Security

We implement industry-standard security measures including:

8. California Residents

Wolvec voluntarily offers California residents the access and deletion rights described below, regardless of whether CCPA's revenue or data volume thresholds technically apply to Wolvec at this time.

Your Rights:

Wolvec handles health-adjacent fitness and wellness information. Wolvec does not provide medical care, diagnosis, treatment, or healthcare services.

To exercise your California rights, contact us at privacy@wolvec.ai.

9. Washington State Residents: My Health My Data Act (MHMDA)

Washington's My Health My Data Act (RCW 19.373) applies to consumer health data collected by entities not regulated by HIPAA. This section applies to Washington residents who interact with Wolvec in an individual or household capacity.

Your consumer health data rights under MHMDA are governed by this Privacy Policy. Section 5 (Consumer Health Data) and this Section 9 together describe the categories of consumer health data we collect, our handling practices, and your rights.

Categories of consumer health data we collect from Washington residents: PAR-Q+ health screening responses, injury and illness disclosures in check-in and chat sessions, workout and biometric data, self-reported wellness indicators, health screening status, and date of birth.

Sources: Directly from you during account setup, health screening, check-in submissions, and AI coaching interactions.

Purposes: Safety screening, coach review, AI-assisted program generation, safety escalation, and de-identified platform improvement.

Third parties with access: Anthropic (AI response generation), OpenAI (transcription and embeddings), your assigned coach (coaching services). We do not sell consumer health data. We do not share it for advertising purposes.

Your rights:

Opt-in consent: Wolvec obtains your consent before collecting consumer health data through the health screening and onboarding flow. You may withdraw consent at any time by contacting privacy@wolvec.ai.

[Wolvec draft - pending attorney review]: Wolvec's consent mechanism is a standalone Client Consent and Acknowledgment document presented during client onboarding, before any health screening data is collected. The client must take affirmative action to consent: typing their full legal name as a signature and separately confirming they are at least 18 years old. Consent is recorded with the agreement version, timestamp, and IP address, and a signed PDF copy is emailed to the client. This consent is separate and distinct from acceptance of general terms of use. Counsel should confirm this mechanism satisfies MHMDA's requirements for valid authorization, including that the consent request clearly discloses the categories of consumer health data collected, the purposes of collection, and the entities with which the data is shared.

To exercise your Washington rights, contact us at privacy@wolvec.ai.

10. California Residents: Confidentiality of Medical Information Act (CMIA)

California's Confidentiality of Medical Information Act (Cal. Civ. Code Section 56 et seq.), as amended by AB 1436 (2021), extends certain protections to health-related information collected by mobile applications and digital health platforms.

Wolvec does not disclose your health-related information to third parties for direct marketing or advertising purposes. We do not sell your medical information.

[Wolvec draft - pending attorney review]: Under AB 1436 (Cal. Civ. Code Section 56.06), a business that offers software to consumers for the purpose of allowing them to manage their information regarding their health, or for diagnosis or treatment purposes, is deemed a provider of health care for CMIA purposes. Wolvec's working position is that its PAR-Q+ health screening responses and injury or illness disclosures may qualify as "medical information" under this extension, while general fitness programming, workout logs, and goal data likely do not. Until counsel concludes otherwise, Wolvec applies the rights listed below to all health screening responses and injury or illness disclosures from California residents. Counsel should confirm this scoping.

To exercise these rights, contact privacy@wolvec.ai.

In addition to CMIA rights, California residents retain all rights under the California Consumer Privacy Act (CCPA) described in the California section of this Privacy Policy (Section 8).

11. Nevada Residents: Consumer Health Data (SB 370)

Nevada SB 370, effective March 31, 2024, established consumer health data protections for Nevada residents. This law is enforced by the Nevada Attorney General; it does not provide a private right of action.

If you are a Nevada resident, Wolvec's collection and use of your consumer health data is subject to SB 370. Wolvec does not sell consumer health data. Wolvec does not share consumer health data for advertising purposes.

[Wolvec draft - pending attorney review]: Wolvec obtains affirmative, voluntary consent before collecting consumer health data from Nevada residents through the signed Client Consent and Acknowledgment and the health screening flow described in Section 5. Wolvec's review finds that this section, together with Sections 5 and 9, covers the SB 370 disclosure categories: the categories of consumer health data collected, the sources, the purposes of collection, the third parties with which the data is shared, the retention period, and consumer rights. Counsel should confirm whether SB 370 requires a separately maintained consumer health data privacy policy page or a dedicated homepage link, and whether any disclosure category remains unaddressed for Wolvec's current architecture.

Nevada residents may exercise the access, deletion, correction, and consent-withdrawal rights as described in this Privacy Policy, or by contacting privacy@wolvec.ai.

12. Connecticut Residents: Data Privacy Act (CTDPA)

The Connecticut Data Privacy Act (CTDPA), effective July 1, 2023, includes heightened protections for sensitive personal data, including consumer health data. If you are a Connecticut resident, Wolvec is required to obtain your opt-in consent before collecting and processing sensitive health data.

Wolvec obtains your explicit consent through the health screening and client onboarding flow. You may withdraw consent at any time by contacting privacy@wolvec.ai. Withdrawal of consent does not affect the lawfulness of data processing that occurred before withdrawal.

[Wolvec draft - pending attorney review]: Wolvec's consent mechanism for Connecticut residents is the same standalone signed consent described in Section 9: a distinct Client Consent and Acknowledgment requiring a typed full-name signature and an affirmative age attestation, recorded with version, timestamp, and IP address, completed before any sensitive health data is collected. Consent withdrawal requests sent to privacy@wolvec.ai are honored, and Wolvec ceases processing the affected sensitive data within the timeframe the CTDPA requires after receiving a revocation. As of June 2026, Wolvec has not identified Connecticut AG guidance specific to opt-in consent in the fitness and health coaching context. Counsel should confirm both points.

Connecticut residents have the right to appeal a denial of a data rights request. To appeal, contact privacy@wolvec.ai with the subject line: CTDPA Appeal.

To exercise access, deletion, correction, portability, or opt-out rights, contact privacy@wolvec.ai.

13. International Users

Wolvec is intended for users in the United States. We do not currently accept users outside the United States.

14. Children's Privacy

Wolvec is not directed to individuals under 18 years of age. We do not knowingly collect personal information from users under 18. If you believe someone under 18 has provided us with personal information, contact us at privacy@wolvec.ai and we will delete it.

15. Third-Party Links and Services

Our platform may integrate with third-party services. This Privacy Policy does not cover third-party practices. We encourage you to review the privacy policies of any third-party services you use in connection with Wolvec.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

Continued use of the platform after changes constitutes acceptance of the updated policy.

17. Contact Us

For privacy questions, requests, or concerns:

Wolvec L.L.C.

Email: privacy@wolvec.ai

For data deletion or access requests, include your full name and the email address associated with your account.

This privacy policy was last reviewed in June 2026.