Privacy Policy

Effective Date: May 23, 2026

This Privacy Policy explains how PushNcare, Inc. ("PushNcare," "we," "us," or "our") collects, uses, discloses, retains, and protects information when you access or use PushNcare websites, applications, dashboards, nutrition tools, AI-enabled services, Personal Health Blueprint assessments, professional marketplace features, enterprise audit tools, communications, payment flows, and related services (collectively, the "Platform").

This Privacy Policy is incorporated into our Terms of Service. If you do not agree with this Privacy Policy, do not use the Platform.

1. Company and Contact Information

PushNcare is operated by:

  • Legal Entity: PushNcare, Inc.
  • Jurisdiction of Incorporation: Delaware, United States
  • Registered Address: 1111B S Governors Ave, STE 27833, Dover, DE 19904, United States
  • Privacy Contact: privacy@pushncare.com
  • Legal Contact: legal@pushncare.com
  • Support Contact: support@pushncare.com

For privacy rights requests, email privacy@pushncare.com and include the email address associated with your account and the nature of your request.

2. Important Health Privacy Notice

PushNcare processes nutrition, wellness, and health-related information to provide the Platform. Unless expressly agreed in a separate written contract, PushNcare is not a hospital, emergency-care provider, health insurer, or medical provider, and the Platform is not a substitute for medical advice, diagnosis, or treatment.

Some information you provide may be considered health data, sensitive personal information, or special-category data under applicable laws. By submitting health-related information, you authorize us to process it as described in this Privacy Policy and as necessary to provide the Platform.

Where a specific law requires explicit consent for processing sensitive information, we will rely on your explicit consent or another lawful basis recognized by that law.

3. Information We Collect

3.1 Account and Identity Information

We may collect your name, display name, email address, phone number, country, language, role, password or authentication metadata, Firebase UID or other authentication identifiers, account status, referral information, and profile completion details.

3.2 Profile and Demographic Information

We may collect age or date of birth, gender, country code, country name, avatar, biography, language preferences, timezone, cultural preferences, ethnicity or cuisine preferences if provided, and other profile details.

3.3 Patient, Nutrition, Wellness, and Health-Related Information

Depending on the features you use, we may collect height, weight, target weight, activity level, dietary preferences, allergies, health conditions, medications, blood sugar targets, blood pressure history, kidney-function indicators, religious dietary restrictions, disliked ingredients, traditional foods, food-search history, food scans, supplement information, nutrition goals, meal preferences, assessment answers, risk scores, reports, notes, consultation requests, appointment information, messages, and progress data.

3.4 Personal Health Blueprint Data

For Personal Health Blueprint features, we may collect assessment answers, country, language, encrypted or hashed email and WhatsApp information, referral source, UTM parameters, payment status, amount, currency, report-generation status, AI model version, public access token, public link expiry, event logs, generated reports, and related audit metadata.

3.5 Professional and Nutritionist Information

For nutritionists, dietitians, and other professionals, we may collect professional title, license number, credentials, degrees, university, graduation year, certifications, verification documents, practice name, practice type, specializations, cultural expertise, languages spoken, biography, consultation fees, availability, storefront content, banners, videos, ratings, reviews, social links, payout method, bank or mobile money details, Stripe account information, verification status, tier assignment, admin notes, and performance metrics.

3.6 Enterprise, Workplace, and Audit Information

For enterprise and corporate features, we may collect organization details, administrator information, survey responses, audit responses, workplace nutrition risk signals, report inputs, generated reports, billing information, usage analytics, and aggregated or de-identified employee wellness insights.

3.7 Payment and Transaction Information

We may collect transaction identifiers, checkout session identifiers, payment intent identifiers, deposit IDs, mobile money metadata, currency, amount, payment status, subscription status, invoice or receipt metadata, refunds, chargebacks, payout metadata, and tax or billing information. Payment card numbers and certain payment credentials are processed by payment providers such as Stripe, PawaPay, banks, card networks, and mobile money providers, not stored directly by PushNcare unless expressly stated.

3.8 Communications and Support Information

We may collect emails, support requests, in-app messages, appointment reminders, notifications, feedback, survey responses, complaint records, call or meeting metadata, and communications with users, professionals, enterprise administrators, or support teams.

3.9 Device, Log, Security, and Usage Information

We may collect IP address, user agent, device information, browser type, operating system, pages viewed, timestamps, referring URLs, session metadata, approximate location inferred from IP or browser settings, error logs, security logs, event analytics, and diagnostic information.

3.10 Cookies, Local Storage, and Similar Technologies

We use cookies and browser storage for authentication, localization, security, referral attribution, analytics, feature operation, and user experience. Examples may include session cookies, stale-session clearing, referral cookies, session-storage analytics identifiers, supplement draft storage, duplicate view-count prevention, and referral-code storage.

3.11 Information From Third Parties

We may receive information from authentication providers, payment processors, mobile money providers, email providers, cloud infrastructure providers, analytics systems, professional verification sources, enterprise customers, referral partners, and users who invite, refer, review, message, or interact with you.

4. How We Use Information

We use information to:

  • provide, operate, personalize, secure, and improve the Platform;
  • create and manage accounts, sessions, profiles, dashboards, roles, and permissions;
  • generate nutrition recommendations, food safety checks, AI outputs, Personal Health Blueprint reports, risk scores, and enterprise insights;
  • connect patients with nutrition professionals and manage consultations, messaging, appointments, notes, reviews, and reminders;
  • verify professional credentials, manage storefronts, route leads, administer tiers, process reviews, and support practitioner operations;
  • process payments, subscriptions, refunds, mobile money transactions, taxes, payouts, commissions, chargebacks, and fraud checks;
  • provide customer support, compliance support, security monitoring, audit logs, and dispute resolution;
  • send transactional emails, reminders, verification messages, password reset messages, report-ready notices, and service updates;
  • analyze usage, performance, reliability, errors, conversions, referrals, storefront views, feature adoption, and business metrics;
  • develop, test, debug, train, evaluate, and improve products, workflows, AI prompts, models, analytics, and safety systems, using de-identified or aggregated data where appropriate;
  • comply with laws, enforce terms, protect rights, prevent harm, investigate fraud, and maintain platform integrity.

5. AI Processing

PushNcare may use AI systems, including Google Gemini, Vertex AI, and related AI infrastructure, to support food search, food scanning, health-profile reasoning, nutrition guidance, report generation, enterprise reporting, practitioner tools, and content generation.

When feasible, we reduce unnecessary direct identifiers before AI processing. For example, certain assessment workflows may hash or encrypt contact information and sanitize selected free-text fields before AI calls. However, AI features may still process health-related, nutrition, preference, country, lifestyle, and context information needed to produce outputs.

You should not submit information you do not want processed by AI-enabled systems. AI outputs may be inaccurate or incomplete and should be reviewed by qualified professionals where appropriate.

6. Legal Bases for Processing

Depending on your location and applicable law, we process information under one or more of the following legal bases:

  • performance of a contract with you;
  • your consent or explicit consent;
  • our legitimate interests, including platform operation, security, fraud prevention, product improvement, analytics, and business administration;
  • compliance with legal obligations;
  • protection of vital interests in limited safety circumstances;
  • establishment, exercise, or defense of legal claims;
  • public interest or health-related grounds where applicable and lawful.

You may withdraw consent where processing is based on consent, but withdrawal will not affect processing already performed and may limit Platform functionality.

7. How We Share Information

We may disclose information to the following categories of recipients:

7.1 Users and Professionals

We may share relevant patient, appointment, message, assessment, nutrition, profile, and consultation information with the nutritionist, dietitian, or professional you select, are assigned to, book with, or communicate with through the Platform.

Professional profile information, storefront content, ratings, reviews, public bios, banners, videos, fees, availability, and selected credentials may be publicly visible depending on settings and feature configuration.

7.2 Enterprise Customers

For enterprise features, we may share dashboards, reports, audit outputs, aggregated analytics, and de-identified or limited data with the organization that purchased or administers the service. We do not intend enterprise features to expose individually identifiable employee health information unless the feature, contract, law, and notices permit it.

7.3 Service Providers and Infrastructure

We may share information with vendors that help us operate the Platform, including Google Cloud, Firebase, Firestore, Cloud SQL/PostgreSQL, BigQuery, Cloud Storage, Secret Manager, Cloud Run, SendGrid, Stripe, PawaPay, Google AI services, analytics providers, monitoring providers, security providers, support tools, and other subprocessors.

7.4 Payment and Mobile Money Providers

We share transaction and payment information with Stripe, PawaPay, mobile money providers, card networks, banks, and payout partners to process payments, subscriptions, refunds, chargebacks, reconciliation, fraud prevention, and compliance checks.

7.5 Legal, Safety, and Compliance Recipients

We may disclose information to courts, regulators, law enforcement, tax authorities, professional bodies, payment networks, auditors, advisors, insurers, counterparties, and other parties where we believe disclosure is required or appropriate to comply with law, enforce terms, prevent fraud, protect safety, respond to legal process, or defend rights.

7.6 Business Transfers

We may disclose or transfer information as part of a merger, acquisition, financing, restructuring, bankruptcy, sale of assets, diligence process, corporate transaction, or transfer of service operations.

7.7 With Consent or Direction

We may share information when you consent, direct us, use sharing features, create public links, invite others, connect third-party services, or otherwise request disclosure.

8. Cookies and Tracking Choices

We use strictly necessary cookies for authentication and security, functional cookies or storage for preferences and referrals, and analytics mechanisms for product performance and usage measurement.

Examples include:

  • session cookies for authentication and route protection;
  • referral attribution cookies that may persist for up to 30 days;
  • session-storage identifiers for analytics grouping;
  • browser storage for temporary drafts or duplicate-event prevention.

Browser settings may allow you to block cookies or clear storage, but some Platform features may not work properly if cookies or storage are disabled.

9. Data Security

We use administrative, technical, and organizational safeguards designed to protect information, including access controls, authentication, role-based permissions, encryption in transit, selected encryption at rest, AES-256-GCM encryption for certain assessment contact fields, hashing for selected lookup fields, Secret Manager for sensitive credentials, logging, monitoring, backups, and cloud security controls.

No method of transmission, storage, or processing is completely secure. We cannot guarantee absolute security. You are responsible for protecting account credentials, devices, public links, and any information you choose to share.

10. Data Retention

We retain information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Platform, maintain accounts, support users, generate and preserve reports, process payments, administer professional relationships, comply with law, resolve disputes, prevent fraud, maintain audit trails, enforce agreements, and protect rights.

Retention periods may vary by data type. For example:

  • account and profile data may be retained while your account is active and for a reasonable period afterward;
  • payment, tax, invoice, payout, refund, and chargeback records may be retained as required by financial, tax, and compliance obligations;
  • security logs and audit events may be retained to protect platform integrity;
  • Personal Health Blueprint reports, assessment events, and public access records may be retained to support delivery, auditability, and dispute resolution;
  • de-identified, anonymized, or aggregated data may be retained indefinitely where lawful.

When deletion is requested, we may delete, de-identify, anonymize, or restrict data unless retention is required or permitted by law, contract, legitimate interests, safety, security, compliance, or dispute needs.

11. International Data Transfers

PushNcare is incorporated in the United States and operates with cloud, AI, email, payment, and infrastructure providers that may process information in the United States, Africa, Europe, or other countries. Your information may be transferred to and processed in countries that may have different data-protection laws than your country.

Where required, we rely on appropriate safeguards such as contracts, data processing agreements, standard contractual clauses, adequacy mechanisms, consent, or other lawful transfer mechanisms.

12. Your Privacy Rights

Depending on your location, you may have rights to:

  • access personal information;
  • correct inaccurate information;
  • delete information;
  • restrict or object to processing;
  • withdraw consent;
  • receive a portable copy of certain information;
  • opt out of certain marketing communications;
  • opt out of certain sales, sharing, targeted advertising, or profiling where applicable;
  • lodge a complaint with a data protection authority.

To exercise rights, contact privacy@pushncare.com. We may verify your identity before responding. We may deny or limit requests where permitted by law, including where information is needed for security, legal claims, professional obligations, payment records, audit logs, fraud prevention, or contractual performance.

13. Marketing and Communications

We may send transactional messages, service notices, account alerts, payment notices, verification emails, reminders, report-ready emails, support responses, and administrative communications. These are not marketing and may be necessary to provide the Platform.

We may send marketing communications where permitted by law or with consent where required. You can opt out of marketing emails by using unsubscribe links or contacting support. Opting out of marketing does not stop transactional or service messages.

14. Children's Privacy

The Platform is not intended for children under 13. Users under 18 may use the Platform only with involvement and authorization of a parent or legal guardian where permitted by law. We do not knowingly collect information from children under 13 without required consent. If you believe a child has provided information improperly, contact privacy@pushncare.com.

15. Public and Shared Information

Some Platform features may make information public or shared, including professional storefronts, public bios, reviews, ratings, banners, videos, profile pages, share links, referral links, and public access tokens. Information you make public may be indexed, copied, saved, or shared by others.

Use caution before sharing public report links, assessment links, screenshots, health information, or professional profile information.

16. De-Identified and Aggregated Data

We may create and use de-identified, anonymized, aggregated, or statistical data for analytics, research, product development, AI evaluation, enterprise insights, benchmarking, reporting, and business purposes. We will not attempt to re-identify de-identified data except as permitted by law, for validation, security, or compliance.

17. Region-Specific Notices

17.1 European Economic Area, United Kingdom, and Switzerland

Where GDPR or similar laws apply, PushNcare may act as a controller for account, platform, payment, professional, and direct service data, and as a processor or service provider where we process data on behalf of an enterprise customer under a separate agreement.

You may have rights to access, correction, deletion, restriction, objection, portability, and complaint to a supervisory authority.

17.2 California and Similar U.S. State Laws

Where applicable, you may have rights to know, access, correct, delete, and opt out of certain processing. PushNcare does not sell personal information for money. Some analytics, referral, or advertising-related disclosures may be considered "sharing" or targeted advertising under certain laws; where required, we will provide applicable choices.

17.3 African Data Protection Laws

Where laws such as POPIA, NDPR, Kenya Data Protection Act, or similar African data protection laws apply, we process personal information according to applicable principles of lawful processing, purpose limitation, security safeguards, data subject participation, and cross-border transfer requirements.

18. Third-Party Websites and Services

The Platform may link to third-party websites, app stores, payment pages, mobile money flows, social platforms, maps, professional websites, or embedded services. We are not responsible for their privacy practices. Review their policies before providing information.

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Updated versions are effective when posted unless a later date is stated. Material changes may be communicated by email, in-app notice, website notice, or other reasonable means.

Your continued use of the Platform after an update means you acknowledge the updated Privacy Policy.

20. Contact Us

For privacy questions, rights requests, or complaints:

PushNcare, Inc.

  • Privacy: privacy@pushncare.com
  • Legal: legal@pushncare.com
  • Support: support@pushncare.com
  • Address: 1111B S Governors Ave, STE 27833, Dover, DE 19904, United States

If you contact us, we may need to verify your identity and account relationship before acting on your request.

Privacy Policy