Privacy
Outliyr Privacy Policy
Plain-English details on what Outliyr collects, why we use it, who processes it, how long we keep it, and how to delete your account.
Last updated: June 5, 2026
Summary
Outliyr helps you organize personal performance data, including health-related information you choose to enter or connect. We use that data to run the dashboard, generate insights, support experiments, handle billing, keep the service secure, and respond to support requests.
We do not sell your personal information. We do not share it for cross-context behavioral advertising. For privacy requests, use support@outliyr.com.
- We never sell your data. Not to advertisers, not to data brokers, not to insurers.
- Sensitive fields are encrypted at rest. First name, last name, date of birth, voice features, transcripts, and biomarker values are sealed with our PII pepper before storage.
- Voice audio is discarded right after extraction. The raw recording lives only long enough for the worker to compute features, then it is deleted from temporary storage.
- Account deletion is real. 90-day grace period to change your mind, then a hard wipe of dashboard records.
Data we collect
| Category | Examples | Purpose |
|---|---|---|
| Account | Name, email, login identifiers, preferences, consent records | Create your account, authenticate you, save settings, prove consent |
| Health-related | Wearable metrics, labs you upload, stack entries, symptoms, journal notes, experiment logs, birth month and year | Power the dashboard, trends, Personal Scientist, Insights, reminders, and self-experimentation workflows |
| Billing | ThriveCart customer and order records, subscription status, plan, invoices, payment events | Manage subscriptions, founder pricing, refunds, disputes, tax, and revenue records |
| Device and usage | App events, feature use, error logs, IP-derived security signals, browser or device metadata | Keep the app reliable, protect accounts, debug issues, and improve product quality |
| Support and communications | Emails, support requests, survey answers, referral and invite activity | Answer requests, send transactional messages, manage referrals, and improve onboarding |
How we use data
- Provide the Outliyr dashboard, mobile app, experiments, insights, notifications, and weekly digest.
- Process billing, subscription status, refunds, tax, and fraud checks through ThriveCart, our payment processor.
- Generate AI-assisted summaries, recommendations, and experiments when you use AI features.
- Secure the service, investigate abuse, debug errors, and maintain audit trails.
- Send transactional messages, product updates you opted into, and support replies.
Voice audio
When you record a Daily Pulse voice capture, the audio file is uploaded to a temporary, time-limited storage bucket on our edge network. A backend worker downloads it, decodes it to PCM for analysis, runs feature extraction (vocal stamina, clarity, composure, expression, resonance), and posts only the numeric features back to your account.
The original audio file is then deleted in two places at once: the worker's working directory is discarded automatically when the job finishes, and the source object in temporary storage is deleted as soon as the features land. We do not keep raw voice recordings. We do not run voice identification, voiceprints, or any biometric matching against your audio.
Optional voice transcripts are a separate opt-in from voice capture itself. When you turn transcripts on, the transcribed text is encrypted at rest using the same per-record sealing helpers used for other sensitive fields. Transcripts are scrubbed of obvious direct identifiers before any AI provider sees them.
Processors and recipients
We share data with service providers only as needed to operate Outliyr. Typical recipients include ThriveCart for billing, email providers for transactional and opted-in email, hosting and backup providers, analytics or logging tools, connected wearable or lab services you authorize, and AI providers used for generation.
Connected services process data under their own terms. Disconnecting a service in Outliyr stops our future access where the integration allows it, but it does not delete records that the connected service must keep in its own account or compliance systems.
AI provider disclosure
Outliyr uses AI providers to help summarize data, draft recommendations, parse uploaded context, and support Personal Scientist or Insights features. We minimize the payload where practical, scrub obvious direct identifiers from prompts where the feature allows it, and prefer provider settings that limit training and retention.
For OpenRouter, Outliyr is configured to request no prompt retention and to deny provider data collection where supported. Some downstream model providers may have their own technical limits, routing behavior, or abuse-prevention logs. Do not enter information you do not want processed by AI providers.
Retention
Active account data is kept while your account exists. Per-category retention differs from the default in the cases below.
| Category | Retention |
|---|---|
| Voice audio (raw recordings) | Discarded immediately after feature extraction, typically within seconds. Never stored long-term. |
| Voice features and Pulse history | Kept for the life of your account. Deleted on account hard-delete. |
| Voice transcripts (opt-in only) | Kept while opt-in is active. Scrubbed before any AI call. Deleted on opt-out or account hard-delete. |
| Wearable, lab, and journal data | Kept for the life of your account. Deleted on account hard-delete. |
| Operational logs | ~90 days unless tied to an open account, billing, security, or incident-response thread. |
| Billing and audit records | Kept past 90 days when chargeback, tax, fraud, or legal obligations require it. ThriveCart holds billing artifacts under its own retention. |
| Disaster-recovery backups | Encrypted and rotated under the standard site + server backup schedule. Deleted records may remain in backups until rotation. |
Account deletion
You can request deletion inside the dashboard under Me, Privacy & Account, Delete my account. The account enters a 90-day soft-delete grace period immediately.
- Dashboard access locks immediately.
- Profile PII and BYO provider keys we control are removed immediately.
- Cancellation at period end is requested with the payment processor for active subscriptions. Admins can separately prorate or issue a refund when appropriate.
- Hard deletion is scheduled 90 days after the request unless you cancel by emailing support@outliyr.com from your account email.
We keep records we are required or reasonably allowed to retain, including ThriveCart billing history, audit rows, tax records, security logs, legal holds, and data in disaster-recovery backups until backup rotation.
Your rights
Depending on where you live, you may have rights to access, correct, delete, export, or limit certain uses of your personal information. You can make a request at support@outliyr.com. We may need to verify that the request came from the account owner.
California residents can request access, correction, deletion, portability, and information about sharing. Outliyr does not sell personal information and does not share personal information for cross-context behavioral advertising as those terms are commonly used in California privacy law.
State addenda for health data
Washington residents may have rights under the Washington My Health My Data Act for consumer health data, including access, deletion, withdrawal of consent, and a list of categories of third parties or affiliates with whom data is shared.
Illinois residents may have rights around biometric identifiers and biometric information. Outliyr does not use face photos or other biometric identifiers to identify you unless a feature clearly asks for that data and obtains the required consent. If a feature later requires biometric consent, it will be presented before collection.
For Illinois and Washington launch gating, Outliyr may block or require extra consent for certain signups or features until the appropriate compliance flow is available.
Security
Outliyr keeps secrets out of source code, ships every connection over HTTPS, and rotates API keys for connected wearable and lab providers. Access controls are enforced server-side; no client can read another member's records.
Sensitive fields are encrypted at rest with a per-deployment pepper. The fields that pass through the sealing layer today include first name, last name, date of birth, voice features, voice transcripts (when opted in), bloodwork values, journal entries, and gratitude entries. The pepper is stored outside the database, so a database snapshot alone cannot decrypt these fields.
Passkeys and two-factor authentication are available on every account. You can enroll a passkey or an authenticator app (TOTP) under Me, then Settings, then Security, and passkeys can replace codes at sign-in.
Lifecycle events for accounts, billing, and admin actions write to an append-only audit log so we can investigate access claims without scrubbing the underlying tables. Backups are encrypted and rotated under the standard site and server schedule. No system is perfect, so use a unique password and keep your email account secure.
Children
Outliyr is not intended for children under 18. Do not create an account or upload another person's health data unless you are allowed to do so.
Changes
We may update this policy as the product changes. The updated date above shows the current version.
Contact
Privacy and deletion requests: support@outliyr.com
Outliyr, United States