Privacy policy (app)

FunctionalMe is committed to protecting your privacy and ensuring that you understand how your information is collected, used, and shared. This Privacy Policy explains how the FunctionalMe application collects, stores, processes, and shares information. This policy applies only to the FunctionalMe app and not to the FunctionalMe website.

FunctionalMe is operated by the joint data controllers listed below.

Data Controllers

Amy Coleman (Data Protection Officer)
Reid Angwin (Data Protection Officer)
FunctionalMe
670 W Boylston Street
Worcester, MA 01606
privacy@functionalme.app

FunctionalMe is intended only for individuals who are 18 years of age or older. Users under 18 are not allowed to create an account. Age verification is based on user attestation.

Users between 18 and 24 may use the app but the app is recommended primarily for individuals over 24.

FunctionalMe is not a medical device, does not provide medical care, and is not a substitute for professional treatment.

We collect information in the following categories when you visit or interact with the website.

Personal identifiers

• Name
• Email address
• Phone number
• Profile photo
• OAuth account information from authentication providers such as Google, Apple, or Microsoft

Demographic information

• Age
• Gender identity
• Racial identity
• City and state of residence

Sensitive information

• Health and mental health information
• Mood logs
• Symptom logs
• Vital sign information
• Pain levels
• Stress indicators
• Trauma-related information
• Educational information
• Information about psychiatric diagnoses or conditions
• Any self reported reflections, check ins, or wellness data

Device and technical information

• IP address
• Device type
• Operating system
• Browser version
• General device information necessary for fraud prevention

User generated content

• Journal entries
• Logs for meals and hydration
• Moods
• Goals
• Check-ins
• Tasks
• Routines
• Reflection entries
• Other entries created by the user

Future optional content

Imported or exported files when these features become available

Local storage and cookies

The app uses local storage, cookies, and analytics tools to support functionality, maintain session state, and improve performance.

App functionality

• Authenticating your account
• Saving your entries and activity
• Allowing you to access features
• Syncing your data across sessions

Feature improvement

• Understanding how users engage with features
• Improving functionality
• Fixing performance issues

Research

• FunctionalMe uses fully de-identified and aggregated data for research purposes.
• No human subjects research is currently conducted.
• If future research is considered human subjects research, FunctionalMe will obtain Institutional Review Board (IRB) approval before conducting the research.

AI-based features

• FunctionalMe uses a global opt in consent model for any features that use AI.
• You must choose to enable AI features before the app will send any of your entries or information to an AI processor.
• If you revoke consent, AI features are disabled.
• Sensitive information may be processed by AI only when you have opted in.
• FunctionalMe does not allow AI processors to train on identifiable user data.

Personalized insights

• Providing you with patterns, summaries, or correlations in your own data
• Helping you understand relationships between behaviors, entries, or symptoms

Compliance and safety

• Detecting fraud
• Maintaining secure access
• Responding to security incidents

FunctionalMe does not use any information you provide within the app for advertising or marketing inside or outside the app. Your information will only be used for outreach if you voluntarily sign up to receive updates, new feature announcements, or survey invitations.

FunctionalMe shares limited information in the following circumstances.

With your consent

If you choose to send your progress, check ins, or summaries to a trusted contact or provider, the app will generate the content and send it through your chosen method. This is user-directed sharing and is not done on behalf of any clinician or healthcare provider.

Service provision

• Google Firebase for authentication, data storage, and hosting
• Analytics providers such as Firebase Analytics and Google Analytics
• Crash reporting services
• Datadog (future)
• Payment processors (PayPal and Venmo) for donations or future institutional billing

If you submit a donation through PayPal or Venmo, those services will process your payment. Your payment information is handled according to the PayPal or Venmo privacy policies.

Legal requests

• When required by law, subpoena, or legal process
• When necessary to protect the rights, safety, or security of FunctionalMe or its users

Research

FunctionalMe may share de-identified and aggregated research data with academic partners, researchers, or institutions with user consent. No identifiable user information is ever shared for research.

FunctionalMe may allow users to add clinicians or providers as trusted contacts in the future.

FunctionalMe does not currently support clinician accounts and does not store or transmit information on behalf of any healthcare entity. This means FunctionalMe is not subject to HIPAA.

If future features require HIPAA compliance, FunctionalMe will update this policy and implement appropriate safeguards.

Access and Correction

You may view, modify, or correct your personal information within the app.

Data export

• Users may export their data in JSON, CSV, or PDF formats.
• Only information the user selects will be included in the export.

Account and data deletion

• You may request account and data deletion at any time.
• There is a 45 day grace period where you can reverse the deletion.
• You may opt out of the grace period.
• After the grace period expires, all data is permanently deleted.

Opting out of AI features

• You may disable AI features at any time.
• Revoking consent stops AI processing immediately.

California Privacy Rights

California residents have the right to opt out of the sale or sharing of personal information. FunctionalMe provides a Do Not Sell or Share My Information process and Global Privacy Control (GPC) browser signals.

FunctionalMe is intended only for use within the United States. Access from the European Union or European Economic Area is restricted and discouraged. FunctionalMe will geofence or block EU access to avoid GDPR processing obligations. If an EU user accesses the app despite these restrictions, FunctionalMe will delete the account upon discovery.

FunctionalMe uses industry standard security practices aligned with high level SOC 2 principles. Our security measures include:

• Encryption in transit
• Encryption at rest
• Access controls
• Audit logging
• Least privilege administrative access
• Secure Firebase configuration and rules
• Password hashing when applicable through OAuth providers
• Protection against unauthorized access

No system is completely secure, but FunctionalMe works to protect your information using industry standard methods.

FunctionalMe follows the California standard for breach notifications nationwide.
If a breach exposes personal information, users will be notified as quickly as possible and without unreasonable delay.

FunctionalMe retains user data while the account is active. If a user is inactive for one year, the account will be deactivated. Inactive user data is deleted 45 days after deactivation.

FunctionalMe may update this Privacy Policy as new features or legal requirements arise. When the policy changes, the date at the top will be updated and users will receive notice through the app and via email.

If you have questions about this policy or your privacy rights, please contact us.

Email

privacy@functionalme.app

Mail

FunctionalMe
670 W Boylston Street
Worcester, MA 01606