Privacy

What we collect

At the website stage, three captures exist. Each is tied to an explicit action you take.

Waitlist signups

When you join the waitlist (from the home page footer, the /companion page, or the closing module of a Pattern Report), we capture your email address. The capture is tagged in Drip with waitlist and, when relevant, your pattern (for example waitlist + metabolic) so we can send segmented updates.

Pattern Report email captures

When you save a Pattern Report as PDF, request it by email, or send it to your doctor, we capture your email and the 12 assessment answers that produced the Report. The capture is tagged in Drip with pattern_report and the pattern (for example pattern_report + metabolic).

Inline chat questions

When you submit a question via the inline chat on /knowledge, we capture your email and the question text so that a human can author and send a real answer back within 24 hours. The capture is tagged in Drip with chat_question. The text of your question may be reviewed internally to identify topics that need coverage; if it informs an article, it is anonymized first.

Technical data

Standard web server logs capture IP address, user agent, referrer, and timestamps for security and abuse prevention. We do not use these for advertising or for profiling individuals.

What we do not collect

The companion product is not live. The following are explicitly not collected at the website stage:

• Payment data. Nothing on cyster.app charges money in Drop 1.
• iMessage, SMS, or any conversation content. The companion’s text-thread surface does not exist yet.
• Wearable data. No HealthKit, ring, watch, CGM, or other device integration.
• Photos or video. No image upload, no skin-tracking, no progress photos.
• AI conversation history or AI inference data. The inline chat answer is human-authored, not generated by an AI. Your question is not fed into any AI model.
• Health record data. No EHR connection, no insurance data, no lab portal data.
• Location data beyond IP. No GPS, no precise location.
• Cookies for advertising or profiling. See Section 9.

If and when any of the above ships (most likely as part of the Drop 3 companion launch), this notice will be updated and you will receive an explicit consent prompt before any new data category is processed. We do not retroactively expand scope.

How we use the data

Each capture has a single, named purpose tied to your action.

• Waitlist emails: to send you slow build-in-public updates (every one to two weeks), the launch announcement when the companion ships, and priority for any private beta opportunities. You can unsubscribe at any time from any email.
• Pattern Report captures: to send you the saved Pattern Report or email it to your designated recipient. To send segmented nurture emails relevant to your pattern (with the same unsubscribe rights). To improve the Pattern Report editorially over time (assessment answers may be analyzed in aggregate; never republished or shared individually).
• Inline chat questions: to author and send a real answer back. To identify recurring topics so we can write the next article. To improve the chat surface itself.
• Technical data: to keep the site running, to detect abuse, and to fix bugs.

We do not use any of the above for advertising, lead generation outside Cyster, behavioral profiling, or sale of data. None of this data is shared with third-party data brokers.

Sharing and third parties

The only third parties that touch your data at Drop 1 are processors we use to operate the site. We do not sell data. We do not exchange data with data brokers, advertisers, or aggregator services.

• Drip (email service provider) stores email captures, segmentation tags, and sends nurture emails. Drip is bound by a data processing agreement and processes data on our instructions.
• Hosting provider (the platform serving cyster.app) handles web traffic. No application data is stored beyond standard server logs.
• Legal disclosure may be required by court order, subpoena, or other lawful process. We will notify affected users where legally permitted.

If a third party is added (for example, a privacy-respecting analytics tool, or a future Drop’s clinical-content reviewer), this notice is updated and the new processor is named.

Where the data lives

Cyster Inc. is a Canadian company operating from Toronto, Ontario.

Drip stores data on infrastructure that may be located in the United States or other Drip-supported regions. If you are a resident of the EU, UK, or a jurisdiction with cross-border restrictions on sensitive data, Drip’s contractual mechanisms (Standard Contractual Clauses for the EU; equivalent mechanisms for the UK and other jurisdictions) apply to the transfer.

Cyster will, where Drop 3 ships features that process sensitive health information (companion data, wearable data, AI inference), introduce data-residency options aligned with applicable law (Quebec Law 25 residency provisions; GDPR Article 9 special-category protections; MHMDA for Washington residents). The website-stage data captures listed in Section 1 are not in special-category health data scope for most jurisdictions; we still treat them with the same care.

Your rights

You have rights to the data we hold about you. They vary slightly by region, but Cyster honors the strongest applicable set for every user, not just the legally required minimum for your jurisdiction.

Universal rights (anyone, any region)

• Access: request a copy of the data we hold about you.
• Correction: ask us to fix anything inaccurate.
• Deletion: ask us to delete your data. We will, except where retention is legally required (see Section 7).
• Unsubscribe: from any email, at any time, via the link in every email.
• Object: to specific uses of your data.

Region-specific rights

• EU and UK (GDPR Article 9): data portability, right to restriction, right to lodge a complaint with your supervisory authority.
• Canada (PIPEDA + provincial laws): right to access and challenge accuracy; complaint to the Office of the Privacy Commissioner of Canada.
• Quebec (Law 25): additional consent specificity; the right to a privacy impact assessment for transfers; designated privacy officer (named in Section 12).
• California (CCPA / CPRA): the right to know categories of data sold or shared (we sell or share none); the right to limit use of sensitive personal information.
• Washington (MHMDA): consent before any future collection of consumer health data; right to delete; right to confirm any sharing (we share none).
• Other US states with sensitive-data laws: rights honored at parity with CCPA / MHMDA.

To exercise any of these, email privacy@cyster.app. We respond within 30 days (or sooner where local law requires).

Retention

We retain data only as long as the purpose requires.

• Waitlist emails: until you unsubscribe or for two years from your last engagement, whichever comes first.
• Pattern Report captures: emails retained on the same schedule as waitlist. The 12 assessment answers tied to your email are retained until you request deletion or for two years from capture, whichever comes first. Aggregated, anonymized data may be retained longer for editorial improvement.
• Inline chat questions: question text and email retained for 12 months after the answer is sent, then archived (email removed, question retained anonymized for editorial pattern detection).
• Server logs: 90 days, then deleted.

You can shorten any retention period by emailing privacy@cyster.app.

Children and minors

Cyster is built for adults. The website is not directed at children under 18. We do not knowingly collect data from anyone under 16 (or your local age of digital consent if higher).

Adolescent PMOS has different diagnostic and care considerations and is not within Cyster’s current editorial scope. If you believe a minor has submitted data through Cyster, contact privacy@cyster.app and we will delete it.

Cookies and analytics

At Drop 1, cyster.app uses essential cookies only. No advertising cookies. No third-party tracking pixels. No cross-site profiling.

We do not currently use a behavioral analytics tool (no Google Analytics, no Mixpanel, no Hotjar). If that changes, we will use a privacy-respecting tool (no cross-site tracking, IP anonymization, no third-party data sharing), name it in this section, and offer an opt-out before any analytics ship.

Security

Data in transit is encrypted (HTTPS site-wide). Drip encrypts data at rest. Access to capture data is restricted to Cyster team members who need it for the purpose described above.

We will notify you within 72 hours of becoming aware of any data breach affecting your data, where notification is legally required or where the breach poses a meaningful risk to you.

Changes to this notice

We update this notice when scope changes (for example, when the Drop 3 companion launches and new data categories enter). We will:

• Update the Last updated date at the top.
• Email anyone on our list before any material change takes effect.
• Where consent is required (for example, new sensitive data categories), request your active consent before processing under the new scope.

Historical versions of this notice are archived and available on request.

Contact us

For privacy questions, requests, or complaints:

• Email: privacy@cyster.app
• Privacy officer (Quebec Law 25 designate): Arushi (founder), arushi@cyster.app
• Mailing address: Cyster Inc., Toronto, Ontario, Canada. Full address available on request.

If you have raised a concern and are not satisfied with our response, you may contact:

• Canada: Office of the Privacy Commissioner of Canada (priv.gc.ca)
• Quebec: Commission d’accès à l’information du Québec
• EU / UK: your national data protection authority
• California: California Privacy Protection Agency
• Washington: Washington State Attorney General’s Office