mybmi.ai
How Sisu worksPricingGuidesFAQ
Wellness
Weight managementHair & scalpLongevity & energyIntimacy & confidenceMetabolic healthSkin & dermatologySleep & recoveryWomen's healthMental wellness
Start free →

Last updated: May 17, 2026

Privacy Policy

mybmi.ai ("we," "our," or "us") is operated by Arrays Global LLC, a limited liability company with offices in Brownsburg, Indiana. We respect your privacy and are committed to protecting your personal information. This Privacy Policy explains what we collect, how we use it across our nine wellness categories, and the choices you have.

By using mybmi.ai or Sisu (collectively, the "Service"), you agree to the practices described here. If you do not agree, please do not use the Service.

1. What We Collect

1.1 Information You Provide

  • BMI calculator inputs: Height, weight, age, sex assigned at birth.
  • Eligibility quiz inputs: Self-reported health conditions (e.g., diabetes, hypertension, sleep apnea, PCOS, hair loss pattern, skin concerns).
  • Sisu profile data: Goals, dietary preferences, cuisine preferences (Pro), sleep patterns, activity level, lifestyle context, and conditions across the nine wellness categories you choose to share.
  • Daily check-in data: Weight, mood, sleep, activity, meals, hair/skin photos (if you opt in), and any other inputs you provide to Sisu.
  • Email address: Only if you create an account or voluntarily submit it to receive resources.
  • Voice data (Premium tier only): If you use voice conversation with Sisu, audio is processed for transcription and immediately discarded — we do not retain raw audio.
  • Communications: Any messages you send us via email, support, or contact forms.

1.2 Information Collected Automatically

  • Usage data: Pages viewed, time on page, navigation paths, browser type, device type, screen resolution.
  • IP address: For approximate geolocation (state-level only) and fraud prevention.
  • Cookies and similar technologies: See Section 5.
  • Wearable device data (opt-in): If you connect Oura, Whoop, Apple Watch, Garmin, Fitbit, or similar devices, Sisu reads sleep stage, heart rate variability, activity, and sleep timing data via the device's API. You control the connection from settings.

1.3 Information We Do NOT Collect

  • We do not collect your name unless you provide it.
  • We do not collect medical records, insurance information, lab results, or any data classified as Protected Health Information (PHI) under HIPAA unless you explicitly upload it for context.
  • We do not collect financial account numbers or credit card information directly — payments are processed by Stripe.
  • We do not collect minors' data — the Service is for users 18 and older.

1.4 Anonymous Eligibility Session Data

When you complete our eligibility check, we may store the following data in a temporary anonymous session record, keyed by a randomly generated identifier (UUID) with no link to your identity:

  • BMI, BMR, TDEE, and estimated body fat range
  • Age, sex, height, and weight (self-reported)
  • Activity level and selected health conditions
  • Eligibility result

This data is used solely to deliver a paid product report if you purchase one, and to bridge the checkout flow between our site and Stripe. Unconverted anonymous sessions automatically expire after 30 days. Sessions associated with a purchase are retained to support report re-access and refund processing.

We do not sell or share this data. No name or email is required to create a session. If you provide an email during checkout, it is linked to the session for product delivery and, if you consent, for our email nurture series.

2. How We Use Your Information

  • To calculate your BMI, BMR, TDEE, and body fat estimates.
  • To provide Sisu coaching across the nine wellness categories.
  • To route you to relevant US-licensed telehealth partners if you qualify and choose to view recommendations.
  • To send you the resources you requested (e.g., category-specific guides).
  • To improve the Service, including analyzing aggregate usage patterns.
  • To detect and prevent abuse, fraud, or security threats.
  • To comply with legal obligations.

We do not sell your personal information. We do not use your individual data to train third-party machine learning models. AI inference for Sisu coaching is performed using anonymous session context — your account is not used to fine-tune external models.

3. How We Share Your Information

3.1 Telehealth Partners (Affiliate Links)

When you click through to a licensed telehealth provider from Sisu's routing, you leave mybmi.ai and enter that provider's website. We pass along an anonymous tracking identifier (a UUID we generate just for the click) so the partner can credit us if you sign up. We do not transmit your name, email, BMI, weight, age, health conditions, or anything Sisu has coached you on to partners.

Once you are on the partner's site, you are subject to their privacy policy. We are not responsible for their data practices. We recommend reviewing each partner's privacy policy before submitting personal information to them.

3.2 Service Providers

We share information with third-party service providers that help us operate the Service:

  • Supabase — database hosting (US-based, SOC 2 Type 2)
  • Vercel — application hosting (US-based)
  • Anthropic / OpenAI — AI model inference for Sisu coaching (no individual user data retention by these providers under their API terms)
  • Resend — transactional email delivery
  • PostHog — product analytics (anonymized event data only)
  • Stripe — payment processing (Pro, Premium, Founder Lifetime)
  • Google Search Console / Google Analytics — SEO and aggregate traffic analytics
  • Katalys / RevOffers — affiliate tracking network (receives anonymous click identifiers only)

3.3 Legal Requirements

We may disclose information if required by law, subpoena, or court order, or if necessary to protect our rights, property, or safety, or that of others.

3.4 Business Transfers

If we are acquired, merged, or sell our assets, your information may be transferred as part of that transaction. You will be notified by email and via a prominent notice on the Service before such a transfer.

4. Your Choices and Rights

You have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request that we correct inaccurate information.
  • Deletion: Request deletion of your personal information.
  • Export: Download your data in JSON format from account settings.
  • Disconnect wearables: Revoke device connections from settings at any time.
  • Opt-out of marketing: Unsubscribe from emails using the link in every email.
  • Do Not Track: We honor browser-level Do Not Track signals where technically feasible.

To exercise any of these rights, email info@mybmi.ai. We will respond within 30 days.

For California Residents (CCPA / CPRA)

Under the California Consumer Privacy Act and California Privacy Rights Act, you have the right to know what personal information we collect, the right to delete it, the right to correct it, the right to limit use of sensitive personal information, and the right to opt out of any sale or sharing (we do not sell or share personal information for cross-context behavioral advertising). To exercise these rights, email info@mybmi.ai.

For EU/UK Residents (GDPR/UK GDPR)

Under the General Data Protection Regulation, you have additional rights including data portability, restriction of processing, and the right to object to processing. The lawful basis for our processing is your consent (which you can withdraw at any time) and our legitimate business interests (operating the Service). For health-related data, the lawful basis is your explicit consent.

5. Cookies and Tracking

We use the following types of cookies and tracking technologies:

  • Essential cookies: Required for the Service to function (e.g., remembering your theme preference, authentication tokens). Always active.
  • Analytics cookies (PostHog): Help us understand how users interact with the Service. Anonymous.
  • Affiliate tracking: When you click an affiliate link, a temporary identifier is passed to the partner's tracking network so we can be credited for the referral.

You can disable cookies via your browser settings, though some features may not work.

6. Data Retention

We retain personal information only as long as necessary:

  • BMI calculator data: Not retained server-side unless you create an account — calculation runs in your browser.
  • Account data (Sisu coaching context): Retained for the duration of your active account. Deleted within 30 days of account closure.
  • Check-in data: Retained for the duration of your account, and used aggregately for analytics. Individual deletion available on request.
  • Wearable data: Read on-demand from device APIs; not stored long-term beyond what coaching context requires.
  • Email addresses: Retained until you unsubscribe or request deletion.
  • Affiliate click logs: Retained for 18 months for fraud prevention and partner reconciliation.
  • Server logs: Retained for 90 days for security and operational purposes.

7. Security

We implement industry-standard security measures including encryption in transit (TLS 1.3), encryption at rest, role-based access controls, and regular security audits. SOC 2 Type II audit is in progress. However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

8. Children's Privacy

mybmi.ai is intended for adults 18 and older. We do not knowingly collect personal information from minors. If you believe we have collected information from a minor, please contact us immediately at info@mybmi.ai and we will delete it.

9. International Users

Our Service is hosted in the United States. If you access the Service from outside the US, your information will be transferred to, processed, and stored in the United States, which may have different data protection laws than your country of residence. By using the Service, you consent to this transfer.

10. AI Coaching Disclosure

Sisu's responses are generated by AI models running on Anthropic and/or OpenAI infrastructure. These responses are based on your account context (what you've told Sisu, what you've logged) plus general training data. Individual user data is not used to fine-tune external AI models under our API agreements with these providers. The inference is per-session and your data does not persist on third-party AI infrastructure.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Material changes will be communicated via email (if you have provided one) or via a prominent notice on the Service. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

For any privacy-related questions or to exercise your rights:

Arrays Global LLC
Attn: Privacy
Email: info@mybmi.ai