Privacy Policy

CaraDaily is a wellness tracking and coaching application designed for people managing Hashimoto's disease. We are committed to protecting your privacy and being transparent about how we handle your information. This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights as a user.

CaraDaily is operated by Defiance Street Collective, LLC, an Ohio limited liability company. By using CaraDaily you agree to the practices described in this policy.

2.1 Account Information

When you create an account we collect your email address and a hashed password. We do not store your password in plain text.

2.2 Health-Adjacent Information You Voluntarily Provide

CaraDaily is a self-reporting wellness tool. All health-related data you enter is voluntarily provided by you. This includes:

• Daily symptom logs including symptoms, their severity, and how you felt
• Trigger food logs
• Energy levels, stress levels, sleep duration and quality, weight, and exercise
• Supplement and medication adherence
• Lab values you manually enter such as TSH, T3, T4, TPO antibodies, vitamin D, ferritin, and B12
• Wellness habit tracking and experiment participation
• Onboarding questionnaire responses including diagnosis duration, medication status, and lifestyle information
• Free text notes you choose to write

This information is considered health-adjacent personal information. We treat it with the highest level of care and it is never sold, rented, or shared with third parties for advertising or marketing purposes.

2.3 Automatically Collected Technical Information

When you use CaraDaily we automatically collect certain technical information including:

• Your device timezone for accurate notification timing
• Push notification subscription data if you enable notifications
• App usage patterns for improving the service
• Session information and authentication tokens

2.4 Payment Information

If you subscribe to CaraDaily Pro, payment is processed by Stripe, a third-party payment processor. CaraDaily does not store your credit card number or full payment details. We receive and store only your Stripe customer ID, subscription status, and billing period information. Stripe's privacy policy governs their handling of your payment data and can be found at stripe.com/privacy.

3.1 To Provide the Service

Your health-adjacent data is used exclusively to power CaraDaily's core features: generating personalized pattern insights, enabling Cara's AI coaching responses, tracking your wellness habits and experiments, and displaying your history and trends.

3.2 Statistical Pattern Detection

CaraDaily uses statistical analysis including Benjamini-Hochberg false discovery rate correction to identify patterns in your self-reported data. These patterns are derived solely from your own data and are presented as observational correlations, not medical conclusions. All pattern detection runs on data you have voluntarily entered.

3.3 Cara AI Coaching

When you interact with Cara, our AI coaching feature, your recent log data, symptom history, experiment results, and onboarding information are sent to Anthropic's API to generate personalized responses. Anthropic processes this data according to their privacy policy available at anthropic.com/privacy. We send only the data necessary to generate a relevant coaching response.

3.4 Push Notifications

If you enable push notifications, your push subscription endpoint is stored to deliver morning and evening check-in reminders. We use your timezone to send notifications at appropriate local times. We never send marketing messages through push notifications.

3.5 Service Improvement

We may use aggregated and anonymized data, meaning data that cannot be traced back to any individual user, to understand how CaraDaily is being used and to improve the service. No individual health data is used in this process.

3.6 Legal Compliance

We may use or disclose your information if required to do so by law, court order, or governmental authority, or if we believe in good faith that such use or disclosure is necessary to protect the rights, property, or safety of CaraDaily, our users, or the public.

CaraDaily does not sell, rent, or trade your personal information to third parties. We share data only in the following limited circumstances:

4.1 Service Providers

We use the following third-party service providers who may process your data as necessary to deliver the service:

• Supabase: Secure database hosting and authentication infrastructure
• Anthropic: AI language model processing for Cara coaching responses
• Stripe: Payment processing for CaraDaily Pro subscriptions
• Lovable: Application hosting infrastructure

Each of these providers is contractually required to protect your data and may only use it to provide services to CaraDaily, not for their own purposes.

4.2 Legal Requirements

We may disclose your information to comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

4.3 Business Transfers

If CaraDaily or Defiance Street Collective, LLC is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice within the app before your information is transferred and becomes subject to a different privacy policy.

We implement industry-standard security measures to protect your information including encrypted data transmission using HTTPS, row-level security on our database so only you can access your own data, hashed password storage, and authentication token management.

No method of electronic storage or transmission is 100 percent secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security. If you believe your account has been compromised, please contact us immediately at privacy@caradaily.com.

We retain your data for as long as your account is active or as needed to provide the service. If you request account deletion we will delete your personal health data within 30 days of receiving the request. Some information may be retained longer if required by law or for legitimate business purposes such as resolving disputes or maintaining financial records.

7.1 Access

You can access your logged data at any time through the CaraDaily app. Your history, symptom logs, lab entries, and experiment results are always visible to you.

7.2 Correction

You can edit or update your profile information and logged data at any time within the app.

7.3 Deletion

You have the right to request deletion of your account and all associated personal data. To request deletion, email privacy@caradaily.com with the subject line Account Deletion Request from the email address associated with your account. We will process your request within 30 days and confirm when deletion is complete.

Please note that deletion is permanent and irreversible. All your health logs, insights, experiment history, and Cara conversation data will be permanently deleted and cannot be recovered.

7.4 Notification Preferences

You can enable or disable push notifications at any time through the Settings screen in the app or through your device settings.

7.5 Subscription Cancellation

You can cancel your CaraDaily Pro subscription at any time through the Manage Subscription screen in the app. Cancellation takes effect at the end of your current billing period. No refunds are provided for partial billing periods.

CaraDaily is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18 without parental consent, we will take steps to delete that information promptly. If you believe we have collected information from a child under 18, please contact us at privacy@caradaily.com.

CaraDaily is a wellness tracking and lifestyle coaching tool. It is not a medical device, does not provide medical advice, and is not a substitute for professional medical care. The pattern insights, Cara AI coaching responses, and evidence library content in CaraDaily are for informational and educational purposes only.

Nothing in CaraDaily should be interpreted as a diagnosis, treatment recommendation, or medical opinion. Always consult a qualified healthcare provider before making changes to your health routine, medications, or treatment plan.

We may update this Privacy Policy from time to time. When we make material changes we will notify you by email to the address associated with your account and by displaying a prominent notice in the app. The effective date at the top of this policy will reflect when the most recent changes were made. Your continued use of CaraDaily after changes are posted constitutes your acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

This Privacy Policy was last updated on April 24, 2026.