Privacy Policy

Last updated: June 2, 2026

Health Codex is a health and wellness journal made by Codex Labs. This policy explains, in plain language, what personal information we collect, how we use it, who we share it with, and the choices and rights you have over your data.

1. Scope and who we are

This Privacy Policy applies to the Health Codex mobile and web application and this website. Health Codex is operated by Codex Labs, a product line of Codex Corp, based in Vancouver, British Columbia, Canada ("Codex Labs," "we," "us," or "our").

We are the organization responsible for the personal information we collect through Health Codex. If you have questions about this policy or how we handle your data, contact us at privacy@codexcorp.ca.

2. Information we collect

Account information

When you create a Codex account, we collect your email address and, optionally, your name. If you secure your account with multi-factor authentication (MFA) or passkeys, we store the data needed to support those features. If you sign in with Google, we receive basic profile information (such as your email and name) from Google according to your Google permissions.

Health and wellness inputs

Health Codex exists to log what you choose to record. This may include food and meals, exercise and workouts, supplements, body metrics, wellness check-ins, mood and sleep notes, habits and streaks, hydration, and the goals and plans you build. You decide what to enter; we store it so the app can work for you.

Device and usage information

We may collect limited technical information such as app version, device type, operating system, and basic diagnostic or crash data to keep the service stable.

Website analytics

This website uses Google Analytics to understand aggregate traffic (such as page views and general location). Analytics data is used in aggregate and is not used to identify you personally.

3. How we use your information

• To provide, operate, and maintain Health Codex and your account.
• To store and display your logs, plans, recipes, targets, and progress.
• To power AI features that parse your entries and generate plans, recipes, insights, and targets (see our AI Policy).
• To secure your account and detect or prevent fraud and abuse.
• To improve and troubleshoot the service.
• To communicate with you about service-related matters.

4. Legal basis and consent

Under Canadian privacy law, we rely on your consent to collect, use, and disclose your personal information for the purposes described in this policy. By creating an account and entering information, you consent to the handling of that information as set out here. Because health information is sensitive, we treat it with a correspondingly high standard of care. You may withdraw your consent at any time, subject to legal and contractual limits, by contacting us or deleting your account.

5. AI processing of your inputs

Some Health Codex features use artificial intelligence to interpret natural-language entries and to generate plans, recipes, insights, and targets. To do this, relevant entry text and related context may be sent to AI service providers for processing. AI outputs are automated and informational only. For full details, including what data is sent and our stance on training, see our AI Policy.

6. Service providers and data sharing

We share personal information only with service providers that help us operate Health Codex, and only as needed:

• Supabase — for database hosting, authentication, and file storage.
• AI provider(s) — to process inputs and generate AI features.
• Google — for Google sign-in and for website analytics.

7. International data transfers

Our service providers may store or process data on servers located outside of British Columbia or Canada, including in the United States. When data is handled outside Canada, it may be subject to the laws of those jurisdictions, including lawful access by foreign authorities. We take reasonable steps to ensure your information receives a comparable level of protection wherever it is processed.

8. Data retention

We keep your personal information for as long as your account is active or as needed to provide the service. If you delete your account, we delete or de-identify your personal information within a reasonable period, except where we must retain it to meet legal, accounting, or security obligations.

9. Security

We use technical and organizational safeguards to protect your information, including encryption in transit and at rest, and account-security features such as MFA and passkeys. No system is perfectly secure, but we work to protect your data and to respond promptly to any incident.

10. Your rights

Under PIPEDA (the federal Personal Information Protection and Electronic Documents Act) and BC PIPA (the BC Personal Information Protection Act), you have the right to:

• Access the personal information we hold about you.
• Request correction of inaccurate or incomplete information.
• Request deletion of your information and account.
• Export your data in a portable format.
• Withdraw your consent, subject to legal and contractual limits.

To exercise any of these rights, contact privacy@codexcorp.ca. We will respond within the timelines required by applicable law.

11. Children

Health Codex is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us information, please contact us so we can remove it.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above and, where appropriate, notify you in the app. Your continued use of Health Codex after changes take effect means you accept the updated policy.

13. Contact and complaints

For privacy questions or concerns, contact us at privacy@codexcorp.ca. If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada or the Office of the Information and Privacy Commissioner for British Columbia.