Privacy Policy

Last updated: February 2026

1. Who we are

GetWella is a health tracking and insights platform operated from Berlin, Germany. We are committed to protecting your privacy and handling your personal data transparently and responsibly, in accordance with the General Data Protection Regulation (GDPR) and applicable EU law.

2. What data we collect

We collect the following categories of personal data:

  • Account data: Your email address and a securely hashed password. We never store your password in plain text.
  • Profile data: Name, date of birth, gender, language preference, country, and health-related preferences you provide during onboarding.
  • Health data: Daily check-in entries including energy level, stress level, sleep hours and quality, mood, weight, waist measurement, meals, cravings, menstrual cycle data (if applicable), and personal notes.
  • Fasting data: Fasting session start and end times, duration, difficulty ratings, and notes.
  • AI conversation data: Questions you ask and responses generated by our AI health companion.
  • Payment data: Subscription status and billing details are processed by Stripe. We do not store your credit card number, CVC, or full card details on our servers.
  • Usage data: Pages visited and features used, collected to improve the service.

3. Why we collect it

We process your data for the following purposes:

  • To provide and operate the GetWella service, including health tracking, pattern detection, and AI-powered insights.
  • To personalise your experience based on your health history and preferences.
  • To generate AI responses that reference your data for relevant, personalised guidance.
  • To process payments and manage your subscription through Stripe.
  • To improve the quality, reliability, and features of our platform.
  • To send you important service communications (e.g., trial expiry notices).

The legal basis for processing is your consent (provided at sign-up), performance of our contract with you, and our legitimate interest in improving the service.

4. How we store it

Your data is stored on Supabase infrastructure located in the European Union (Frankfurt, Germany). All data is encrypted in transit (TLS) and at rest. Access to production databases is restricted and monitored. We follow industry-standard security practices to protect your information.

5. Who we share it with

We share your data only with the following service providers, strictly as needed to operate GetWella:

  • Stripe (payment processing): Receives your email and payment information to process subscriptions. Stripe is PCI-DSS compliant.
  • OpenAI (AI responses): Receives anonymised health context to generate personalised insights. We do not send your name, email, or any directly identifying information to OpenAI.
  • Supabase (database hosting): Hosts your data on EU servers under strict data processing agreements.

We do not sell, rent, or trade your personal data to any third party. We do not use your data for advertising purposes.

6. Your rights under GDPR

As an EU resident, you have the following rights regarding your personal data:

  • Right to access: You can request a copy of all personal data we hold about you.
  • Right to rectification: You can correct inaccurate data through your account settings or by contacting us.
  • Right to erasure: You can request deletion of your account and all associated data.
  • Right to data portability: You can export your health data as a CSV file at any time, free of charge. This feature is and will always remain free.
  • Right to restrict processing: You can request that we limit how we use your data.
  • Right to object: You can object to processing based on legitimate interest.
  • Right to withdraw consent: You can withdraw consent at any time by deleting your account.

To exercise any of these rights, contact us at support@getwella.com. We will respond within 30 days.

7. Cookies

GetWella uses only essential cookies required for the service to function. These include session cookies for authentication and locale preference cookies for language settings. We do not use tracking cookies, advertising cookies, or any third-party analytics cookies.

8. Data retention

  • Active accounts: Your data is retained for as long as your account remains active.
  • Deleted accounts: When you delete your account, all personal data is permanently removed from our systems within 30 days.
  • Payment records: Stripe may retain transaction records in accordance with financial regulations.

9. Contact

For any privacy-related questions, requests, or concerns, please contact us at: support@getwella.com

GetWella — Berlin, Germany

10. Changes to this policy

We may update this Privacy Policy from time to time. If we make significant changes, we will notify you by email or through a notice in the app. The “Last updated” date at the top of this page indicates when the policy was most recently revised.