MyBest24 Privacy Policy
Effective Date: April 29, 2026
This Privacy Policy describes how MyBest24 ("we," "us," or "our") collects, uses, discloses, and protects personal information when you access or use the MyBest24 service, including the website at mybest24.com and the MyBest24 application (collectively, the "Service"). By using the Service, you acknowledge that you have read and understood this Privacy Policy.
1. Purpose of Data Collection
We collect personal information for the sole purpose of operating the Service. Specifically, we collect data to enable cross-device synchronization so that the Service functions consistently across the devices on which you sign in, including phone, tablet, laptop, and desktop devices. We do not collect personal information for advertising, profiling for advertising, or for sale to third parties. We do not use your personal logs, reflections, mood entries, food entries, or other content you create in the Service to train machine learning or artificial intelligence models, whether our own or those of any third party.
2. Categories of Information Collected
We collect the following categories of personal information:
- Account identifiers: email address and a unique account identifier.
- Subscription information: if you subscribe to MyBest24 Pro, we collect subscription status and billing-related identifiers (billing details are processed by our payment processor and not stored by us in full).
- Service usage data: logs and records necessary to operate and synchronize the Service, including your daily entries, mood ratings, weight entries, food entries, fitness entries, sleep records, schedule entries, reflection entries, and derived values such as your daily score.
- Technical data: session cookie value and device-type signals required to deliver the Service.
- Communications: records of correspondence you send us.
The Service usage data may include information that, under California law, qualifies as "sensitive personal information," including health-related and mental-health-related information you choose to enter.
3. Sources of Information
We collect personal information directly from you when you create an account, log entries in the Service, or contact us. We collect technical data automatically from the device you use to access the Service.
4. Sharing With Your Health Team
The Service includes a feature ("Health Team") that permits you to generate a token-gated link granting another individual, such as a coach or therapist you select, read-only access to specified categories of your data. Use of this feature is entirely optional and is initiated only by you.
Before generating a Health Team link, you are presented with a confirmation screen identifying each category of data that will be visible to the recipient. You may toggle individual categories on or off prior to generating the link. The default categories pre-selected for "Coach" and "Therapist" roles are suggestions only and may be overridden by you.
The categories you may share through Health Team are:
| Category | Contents | Coach default | Therapist default |
|---|---|---|---|
| Fitness log | Exercises, duration, and weekly frequency | On | Off |
| Food and nutrition | Calorie and protein weekly averages | On | Off |
| Body weight trend | Thirty-day trend chart | On | Off |
| Mood log | Daily mood ratings and weekly trends | Off | On |
| Cally reflections | Star ratings and journal entries | Off | On |
| Self-care activity | Frequency and types of self-care | Off | On |
| Sleep schedule | Average hours from twenty-four-hour calendar | On | On |
| Schedule overview | Hours per activity type per week | On | On |
Tokens issued through Health Team automatically expire ninety (90) days after issuance. You may revoke any active token at any time through the Health Team panel within the Service, with immediate effect. Once revoked, the token is no longer functional and the recipient loses access to your data, except for any information the recipient may have copied or exported prior to revocation, which is outside our control.
Health Team is the only mechanism by which your personal data is disclosed to a third party, and disclosure occurs only at your express direction.
5. HIPAA Status
MyBest24 is not currently a "covered entity" or "business associate" within the meaning of the Health Insurance Portability and Accountability Act of 1996, as amended ("HIPAA"). We do not currently execute Business Associate Agreements. The Service is designed with HIPAA-aligned principles in mind, including token-gated access, automatic expiration, and granular client-side control over the disclosure of categories of information. However, we make no representation that the Service is HIPAA-compliant. Licensed healthcare or mental-health providers considering use of the Service in connection with their practices should consult their own compliance advisors.
6. Information We Do Not Sell, Share, or Use for Other Purposes
WE DO NOT SELL YOUR PERSONAL INFORMATION. WE DO NOT SHARE YOUR PERSONAL INFORMATION FOR CROSS-CONTEXT BEHAVIORAL ADVERTISING. We do not provide your personal information to advertising networks, data brokers, marketers, or insurers. We do not use your personal data to build or maintain shadow profiles. We do not use your reflections, mood entries, food entries, weight entries, fitness entries, or other content you create in the Service for the training of any artificial intelligence or machine learning model.
7. Storage and Security
Your personal data is stored on servers controlled by us. Data in transit between your device and our servers is encrypted using industry-standard transport-layer security (HTTPS). Your device additionally caches your own data in browser local storage to enable offline use and rapid loading of the Service. Backups are retained for operational continuity purposes and are not used for analytics, advertising, or any purpose other than restoration. Production access to the database is limited to a small number of authorized personnel. No method of transmission or storage is one hundred percent secure. We make no representation regarding absolute security.
8. Cookies and Local Storage
The Service uses one session cookie, the purpose of which is to maintain your authenticated session. The Service uses browser local storage to cache application data on your device. We do not use third-party tracking cookies, web beacons, advertising pixels, or third-party analytics scripts.
9. California Consumer Privacy Rights
If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA"), provides you with the rights described in this Section 9.
9.1 Categories of Personal Information Collected
The categories of personal information we have collected in the preceding twelve (12) months are: identifiers; commercial information; internet or other electronic network activity information; inferences drawn from the foregoing; and sensitive personal information consisting of health-related and mental-health-related information you elect to enter into the Service.
9.2 Sources
Directly from you and automatically from the device you use to access the Service.
9.3 Purposes
To provide and maintain the Service; to synchronize your data across the devices on which you sign in; to disclose data only to recipients you expressly designate via Health Team; to communicate with you about your account; and to comply with applicable law.
9.4 Categories Disclosed
Only to recipients you expressly designate via Health Team. We do not sell personal information. We do not share personal information for cross-context behavioral advertising.
9.5 Retention
We retain personal information for as long as your account is active. Upon deletion of your account, we remove your personal information from production systems within seven (7) business days and from backup systems within thirty (30) days.
9.6 Consumer Rights
Subject to verification of your identity, you have the right to: (a) know what personal information we have collected about you; (b) request deletion of your personal information; (c) request correction of inaccurate personal information; (d) opt out of the sale or sharing of your personal information for cross-context behavioral advertising (which we do not engage in); (e) limit the use of sensitive personal information; and (f) be free from discrimination for exercising any of these rights.
9.7 Exercising Rights
To exercise any right under this Section 9, send a request to hello@mybest24.com with "Privacy Request" in the subject line. We will verify your identity through the email address associated with your account. We will respond within forty-five (45) days, with one additional forty-five (45) day extension if reasonably necessary, in which event we will notify you of the reason for and extent of the delay.
9.8 Authorized Agents
You may designate an authorized agent to make a request on your behalf. The agent must provide written authorization signed by you, and we may verify your identity directly with you before acting on the request.
10. Children
The Service is intended for users who are eighteen (18) years of age or older. We do not knowingly collect personal information from children under thirteen (13). If we become aware that we have collected such information, we will delete it. A parent or guardian who believes that their child has provided us with personal information may contact us at hello@mybest24.com.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. The "Effective Date" at the top of this document indicates when this Privacy Policy was last revised. For material changes, we will provide notice within the Service or by email to the address associated with your account.
12. Contact
For questions regarding this Privacy Policy or to exercise your rights under it, contact us at hello@mybest24.com.
Last updated: April 29, 2026.