MyBest24 Privacy Policy

Effective Date: May 18, 2026

This Privacy Policy describes how MyBest24 ("we," "us," or "our") collects, uses, discloses, and protects personal information when you access or use the MyBest24 service, including the website at mybest24.com and the MyBest24 application (collectively, the "Service"). By using the Service, you acknowledge that you have read and understood this Privacy Policy.

1. Purpose of Data Collection

We collect personal information for the sole purpose of operating the Service. Specifically, we collect data to enable cross-device synchronization so that the Service functions consistently across the devices on which you sign in, including phone, tablet, laptop, and desktop devices. We do not collect personal information for advertising, profiling for advertising, or for sale to third parties. We do not use your personal logs, reflections, mood entries, food entries, or other content you create in the Service to train machine learning or artificial intelligence models, whether our own or those of any third party.

2. Categories of Information Collected

We collect the following categories of personal information:

1. Account identifiers: email address and a unique account identifier.
2. Subscription information: if you subscribe to MyBest24 Pro, we collect subscription status and billing-related identifiers (billing details are processed by our payment processor and not stored by us in full).
3. Service usage data: logs and records necessary to operate and synchronize the Service, including your daily entries, mood ratings, weight entries, food entries, fitness entries, sleep records, schedule entries, reflection entries, and derived values such as your daily score.
4. Technical data: session cookie value and device-type signals required to deliver the Service.
5. Communications: records of correspondence you send us.

The Service usage data may include information that, under California law, qualifies as "sensitive personal information," including health-related and mental-health-related information you choose to enter.

3. Sources of Information

We collect personal information directly from you when you create an account, log entries in the Service, or contact us. We collect technical data automatically from the device you use to access the Service.

4. Sharing With Your Health Team

The Service includes a feature ("Health Team") that permits you to generate a token-gated link granting another individual, such as a coach or therapist you select, read-only access to specified categories of your data. Use of this feature is entirely optional and is initiated only by you.

Before generating a Health Team link, you are presented with a confirmation screen identifying each category of data that will be visible to the recipient. You may toggle individual categories on or off prior to generating the link. The default categories pre-selected for "Coach" and "Therapist" roles are suggestions only and may be overridden by you.

The categories you may share through Health Team are:

Eight data categories that may be shared via Health Team, with default selections by role.

Category	Contents	Coach default	Therapist default
Fitness log	Exercises, duration, and weekly frequency	On	Off
Food and nutrition	Calorie and protein weekly averages	On	Off
Body weight trend	Thirty-day trend chart	On	Off
Mood log	Daily mood ratings and weekly trends	Off	On
Cally reflections	Star ratings and journal entries	Off	On
Self-care activity	Frequency and types of self-care	Off	On
Sleep schedule	Average hours from twenty-four-hour calendar	On	On
Schedule overview	Hours per activity type per week	On	On

Tokens issued through Health Team automatically expire ninety (90) days after issuance. You may revoke any active token at any time through the Health Team panel within the Service, with immediate effect. Once revoked, the token is no longer functional and the recipient loses access to your data, except for any information the recipient may have copied or exported prior to revocation, which is outside our control.

Health Team is the only mechanism by which your personal data is disclosed to a third party at your direction. (Separately, payment data you enter at checkout is processed by our payment processor; see Section 11.)

Coaches participating in our Coach Partner Program (described in Section 9 of the Terms of Use) use the same Health Team data-sharing model: you control which of the eight categories above are visible to your coach, and you may revoke access at any time. Acceptance of a coach invitation establishes a Health Team relationship subject to all of the controls described in this Section 4.

5. HIPAA Status

MyBest24 is not currently a "covered entity" or "business associate" within the meaning of the Health Insurance Portability and Accountability Act of 1996, as amended ("HIPAA"). We do not currently execute Business Associate Agreements. The Service is designed with HIPAA-aligned principles in mind, including token-gated access, automatic expiration, and granular client-side control over the disclosure of categories of information. However, we make no representation that the Service is HIPAA-compliant. Licensed healthcare or mental-health providers considering use of the Service in connection with their practices should consult their own compliance advisors.

6. Information We Do Not Sell, Share, or Use for Other Purposes

WE DO NOT SELL YOUR PERSONAL INFORMATION. WE DO NOT SHARE YOUR PERSONAL INFORMATION FOR CROSS-CONTEXT BEHAVIORAL ADVERTISING. We do not provide your personal information to advertising networks, data brokers, marketers, or insurers. We do not use your personal data to build or maintain shadow profiles. We do not use your reflections, mood entries, food entries, weight entries, fitness entries, or other content you create in the Service for the training of any artificial intelligence or machine learning model.

7. Storage and Security

Your personal data is stored on servers controlled by us. Data in transit between your device and our servers is encrypted using industry-standard transport-layer security (HTTPS). Your device additionally caches your own data in browser local storage to enable offline use and rapid loading of the Service. Backups are retained for operational continuity purposes and are not used for analytics, advertising, or any purpose other than restoration. Production access to the database is limited to a small number of authorized personnel. No method of transmission or storage is one hundred percent secure. We make no representation regarding absolute security.

8. Cookies and Local Storage

The Service uses one first-party session cookie, the purpose of which is to maintain your authenticated session. The Service uses browser local storage to cache application data on your device, and to temporarily hold inbound-link payloads during the sign-in process — specifically, event invitations, coach invitations, and coach referral codes, stored under keys prefixed "mb24_pending". These temporary entries expire automatically after thirty (30) days. We do not use third-party tracking cookies, web beacons, advertising pixels, or third-party analytics scripts on mybest24.com.

If you subscribe to MyBest24 Pro, the payment checkout page is hosted by our payment processor, Stripe. Stripe may set additional cookies on Stripe's own domain (not on mybest24.com) for fraud prevention and to complete the payment flow. Stripe's use of those cookies is governed by Stripe's privacy policy; see Section 11.

9. California Consumer Privacy Rights

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA"), provides you with the rights described in this Section 9.

9.1 Categories of Personal Information Collected

The categories of personal information we have collected in the preceding twelve (12) months are: identifiers; commercial information; internet or other electronic network activity information; inferences drawn from the foregoing; and sensitive personal information consisting of health-related and mental-health-related information you elect to enter into the Service.

9.2 Sources

Directly from you and automatically from the device you use to access the Service.

9.3 Purposes

To provide and maintain the Service; to synchronize your data across the devices on which you sign in; to disclose data only to recipients you expressly designate via Health Team; to communicate with you about your account; and to comply with applicable law.

9.4 Categories Disclosed

Only to recipients you expressly designate via Health Team. We do not sell personal information. We do not share personal information for cross-context behavioral advertising.

9.5 Retention

We retain personal information for as long as your account is active. Upon deletion of your account, we remove your personal information from production systems within seven (7) business days and from backup systems within thirty (30) days.

9.6 Consumer Rights

Subject to verification of your identity, you have the right to: (a) know what personal information we have collected about you; (b) request deletion of your personal information; (c) request correction of inaccurate personal information; (d) opt out of the sale or sharing of your personal information for cross-context behavioral advertising (which we do not engage in); (e) limit the use of sensitive personal information; and (f) be free from discrimination for exercising any of these rights.

9.7 Exercising Rights

To exercise any right under this Section 9, send a request to hello@mybest24.com with "Privacy Request" in the subject line. We will verify your identity through the email address associated with your account. We will respond within forty-five (45) days, with one additional forty-five (45) day extension if reasonably necessary, in which event we will notify you of the reason for and extent of the delay.

9.8 Authorized Agents

You may designate an authorized agent to make a request on your behalf. The agent must provide written authorization signed by you, and we may verify your identity directly with you before acting on the request.

10. Children

The Service is intended for users who are eighteen (18) years of age or older. We do not knowingly collect personal information from children under thirteen (13). If we become aware that we have collected such information, we will delete it. A parent or guardian who believes that their child has provided us with personal information may contact us at hello@mybest24.com.

11. Payment Information

If you subscribe to MyBest24 Pro (Section 9 of the Terms of Use), payment is processed by Stripe, Inc. ("Stripe"). Stripe collects and processes your payment-instrument information (such as card number, expiration date, security code, and billing address) directly on Stripe's infrastructure. We do not see, store, or have access to full payment-instrument data.

What we receive from Stripe and retain in our systems:

1. a Stripe customer identifier and a Stripe subscription identifier, used to associate Stripe's records with your MyBest24 account;
2. the status of your subscription (active, past due, canceled, and similar);
3. the amount, date, and currency of each successful or refunded charge;
4. the last four digits of the card used and the card brand, for display in your account settings and on receipts;
5. your billing address (city, state or region, postal code, country) where required for tax calculation or fraud prevention;
6. dispute, refund, and chargeback notifications relating to your subscription.

Stripe's collection and use of your payment information is governed by Stripe's own privacy policy, available at stripe.com/privacy. We rely on Stripe's certifications, including PCI DSS Level 1, for the security of payment-instrument data.

If you are a coach participating in the Coach Partner Program and have set up Stripe Connect Express to receive payouts, Stripe additionally collects identity-verification information ("Know Your Customer" data) and bank-account or comparable payout-destination details required to remit your earnings. That information is collected and held by Stripe, not by us. We receive only the verification status and the payout history necessary to operate the program.

We retain payment metadata (a)–(f) above for as long as required by tax, accounting, and consumer-protection law (typically seven (7) years for United States federal tax record retention). This retention period applies notwithstanding any other retention period in Section 9.5; financial records required by law are exempt from general account-deletion timelines, but the information so retained is limited to what is required by law and is not used for any other purpose.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The "Effective Date" at the top of this document indicates when this Privacy Policy was last revised. For material changes, we will provide notice within the Service or by email to the address associated with your account.

13. Contact

For questions regarding this Privacy Policy or to exercise your rights under it, contact us at hello@mybest24.com.

Last updated: May 18, 2026.