Privacy Policy

Privacy Policy

Last updated July 7, 2026

This policy describes how Walker Capital Management LLC, doing business as Priority One Health (“Priority One,” “we,” “our,” or “us”) collects, uses, and shares information when you use our website, installable web app, and related services (the “Service”). Priority One is a personal health-tracking product. It is not a healthcare provider, and this policy also explains the difference that makes for your data.

1. Information we collect

Account and profile information. Email address, a password handled by our authentication provider (we never store cleartext passwords), your name, and the profile details you provide during onboarding — including date of birth, sex, and your health goals. If you sign in with Google, we receive your name and email address from Google.

Health data you add. Lab results you enter or upload (marker, value, unit, reference range, draw date), body-composition entries, the supplements, medications, and protocols you log, sleep check-ins and sleep factors, symptoms, notes, nutrition and workout entries, and manually logged weight. When you upload a lab report or body-composition scan, the document is read by an AI service (see Section 4) to extract the values for your review — the uploaded file itself is not stored; only the values you confirm are saved to your account.

Wearable data. When you connect a device, we receive metrics such as sleep, heart rate, HRV, steps, activity, recovery, and weight through Junction’s secure connection layer. We never receive your device account password.

Lab orders. If you order lab testing through the Service (where available), we collect the information a laboratory requires to process your order — legal name, date of birth, sex, phone, and address — along with your order history and results returned by the lab.

Payment information. Payments are processed by Stripe. We receive confirmation of payment, the product purchased, and billing identifiers — your full card number never touches our systems.

Usage and device data. Standard server logs (IP address, browser type, timestamps, pages requested) and a limited set of product-analytics events described in Section 5. We do not use session-replay tools.

Support communications. Emails you send us, so we can respond.

2. How we use information

To operate the Service: display your dashboard and trends, compute your personal baselines, process lab orders where available, send the transactional emails and optional notifications described below, secure your account, respond to support requests, comply with law, and improve the product. Educational summaries generated by software (including AI narration of your own trends) are for your information only and are not medical advice.

3. Health data gets stricter handling

We treat health data — lab values, medication and protocol logs, wearable metrics, sleep, nutrition, symptoms, and similar — as the most sensitive class of information we hold. We do not sell it or rent it. We do not use it for advertising, and we do not permit third-party advertising or ad-tracking scripts on signed-in pages. We share it only with the service providers needed to run the features you use (Section 4), at your direction, or when required by law. Priority One is not a HIPAA-covered entity (see our Data Security page for what that means); as a consumer health app, we maintain a breach-notification process consistent with the FTC Health Breach Notification Rule.

4. Service providers we share with

We rely on a small set of vendors that process information to provide the Service. Each receives only what its function requires:

  • Supabase — our managed database and authentication provider; stores your account and health data.
  • Vercel — hosts the Service.
  • Junction — powers wearable connections and, where lab ordering is available, routes lab orders and returns results (operating in its U.S. environment).
  • Quest Diagnostics — performs specimen collection and laboratory analysis for labs ordered through the Service, where available.
  • Stripe — payment processing.
  • Resend — sends our transactional emails.
  • Anthropic — provides the AI service that reads lab reports or scans you choose to upload (to extract values for your review) and generates educational summaries from your existing data. We send only what the feature requires and do not permit use of your data to train their models.
  • PostHog — product analytics, limited to the events described in Section 5.
  • Sentry — error monitoring, configured to strip personal and request data from error reports.
  • Rewardful — affiliate-referral attribution on our public marketing pages only (see Section 6).
  • Google — optional sign-in with Google.

We may also disclose information when required by law or valid legal process, or to protect the rights, property, or safety of Priority One, our users, or others. If Priority One is involved in a merger, acquisition, or asset sale, your information may be transferred with appropriate protections; we will notify you of any change in ownership or use of your personal data.

What we don’t do: we do not sell or rent your personal information, we do not share your health data with data brokers or advertising networks, and we do not show third-party ads in the product.

5. Analytics

We measure product usage with a small, reviewed set of server-side events (for example, “dashboard viewed” or “weight logged”) tied to your account ID. These events are designed to describe that you used a feature — not your health values. They never include lab values, medication names, notes, or uploaded documents. We do not use autocapture, session replay, heat maps, or advertising pixels anywhere in the Service.

6. Cookies and similar technologies

Signed-in use relies on essential authentication cookies (so you stay logged in, including as an installed app). Your browser’s local storage holds small preferences such as install-prompt state or a saved cart. On our public marketing pages only, our affiliate partner Rewardful sets a cookie to credit the partner who referred you if you arrived through a referral link. We do not use advertising cookies. Because we don’t use non-essential tracking on signed-in pages, there is no cookie-consent banner to click through — if that changes, this policy and the product will change together.

7. Emails and notifications

We send transactional email (welcome, results-ready, periodic review summaries). Emails that announce lab results never contain the results themselves — they link you to your signed-in dashboard. Optional push notifications can be turned off per-type in your Profile. You can unsubscribe from non-essential email by contacting us at support@priorityone.health.

8. Your choices and requests

You can disconnect a wearable or edit and delete individual logged entries in the app at any time. For account-level requests — a copy of your data, correction, or deletion of your account — email support@priorityone.health from your account email address. We will verify the request is really from you, act on verified requests within 30 days, and confirm when complete. In-app export and deletion tools are on our roadmap; until they ship, the email process above is the supported path. Note that we may retain limited records where the law requires it (for example, payment records) and residual copies may persist in encrypted backups for a limited period before being purged.

State privacy rights. Depending on where you live, you may have rights under state privacy and consumer-health-data laws — such as the right to know, access, correct, or delete personal data, and to make requests without discrimination. California residents: we honor access and deletion requests as described above and we do not sell your personal information. To exercise any right, use support@priorityone.health; if we decline a request, we will explain why, and you may appeal by replying to our decision.

9. Data retention

Your account data and health history are retained while your account is active, because long-term trends are the product. If you request deletion, we remove your data from production systems within 30 days of verification, with limited legal-compliance exceptions, and backups age out on our infrastructure provider’s schedule afterward. Our internal retention schedule is reviewed as the product grows.

10. Security

Traffic is encrypted in transit (TLS), data is encrypted at rest by our managed database provider, every request to your data is authorized against your account on our servers, and production access is limited to the founder-operator. The Data Security page describes our practices — and their honest limits — in plain language.

11. Children

Priority One is not directed at children and is for adults 18 and older. We do not knowingly collect personal information from anyone under 18; if you believe a minor has provided us information, contact support@priorityone.health and we will delete it.

12. International users

Priority One is operated from the United States for U.S. users, and your data is processed in the United States. If you use the Service from elsewhere, you understand your information will be handled under U.S. rules, which may differ from your jurisdiction’s.

13. Emergencies

Priority One is not an emergency service and is not monitored for urgent situations. If you are experiencing a medical emergency, call 911 or your local emergency number.

14. Changes to this policy

We may update this policy as the product evolves. We will change the date above and, for material changes, notify you in-app or by email before they take effect.

15. Contact

Walker Capital Management LLC, d/b/a Priority One Health
Mississippi, United States
support@priorityone.health