Skip to main content
ENLIVEN AI
← Back to Home

Last Updated: February 15, 2026 | Version 1.0

Privacy Policy

⚠️ This privacy policy is a template intended for review by qualified legal counsel before publication. SIA Enliven recommends consulting with a data protection attorney to ensure full compliance with applicable laws and regulations.

1. Introduction

SIA Enliven ("ENLIVEN AI," "we," "us," or "our") is a company registered in Latvia, European Union. We operate the ENLIVEN AI platform, an AI-powered fitness and wellness application available via web, iOS, and Android (the "Service").

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. We are committed to protecting your privacy and handling your data in an open and transparent manner. As an EU-based company, we comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

By using ENLIVEN AI, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Data Controller

The data controller responsible for your personal data is:

SIA Enliven

Latvia, European Union

Email: privacy@enliven.ai

Registration number: [To be added]

3. Data We Collect

3.1 Account Data

When you create an account, we collect:

  • Full name
  • Email address
  • Date of birth (to verify age eligibility — must be 16+)
  • Gender (optional, used for exercise recommendations)
  • Password (stored in hashed form via AWS Cognito)
  • Profile photo (optional)

3.2 Health & Fitness Data

To provide personalized recommendations through our EATS algorithm, we may collect:

  • Workout logs, exercise history, and performance metrics
  • Body measurements (height, weight, body fat percentage)
  • Bloodwork results (uploaded PDFs or manually entered values)
  • Sleep data (duration, quality scores, patterns)
  • Nutrition logs (meals, macronutrient intake, calorie tracking)
  • Supplement usage and protocols
  • Recovery data (soreness levels, mobility assessments)
  • Mindfulness and meditation session data
  • Medical information (conditions, medications — voluntarily provided)
  • Daily readiness assessments (stress, mood, energy levels)

3.3 Camera & Video Data

Our ML Vision feature uses your device camera for real-time exercise form analysis:

  • Camera data is processed locally on your device for real-time rep counting and form correction
  • Pose estimation data (body joint positions) may be sent to our servers for analysis only if you explicitly opt in
  • Video recordings are never stored on our servers unless you specifically choose to save them for personal review
  • You can disable camera access at any time through your device settings

3.4 Location Data

  • GPS data is collected only during active outdoor cardio sessions (running, cycling, walking) and only with your explicit permission
  • Location data is used to map your route, calculate distance, and provide elevation data
  • We do not track your location outside of active cardio sessions
  • You may disable location services at any time

3.5 Device & Technical Data

  • Device type, operating system, and browser information
  • IP address and approximate location (country/region level)
  • App version and crash reports
  • Wearable device data (heart rate, steps) if connected

3.6 Usage Data

  • Features used and frequency of use
  • Time spent in different sections of the app
  • Interaction patterns (for improving user experience)
  • Search queries within the exercise library

3.7 Payment Data

Payment processing is handled entirely by Stripe, Inc. We do not store credit card numbers, bank account details, or other sensitive financial information on our servers. We only receive and store: transaction IDs, subscription status, billing dates, and plan information.

4. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

Legal BasisData Types
Contract PerformanceAccount data, subscription data, workout/nutrition data needed to deliver the Service
ConsentHealth data, bloodwork, camera access, location tracking, analytics cookies, marketing communications
Legitimate InterestUsage analytics (to improve Service), fraud prevention, security monitoring
Legal ObligationTax records, legal requests, age verification

5. How We Use Your Data

  • Personalize the EATS Algorithm: Your health and fitness data across all seven domains (Training, Nutrition, Supplementation, Sleep, Recovery, Mindfulness, Medical) is used to generate personalized, adaptive recommendations.
  • Generate Workout Programs: Based on your goals, fitness level, available equipment, and daily readiness.
  • Analyze Bloodwork: Uploaded bloodwork is processed through Anthropic's Claude API to generate educational insights (not medical diagnoses).
  • Provide Form Analysis: Camera-based ML Vision to count reps and provide form feedback during workouts.
  • Track Progress: Display trends, generate insights, and celebrate milestones.
  • Process Payments: Manage subscriptions and process transactions via Stripe.
  • Send Communications: Transactional emails (welcome, password reset), workout reminders, and marketing communications (with consent only).
  • Improve Our Service: Usage analytics to improve features, fix issues, and enhance user experience.
  • Ensure Safety: Fraud prevention, account security, and abuse detection.

6. Data Sharing & Third Parties

We do NOT sell your personal data to anyone. We share data only with the following service providers who are essential to operating our Service:

ProviderPurposeData Shared
Amazon Web Services (AWS)Cloud hosting, data storage, authenticationAll user data (encrypted at rest and in transit)
Anthropic (Claude API)Bloodwork analysisAnonymized bloodwork values (no personal identifiers)
Stripe, Inc.Payment processingBilling information, transaction details
Brevo (Sendinblue)Email deliveryEmail address, name (for email communications)
Apple (App Store)iOS app distribution, in-app purchasesPurchase receipts, subscription status (managed by Apple)
Google (Google Play)Android app distribution, in-app purchasesPurchase receipts, subscription status (managed by Google)

B2B Organizations

If you access ENLIVEN AI through an organization (employer, school, sports team), your organization administrator may have access to aggregated activity data (e.g., workout completion rates, engagement metrics). Organization admins will never have access to your personal health data (bloodwork, medical conditions, body measurements) unless you explicitly consent.

Law Enforcement

We may disclose your data if required by law, legal process, or governmental request, or to protect the rights, property, or safety of ENLIVEN AI, our users, or the public.

7. Data Retention

Data TypeRetention Period
Account dataWhile account is active + 30 days after deletion request
Workout & health dataWhile account is active + 30 days after deletion request
Bloodwork PDFs3 years from upload, or until deletion requested
Payment records7 years (legal/tax obligation)
Usage analyticsAggregated and anonymized after 24 months
Camera/video dataNot stored (processed locally in real-time)
Location dataRetained as part of cardio session history; deletable on request

After account deletion, all personal data is removed from our active systems within 30 days. Backup copies may persist in encrypted backups for up to 90 days before being permanently purged.

8. Your Rights (GDPR)

As an EU-based company, we uphold the following rights for all users, regardless of location:

  • Right to Access: Request a copy of all personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data.
  • Right to Data Portability: Receive your data in a structured, machine-readable format (JSON/CSV).
  • Right to Restrict Processing: Request limitation of how we process your data.
  • Right to Object: Object to processing based on legitimate interest.
  • Right to Withdraw Consent: Withdraw consent at any time (without affecting prior lawful processing).
  • Right to Lodge a Complaint: File a complaint with your local data protection authority (DPA). For Latvia, this is the Data State Inspectorate (Datu valsts inspekcija).

To exercise any of these rights, contact us at privacy@enliven.ai. We will respond within 30 days.

9. Your Rights (CCPA / California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information:

  • Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collecting it, and the categories of third parties with whom we share it.
  • Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions (e.g., legal obligations, ongoing transactions).
  • Right to Correct: You have the right to request correction of inaccurate personal information.
  • Right to Opt-Out of Sale: We do NOT sell your personal information to third parties. We do not share personal information for cross-context behavioral advertising.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
  • Right to Limit Use of Sensitive Personal Information: You can request that we limit the use and disclosure of your sensitive personal information (health data, precise geolocation) to purposes necessary for providing the Service.

To exercise your CCPA rights, contact us at privacy@enliven.ai or submit a request through your account settings. We will verify your identity before processing your request and respond within 45 days.

You may also designate an authorized agent to submit a request on your behalf. The authorized agent must provide proof of authorization.

10. Data Security

  • Encryption at Rest: All data stored in DynamoDB and S3 is encrypted using AES-256 encryption.
  • Encryption in Transit: All data transmitted between your device and our servers uses TLS 1.2+ (HTTPS).
  • Authentication: Secured via AWS Cognito with multi-factor authentication support.
  • Access Controls: Strict role-based access with audit logging for all administrative actions.
  • Infrastructure: Hosted on AWS with SOC 2, ISO 27001, and HIPAA-eligible infrastructure.
  • Regular Audits: Security practices are regularly reviewed and updated.

While we implement industry-standard security measures, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of your data.

11. Children's Privacy

ENLIVEN AI is not intended for use by anyone under the age of 16 years. We do not knowingly collect personal data from children under 16. If we discover that a child under 16 has provided us with personal data, we will promptly delete their account and all associated data.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at privacy@enliven.ai.

12. International Data Transfers

While SIA Enliven is based in Latvia (EU), our primary infrastructure is hosted on Amazon Web Services in the US-East-1 (Virginia) region. This means your data may be transferred to and processed in the United States.

For transfers of personal data from the EEA to the United States, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • AWS's compliance with the EU-US Data Privacy Framework
  • Supplementary technical measures (encryption, pseudonymization)

13. Cookies & Tracking

We use cookies and similar technologies to operate our Service. By default, we only use essential cookies required for basic functionality. Analytics cookies are enabled only with your explicit consent.

For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

We do not use advertising cookies or sell data to advertisers. We do not engage in cross-site tracking.

14. Health Data & HIPAA Considerations

ENLIVEN AI collects and processes health-related data to provide fitness and wellness recommendations. While ENLIVEN AI is not a covered entity under HIPAA (Health Insurance Portability and Accountability Act), we apply HIPAA-informed security practices to all health data:

  • Health data is encrypted at rest and in transit
  • Access to health data is strictly limited to authorized processes
  • Health data is never shared with third parties for marketing purposes
  • Bloodwork data sent to AI analysis is anonymized (no personal identifiers)
  • Users can export or delete their health data at any time

Important: ENLIVEN AI is not a medical device and does not provide medical diagnoses, treatment plans, or clinical recommendations. All health insights are for informational and educational purposes only.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page with an updated date
  • Sending an email notification for significant changes
  • Displaying an in-app notification

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

16. Contact Us

SIA Enliven

Latvia, European Union

Privacy inquiries: privacy@enliven.ai

General support: hello@enliven.ai

Data Protection Authority: Datu valsts inspekcija (dvi.gov.lv)

See also our Terms of Service for the full terms governing use of ENLIVEN AI.