Last Updated: February 15, 2026 | Version 1.0
⚠️ This privacy policy is a template intended for review by qualified legal counsel before publication. SIA Enliven recommends consulting with a data protection attorney to ensure full compliance with applicable laws and regulations.
SIA Enliven ("ENLIVEN AI," "we," "us," or "our") is a company registered in Latvia, European Union. We operate the ENLIVEN AI platform, an AI-powered fitness and wellness application available via web, iOS, and Android (the "Service").
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. We are committed to protecting your privacy and handling your data in an open and transparent manner. As an EU-based company, we comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
By using ENLIVEN AI, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.
The data controller responsible for your personal data is:
SIA Enliven
Latvia, European Union
Email: privacy@enliven.ai
Registration number: [To be added]
When you create an account, we collect:
To provide personalized recommendations through our EATS algorithm, we may collect:
Our ML Vision feature uses your device camera for real-time exercise form analysis:
Payment processing is handled entirely by Stripe, Inc. We do not store credit card numbers, bank account details, or other sensitive financial information on our servers. We only receive and store: transaction IDs, subscription status, billing dates, and plan information.
We process your personal data based on the following legal grounds:
| Legal Basis | Data Types |
|---|---|
| Contract Performance | Account data, subscription data, workout/nutrition data needed to deliver the Service |
| Consent | Health data, bloodwork, camera access, location tracking, analytics cookies, marketing communications |
| Legitimate Interest | Usage analytics (to improve Service), fraud prevention, security monitoring |
| Legal Obligation | Tax records, legal requests, age verification |
We do NOT sell your personal data to anyone. We share data only with the following service providers who are essential to operating our Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Amazon Web Services (AWS) | Cloud hosting, data storage, authentication | All user data (encrypted at rest and in transit) |
| Anthropic (Claude API) | Bloodwork analysis | Anonymized bloodwork values (no personal identifiers) |
| Stripe, Inc. | Payment processing | Billing information, transaction details |
| Brevo (Sendinblue) | Email delivery | Email address, name (for email communications) |
| Apple (App Store) | iOS app distribution, in-app purchases | Purchase receipts, subscription status (managed by Apple) |
| Google (Google Play) | Android app distribution, in-app purchases | Purchase receipts, subscription status (managed by Google) |
If you access ENLIVEN AI through an organization (employer, school, sports team), your organization administrator may have access to aggregated activity data (e.g., workout completion rates, engagement metrics). Organization admins will never have access to your personal health data (bloodwork, medical conditions, body measurements) unless you explicitly consent.
We may disclose your data if required by law, legal process, or governmental request, or to protect the rights, property, or safety of ENLIVEN AI, our users, or the public.
| Data Type | Retention Period |
|---|---|
| Account data | While account is active + 30 days after deletion request |
| Workout & health data | While account is active + 30 days after deletion request |
| Bloodwork PDFs | 3 years from upload, or until deletion requested |
| Payment records | 7 years (legal/tax obligation) |
| Usage analytics | Aggregated and anonymized after 24 months |
| Camera/video data | Not stored (processed locally in real-time) |
| Location data | Retained as part of cardio session history; deletable on request |
After account deletion, all personal data is removed from our active systems within 30 days. Backup copies may persist in encrypted backups for up to 90 days before being permanently purged.
As an EU-based company, we uphold the following rights for all users, regardless of location:
To exercise any of these rights, contact us at privacy@enliven.ai. We will respond within 30 days.
If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information:
To exercise your CCPA rights, contact us at privacy@enliven.ai or submit a request through your account settings. We will verify your identity before processing your request and respond within 45 days.
You may also designate an authorized agent to submit a request on your behalf. The authorized agent must provide proof of authorization.
While we implement industry-standard security measures, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of your data.
ENLIVEN AI is not intended for use by anyone under the age of 16 years. We do not knowingly collect personal data from children under 16. If we discover that a child under 16 has provided us with personal data, we will promptly delete their account and all associated data.
If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at privacy@enliven.ai.
While SIA Enliven is based in Latvia (EU), our primary infrastructure is hosted on Amazon Web Services in the US-East-1 (Virginia) region. This means your data may be transferred to and processed in the United States.
For transfers of personal data from the EEA to the United States, we rely on:
We use cookies and similar technologies to operate our Service. By default, we only use essential cookies required for basic functionality. Analytics cookies are enabled only with your explicit consent.
For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.
We do not use advertising cookies or sell data to advertisers. We do not engage in cross-site tracking.
ENLIVEN AI collects and processes health-related data to provide fitness and wellness recommendations. While ENLIVEN AI is not a covered entity under HIPAA (Health Insurance Portability and Accountability Act), we apply HIPAA-informed security practices to all health data:
Important: ENLIVEN AI is not a medical device and does not provide medical diagnoses, treatment plans, or clinical recommendations. All health insights are for informational and educational purposes only.
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.
SIA Enliven
Latvia, European Union
Privacy inquiries: privacy@enliven.ai
General support: hello@enliven.ai
Data Protection Authority: Datu valsts inspekcija (dvi.gov.lv)
See also our Terms of Service for the full terms governing use of ENLIVEN AI.