Privacy Policy

1. About This Policy

At ODYSS, we believe that privacy is a fundamental right — and that this fundamental right should not differ depending on where you live in the world. This policy explains how we collect, use, disclose, and protect information related to you when you use our AI-powered necklace ("Device"), mobile app ("App"), and website at odyss.life ("Website") (collectively, the "Services").

Our services involve dietary and health data — among the most sensitive categories of information we handle. We take that responsibility seriously. This document is our way of being transparent about what we do, especially when it comes to camera images and AI processing.

OdyssLife.Inc. ("ODYSS," "we," "us," or "our") is the entity behind this policy.

This policy uses a layered consent approach:

Basic service notice: By using our services, you acknowledge the general data practices described here.
Separate consent for sensitive data: For health data collection, voice data processing, cloud-based food image analysis, and other sensitive operations, we will seek your explicit opt-in consent when you first use the relevant feature. You may withdraw consent at any time.

2. Information We Collect

Information You Provide

When you sign up for and use our services, you provide us with certain information:

Account details: Name, email, phone number, date of birth, gender, height, weight, and dietary preferences you enter when signing up.
Health profile: Dietary goals, allergies, health conditions, and nutrition targets you choose to share. This information is used solely to provide the personalized services you've selected.
Payment information: Credit card details and billing address for purchases. We don't store full card numbers — payment processing is handled by professional providers.
Communications: Customer support inquiries, survey responses, and feedback.

Information Collected by the Device

The ODYSS device collects the following information as it works to provide you with its services:

Food images: During meals, the device camera captures images of food and beverages. When the camera is activated, it captures real-time footage that may include non-food scenes — but we do not record video, conduct surveillance, or analyze faces and bodies. Images are briefly stored on the device and uploaded via standard encryption to our cloud servers for AI recognition and nutritional analysis. Before processing, images are screened to ensure only food-related content proceeds to the next step. Original images are automatically deleted after AI processing is complete, with no long-term retention. You can also manually delete your original images at any time. See Section 4 for details.
Usage patterns: Meal timing, eating frequency, and tracking session duration.
Device data: Battery level, connection status, firmware version, and device health indicators.

Voice Data

Voice data involves biometric and health-related information and is a highly sensitive data category, so we describe it separately:

You can submit audio or voice recordings to log meals, interact with AI features, or use voice-related functions.
Voice data is collected only when you actively trigger it — we never record continuously in the background.
The use of voice data requires your explicit opt-in authorization. You can manage voice permissions or withdraw consent at any time in Settings.
We currently do not collect, store, or process voiceprints or voice biometric data. If we ever involve such processing, we will seek your separate written consent and disclose retention periods.
Voice data retention period is duration of account + 30 days, automatically deleted after account deletion. You can also manually delete it at any time.

Information Collected by the App and Website

When you use our App or visit our Website, we automatically collect certain technical and usage information:

App usage data: Features used, pages visited, session duration, and interaction patterns.
Device and technical data: IP address, device type, operating system, app version, browser type, language, time zone, mobile network information, and unique device identifiers.
Location data: Approximate location derived from IP address (country/region level). With your authorization, more precise location may be obtained from your mobile device for device connection, Bluetooth-related features, regional settings, or security purposes — for example, Bluetooth pairing requires location access to discover nearby devices.
Cookies and tracking technologies: See our Cookie Policy for details on how we use cookies and similar technologies on our website.

Third-Party Services

If you choose to connect third-party services, we may receive information from them, including:

Apple Health / HealthKit, Google Health Connect, Google Fit, or similar health platforms;
Apple, Google, or other supported login services;
Payment processors, analytics providers, customer service tools, or cloud service providers.

We only collect information from third parties within the scope you've authorized and only as necessary for the relevant features — for example, we only access health data from Apple Health after you've connected it and explicitly selected the data categories you want to share. We do not use HealthKit data or health data obtained through other health platforms for advertising, marketing, or other usage-based data mining purposes.

Health and Dietary Data

When you use our services, we collect and process health-related data, including:

Nutritional data: Calorie estimates, macronutrient breakdowns (such as protein, carbohydrates, fat, and fiber), micronutrient estimates, and meal composition generated by AI analysis of captured food images.
Dietary patterns: Eating habits, meal regularity, dietary trends, and long-term nutritional balance insights.
Health insights: Personalized nutrition recommendations, dietary observations, and progress toward your health goals.

We classify this data as sensitive personal information and provide it with the enhanced protections described in Section 7.

3. How We Use Information

We use the information we collect to provide and improve our services, to communicate with you, and to maintain safety and compliance.

Provide and improve services

We use your information to identify and analyze food captured by the device camera, generate nutritional estimates and dietary insights, create personalized nutrition recommendations and reports, sync data between your device, app, and account, and provide customer support and respond to your inquiries.

Improve AI technology

We use aggregated and de-identified data only to enhance food recognition algorithm accuracy, develop new features, and enhance existing services. We also study dietary patterns using anonymized datasets — these datasets cannot be traced to any individual.

Communicate with you

We may send you service-related notifications (such as sync status or device updates). With your consent, we may also send marketing messages, and you can withdraw this consent at any time. We also use your information to answer your questions and requests.

Maintain safety and compliance

We use information to detect and prevent fraud, abuse, or security issues, to comply with legal obligations, and to enforce our terms of service.

4. Camera and Image Data

A wearable device with a camera naturally raises reasonable questions about privacy. We believe you have the right to know exactly what the camera captures, what it doesn't, and how image data is handled.

What the Camera Captures

The camera activates only when an eating or drinking moment is detected, or when you manually trigger a food capture. It captures still images of food and beverages. Please note:

When the camera is activated, it captures real-time footage that may include non-food scenes — but we do not record video, conduct surveillance, or analyze faces and bodies.
The camera does not record conversations or audio.
The camera does not function as a surveillance device.
The camera does not activate outside of meal tracking contexts.

How Images Are Processed

Our image processing follows a brief on-device storage + cloud-based AI analysis approach:

On-device capture: The device camera captures food images, which are briefly stored on the device.
Encrypted upload: Images are transmitted via standard encryption to our cloud servers. Upon upload, the server performs initial screening to identify and filter out faces and non-food environments, ensuring only food-related images proceed to the next step.
Cloud AI analysis: Food recognition and nutritional analysis are performed in the cloud, extracting nutritional data (such as calories and macronutrients).
Automatic deletion: Original images are automatically deleted after AI processing is complete, with no long-term retention. Extracted nutritional data is synced to your app.
User control: You can manually delete your original images at any time through the app.

After a meal ends, the device may continue uploading and processing captured images in the background. You can check the upload and processing status in the app, or interrupt transmission at any time by enabling Privacy Mode.

Regarding data access: Without your permission, no ODYSS personnel can access your uploaded raw data. Data remains encrypted throughout server storage and processing.

About AI Training

By default, we do not use your food photos to train general-purpose AI models. If we ever want to use user data for model training or optimization (including food photos, voice recordings, or other user content), we will seek your separate, explicit consent first. You can decline without affecting any core feature. Data from Apple Health and other health platforms is never used for model training — now or in the future.

Privacy Mode

We understand that you may want to disable the camera entirely at times. The device includes a Privacy Mode that you can activate at any time with one tap via the device button or the app. Privacy Mode status is confirmed through three independent signals: (1) device LED indicator, (2) vibration feedback, and (3) app status display. When Privacy Mode is active, no images are captured or processed.

Image Data Retention

Data Type	Retention Period	Reason
Original food images	Automatically deleted after AI processing (briefly stored on device and cloud, no retention after processing)	AI analysis
Nutritional analysis results	Duration of account + 30 days	Service delivery
Aggregated/anonymized data	Indefinitely (cannot identify individuals)	Product improvement

5. Device Permissions

To function properly, the app may request access to certain device permissions. You can manage these at any time in your device settings. Specific permissions are based on the actual requests initiated by the app; the following are key examples:

Camera & Photo Library: Capturing meal images, scanning QR codes, uploading avatars, or using image-based features
Microphone: Submitting audio or voice input to log meals, interact with AI features, or use voice-related functions. The microphone works only when you actively trigger it — we never record continuously in the background.
Location: When necessary for device connection, Bluetooth settings, regional services, or security — for example, Bluetooth pairing requires location access to discover nearby devices
Bluetooth: Searching, pairing, connecting, and syncing with the wearable device
Notifications: Sending reminders, tips, progress updates, and device-related notifications
Health data: When connecting to Apple Health/HealthKit or similar services, only data categories you explicitly authorize for specific features are accessed

6. AI Features

Some service features use artificial intelligence, machine learning, or automated processing to analyze information you provide or that is generated through the service. AI features can help identify food, estimate nutrition, summarize behavioral patterns, or generate personalized health recommendations.

To be clear: AI-generated content is intended for general health management and informational purposes only. It does not constitute medical advice, diagnosis, or treatment, and should not replace professional medical judgment. We recommend consulting a licensed healthcare professional before making any major health-related decisions. We also clearly label AI content as non-medical in nature within the App interface.

Regarding AI model optimization, our position is:

By default, we do not use your food photos, voice recordings, or other user content to train general-purpose AI models.
If we ever want to use such content for model optimization or algorithm improvement, we will seek your separate, explicit consent beforehand.
You can decline or later withdraw this consent without affecting core features.
We do not use Apple Health/HealthKit data or health data obtained through other health platforms for AI model training.
If we use third-party AI providers to process your content for features you've requested, those providers may only process it on our behalf for that specific function and are contractually, technically, and legally restricted — they cannot use it to train general-purpose AI models.

7. Health Data Protection

Your dietary and health data is sensitive personal information. This section provides you with additional protections under applicable health data privacy laws, including the Washington My Health My Data Act (MHMD), Connecticut Data Privacy Act, Nevada Revised Statutes, and similar state-level health data privacy laws.

Our Health Data Principles

Your health data belongs to you. Your dietary and health information is yours. You can access, export, correct, or delete it at any time — this is your right, not our generosity.
We don't sell health data. We will never sell, rent, or trade your personal health information to third parties for monetary or other valuable consideration.
Health data is used only to serve you. Your health and dietary data is used exclusively to provide the service you signed up for — personalized nutrition tracking and insights. Specific collection purposes include: food recognition, nutritional estimation, dietary pattern analysis, personalized health recommendations, and long-term dietary trend tracking.
We minimize data collection. We collect only what's needed to provide our services. We don't collect extra data beyond what's necessary.
We protect your health data with strong security. See Section 11 for details.

Specific Health Data Practices

No sale of health data: We do not sell health and dietary data, do not share it for cross-context behavioral advertising, and do not use it for targeted advertising.
No unauthorized sharing: We only share health data with third parties as described in this policy or with your explicit consent.
Purpose limitation: Health and dietary data collection and processing is solely for nutrition tracking, analysis, and related health insights.
De-identification for research: Health data used for research or product improvement is processed only on aggregated, de-identified datasets, ensuring no individual can be identified.

Your Health Data Rights

You have the right to:

Access your health and dietary data
Confirm whether we are processing your consumer health data
Request correction of inaccurate health data
Request deletion your health and dietary data
Export your health data in a machine-readable format
Withdraw previously granted processing consent
Request restriction on how we process your health data

You can exercise these rights by contacting us through:

Email: contact@odyss.life
In the app: Settings → Data Management
Web: odyss.life/pages/privacy

We will respond to verified requests within 30 days (or within the shorter timeframe required by applicable law; the Washington MHMD Act requires a response within 45 days).

8. Information Sharing

We don't share your information casually. Sharing occurs only in these specific circumstances.

Service Providers

We share information with trusted third-party service providers who help us operate our services:

Category	Purpose	What's Shared
Cloud infrastructure	Data storage and processing	Encrypted health and account data
Payment processors	Transaction handling	Payment info (we don't store full card numbers)
Analytics providers	App and website analysis	Anonymized usage data
Communications	Service notifications	Email address and preferences
AI algorithm improvement	Improving food recognition accuracy	De-identified data only (no original images)

All service providers are contractually obligated to protect your data and use it only for the purposes we specify.

Legal Requirements

We may be required to disclose information under applicable law — for example, in response to a valid subpoena, court order, or search warrant, a lawful request from law enforcement or a government agency, or to protect our rights or the rights, safety, or property of others.

Our commitment is this: we do not voluntarily disclose user data to government entities or civil litigants. When we receive a request, we will notify you to the extent legally permitted, and we will challenge requests that are overly broad or inappropriate.

Other Circumstances

Business transfers: In the event of a merger, acquisition, or asset sale, your information may be transferred to the acquiring party. We will notify you of any such transfer and inform you of your choices regarding your information.
With your consent: We share information only when you've given explicit permission.
Anonymized data: Aggregated, de-identified, or anonymized data that cannot identify you may be shared for research, analysis, or other legitimate purposes.

9. No Sale of Personal Information

We do not sell personal information.

We do not share personal information for cross-context behavioral advertising.

We do not use HealthKit data or other health-related data collected through the service for advertising, marketing, or other usage-based data mining purposes.

Our website homepage provides a "Do Not Sell or Share My Personal Information" link. Although we do not sell personal information, we provide this link as required by law to protect your right to know and your right to choose.

10. Data Retention

We retain your data only for as long as necessary to fulfill the purposes for which it was collected:

Data Type	Retention Period	Deletion Method
Account information	Duration of account + 30 days after deletion request	Automatic deletion
Original food images	Automatically deleted after AI processing (briefly stored on device, no retention after cloud processing)	Automatically deleted after AI processing; user can delete at any time
Voice data	Duration of account + 30 days after deletion request	User-triggered or automatic deletion
Nutritional analysis data	Duration of account + 30 days after deletion request	User-triggered or automatic deletion
Health and dietary data	Duration of account + 30 days after deletion request	User-triggered or automatic deletion
Payment records	As required by financial regulations	Secure erasure
Customer support records	2 years from resolution	Automatic purge
Anonymized data	Indefinitely (cannot identify individuals)	N/A

You can request deletion of your data at any time through the app or by contacting contact@odyss.life.

11. Data Security

We implement industry-standard measures to protect your information. All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Employee access to personal data is limited to those with a legitimate business need, and all access is logged and audited.

Our systems are designed from the ground up to minimize data exposure — the device captures food-related images, which are briefly stored on-device and uploaded via encryption to our cloud servers. The server screens for faces and non-food content before processing, and original images are automatically deleted after AI analysis, with only extracted nutritional data retained. Without your permission, no ODYSS personnel can access your uploaded raw data.

We conduct regular security audits and penetration testing, and we maintain an incident response plan. In the event of a data breach, we will notify affected users within the shortest time period required by applicable law and without unreasonable delay, and will comply with all applicable state data breach notification laws.

No system is completely secure. We recommend using a strong password and enabling two-factor authentication to further protect your account.

12. Your Rights

At ODYSS, we respect your ability to know, access, correct, delete, and export your personal data in a machine-readable format, as well as to opt out of marketing communications. We have provided these rights to our global user base, and if you choose to exercise these privacy rights, you have the right not to be treated in a discriminatory way.

California Residents (CCPA/CPRA) additionally have the right to:

Know what personal information is collected and how it's used
Request deletion of your personal information
Opt out of the sale of personal information (we don't sell data to begin with)
Limit the use and disclosure of "sensitive personal information"
Not be discriminated against for exercising your privacy rights

Personal Information Collected in the Past 12 Months (CCPA Disclosure)

The following is a summary of the categories of personal information we have collected in the past 12 months:

PI Category	Collected?	Purpose
Identifiers (name, email, etc.)	Yes	Account management, service delivery
Demographic info (age, gender, etc.)	Yes	Personalized services
Health data (diet, nutrition, etc.)	Yes	AI nutritional analysis and health insights
Image data (food images)	Yes	Food recognition and nutritional estimation
Audio/voice data	Yes (only when user actively triggers)	Voice interaction, meal logging
Location data	Yes (approximate)	Device connection, regional services
Device/technical data	Yes	Service operations, security
Payment information	Yes (we don't store full card numbers)	Transaction processing
Sensitive PI sold/shared	None	N/A

PI sources: Information you provide directly, information collected automatically by the device, information collected automatically by the app and website, and third-party services you authorize to connect.

Business purposes: We collect personal information for the following purposes: providing and improving services, AI nutritional analysis and food recognition, personalized health recommendations, customer support, security protection, and legal compliance.

We do not sell personal information. In the past 12 months, we have not sold or shared any personal information for cross-context behavioral advertising.

Rights Under State Comprehensive Privacy Laws

In addition to the California CCPA/CPRA, multiple U.S. states have enacted comprehensive privacy laws (including Virginia CDPA, Colorado CPA, Utah UCPA, Texas TDPSA, Oregon, Delaware, New Jersey, New Hampshire, and others). If your state's laws grant you additional privacy rights, we respect and honor those as well.

How to Exercise Your Rights

In the app: Settings → Data Management
Email: contact@odyss.life
Web: odyss.life/pages/privacy

We respond to verified requests within 30 days (or as required by applicable law, such as the 45-day period under the Washington MHMD Act).

13. Children's Privacy

Our services are not intended for children under 13. We do not knowingly collect personal information from children under 13 without verifiable parental consent as required by law. If we discover that we have collected information from a child under 13 in a manner that requires deletion, we will take appropriate steps to delete it. If you believe a child under 13 has provided us with personal information, please contact contact@odyss.life.

14. Data Storage and Processing

We are based in China, but your service data will not be subject to any international data transfer. Your information (including food images and other data) is processed and stored on local regional servers.

We ensure appropriate safeguards are in place:

All data is encrypted in transit using TLS 1.3 and at rest using AES-256.
We maintain data processing agreements with all service providers.
We comply with all applicable data protection laws.

15. Cookies

We use cookies and similar technologies on our website. Essential cookies are required for the website to function; analytics cookies help us understand how visitors use the site (anonymized); and marketing cookies are used for targeted advertising only with your consent.

You can manage your cookie preferences through our cookie consent banner or your browser settings. For details, see odyss.life/pages/cookie-policy.

16. Email Communications

With your consent, we may send you product updates and feature announcements, nutritional insights and health tips, promotional offers and crowdfunding updates, and customer surveys and feedback requests.

You can unsubscribe from marketing emails at any time — by clicking the "Unsubscribe" link in any marketing email, updating your preferences in the app, or contacting contact@odyss.life. Service-related emails (such as account verification and security alerts) cannot be unsubscribed from, as they are essential to service delivery.

17. Kickstarter Privacy

If you support our crowdfunding campaign through Kickstarter, please note the following regarding the handling of your personal information:

Kickstarter platform data: When you back our project on Kickstarter, Kickstarter collects and processes your personal information according to its own privacy policy. We recommend you also read Kickstarter's privacy policy.
Backer information: After the crowdfunding campaign ends, Kickstarter provides us with certain backer information (such as username and pledge level) so we can fulfill rewards.
Relationship with this policy: We handle backer information obtained from Kickstarter with the same standards described in this privacy policy. Backers enjoy all privacy rights described in this document.
Contact: If you are a Kickstarter backer with privacy questions, you can contact us at contact@odyss.life with the subject line "Kickstarter Privacy."

18. Changes to This Policy

We may update this policy from time to time. When changes occur, we will post the updated policy on our website with a revised "Last Updated" date. For material changes, we will notify you via email or in-app notification. Where changes materially affect how your data is processed, we will seek your consent.

We recommend reviewing this policy periodically.

19. Contact Us

If you have questions, concerns, or requests about this policy or our data practices, you can reach us at:

Email: contact@odyss.life
Web: odyss.life/pages/privacy
In-app: Settings → Privacy → Data Management

Shenzhen Xin Gan Zhi Ying Technology Co., Ltd.

Room 4201, Building E, China Resources Land Tower, Nanshan District, Shenzhen

Email: contact@odyss.life

20. Definitions

Term	Meaning
Health and Dietary Data	Nutritional estimates, dietary patterns, meal data, health insights, and any data derived from AI analysis of food images that relates to your physical health or diet
Personal Data	Any information that identifies or can be used to identify you as an individual
Sensitive Personal Information	Categories of personal information requiring enhanced protection, including health and dietary data, voice data, precise geolocation, race or ethnicity, biometric information, etc.
Processing	Any operation performed on data, including collection, storage, analysis, and deletion
De-identified Data	Data that has been processed so it can no longer be linked to an identifiable individual
Aggregated Data	Data combined from multiple users and presented in summary form, from which individual users cannot be identified
AI-Generated Content	Nutritional estimates, dietary recommendations, or health insights generated by AI systems — for general informational purposes only and not constituting medical advice
Services	Collectively, the ODYSS device, mobile app, and website
Device	The ODYSS AI-powered smart necklace