Privacy Policy
Last updated: 22 May 2026 ·
Provider: YUHA HEALTH LLC (DBA Yuha) ·
Registered: New Jersey, USA
YUHA is a personal health-coaching app operated by YUHA HEALTH LLC,
a New Jersey limited liability company based in Jersey City, NJ ("YUHA,"
"we," "us," or "our"). It consolidates your fitness data from connected
services and provides AI-driven insights. This policy explains what we
collect, how we use it, and the choices you have. We try to keep this
short and plain-English.
Short version: we only collect what we need to coach you.
We don't sell your data. You can disconnect any source or delete your
account at any time. AI requests are sent to our model provider
(Anthropic Claude or Google Gemini) but are not used to train their
models.
1. Who we are
YUHA is operated by YUHA HEALTH LLC, doing business as Yuha,
a limited liability company organized under the laws of the State of
New Jersey, with a principal place of business in Jersey City, New
Jersey, USA ("YUHA," "we," "us," or "our"). You can reach us at
hello@yuha.app for any privacy
question, data export request, or deletion request.
2. Information we collect
2.1 Information you give us
- Account info — name, email, hashed password (PBKDF2-SHA256, never stored in plaintext).
- Profile preferences — distance units, age, weight, training days, personal records.
- Health data you log manually — workouts, meals, mood, goals, custom notes.
- Chat messages — what you write to the YUHA assistant, so we can keep context across the conversation.
2.2 Information from connected services
-
Strava (when you authorize the connection) — your activity history (distance, duration, pace, heart rate, route GPS, elevation, kudos, comments), athlete profile, and basic account information per the OAuth scopes you grant
(
activity:read_all, profile:read_all).
-
Garmin Connect (when you provide credentials) — activities, sleep, body battery, stress, VO2max, training load, daily steps, resting heart rate.
- We do not receive credit card numbers, contact lists, or location data outside the GPS tracks attached to your activities.
2.3 Technical information
- Session cookie — a single HttpOnly cookie named
yuha_session, expires after 30 days. Used solely to keep you logged in.
- Analytics — we use Google Analytics (GA4) to understand aggregate, anonymized usage (such as page views and which features are used) so we can improve YUHA. GA4 sets its own cookies (for example
_ga) and processes this data under Google's terms; IP addresses are anonymized and we do not enable cross-site advertising profiles. We use no other third-party tracking SDKs.
- Server logs — standard request logs (IP, timestamp, endpoint) retained for up to 30 days for security and debugging.
3. How we use your information
- To provide the core service — show your dashboard, generate insights, answer your questions, build training plans, send weekly digests if you opt in.
- To send you transactional emails (password resets, weekly digests if subscribed, security notices). We do not send marketing emails.
- To improve YUHA — diagnose bugs, identify patterns at an aggregated level. We do not build advertising profiles.
4. AI processing
When you chat with YUHA, your message and a summary of relevant context
(recent activities, goals, memory facts) is sent to our model provider —
either Anthropic (Claude) or Google (Gemini), depending on configuration —
so the model can produce a reply. These providers process the request
under their commercial API terms and do not use API content to
train their models. Your data is not shared with any other AI
vendor.
5. Strava-specific terms
Compatible with Strava. YUHA reads your Strava data only to power the features you use inside YUHA.
- We never modify, post, or delete activities on your Strava account.
- Your Strava data is shown only to you, inside your YUHA account.
- You can revoke YUHA's access at any time from strava.com/settings/apps or by clicking Disconnect on the Sources page in YUHA.
- If you delete your YUHA account or disconnect Strava, we delete the OAuth tokens and the cached Strava activities tied to your account.
6. How we store and protect your data
- Storage — MongoDB Atlas, encrypted at rest. Hosted in regions disclosed by Atlas.
- Transit — all API traffic uses TLS (HTTPS).
- Multi-tenant isolation — every record carries your
user_id; queries always filter by it. Other users cannot see your data.
- Passwords — hashed with PBKDF2-SHA256. We cannot recover your password; resets generate a new one.
- Tokens — Strava OAuth tokens and Garmin session blobs are stored encrypted in our database, scoped to your user.
7. How long we keep your data
- While your account is active — for as long as you use YUHA.
- Server logs — up to 30 days.
- After account deletion — health data is removed within 30 days; backups are purged within 90 days.
8. Sharing
We share data only with the service providers required to run YUHA:
- MongoDB Atlas — database hosting.
- Anthropic or Google — AI model inference (per section 4).
- Resend — transactional email.
- Google Analytics — aggregate, anonymized usage analytics (per section 2.3).
- Open-Meteo, Photon, Nominatim, OpenRouteService, OSRM — public APIs queried for weather, geocoding and routing. We send only the place names or coordinates needed for the request, never your account identity.
- Microsoft Azure — application hosting.
We do not sell your data and do not share it for advertising.
9. Your rights and choices
- Access & export — email hello@yuha.app and we'll send your data within 30 days.
- Correction — edit your profile in-app, or email us.
- Deletion — delete your account from the profile screen, or email us. Connected-service tokens and cached data are removed with the account.
- Disconnect a source — go to Sources in YUHA and click Disconnect. We immediately revoke the token and stop syncing.
- Withdraw consent — by disconnecting or deleting your account.
10. Children
YUHA is not intended for children under 13 (or under 16 in regions where applicable law sets a higher age). We do not knowingly collect data from children.
11. International transfers
YUHA is hosted on infrastructure that may process data outside your country of residence. Where applicable, we rely on standard contractual clauses to safeguard transfers.
12. Changes to this policy
If we change this policy materially, we'll post the updated version at this URL and, where appropriate, notify you by email. The "Last updated" date above always reflects the current version.
13. Contact
YUHA HEALTH LLC
Jersey City, New Jersey, USA
Email: hello@yuha.app
Questions, requests, or complaints? Email hello@yuha.app.