Consumer Health Data Privacy Policy

Last updated: October 13, 2025

This Consumer Health Data Privacy Policy explains how Unison Labs, Inc., dba “Nori” (“we”, “us”) collects, uses, shares, and protects “consumer health data” as defined under applicable U.S. state laws, and the privacy rights and choices you have with respect to such data, in connection with our service offerings and other products or services (collectively, the “Services”).

This Consumer Health Data Privacy Policy supplements our Privacy Policy.

Categories of Consumer Health Data We Collect

We collect the following categories of consumer health data:

  • Information about your health conditions, treatment, diseases, or diagnoses, such as information about your health history, hereditary or chronic symptoms or disease, including treatment, prescribed medications or other health-related information that you provide.
  • Social, psychological, behavioral, and medical interventions, including exercise routines and fitness goals, diet and sleep habits, stress management activities, or other habit metrics you provide.
  • Information about your bodily functions, vital signs, symptoms or measurements of information, such as information about your weight and height, vital signs and physiological measurements.
  • Diagnoses or diagnostic testing, treatment or medication, such as when you share results of panel screenings or blood tests with us.
  • Health information that is derived or inferred from non-health data, such as derived health insights we generate from your inputs to the Services, including risk scores, personalized health targets and personalized habit change recommendations.

Categories of Sources of Consumer Health Data We Collect

We collect consumer health data about you from:

  • You, when you provide such information to us in connection with your use of the Services, including when you fill out our forms, surveys, questionnaires, or upload results of panel screenings or other health assessments, or ask questions or provide feedback to us, including in connection with our support services.
  • Third parties, when you explicitly grant us permission to collect data from third parties, (such as your accounts with Apple Health, Oura, Whoop and others) information that you authorize will be transmitted through to us. We will not use health information gained through third parties for advertising purposes or sell or share such health information to advertising platforms, data brokers, or information resellers. We use your consumer health data solely to provide the Services to you, including to tailor health improvement recommendations and other Services you request.

Our Purposes for Collecting and Using Consumer Health Data

We collect and use consumer health data for the following purposes:

  • To provide our Services to you, including to provide personalized health insights and recommendations based on the information you provide, including your health metrics you share with us; provide support and assistance relating to the Services; create and manage your account; and process orders or other transactions.
  • For research and development. We may use your consumer health data for research and development purposes, including to analyze and improve our Services and our business. As part of these activities, we may create aggregated, de-identified, or other anonymous data from personal information we collect. We may use this data and disclose it to third parties for our lawful business purposes, including to analyze and improve our Services and promote our business.
  • Compliance and protection. We may use consumer health data to comply with legal obligations, and to defend our company against legal claims or disputes, including to:
    • Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.
    • Protect our, your or others' rights, privacy, safety or property (including by making and defending legal claims).
    • Audit our internal processes for compliance with legal and contractual requirements and internal policies.
    • Enforce the terms and conditions that govern our website.
    • Prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

How We Disclose Your Consumer Health Data

We may disclose the categories of consumer health data described above to:

  • Service Providers. We may disclose your consumer health data to our service providers who assist us in providing Services to you. This includes:
    • AI service providers, including OpenAI, Anthropic, and Google;
    • Cloud platform and hosting providers, such as Amazon Web Services; and
    • Analytics and research service providers to analyze how you use and interact with our products and services.
  • Law enforcement, government agencies or other third parties where we believe in good faith to be necessary or appropriate to comply with applicable laws or protect our legitimate interests.
  • Business transferees, such as acquirers and other relevant participants in business transactions (or diligence or negotiations for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale, or other disposition of all or any portion of the business or assets of, or equity interests in, us including, in connection with a bankruptcy or similar proceedings. Should one of these events occur, we will make reasonable efforts to notify you.
  • Other third parties at your direction or with your authorization.

Your Rights Regarding Your Consumer Health Data

Depending on your location and the nature of your interaction with the Services, you may request the following:

  • Confirm whether we collect, share or sell your consumer health data.
  • Access your consumer health data
  • Delete your consumer health data
  • Withdraw your consent from our collection or sharing of your consumer health data.

Please note that in some circumstances, your choices may be limited, such as where fulfilling your request would impair the rights of others, our ability to provide a service you have requested, or our ability to comply with our legal obligations and enforce our legal rights. In those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need you to provide us with additional information, which may include personal information if necessary to verify your identity and the nature of your request.

Submitting a request. To submit a request regarding any of the rights described above, please send us an email at privacy@nori.ai.

We will not discriminate against you for exercising your rights described above.

How to appeal. If your request to exercise any of the rights described above is denied, you may appeal this decision by emailing us at privacy@nori.ai. We will inform you within 45 days of receiving your appeal which will include an explanation of the reasons for our decision. If your appeal is denied, you may issue a complaint with appropriate regulatory enforcement authorities.

Changes to this Consumer Health Data Privacy Policy

We reserve the right to make changes to this Consumer Health Data Privacy Policy at any time. If we do so, we will notify you by updating the date of this Consumer Health Data Privacy Policy and posting it on our website and online services. If required by law to provide notification of changes in another way, such as by sending you an email, and/or by some other means, we will do so. If you use the Services after any changes to the Consumer Health Data Privacy Policy have been posted, you acknowledge all of the changes. Any modifications to this Consumer Health Data Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting).