Abstract gradient background in NinthMoon's brand colors

    Consumer Health Data Privacy Policy

    Version: v1.0Effective Date: Jun 25, 2026

    This separate policy addresses U.S. consumer-health-data laws, including Washington’s My Health My Data Act (MHMDA), Nevada SB370, and the Connecticut Data Privacy Act’s health provisions. It supplements our general Privacy Policy.

    1. Purpose and Scope

    This Consumer Health Data Privacy Policy explains how NinthMoon AI LLC (“NinthMoon,” “we,” “us”) collects, uses, shares, and protects consumer health data — information that identifies your past, present, or future physical or mental health status. Because NinthMoon supports reproductive and emotional wellbeing, much of the information you share with us is consumer health data, and we treat it with heightened care. This policy applies to consumers in Washington, Nevada, Connecticut, and any other jurisdiction with comparable consumer-health-data laws.

    2. Categories of Consumer Health Data We Collect

    • Reproductive and sexual health information: last menstrual date, cycle data, pregnancy status and stage, fertility, pregnancy loss/miscarriage, and abortion-related information you choose to share.
    • Mental and emotional health information: mood check-ins, emotional state, journaling content, and sentiment inferred from your conversations.
    • Health-related inferences: AI-generated summaries (“memory”) and insights derived from the above.
    • Information that identifies you as seeking health services, where you provide it.

    3. Sources

    We collect consumer health data directly from you (chat with Nimo, check-ins, journaling, profile inputs, voice) and generate it (inferences and summaries from your inputs). We do not purchase consumer health data from data brokers.

    4. How We Use Consumer Health Data

    To provide and personalize the Services and Nimo’s responses; to maintain your memory summary; to provide wellbeing and safety features (including sentiment analysis to detect distress); and as otherwise described in our Privacy Policy. We use it only for purposes you would reasonably expect in providing the Services you request, or with your consent.

    5. How We Share Consumer Health Data

    We do not sell consumer health data, and we will not sell it without your separate, valid written authorization (which we do not currently seek). We share consumer health data only with sub-processors that help us provide the Services, and only as necessary, including:

    • OpenAI — to generate Nimo’s responses (API business terms; not used to train its models);
    • Google Cloud Natural Language — to analyze chat/journal text for wellbeing/safety signals;
    • Google Cloud / Firebase — hosting and storage of your data in the United States.

    A complete list is in our Sub-processor List. We may also disclose consumer health data to protect someone’s life or safety, or in response to valid legal process as described in our Law Enforcement & Government Data Request Policy.

    6. Consent

    • We collect consumer health data with your consent when you provide it, and to deliver the features you request.
    • Before Nimo processes your messages, we obtain your consent through an in-app consent screen identifying OpenAI.
    • We obtain separate consent where required to collect consumer health data beyond what is necessary to provide a requested service, and separate authorization before any sale (we do not sell).
    • You may withdraw consent at any time (see Section 7); withdrawal does not affect processing already carried out.

    7. Your Rights

    You have the right to: confirm and access the consumer health data we hold; withdraw consent; and delete you have the right to request the absolute deletion of your consumer health data. When you submit a verified deletion request (either via our in-app self-service tool or by emailing legal@ninthmoon.ai), NinthMoon will completely purge your consumer health data from our active databases and server environments within thirty (30) days. Furthermore, in strict compliance with applicable consumer health laws, we will automatically transmit a mandatory downstream deletion directive to all infrastructure contractors, service providers, and processors who have processed your health data on our behalf, ensuring complete erasure across our entire digital pipeline. To exercise these rights, email legal@ninthmoon.ai or use the in-app account-deletion option. We will respond within the timeframes required by applicable law and may verify your identity. If we deny a request, you may appeal by replying to our response; if your appeal is denied, you may contact your state Attorney General.

    8. No Geofencing

    We do not use geofencing to identify, track, collect data from, or send notifications to consumers based on proximity to any health-care facility.

    9. Security and Retention

    Consumer health data is encrypted in transit and at rest, hosted on Google Cloud in the United States, and access-controlled; chat content is additionally encrypted with a dedicated application key. We retain it for the life of your account (no inactivity-based auto-deletion). You can export your data and delete your account in the app; deletion runs on a 14-day grace period and then comprehensively erases your data across authentication, database, and storage.

    10. Changes and Contact

    We may update this policy; material changes will be posted with a revised effective date. Contact: legal@ninthmoon.ai — NinthMoon AI LLC, 8 The Green, Ste A, Dover, DE 19901.

    Soft, calming gradient background in NinthMoon's brand colors

    Your privacy matters to us.

    Transparent policies.

    HIPAA-conscious design.

    We never sell your data.

    Built on trust, designed with care.

    Download NinthMoon today 💛