← Back to Home

Privacy Policy

Effective Date: November 1, 2025

Welcome to SUMMITS Inc. ("SUMMITS," "we," "us," or "our"). We value your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, and share information when you access or use our website, mobile applications, and related services (collectively, the "Services").

By using the Services, you agree to the practices described in this Policy.

1. Information We Collect

We collect information that you provide directly to us and data generated automatically through your use of the Services. This may include:

Personal Information: Name, email address, phone number, delivery address, and payment details (processed securely via Stripe — we do not store credit-card numbers).

User-Defined Inputs: Biometrics, dietary preferences, fitness objectives, and macronutrient ratios.

Biometric & Integration Data: Height, weight, and activity data shared from connected services such as Fitbit, Apple Health, or other platforms you authorize.

Transactional Data: Order history, rewards activity, and account usage.

Technical Data: Device identifiers, IP address, browser type, cookies, and app interaction data for analytics and security.

2. How We Use Your Information

We use your information to operate, personalize, and improve the SUMMITS experience. Specifically, we may use it to:

Personalize your experience: Generate meal recommendations and track progress toward your goals.

Manage accounts and transactions: Process orders, rewards, and account settings.

Improve our Services: Analyze engagement and performance to enhance features.

Train algorithms responsibly: Anonymized data may be used to improve our machine-learning models; once anonymized, it cannot be linked to you.

Marketing communications (optional): Send updates or offers to users who have opted in. You may opt out at any time.

We will not use your personal data for purposes materially different from these without your consent.

3. How We Share Information

We share data only as necessary to provide and improve our Services:

Payment Processing: With Stripe for secure transactions. SUMMITS does not store credit-card details.

Cloud Infrastructure & Analytics: With trusted cloud providers that securely host, process, or analyze data under strict confidentiality and security standards (including encryption and HIPAA-aligned safeguards where applicable).

Third-Party Integrations: With fitness and health platforms (e.g., Fitbit, Apple Health) only when you connect them. SUMMITS is not responsible for data accuracy from third-party sources.

We never sell personal information to third parties.

4. Data Retention

We retain data only as long as necessary to provide the Services or comply with legal requirements:

User Data: Retained for up to two (2) years of inactivity, unless you submit a verified request to delete your account or revoke consent for certain data processing.

Anonymized Data for Machine Learning: Once anonymized, it is no longer personally identifiable and may be retained indefinitely for algorithm improvement.

Transactional and Compliance Data: Retained for a minimum of five (5) years or longer as required by law.

5. Your Rights & Choices

Depending on your jurisdiction, you may have the right to:

Access & Correct: View and update your personal information through your account.

Delete: Request deletion of your account and associated personal data (subject to legal retention obligations).

Withdraw Consent: Disconnect fitness integrations or revoke permission for certain data uses.

Opt Out of Marketing: Unsubscribe via email or adjust preferences in your account.

To exercise any of these rights, contact [email protected]. We may need to verify your identity before processing requests.

6. Security

We implement advanced security and privacy measures to protect user data, including:

Data Encryption: All personal and transactional data are encrypted in transit and at rest.

Partitioned Data Architecture: Health and fitness data is stored in a separate, secured database from personally identifiable information (PII). PII and fitness data are linked only through hashed, pseudonymized user IDs, limiting access to sensitive data and reducing re-identification risk.

Authentication Controls: Account authentication and session management are handled securely via Clerk, with links to verified contact identifiers such as email and phone number.

Infrastructure Security: Our systems run on secure cloud environments with network isolation, access logging, and continuous monitoring.

Compliance Alignment: Our data handling practices are designed to align with leading security and privacy standards, including SOC 2 and NIST principles.

While SUMMITS Inc. employs industry-leading safeguards, no online system is completely risk-free. We continuously improve our security posture to protect your information.

7. Children's Privacy

SUMMITS does not knowingly collect information from individuals under 18 years of age. If we become aware that we have collected such information, we will delete it promptly.

8. Changes to This Policy

We may update this Privacy Policy periodically. Significant changes will be communicated via email or in-app notice. Continued use of the Services after updates indicates acceptance of the revised Policy.

9. Contact Us

SUMMITS Inc.
1319 W Warner Ave #1008
Santa Ana, CA 92704
Email: [email protected]

10. Jurisdiction & Governing Law

This Privacy Policy is governed by the laws of the State of Delaware, excluding its conflict-of-law rules. SUMMITS Inc. is a Delaware corporation with its principal place of business in California.