Privacy Policy

This Privacy Policy (“Policy”) explains how Today (“we,” “us,” or “our”) collects, uses, and shares information about you when you use our websites, applications, and related services (collectively, the “Services”).
Effective date: May 13, 2026
Last updated: May 20, 2026
Contact: privacy@today.ai
Related: Terms of Service

1. Information we collect

We may collect the following categories of information:

• Account information — name, email address, and authentication credentials (including third-party sign-in tokens).
• User content — text, files, messages, voice recordings, and other data you submit to or generate through the Services, including content processed by third-party AI Providers as described in Section 1C.
• Usage data — device identifiers, browser type, operating system, IP address, referral URLs, pages visited, and feature interactions.
• Connected-account data — information you authorize third-party services to share with us through integrations you enable.
• Payment information — processed by our payment processor; we do not store full card numbers.
• Health and fitness data — on Android, when you enable Health Connect, and on iOS / iPadOS, when you authorize Apple HealthKit categories. See Sections 1A and 1B below for the categories, how we use this data, and how to revoke access.

1A. Health and fitness data (Android — Health Connect)

The Today Android app integrates with Android Health Connect. We only read health data after you explicitly grant access, and only the categories below — we do not write data back to Health Connect. You can revoke access at any time from Android Settings → Health Connect → App permissions → Today.

• Activity — steps, exercise sessions, sleep sessions.
• Vitals — heart rate, blood pressure, blood glucose, oxygen saturation, respiratory rate, body temperature.
• Body measurements — weight.
• Nutrition and hydration — nutrition entries and hydration intake.

The Today AI assistant reads this data on-demand to answer questions or perform tasks you request. Readings are processed by our AI inference and cloud providers under written confidentiality and data-protection obligations, and may be stored as part of the chat or agent task history that you can view and delete at any time. See also Section 1C.

We never use Health Connect data, or data derived from it, for advertising, marketing, or re-marketing; sell or transfer it to data brokers, ad networks, or any other party for advertising purposes; or use it for credit-worthiness, insurance, employment, or similar eligibility decisions. Health Connect data is encrypted in transit and at rest, and we do not knowingly read it from users under 18.

1B. Health and fitness data (iOS / iPadOS — Apple HealthKit)

The Today iOS and iPadOS apps integrate with Apple HealthKit. We only read the categories you explicitly authorize in the HealthKit permission sheet — you can change or revoke any category at any time from iOS Settings → Privacy & Security → Health → Today.

Subject to the permissions you grant, Today reads from the following HealthKit categories:

• Activity, fitness, and workouts — steps, exercise and stand time, energy burned, distance, workouts and related performance metrics for running, cycling, swimming, and other sports.
• Heart and blood — heart rate, resting and walking heart rate, heart rate variability, VO₂ max, blood pressure, blood glucose, atrial fibrillation burden, blood alcohol content, and irregular-rhythm or high/low heart rate events.
• Body measurements and vitals — weight, body fat percentage, BMI, lean body mass, height, waist circumference, body temperature.
• Respiratory, sleep, and mindfulness — respiratory rate, oxygen saturation, lung-function metrics, inhaler usage, sleep sessions and apnea events, mindful sessions.
• Nutrition and hydration — energy, macronutrients, vitamins, minerals, caffeine, water intake, alcohol intake.
• Mobility, gait, and audio exposure — walking speed and steadiness, stair speeds, six-minute walk test, environmental and headphone audio exposure.
• Reproductive and menstrual health — menstrual flow and cycle events, ovulation and pregnancy tests, pregnancy and lactation status, sexual activity, contraceptive use.
• Symptoms, medications, and lifestyle — user-logged symptoms (e.g. headache, fatigue, mood changes), medication dose events on iOS 26 and later, daylight and UV exposure, falls, insulin delivery.

The Today AI assistant uses HealthKit data both on-demand (when you ask a question that requires it) and through HealthKit’s background-delivery feature: when new samples become available, recent readings are uploaded over an encrypted connection to our AI inference and cloud providers, under written confidentiality and data-protection obligations, so the assistant can deliver personalized health insights, reminders, and summaries. The synced records are stored as part of your account and you can view and delete them at any time. See also Section 1C.

We never use HealthKit data, or data derived from it, for advertising, marketing, or re-marketing; sell or transfer it to data brokers, ad networks, or any other party for advertising purposes; or use it for credit-worthiness, insurance, employment, or similar eligibility decisions. HealthKit data is encrypted in transit and at rest, and we do not knowingly read it from users under 18.

1C. AI features and third-party model providers

When you use AI-powered features in the Services (including chat, voice messages, automations, tasks, and personalized summaries or health insights), we process the information needed to generate a response on Today’s systems. We may also use third-party artificial intelligence and cloud inference providers (“AI Providers”) that process personal information on our behalf to run those features. Depending on product configuration and region, AI Providers may include companies such as Amazon Web Services, Anthropic, OpenAI, and other subprocessors we list on our website from time to time.

Categories of information we may send to AI Providers include:

• Messages and prompts you submit, and AI-generated outputs returned to you;
• Attachments you choose to send (for example images, documents, and audio or voice recordings);
• Context you authorize for a specific request, including data from connected third-party integrations you enable and, where permitted, Health Connect or HealthKit data as described in Sections 1A and 1B;
• Account and session metadata reasonably necessary to operate the feature (for example user identifiers, timestamps, feature flags, and security signals). We do not include message bodies in routine error logs unless you contact support and we need that information to investigate a specific issue.

How we use this information: solely to provide, operate, secure, and improve the AI features you request; to prevent fraud and abuse; and to comply with law. We require AI Providers to process personal information under written confidentiality and data-processing obligations that are no less protective than this Policy.

Model training: We do not permit AI Providers to use your identifiable chat content, attachments, or health data to train their public foundation models. We may use aggregated or de-identified information to improve reliability and safety of the Services where permitted by law.

Retention and control: AI-related content is stored as part of your account history (for example chat or agent task history) that you can view and delete in the Services, subject to Section 5. When you delete content or your account, we delete or anonymize associated data within a reasonable time, except where retention is required by law.

Your choice: Some AI features require sending personal information to AI Providers. Where we rely on consent, you may decline or withdraw consent as described in Section 6. If you decline, you may still use non-AI parts of the Services, but AI features may not work. Where required by applicable law, we also provide an in-app disclosure before you send your first AI message.

2. How we use information

We use collected information to:

• Provide, maintain, and improve the Services;
• Authenticate users and secure accounts;
• Process transactions and send related information (receipts, confirmations);
• Send service announcements and respond to support requests;
• Operate, secure, and improve AI-powered features you use, including processing your content through AI Providers on our behalf, as described in Section 1C, and improve the Services using aggregated or de-identified data where permitted by law;
• Detect fraud, abuse, and security incidents; and
• Comply with legal obligations.

3. How we share information

We may share information with:

• AI and inference providers — companies that host, route, or run AI models on our behalf to generate responses and complete tasks you request, as described in Section 1C, under confidentiality and data-protection obligations;
• Service providers — companies that assist with hosting, analytics, payment processing, customer support, and similar operations other than AI processing described in Section 1C, under obligations of confidentiality;
• Third-party integrations you connect or authorize;
• Affiliates and successors in the event of a merger, acquisition, or asset sale; and
• Law enforcement or regulators when required by law, court order, or to protect rights and safety.

We do not sell your personal information.

We do not sell or share personal information for cross-context behavioral advertising as defined under applicable U.S. state privacy laws.

4. Cookies and similar technologies

We use cookies, local storage, and similar technologies for authentication, preferences, and analytics. You may control cookies through browser settings; however, some features may not function properly if cookies are disabled.

5. Data retention

We retain information as long as your account is active or as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. Content processed for AI features (Section 1C) is retained according to the same rules as your account and chat history unless a shorter period is required by law or your deletion request. When data is no longer required, we delete or anonymize it within a reasonable time.

6. Your rights and choices

Depending on your jurisdiction, you may have some or all of the following rights regarding your personal information:

• Access and portability — request a copy of your data in a structured format;
• Correction — request correction of inaccurate data;
• Deletion — request deletion of your data, subject to retention obligations;
• Restriction and objection — restrict or object to certain processing activities;
• Withdraw consent — where processing is based on consent, withdraw at any time; and
• AI data sharing — where we rely on your consent to send personal information to AI Providers (Section 1C), you may withdraw consent at any time in the app (Settings → Privacy Policy, and the in-app prompt before your first AI message) or by emailing privacy@today.ai. Withdrawing consent may limit or disable AI features but does not affect processing based on other legal bases (for example security or legal compliance).

To exercise these rights, contact us at privacy@today.ai. We will respond within the timeframe required by applicable law.

7. International data transfers

We operate globally. Your information may be transferred to and processed in countries other than your own, including by AI Providers described in Section 1C. We implement appropriate safeguards (such as standard contractual clauses or equivalent mechanisms) where required by law.

8. Security

We use administrative, technical, and physical safeguards designed to protect your information. No method of transmission or storage is completely secure; we cannot guarantee absolute security but will notify you as required by law in the event of a breach.

9. Children

The Services are not directed at children under 18 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with data, please contact us so we can delete it.

10. Changes

We may update this Policy from time to time. We will post the updated Policy and update the effective date. If changes are material, we will provide additional notice as required by law.

11. Contact

privacy@today.ai