tolera Privacy Policy

Privacy Policy

Last updated: July 3, 2026   v1.0

This Privacy Policy explains how Tolera ("Tolera", "we", "us", or "our") collects, uses, shares, and protects information when you use the Tolera application and the website at mytolera.com (the "Service"). It applies together with our Terms of Service.

Not legal advice. This policy is a starting template prepared without a licensed attorney and has not been reviewed for your jurisdiction or circumstances. Because Tolera handles health-related information, you should have this policy, your consent flows, and your data practices reviewed by a qualified privacy attorney before you rely on them.
The short version. Tolera stores the health information you choose to log so you can track and review it. Your individual health data is never sold. It is never shared with other users except through features you deliberately turn on (community recipe content and household or caregiver sharing). We use a small set of named providers to run the Service. You can access, export, correct, or delete your data.

1. Who we are and scope

Tolera is a personal health tracking and organization tool operated by Tolera. For personal data we process to provide the Service, we act as the data controller. Some providers we use act as our processors or sub-processors, and some optional integrations act as independent controllers of the data they hold. This policy covers the Service. It does not cover third-party services you choose to connect, which have their own privacy policies.

2. A note on HIPAA and health data

Tolera is a consumer application. In most cases it is not a HIPAA covered entity or a business associate, and using Tolera does not create HIPAA protections for the information you enter. This is common for consumer health apps. We say this so you are not misled: the health information you log in Tolera is generally governed by this Privacy Policy and by applicable consumer and data protection laws, not by HIPAA. Even though HIPAA generally does not apply, we treat your health information as sensitive and handle it with care, as described below. Where consumer health privacy laws apply to us (for example, state health privacy laws or the GDPR's special-category rules), we aim to comply with them.

3. Information we collect

Account and identity information. Your email address, and identifiers from your sign-in method (for example, Cloudflare Access or Clerk). Your role or plan tier, feature grants, and account settings. We do not require your legal name.

Health and wellness information you log. This is the core of the Service, and you choose what to enter. It may include:

Connected-service data. If you enable an optional integration, we receive data from it as described in the connected-services section (for example, weight and blood pressure from Withings, workouts from Hevy, sleep and activity and vitals from Apple Health through a Shortcut you set up).

Usage, device, and log data. Standard technical information generated when you use the Service, such as IP address, device and browser type, timestamps, requests, error and diagnostic logs, and app version. Our hosting provider processes some of this to route, secure, and serve requests. If you submit an error or feedback report, we receive the message, technical context, and app version you send.

Cost and governance metadata. To operate AI features within limits, we record metadata about AI usage and estimated cost per account.

We do not intentionally collect more than we need to run the Service, and we do not build advertising profiles.

4. How we use information and legal bases

We use information to:

Legal bases (GDPR and similar laws). Where the GDPR or a similar law applies, we rely on: performance of our contract with you (Article 6(1)(b)) to provide the Service you request; your consent (Article 6(1)(a)) for optional features such as connected services, alert emails, and any non-essential processing; our legitimate interests (Article 6(1)(f)) in securing, maintaining, and improving the Service and preventing abuse, where not overridden by your rights; and compliance with legal obligations (Article 6(1)(c)). For health and other special-category data, we rely on your explicit consent under Article 9(2)(a), as described next.

5. Sensitive and health data; explicit consent

Much of what you log is special-category or sensitive personal data (data concerning health, and in some cases other sensitive attributes). We process it only to provide the Service to you and features you enable, on the basis of your explicit consent, which you give when you choose to log the data or turn on a feature. You are never required to enter any particular category of health data; the fields are optional and you control what you record.

You can withdraw consent at any time by deleting the relevant data, disconnecting an integration, turning off a feature, or deleting your account. Withdrawing consent does not affect processing already carried out, and turning off a feature may limit the Service. We do not use your health data for advertising, and we do not sell it.

6. We do not sell your data; limited sharing

We do not sell your personal or health information, and we do not "share" it for cross-context behavioral advertising as those terms are used under US state privacy laws.

Your individual health data is never disclosed to other users except through features you deliberately enable:

We may also disclose information: to our sub-processors that help run the Service (below); to comply with law, legal process, or a lawful government request; to protect the rights, safety, and security of users, the public, or us, and to enforce our Terms; and in connection with a merger, acquisition, financing, or sale of assets, in which case we will require the recipient to honor this policy and will notify you of any change of controller and your choices.

7. Sub-processors and third-party services

We use the following providers to operate the Service. Each processes only the data needed for its function, under its own terms and privacy policy. Optional integrations are marked and are used only if you enable them.

ProviderPurposePrivacy policy
Cloudflare, Inc. Core infrastructure: application hosting (Workers), database (D1), object storage for photos (R2), authentication and access control (Cloudflare Access / Zero Trust), and email routing. Processes your stored data and technical request data. cloudflare.com/privacypolicy
Resend Sends transactional email and, if you enable them, alert emails. Receives recipient email addresses and message content. resend.com/legal/privacy-policy
Anthropic, PBC Powers AI features. When you use an AI feature, the text or image you submit for that feature is sent to Anthropic's Claude API to generate a response. Anthropic states it does not train its models on data submitted through its API, and processes it under its commercial terms and Data Processing Addendum. anthropic.com/legal/privacy
Clerk, Inc. (optional) Sign-in and identity, when Clerk is the configured identity provider. Handles authentication and associated account identifiers. clerk.com/legal/privacy
Withings (optional) If you connect Withings, provides weight, blood pressure, sleep, and activity data via OAuth that you authorize. withings.com privacy policy
Hevy (optional) If you connect Hevy using your own API key, provides your workout data. hevyapp.com/privacy-policy
Apple, Inc. / Apple Health (optional) If you set up the iOS Shortcut, your device sends sleep, activity, and vitals you choose to Tolera using a token you generate. Apple Health data stays on your device except what your Shortcut sends. apple.com/legal/privacy
USDA FoodData Central Public-domain food and nutrition reference lookups. Used to look up nutrition data; your health data is not sent to obtain a lookup. fdc.nal.usda.gov
Edamam Food and nutrition database lookups. Used to look up foods and nutrition. Nutrition results may be shown "powered by Edamam". edamam.com

Food and nutrition data from USDA FoodData Central and Edamam is reference information and may be incomplete or inaccurate. We may update this list as our providers change and will reflect changes in this policy.

8. Optional connected services

Connected services (Withings, Hevy, and Apple Health) are off by default and are enabled only by your explicit action, using your own credentials, OAuth authorization, or a token you generate. Each writes only the fields it owns, so sources do not overwrite each other (for example, Withings provides weight and blood pressure while Apple Health provides sleep, activity, and vitals). You can disconnect a service at any time in the Service and, where applicable, revoke access with the provider directly. Disconnecting stops future syncing; data already synced remains until you delete it. When you use a connected service, that provider's handling of your data on its side is governed by its own privacy policy.

9. Cookies, local storage, and the service worker

Tolera is a progressive web app and uses minimal cookies. It relies on:

These are used to operate the Service, not for advertising or cross-site tracking. You can clear local storage and cookies in your browser settings, though doing so will sign you out and reset local preferences.

10. Data retention

We keep your account and logged data for as long as your account is active so the Service can show your history. When you delete a specific entry, we remove it from active systems. When you delete your account, we delete or de-identify your personal and health data from active systems, except where we must keep limited information to comply with law, resolve disputes, prevent abuse, or enforce our Terms, and except for residual copies that persist in routine backups for a limited period before they are overwritten. De-identified or aggregated data that no longer identifies you may be retained. Note that photo images are stored as bytes in object storage and their metadata in the database; deleting a photo removes both.

11. Security

We take reasonable technical and organizational measures to protect your information, including:

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your device and sign-in secure.

12. International data transfers

We and our providers may process and store information in countries other than the one in which you live, including the United States. Those countries may have different data protection laws. Where required, we rely on appropriate safeguards for international transfers, such as the European Commission's Standard Contractual Clauses or a provider's equivalent transfer mechanism, and we use providers that offer such protections. By using the Service, you understand your information may be transferred as described here, subject to those safeguards where they apply.

13. Your rights and choices

Depending on where you live, you may have rights over your personal information, including to:

We do not use your data for solely automated decisions that produce legal or similarly significant effects about you. AI features generate suggestions for you to review, not binding decisions.

14. How to access, export, or delete your data

You can access and manage most of your data directly in the Service. To export, correct, or delete data, or to delete your account, use the in-app controls where available, or contact us at hello@mytolera.com. We will verify your request against your account and respond within the time required by applicable law (generally within 30 days, extendable where the law allows). We will tell you if we cannot fully comply and why. There is no charge for a reasonable request. You may use an authorized agent where the law permits.

15. Children's privacy

The Service is intended for adults (18 or older, or the age of majority where higher) and is not directed to children. We do not knowingly collect personal information from children under 13, or under 16 where a higher age applies under local law. If you believe a child has provided us personal information, contact us at hello@mytolera.com and we will delete it. Where a caregiver tracks a minor's health information using household features, the account holder is responsible for having the legal authority to do so.

16. Data breach notification

If we become aware of a personal data breach that affects your information, we will act promptly to investigate and mitigate it, and we will notify affected users and the relevant authorities where and within the timeframes required by applicable law (for example, without undue delay and, under the GDPR, generally within 72 hours to the supervisory authority where feasible).

17. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date and version and, where appropriate, provide notice in the Service or by email. Where the law requires, we will obtain your consent to new processing. Your continued use of the Service after an update takes effect means you accept the updated policy.

18. Contact

For privacy questions or to exercise your rights, contact:

If you are in the European Economic Area or the United Kingdom and we are required to designate a representative or data protection officer, those details will be added here.


This document is a template and not legal advice. Because it concerns health-related data, have it reviewed by a qualified privacy attorney licensed in the United States before you rely on it.