Privacy Policy
Sentia Holdings, Inc. | BAiO and BAiO+
Last Updated: July 5, 2026
This Privacy Policy describes how Sentia Holdings, Inc. and its affiliates (“Sentia,” “we,” “us,” or “our”) collect, use, disclose, and protect personal information in connection with our products and services, including the BAiO consumer health companion, the BAiO+ platform, the website at BAiO.io, and our related applications, features, and communications (collectively, the “Services”). Our Services use our proprietary nCyte engine to generate insights tailored to you as an individual.
This Privacy Policy includes, at Section 14, a Consumer Health Data Privacy Notice that provides additional disclosures required under the laws of certain states. This Privacy Policy does not apply to information we process on behalf of an enterprise customer in our role as a service provider or business associate, such as information we receive from an employer, health plan, or healthcare provider through BAiO+; that information is governed by our agreement with the relevant organization. The Services are intended for individuals located in the United States, and your information is processed in the United States.
Not Medical Advice. BAiO and BAiO+ are wellness and decision-support tools. They are not a substitute for professional medical advice, diagnosis, or treatment, and Sentia does not diagnose, treat, cure, prevent, or mitigate any disease or medical condition. Always consult a qualified healthcare provider with any questions about your health, and never disregard or delay seeking professional advice because of something you access through the Services.
1. Our Privacy Commitments
Your privacy and the confidentiality of your health information are central to how we build the Services. The following commitments are described in more detail throughout this Privacy Policy:
- We do not sell your personal information for money or other valuable consideration.
- We do not disclose your personal information for cross-context behavioral or targeted advertising, and we do not use your health information to advertise to you.
- BAiO collects data from your connected devices and accounts only with your consent, and we disclose your information only to providers that process it on our behalf or as otherwise described in this Privacy Policy.
- We protect your information using safeguards designed to meet the standards of the HIPAA Security Rule across both BAiO and BAiO+.
- You may access, update, and delete your information and disconnect your devices at any time.
2. Information We Collect
We collect the following categories of information, depending on how you use the Services:
Information you provide, such as your account and contact details; the goals and health and wellness information you choose to share through our profile features and in-application interactions (which may include sleep, nutrition, training and activity, biometrics, medical history, medications, symptoms, lifestyle, genetics, and women’s and reproductive health information); and the contents of your messages, requests, and feedback.
Information from your connected devices and accounts, such as the wearables, sensors, applications, and accounts you choose to connect (for example, heart rate, sleep, activity, and recovery data), which may be transmitted to us through a data connectivity provider acting on our behalf. If you choose to connect Apple Health (HealthKit) or Google Health Connect, we access that data only with your permission through those platforms, and we do not use it for advertising or marketing or disclose it to third parties for their own purposes. Our use of information received from Google Health Connect will adhere to the Health Connect Permissions Policy, including the Limited Use requirements. You choose what to connect and may disconnect at any time, and the third party that operates your device or account remains responsible for its own practices under its own privacy policy.
Information we collect automatically, such as device and usage information, application and website interactions, general location derived from your IP address, and similar technical data collected through cookies and similar technologies. We do not collect precise geolocation unless you permit it.
Information we generate, such as the insights, scores, and recommendations the nCyte engine creates about you, which we treat as your personal information and, where applicable, your health information.
Payment information for paid subscriptions, which is collected and processed by a third-party payment processor; we do not store full payment card numbers.
Some of this information, including health, genetic, biometric, and reproductive information, is considered sensitive personal information under applicable law, and we handle it accordingly.
3. Cookies and Similar Technologies
We and our providers use cookies, software development kits, local storage, and similar technologies to operate, secure, and analyze the Services, for example, to keep you signed in, remember your preferences, and understand how the Services are used so that we can improve them. We use these technologies for necessary, functional, and analytics purposes only. We do not use advertising or cross-context tracking technologies. Most browsers allow you to remove or reject cookies, although some features may not function as a result. Where required, we honor recognized opt-out preference signals, such as Global Privacy Control. Some browsers also transmit Do Not Track signals; because no uniform industry standard for responding to these signals has been adopted, we do not respond to them at this time.
4. How We Use Your Information
We use your information to:
- provide, operate, secure, and improve the Services, including ingesting data from your connected devices and generating your individual insights through the nCyte engine;
- communicate with you, including service messages and, where permitted, product updates and marketing you may opt out of;
- personalize your experience and understand how the Services are used;
- prevent fraud and abuse and protect the rights, property, and safety of Sentia, our users, and others;
- comply with applicable law and enforce our terms; and
- carry out any other purpose with your consent.
To analyze and improve the Services, including to develop and improve the nCyte engine, we use de-identified or aggregated data that cannot reasonably be used to identify you. We do not use your identifiable health information to train models that are made available to third parties.
5. Automated Processing and the nCyte Engine
The Services use automated processing and artificial intelligence, principally the nCyte engine, to analyze the information you and your connected devices provide and to generate insights, scores, and recommendations tailored to you. These outputs are informational decision support only. They are not medical advice and do not make legal or similarly significant decisions about you without your involvement. Where applicable law provides rights regarding profiling or automated decision-making, you may request information about, or opt out of, certain automated processing as described in Section 8. Exercising these rights may limit features that depend on the nCyte engine.
The nCyte engine performs our proprietary analysis, including data fusion, individualized (N-of-1) scoring, source weighting, and output controls. To express nCyte’s analysis in clear, plain language and to power conversational coaching, nCyte sends its outputs to Microsoft’s Azure AI services, including the Microsoft Azure OpenAI Service and Microsoft Azure AI Foundry (each a third-party AI service). Within these Microsoft services, language models render nCyte’s outputs into user-friendly language; they do not perform the underlying analysis. When you enable AI Data Processing, we transmit only the information needed to produce those features, which may include your health-related inputs, data from your connected devices, nCyte’s derived insights, and the messages you send to the in-application coach. Before transmission, we remove the direct identifiers we associate with your account, such as your name, contact information, and account details, and substitute a coded user identifier, so that this information is processed under a pseudonymous identifier rather than under your identity. Your information is processed within Microsoft’s Azure environment as our service provider under contractual privacy, security, and confidentiality obligations, including a business associate agreement where applicable, and it is not used to train foundation models. You can turn off AI Data Processing at any time in your settings; if you do, the conversational coach and certain AI-assisted features will be disabled or limited.
6. How We Disclose Your Information
We do not sell your personal information, and we do not disclose it for advertising. We disclose information only as follows:
Service providers that process information on our behalf under contract, such as cloud hosting and infrastructure, device and health data connectivity, secure in-application communications, data storage, analytics, customer support, and email delivery, and only to provide services to us. These providers include Microsoft, through its Azure OpenAI Service and Azure AI Foundry (third-party AI services), for the AI processing used in certain features, subject to contractual privacy, security, and confidentiality protections. We require these providers, and any other third party that processes personal information on our behalf, to provide the same or equal protection of your information as described in this Privacy Policy. Where a provider processes health information, we require appropriate protections, including business associate agreements where applicable.
At your direction or with your consent, such as when you connect a device or ask us to share information with a person you designate.
For legal and safety reasons, such as to comply with law, respond to lawful requests, enforce our terms, or protect rights, property, and safety.
In a corporate transaction, such as a merger, acquisition, financing, or sale of assets, subject to the protections in this Privacy Policy.
As de-identified or aggregated data that cannot reasonably be used to identify you.
7. Your Choices
Access and update much of your information directly in the Services.
Disconnect devices at any time, which stops future ingestion but does not delete data already received.
Manage AI features by turning AI Data Processing on or off in your settings; turning it off will disable or limit the conversational coach and certain AI-assisted features.
Delete your information by using the account deletion option in the Services or by contacting us.
Opt out of marketing using the unsubscribe link in our emails or by replying STOP to text messages; you may still receive service messages.
8. Your U.S. State Privacy Rights
Depending on your state of residence, you may have some or all of the rights below. Not all rights apply to every resident, and some are subject to exceptions. We will not discriminate against you for exercising them. You may have the right:
- to know and access the personal information we process about you;
- to correct inaccurate personal information;
- to delete personal information we have collected from you;
- to obtain a portable copy of certain personal information;
- to opt out of the sale of personal information and of sharing or processing for targeted advertising, which we do not do, although we honor requests and recognized opt-out signals;
- to opt out of certain profiling or automated decision-making, where applicable; and
- to limit our use and disclosure of sensitive personal information to what is necessary to provide the Services.
Where applicable, you may also appeal a decision on your request, and if we deny an appeal, we will explain how to contact your state attorney general. To exercise your rights, email Contact@SentiaHoldings.com or use the request options in the Services. We will verify your identity before responding and will respond within the time required by law. You may use an authorized agent, subject to verification.
9. Health Information, Security, and HIPAA
Sentia maintains a security and privacy program designed to meet the standards of the HIPAA Security Rule across both BAiO and BAiO+. We use administrative, physical, and technical safeguards designed to protect your information, and we require providers that process health information on our behalf to maintain comparable protections, including HIPAA-eligible service configurations and business associate agreements where applicable.
Enterprise (BAiO+). When we receive protected health information from a HIPAA covered entity, such as a healthcare provider or health plan, or from its business associate, Sentia acts as a business associate and handles that information in accordance with HIPAA and the applicable agreement.
Consumer (BAiO). When you use BAiO directly as an individual, rather than through your healthcare provider, health plan, or employer’s covered plan, HIPAA may not, by its terms, govern the information you provide. We apply the same safeguards to that information and protect it under this Privacy Policy and applicable federal and state law, including the Federal Trade Commission Act, the FTC Health Breach Notification Rule, and state consumer health data laws.
If a breach of your unsecured health information occurs, we will provide notice as required by applicable law. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
10. Data Retention
We retain personal information for as long as your account is active and as needed to provide the Services, and thereafter for as long as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. To determine appropriate retention periods, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process it and whether those purposes can be achieved through other means, and applicable legal requirements. When information is no longer needed, we delete or de-identify it.
11. Children’s Privacy
The Services are intended for individuals 18 and older and are not directed to children, and we do not knowingly collect personal information from anyone under 18. If we learn that we have collected personal information from a person under 18, we will delete it promptly. If you believe a minor has provided us personal information, please contact us at Contact@SentiaHoldings.com.
12. Third-Party Services and Links
The Services may link to or operate with third-party websites, applications, and devices that we do not control, including the devices and accounts you connect. This Privacy Policy does not apply to those third parties, and we encourage you to review their privacy policies.
13. United States Only
The Services are operated from and intended for use in the United States, and your information is processed in the United States. The Services are not directed to individuals located outside the United States.
14. Consumer Health Data Privacy Notice (Washington, Nevada, Connecticut, and California Residents)
This Section 14 provides the disclosures required under state consumer health data laws, currently the Washington My Health My Data Act, Nevada Senate Bill 370, the Connecticut Data Privacy Act, and applicable California law, for residents of those states. It supplements, and uses the defined terms in, the rest of this Privacy Policy. As used in this Section, “consumer health data” has the meaning given under applicable state law.
Consumer health data we collect. We collect the following categories of consumer health data, which you provide or which we receive from devices and accounts you connect:
- health goals and self-reported health and wellness information, including sleep, nutrition, training and activity, lifestyle, and personal context;
- medical history, conditions, symptoms, and medications you choose to provide;
- biometric and physiological measurements from connected devices, such as heart rate, sleep, activity, and recovery;
- reproductive and women’s health information you choose to provide;
- genetic information you choose to provide; and
- insights and inferences about your health that we generate using the nCyte engine, and information identifying your health status derived from any of the above.
Sources of consumer health data. We collect consumer health data from you, from the devices and accounts you choose to connect with your consent, and from the insights we generate from that information.
How we use consumer health data. We use consumer health data to provide, operate, personalize, and improve the Services you request, including generating your individual insights; to communicate with you and respond to your requests; to secure the Services and prevent fraud and abuse; to comply with legal obligations; and for any other purpose with your affirmative, voluntary consent.
How we disclose consumer health data. We do not sell your consumer health data, and we do not disclose it to third parties for their own purposes or for advertising. We disclose consumer health data only to processors and service providers that handle it on our behalf under contract and only to provide services to us, namely infrastructure and hosting providers, device and health data connectivity providers, communications providers, and data-processing and support providers, which are subject to business associate agreements where applicable; at your direction or with your consent, including to a third party you designate; as required by law or to respond to lawful requests; and in a corporate transaction, subject to the protections in this Privacy Policy. For AI-powered features in BAiO, and only after you enable AI Data Processing, your consumer health data may be processed on our behalf by Microsoft, through its Azure AI services, solely to render your insights, scores, recommendations, and coaching in plain language, with the direct identifiers we associate with your account removed and a coded user identifier used in their place, and it is not used to train foundation models. We require providers that process health information on our behalf to maintain protections comparable to those described in this Privacy Policy, including a business associate agreement where applicable.
Your rights. In addition to the rights described in Section 8, and subject to applicable law, you have the right to confirm whether we collect, share, or sell your consumer health data and to access that data; to obtain a list of the third parties and affiliates with whom we have shared your consumer health data and a means of contacting them; to withdraw your consent to our collection and sharing of your consumer health data; and to have your consumer health data deleted, including by directing our affiliates, processors, and contractors to delete it. To exercise these rights, email Contact@SentiaHoldings.com or use the request options in the Services. We will verify your request and respond within the time required by applicable law, including within 45 days under the Washington My Health My Data Act, subject to extension. You may appeal a denial as described in Section 8.
Consent. We collect and use consumer health data to provide the Services you request and, where required, only with your affirmative, voluntary consent obtained before collection or sharing. You may withdraw consent at any time, including by turning off AI Data Processing in your settings, which does not affect processing that already occurred.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. The “Last Updated” date of this Privacy Policy indicates when it was last revised. If we make material changes, we will provide notice as required by law, such as by posting the updated Privacy Policy in the Services. Your continued use of the Services after the effective date indicates your acknowledgment of the update.
16. Contact Us
If you have questions about this Privacy Policy or our privacy practices, or to exercise your rights, contact Sentia Holdings, Inc. at Contact@SentiaHoldings.com.
Last Updated: July 5, 2026.