Privacy Policy

Sentia Holdings, Inc. | BAiO and BAiO+

Last Updated: May 15, 2026

This Privacy Policy describes how Sentia Holdings, Inc. and its affiliates (“Sentia,” “we,” “us,” or “our”) collect, use, disclose, and protect personal information in connection with our products and services, including the BAiO consumer health companion, the BAiO+ platform, the website at BAiO.io, and our related applications, features, and communications (collectively, the “Services”). Our Services use our proprietary nCyte engine to generate insights tailored to you as an individual.

This Privacy Policy includes, at Section 14, a Consumer Health Data Privacy Notice that provides additional disclosures required under the laws of certain states. This Privacy Policy does not apply to information we process on behalf of an enterprise customer in our role as a service provider or business associate, such as information we receive from an employer, health plan, or healthcare provider through BAiO+; that information is governed by our agreement with the relevant organization. The Services are intended for individuals located in the United States, and your information is processed in the United States.

Not Medical Advice. BAiO and BAiO+ are wellness and decision-support tools. They are not a substitute for professional medical advice, diagnosis, or treatment, and Sentia does not diagnose, treat, cure, prevent, or mitigate any disease or medical condition. Always consult a qualified healthcare provider with any questions about your health, and never disregard or delay seeking professional advice because of something you access through the Services.

1. Our Privacy Commitments

Your privacy and the confidentiality of your health information are central to how we build the Services. The following commitments are described in more detail throughout this Privacy Policy:

  • We do not sell your personal information for money or other valuable consideration.
  • We do not disclose your personal information for cross-context behavioral or targeted advertising, and we do not use your health information to advertise to you.
  • BAiO collects data from your connected devices and accounts only with your consent, and we disclose your information only to providers that process it on our behalf or as otherwise described in this Privacy Policy.
  • We protect your information using safeguards designed to meet the standards of the HIPAA Security Rule across both BAiO and BAiO+.
  • You may access, update, and delete your information and disconnect your devices at any time.

2. Information We Collect

We collect the following categories of information, depending on how you use the Services:

Information you provide, such as your account and contact details; the goals and health and wellness information you choose to share through our profile features and in-application interactions (which may include sleep, nutrition, training and activity, biometrics, medical history, medications, symptoms, lifestyle, genetics, and women’s and reproductive health information); and the contents of your messages, requests, and feedback.

Information from your connected devices and accounts, such as the wearables, sensors, applications, and accounts you choose to connect (for example, heart rate, sleep, activity, and recovery data). You choose what to connect and may disconnect at any time, and the third party that operates your device or account remains responsible for its own practices under its own privacy policy.

Information we collect automatically, such as device and usage information, application and website interactions, general location derived from your IP address, and similar technical data collected through cookies and similar technologies. We do not collect precise geolocation unless you permit it.

Information we generate, such as the insights, scores, and recommendations the nCyte engine creates about you, which we treat as your personal information and, where applicable, your health information.

Payment information for paid subscriptions, which is collected and processed by a third-party payment processor; we do not store full payment card numbers.

Some of this information, including health, genetic, biometric, and reproductive information, is considered sensitive personal information under applicable law, and we handle it accordingly.

3. Cookies and Similar Technologies

We and our providers use cookies, software development kits, local storage, and similar technologies to operate, secure, and analyze the Services, for example, to keep you signed in, remember your preferences, and understand how the Services are used so that we can improve them. We use these technologies for necessary, functional, and analytics purposes only. We do not use advertising or cross-context tracking technologies. Most browsers allow you to remove or reject cookies, although some features may not function as a result. Where required, we honor recognized opt-out preference signals, such as Global Privacy Control.

4. How We Use Your Information

We use your information to:

  • provide, operate, secure, and improve the Services, including ingesting data from your connected devices and generating your individual insights through the nCyte engine;
  • communicate with you, including service messages and, where permitted, product updates and marketing you may opt out of;
  • personalize your experience and understand how the Services are used;
  • prevent fraud and abuse and protect the rights, property, and safety of Sentia, our users, and others;
  • comply with applicable law and enforce our terms; and
  • carry out any other purpose with your consent.

To analyze and improve the Services, we use de-identified or aggregated data that cannot reasonably be used to identify you. We do not use your identifiable health information to train models that are made available to third parties.

5. Automated Processing and the nCyte Engine

The Services use automated processing and artificial intelligence, principally the nCyte engine, to analyze the information you and your connected devices provide and to generate insights, scores, and recommendations tailored to you. These outputs are informational decision support only. They are not medical advice and do not make legal or similarly significant decisions about you without your involvement. Where applicable law provides rights regarding profiling or automated decision-making, you may request information about, or opt out of, certain automated processing as described in Section 8. Exercising these rights may limit features that depend on the nCyte engine.

6. How We Disclose Your Information

We do not sell your personal information, and we do not disclose it for advertising. We disclose information only as follows:

Service providers that process information on our behalf under contract, such as cloud hosting and infrastructure, secure in-application communications, data storage, analytics, customer support, and email delivery, and only to provide services to us. Where a provider processes health information, we require appropriate protections, including business associate agreements where applicable.

At your direction or with your consent, such as when you connect a device or ask us to share information with a person you designate.

For legal and safety reasons, such as to comply with law, respond to lawful requests, enforce our terms, or protect rights, property, and safety.

In a corporate transaction, such as a merger, acquisition, financing, or sale of assets, subject to the protections in this Privacy Policy.

As de-identified or aggregated data that cannot reasonably be used to identify you.

7. Your Choices

Access and update much of your information directly in the Services.

Disconnect devices at any time, which stops future ingestion but does not delete data already received.

Delete your information by closing your account or contacting us.

Opt out of marketing using the unsubscribe link in our emails or by replying STOP to text messages; you may still receive service messages.

8. Your U.S. State Privacy Rights

Depending on your state of residence, you may have some or all of the rights below. Not all rights apply to every resident, and some are subject to exceptions. We will not discriminate against you for exercising them. You may have the right:

  • to know and access the personal information we process about you;
  • to correct inaccurate personal information;
  • to delete personal information we have collected from you;
  • to obtain a portable copy of certain personal information;
  • to opt out of the sale of personal information and of sharing or processing for targeted advertising, which we do not do, although we honor requests and recognized opt-out signals;
  • to opt out of certain profiling or automated decision-making, where applicable; and
  • to limit our use and disclosure of sensitive personal information to what is necessary to provide the Services.

Where applicable, you may also appeal a decision on your request, and if we deny an appeal, we will explain how to contact your state attorney general. To exercise your rights, email Contact@SentiaHoldings.com or use the request options in the Services. We will verify your identity before responding and will respond within the time required by law. You may use an authorized agent, subject to verification.

9. Health Information, Security, and HIPAA

Sentia maintains a security and privacy program designed to meet the standards of the HIPAA Security Rule across both BAiO and BAiO+. We use administrative, physical, and technical safeguards designed to protect your information, and we require providers that process health information on our behalf to maintain comparable protections, including business associate agreements where applicable.

Enterprise (BAiO+). When we receive protected health information from a HIPAA covered entity, such as a healthcare provider or health plan, or from its business associate, Sentia acts as a business associate and handles that information in accordance with HIPAA and the applicable agreement.

Consumer (BAiO).When you use BAiO directly as an individual, rather than through your healthcare provider, health plan, or employer’s covered plan, HIPAA may not, by its terms, govern the information you provide. We apply the same safeguards to that information and protect it under this Privacy Policy and applicable federal and state law, including the Federal Trade Commission Act, the FTC Health Breach Notification Rule, and state consumer health data laws.

If a breach of your unsecured health information occurs, we will provide notice as required by applicable law. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

10. Data Retention

We retain personal information for as long as your account is active and as needed to provide the Services, and thereafter for as long as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. When information is no longer needed, we delete or de-identify it.

11. Children’s Privacy

The Services are intended for individuals 18 and older and are not directed to children. We do not knowingly collect personal information from anyone under 18 through the consumer Services without the consent required by law. If you believe a minor has provided us information, please contact us, and we will act in accordance with applicable law, including the Children’s Online Privacy Protection Act.

12. Third-Party Services and Links

The Services may link to or operate with third-party websites, applications, and devices that we do not control, including the devices and accounts you connect. This Privacy Policy does not apply to those third parties, and we encourage you to review their privacy policies.

13. United States Only

The Services are operated from and intended for use in the United States, and your information is processed in the United States. The Services are not directed to individuals located outside the United States.

14. Consumer Health Data Privacy Notice (Washington, Nevada, Connecticut, and California Residents)

This Section 14 provides the disclosures required under state consumer health data laws, currently the Washington My Health My Data Act, Nevada Senate Bill 370, the Connecticut Data Privacy Act, and applicable California law, for residents of those states. It supplements, and uses the defined terms in, the rest of this Privacy Policy. As used in this Section, “consumer health data” has the meaning given under applicable state law.

Consumer health data we collect. We collect the following categories of consumer health data, which you provide or which we receive from devices and accounts you connect:

  • health goals and self-reported health and wellness information, including sleep, nutrition, training and activity, lifestyle, and personal context;
  • medical history, conditions, symptoms, and medications you choose to provide;
  • biometric and physiological measurements from connected devices, such as heart rate, sleep, activity, and recovery;
  • reproductive and women’s health information you choose to provide;
  • genetic information you choose to provide; and
  • insights and inferences about your health that we generate using the nCyte engine, and information identifying your health status derived from any of the above.

Sources of consumer health data. We collect consumer health data from you, from the devices and accounts you choose to connect with your consent, and from the insights we generate from that information.

How we use consumer health data. We use consumer health data to provide, operate, personalize, and improve the Services you request, including generating your individual insights; to communicate with you and respond to your requests; to secure the Services and prevent fraud and abuse; to comply with legal obligations; and for any other purpose with your affirmative, voluntary consent.

How we disclose consumer health data. We do not sell your consumer health data, and we do not disclose it to third parties for their own purposes or for advertising. We disclose consumer health data only to processors and service providers that handle it on our behalf under contract and only to provide services to us, namely infrastructure and hosting providers, communications providers, and data-processing and support providers, which are subject to business associate agreements where applicable; at your direction or with your consent, including to a third party you designate; as required by law or to respond to lawful requests; and in a corporate transaction, subject to the protections in this Privacy Policy.

Your rights. In addition to the rights described in Section 8, and subject to applicable law, you have the right to confirm whether we collect, share, or sell your consumer health data and to access that data; to obtain a list of the third parties and affiliates with whom we have shared your consumer health data and a means of contacting them; to withdraw your consent to our collection and sharing of your consumer health data; and to have your consumer health data deleted, including by directing our affiliates, processors, and contractors to delete it. To exercise these rights, email Contact@SentiaHoldings.com or use the request options in the Services. We will verify your request and respond within the time required by applicable law, including within 45 days under the Washington My Health My Data Act, subject to extension. You may appeal a denial as described in Section 8.

Consent. We collect and use consumer health data to provide the Services you request and, where required, only with your affirmative, voluntary consent obtained before collection or sharing. You may withdraw consent at any time, which does not affect processing that already occurred.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The “Last Updated” date of this Privacy Policy indicates when it was last revised. If we make material changes, we will provide notice as required by law, such as by posting the updated Privacy Policy in the Services. Your continued use of the Services after the effective date indicates your acknowledgment of the update.

16. Contact Us

If you have questions about this Privacy Policy or our privacy practices, or to exercise your rights, contact Sentia Holdings, Inc. at Contact@SentiaHoldings.com.

Last Updated: May 15, 2026.