← Back to Home

Privacy Policy

Last updated: February 25, 2026

1. Who We Are

Zoe is a product of Oracoins LLC (“we,” “us,” or “our”), a limited liability company located at 848 N. Rainbow Blvd. #3351, Las Vegas, NV 89107, United States. Oracoins LLC is the data controller responsible for your personal data when you use the Zoe service.

For privacy-related inquiries, contact us at: hello@oracoins.com

2. Information We Collect

We collect the following categories of information when you use Zoe:

a. Information You Provide

  • Account Information: Name, email address, and Telegram user ID when you create an account or interact with our Telegram bot.
  • Profile & Preferences: Age, gender, height, weight, fitness goals, dietary preferences, wellness objectives, and other information you voluntarily provide.
  • Nutrition Data: Meal logs, calorie and macronutrient intake, dietary preferences, supplement and peptide protocol information you provide.
  • Communications: Messages you send through the Telegram bot, customer support inquiries, and feedback.

b. Health & Biometric Data

  • Data synced from connected wearable devices (e.g., WHOOP, Oura, Apple Health, Garmin), including: heart rate, heart rate variability (HRV), sleep duration and quality, recovery scores, strain data, respiratory rate, skin temperature, blood oxygen saturation, and other biometric measurements.
  • Bloodwork data uploaded via PDF or photo.
  • Any other health-related data you choose to share with Zoe.

c. Calendar Data

If you connect Google Calendar (or another supported calendar service), we access your calendar events to provide scheduling recommendations. We do not modify your calendar without your explicit consent.

d. Automatically Collected Data

  • Usage Data: Features used, interactions, session duration, timestamps, and engagement patterns.
  • Device Information: Browser type, operating system, device type, screen resolution, and unique device identifiers.
  • Network Data: IP address, approximate geolocation (city/country level), and referring URLs.
  • Cookies & Similar Technologies: See Section 11 for details.

e. AI-Derived Data

We generate inferences and insights about your health, recovery, fitness, and wellness patterns using artificial intelligence. This includes recovery readiness scores, health trend predictions, personalized recommendations, and behavioral profiles derived from the data described above.

3. How We Use Your Information

  • To provide, personalize, and improve the Zoe service, including generating AI-powered health insights, training recommendations, nutrition plans, and scheduling suggestions.
  • To sync data between your connected devices, calendars, and Zoe.
  • To process your health and biometric data through AI systems to generate personalized recommendations.
  • To communicate with you about your account, service updates, and (with your consent) promotional materials.
  • To ensure the security, integrity, and proper functioning of our platform.
  • To comply with legal obligations and respond to lawful requests from authorities.
  • To conduct analytics, research, and product development to improve our services.
  • To detect, prevent, and address fraud, abuse, and security issues.

4. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data on the following legal bases:

  • Contract Performance: Processing necessary to provide the Zoe service you requested (account management, core functionality).
  • Consent: Processing of health and biometric data (special category data under GDPR Article 9), marketing communications, and non-essential cookies. You may withdraw consent at any time without affecting the lawfulness of prior processing.
  • Legitimate Interests: Analytics, fraud prevention, service improvement, and security — where our interests do not override your fundamental rights and freedoms.
  • Legal Compliance: Processing required to comply with applicable laws and regulations.

5. Data Sharing

We do not sell your personal data or health data to third parties. We may share data with:

  • Service Providers: Third-party services that help us operate Zoe, including cloud hosting, analytics, payment processing, and email delivery. These providers are contractually obligated to protect your data and may only process it on our behalf and in accordance with our instructions.
  • AI Processing Partners: Your data may be processed by AI systems (including Anthropic's Claude) to generate personalized insights. Your data is not used to train third-party AI models.
  • Legal Requirements: When required by law, court order, subpoena, or governmental authority. We will never voluntarily disclose your data to governmental entities or civil litigants without valid legal process, and we will notify you of such requests where legally permitted.
  • Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your data may be transferred to the successor entity. We will notify you before your data becomes subject to a different privacy policy.
  • With Your Consent: We may share data with third parties when you have given us explicit consent to do so.

6. AI & Automated Decision-Making

Zoe uses automated processing, including artificial intelligence, to generate health insights and recommendations. We are transparent about how this works:

  • What AI processes: Your biometric data, nutrition logs, calendar events, and self-reported information are processed by AI systems to generate personalized recommendations for training, nutrition, recovery, scheduling, and wellness.
  • How decisions are made: AI analyzes patterns in your data and applies health optimization models to generate suggestions. These are informational only and do not constitute medical advice.
  • No solely automated decisions with legal effects: We do not make decisions that produce legal effects or similarly significant effects on you based solely on automated processing. All AI-generated content is advisory in nature.
  • Your rights: Under GDPR Article 22, you have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. You may request human review of any automated decision by contacting us.

7. International Data Transfers

Oracoins LLC is based in the United States. If you are accessing the Service from outside the United States, your data will be transferred to and processed in the United States and potentially other countries where our service providers operate.

For transfers from the EEA, UK, or Switzerland to the United States, we rely on:

  • The EU-U.S. Data Privacy Framework and UK Extension (where applicable)
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where available

We conduct transfer impact assessments as required and implement appropriate technical and organizational safeguards to protect your data during international transfers.

8. Data Security

We implement industry-standard security measures to protect your data, including: encryption in transit (TLS/SSL) and at rest, access controls and authentication, regular security assessments, and secure data storage practices. However, no method of electronic transmission or storage is 100% secure. While we strive to use commercially reasonable means to protect your data, we cannot guarantee absolute security.

9. Data Retention

We retain your data for as long as your account is active or as needed to provide you services. Upon account deletion, we will remove your personal data within thirty (30) days, except where retention is required by law or necessary for legitimate business purposes (e.g., resolving disputes, enforcing agreements). Aggregated and de-identified data that cannot be linked back to you may be retained indefinitely for analytics and research purposes.

10. Your Rights

a. All Users

Regardless of your location, you have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion of your data
  • Withdraw consent at any time (where processing is based on consent)
  • Export your data in a machine-readable format

b. EEA, UK & Swiss Users (GDPR)

You additionally have the right to:

  • Object to or restrict certain processing activities
  • Data portability (receive your data in a structured, commonly used, machine-readable format)
  • Not be subject to solely automated decision-making (GDPR Article 22)
  • Lodge a complaint with your local data protection supervisory authority

c. California Users (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, and disclose
  • Request deletion of your personal information
  • Opt out of the “sale” or “sharing” of your personal information (we do not sell your data)
  • Limit the use of sensitive personal information
  • Non-discrimination for exercising your privacy rights

We do not sell personal information as defined under the CCPA. We respond to verifiable consumer requests within forty-five (45) days.

d. Washington State Users

Under the Washington My Health My Data Act, you have additional rights regarding your consumer health data, including the right to know what health data we collect, the right to withdraw consent for collection or sharing, and the right to have your health data deleted. We do not sell your health data. We do not use your consumer health data for marketing purposes.

e. Other Jurisdictions

If you are a resident of Virginia, Connecticut, Colorado, Utah, Oregon, Canada, Australia, or any other jurisdiction with applicable data protection laws, you may have additional rights under local law. Please contact us to exercise any rights available to you under applicable legislation.

To exercise any of these rights, contact us at hello@oracoins.com with the subject line “Privacy Rights Request.”

11. Cookies & Tracking Technologies

We use cookies and similar technologies to operate and improve our Service. Categories of cookies we use include:

  • Strictly Necessary: Essential for the Service to function (authentication, security). These do not require consent.
  • Functional: Remember your preferences and settings.
  • Analytics: Help us understand how you use the Service (e.g., page views, session duration).

We do not use marketing or advertising cookies. You can manage cookie preferences through your browser settings. For EEA/UK users, we obtain consent before setting non-essential cookies.

12. Children's Privacy

Zoe is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you believe we have collected data from a minor, please contact us immediately at hello@oracoins.com and we will promptly delete such information.

13. HIPAA Notice

Oracoins LLC is not a “covered entity” or “business associate” as defined under the Health Insurance Portability and Accountability Act (HIPAA). Zoe is a consumer wellness product and is not subject to HIPAA. However, we are committed to protecting your health-related data with industry-standard security measures and in compliance with applicable state and international health data protection laws.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by: (a) posting the updated policy on this page with a revised “Last updated” date; and (b) sending you a notification through the Service or via email. Your continued use of Zoe after changes constitutes acceptance of the updated policy. We encourage you to review this policy periodically.

15. Contact Us

Data Controller:
Oracoins LLC
848 N. Rainbow Blvd. #3351
Las Vegas, NV 89107, United States
Email: hello@oracoins.com

For privacy inquiries, data subject requests, or complaints, email us with the subject line “Privacy Inquiry.” We aim to respond to all requests within thirty (30) days (or forty-five days for CCPA requests).

If you are in the EEA or UK and are unsatisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.