← HomeMetaFy

Privacy Policy

Last updated: March 18, 2026

1. Who We Are

MetaFy (“we”, “us”, “our”) is an AI-powered metabolic health application operated from the United States. Our website is https://metafynow.com. For privacy inquiries contact us at privacy@metafynow.com.

2. Data We Collect

  • Waitlist & account data: Email address when you join the waitlist or create an account.
  • Health-related data: Body photos (selfies) you upload for AI body transformation predictions, metabolic check-in answers, and fasting/meal logs. This data is processed on-device where possible and, when transmitted, is encrypted in transit.
  • Payment data: We use Stripe as our payment processor for lifetime presale purchases. We never see or store your full credit card number. Stripe processes your card details under their own Privacy Policy. We store your Stripe customer ID, purchase status, and transaction reference.
  • Usage & analytics data: We collect product analytics and session recordings via PostHog and Google Ads conversion data via Google Tags. See Sections 7 and 8 for details.
  • Device data: Browser type, operating system, screen resolution, IP address, and timezone for security, analytics, and cookie consent determination.

3. How We Use Your Data

  • Provide, maintain, and improve MetaFy’s metabolic health features
  • Generate your AI-predicted lean future self from your selfie
  • Process presale payments and manage lifetime account access via Stripe
  • Send transactional emails (waitlist confirmation, purchase receipts, launch notifications) via Resend
  • Analyze product usage to improve the app (PostHog analytics & session recording)
  • Measure advertising effectiveness (Google Ads conversion tracking)
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

4. Health Data & Your Privacy

We take your health data seriously. Body photos uploaded for AI transformation predictions are:

  • Encrypted in transit via HTTPS/TLS
  • Processed solely for the purpose of generating your body transformation preview
  • Never sold to or shared with third parties for advertising purposes
  • Deletable at any time — you can request full deletion of your health data by emailing us

We are building MetaFy with HIPAA-readiness in mind and continuously evaluate our data handling practices against industry standards for health data protection.

5. Payment Processing & Stripe

All payment transactions are handled by Stripe, Inc. When you purchase a lifetime account, you are redirected to a Stripe-hosted checkout page. Stripe collects your payment method details directly. We receive webhook notifications from Stripe about purchase events and store only:

  • Stripe Customer ID
  • Checkout Session ID and payment status
  • Product purchased (Lifetime Account)

6. Data Sharing

We do not sell your personal data. We share data only with:

  • Stripe — for payment processing
  • Resend — for transactional email delivery (waitlist confirmation, welcome emails)
  • PostHog — for product analytics and session recording (with consent in regulated regions)
  • Google — for advertising conversion measurement via Google Ads tags (with consent in regulated regions)
  • Law enforcement — when legally compelled to do so

7. Cookies & Tracking Technologies

MetaFy uses the following cookies and tracking technologies:

  • Essential cookies: Cookie consent preferences stored in localStorage. These are required for the site to function and respect your choices.
  • Analytics cookies (PostHog): We use PostHog for product analytics, funnel analysis, and session recording to understand how visitors interact with MetaFy and improve the product. PostHog may set cookies or use localStorage to track sessions. Session recordings capture UI interactions but are configured to mask password inputs. In regions that require consent (EU/EEA, Brazil, California), these are only activated after you accept cookies via our banner. PostHog Privacy Policy.
  • Advertising cookies (Google Ads): We use Google Ads conversion tracking tags (gtag.js) to measure the effectiveness of our advertising campaigns. Google may collect your IP address, device identifiers, and browsing behavior through cookies. In regulated regions, Google Tags are only loaded after you accept cookies. You can opt out via Google Ads Settings or the NAI opt-out tool. Google Privacy Policy.

Cookie banner: Visitors from regions with cookie consent requirements (EU/EEA, Brazil, California) are shown a cookie consent banner on first visit. You can accept or decline non-essential cookies. Your preference is stored locally and can be cleared at any time through your browser settings.

Non-regulated regions: For visitors outside regulated regions, analytics and advertising cookies are loaded by default as permitted by applicable law. You may still opt out through your browser settings or the third-party opt-out links above.

8. Data Retention

We retain your waitlist email for as long as you remain subscribed. If you request removal, we will delete your data within 30 days. Health data (photos, metabolic logs) is retained for as long as your account is active and deleted within 30 days of an account deletion request. Payment records may be retained longer as required by tax and accounting regulations.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate data
  • Request deletion of your data (“right to be forgotten”)
  • Restrict or object to processing
  • Data portability (receive your data in a structured format)
  • Withdraw consent at any time
  • Opt out of the sale of personal information (California residents under CCPA — we do not sell your data)
  • Lodge a complaint with a supervisory authority (EU/EEA residents under GDPR)

To exercise any of these rights, email privacy@metafynow.com.

10. Children’s Privacy

MetaFy is not intended for children under 16. We do not knowingly collect personal data from children. If you believe a child under 16 has provided us data, please contact us and we will delete it promptly.

11. Security

We protect your data with HTTPS encryption, rate limiting, CORS policies, security headers (CSP, HSTS, X-Frame-Options), and secure server infrastructure. While no system is 100% secure, we follow industry best practices, especially given the sensitive nature of health data.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date and, for material changes, notify you by email or a prominent notice on our website.

13. Contact

Questions about this policy? Contact us at privacy@metafynow.com.