Privacy Policy
How we collect, use, share, and protect your information across the RAK Your Life website, the RAK Your Life wellness app, and our clinical services.
Contents
- Who we are
- What this policy covers (and what it doesn't)
- Information we collect
- How we use your information
- AI-assisted features (RAK AI)
- How we share information & our service providers
- Cookies, analytics, and tracking
- Your rights and choices
- State-specific rights (US)
- International users
- How long we keep your information
- How we protect your information
- Children's privacy
- Changes to this policy
- Contact us
1. Who we are
This Privacy Policy is provided by Rakesh Jotwani, MD, PC (d/b/a "RAK Your Life," "we," "us," or "our"), a California professional corporation. Dr. Rakesh "Rak" Jotwani is the founder and serves as the medical director.
We operate the website at rakyourlife.com, the general wellness application at app.rakyourlife.com, and provide direct lifestyle medicine care via telehealth to patients in the states where Dr. Jotwani is licensed. We work alongside our patients' primary care physicians and other clinicians; we are not their primary care provider.
2. What this policy covers (and what it doesn't)
This policy covers personal information we collect through:
- The website (rakyourlife.com and subdomains, excluding app.rakyourlife.com)
- The RAK Your Life app (app.rakyourlife.com), including RAK AI
- Our newsletters and marketing communications
- Our events, podcast, and community offerings
If you are a clinical patient of Dr. Jotwani: the protected health information (PHI) we collect, use, and share in connection with your medical care is governed by our Notice of Privacy Practices (HIPAA NPP), not this Privacy Policy. Where the two conflict for PHI, the HIPAA NPP controls.
3. Information we collect
Information you provide directly
- Contact information. Name, email address, phone number when you sign up for the newsletter, register for an event, become a patient, or contact us.
- Account information. Email and authentication codes when you create an account in the RAK Your Life app.
- App content. Text and images you type or upload to the app, including journal entries, RAK AI chat messages, check-in responses, hunger-scale logs, and notes you save.
- Billing information. Processed by our third-party payment processor; we receive transaction confirmations but do not store full card numbers.
- Application form responses. Health goals, history, and contact details submitted via our intake form. Until you become a clinical patient, application form responses are governed by this Privacy Policy. Upon enrollment as a patient, they become part of your medical record and are governed by our HIPAA Notice of Privacy Practices from that point forward. If you do not become a patient, we retain these responses for the period described in Retention.
- Communications you send us. Emails, support requests, survey responses, comments.
Information we collect automatically
- Device and usage data. IP address, device type, browser, operating system, referring URL, pages viewed, timestamps, and crash logs.
- Cookies and similar technologies. See Cookies, analytics, and tracking below.
- App diagnostic data. Error logs and performance metrics so we can fix bugs. We try to avoid logging the content of your messages or journal entries; when we do for debugging, we redact identifiers.
Information from third parties
- Authentication. When you sign in with a one-time email code, our authentication provider (Supabase) verifies your email.
- Payment processor. Confirmation that a payment succeeded or failed.
- Email service. Engagement signals (opens, clicks) from our email provider so we can improve content.
4. How we use your information
We use your information to:
- Operate, maintain, and improve the website, the app, and our services
- Communicate with you about the things you signed up for (newsletter, events, the application process, account messages)
- Maintain session continuity in the app so your prior check-ins, goals, and chats remain available to you
- Process payments and manage memberships
- Detect, prevent, and respond to fraud, abuse, and security incidents
- Comply with legal obligations and enforce our terms
- With your separate consent, send you marketing communications and targeted ads
We do not sell your personal information. We do not share your app content (journal entries, RAK AI conversations, check-ins) with advertisers.
5. AI-assisted features (RAK AI)
The RAK Your Life app includes a feature called RAK AI, a general wellness product that uses a third-party large language model to generate conversational responses. RAK AI is not intended to diagnose, treat, cure, mitigate, or prevent any disease or medical condition.
How RAK AI uses your data
- When you send a message (text or image) to RAK AI, that content is transmitted to Anthropic, PBC via their API for processing.
- We do not use Your Content or AI conversations to train our own AI models. We instruct third-party AI providers not to use API-submitted content for model training where such controls are commercially available. As of the effective date above, both Anthropic and ElevenLabs operate under commercial API terms that prohibit use of API-submitted content for model training. Provider terms are at anthropic.com/legal/commercial-terms and elevenlabs.io/terms.
- We store the messages you and RAK AI exchange in our database to operate the service, maintain continuity between sessions, diagnose and fix bugs you report, enforce our Terms, and maintain the security and operational integrity of the service (anti-abuse, anti-spam, anti-fraud, not user-wellbeing monitoring). You can delete your chat history from inside the app at any time.
- Some app features (voice meditations, voice mode) use ElevenLabs to generate audio. Text you submit for voice processing is transmitted to ElevenLabs.
No real-time monitoring; no duty to monitor
Messages, journals, uploaded content, check-ins, and AI conversations submitted to the app may not be reviewed by clinicians or staff in real time, or at all. The app is not a medical monitoring service and creates no duty on Rakesh Jotwani, MD, PC or any clinician, employee, or contractor to monitor your activity or communications. Automated safety prompts that surface crisis resources are software-based, imperfect, and may fail. See RAK AI & App Terms, Section 4 for the full explanation.
App content is not a medical record
Unless a licensed clinician has separately incorporated specific content into your clinical chart, content you submit to the app, including messages, journals, RAK AI conversations, check-ins, and uploads, is not part of your designated medical record for purposes of HIPAA, the California Confidentiality of Medical Information Act, or any other medical-records law. If you are a clinical patient and want a piece of content reflected in your chart, share it through a clinical channel (see RAK AI & App Terms, Section 9).
AI Outputs can be wrong
AI Outputs may appear authoritative, confident, or personalized despite being inaccurate, incomplete, outdated, or inappropriate for your circumstances. Always verify clinically important information with a licensed clinician.
What RAK AI is not
RAK AI is a general wellness product. It is not a doctor, it is not medical advice, and it is not a substitute for a clinical relationship with Dr. Jotwani or any other licensed provider. See our Medical & Wellness Disclaimer and RAK AI & App Terms for the full scope and limitations.
In a crisis, suicidal thoughts, danger to yourself or others, or any medical emergency, RAK AI is not the right tool. Call 911 (medical or safety emergency) or 988 (mental health crisis, US). The app includes one-tap shortcuts to those resources.
6. How we share information & our service providers
We share personal information with a limited set of trusted service providers who help us run the website, the app, and our clinical practice. Each service provider only receives the data needed for their specific function and is contractually bound to handle it appropriately.
| Provider | What they do | What they receive |
|---|---|---|
| Anthropic (Claude API) | Powers RAK AI conversational responses | Your RAK AI messages and uploaded images |
| ElevenLabs | Voice synthesis for meditations and voice mode | Text we send for voice generation |
| Supabase | Authentication, database, and storage for the app | Your account email, app content, and check-in history |
| Vercel | Hosts the app and runs the API | Network traffic, IP addresses, error logs |
| Cloudflare Pages | Hosts the website | Network traffic, IP addresses, error logs |
| Kit (ConvertKit) | Newsletter delivery, email marketing, and lead-magnet delivery | Email address, engagement metrics |
| JotForm | Intake and application forms | Form responses you submit |
| Calendly | Scheduling consults, events, and discovery calls | Name, email, timezone, scheduling preferences |
| Circle | RAK ON Tribe membership community and checkout | Name, email, billing info (for checkout), community posts |
| Stripe | Payment processing | Billing information (we do not store full card data) |
We may also share information when required by law (subpoena, court order, regulatory request), to enforce our terms, to protect rights, property, or safety, or in connection with a corporate transaction (merger, acquisition, sale of assets) where we will require the recipient to honor this policy.
7. Cookies, analytics, and tracking
The website uses a minimal set of cookies and similar technologies:
- Essential functions, authentication, security, and remembering preferences (you cannot opt out of these without breaking the site).
- Hosting-level analytics, our website host (Cloudflare Pages) collects basic, aggregated traffic data (visit counts, country, referrer) that does not identify individual visitors and does not require cookies.
- Marketing or third-party advertising cookies, we do not currently use these. If that changes, we will update this policy and (where required) ask for your consent first.
We honor browser "Do Not Track" and "Global Privacy Control" signals.
The app uses local storage to keep you signed in and to cache content for offline use. It does not use third-party advertising cookies.
8. Your rights and choices
Wherever you live, you have the right to:
- Access the personal information we hold about you
- Correct information that's inaccurate
- Delete your account and associated data (some records may be retained for legal or safety reasons, described in Retention)
- Export your data in a portable format
- Unsubscribe from any marketing email at any time
- Withdraw consent for any processing that relies on it
- Opt out of AI features in the app (you can use the rest of the app without RAK AI)
To exercise any of these rights, email support@rakyourlife.com. We will respond within 30 days. We do not discriminate against you for exercising any privacy right.
9. State-specific rights (US)
If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Nevada, New Hampshire, Oregon, Tennessee, Texas, Utah, Virginia, or Washington, or any state that grants comprehensive consumer privacy rights, you have additional rights under your state's law, including:
Consumer health data (Washington and Nevada). Washington's My Health My Data Act and Nevada's Consumer Health Data Privacy Act treat certain wellness, mental-state, and lifestyle data as regulated "consumer health data," independent of HIPAA. We are implementing a separate opt-in consent for the collection of consumer health data, a withdraw-consent mechanism, and the specific deletion rights those laws require. A dedicated Consumer Health Data section will be added to this Privacy Policy alongside the in-app consent surface. If you are a resident of WA or NV and have questions in the meantime, email privacy@rakyourlife.com.
- The right to know what categories of personal information we collect and the purposes
- The right to access a copy of your personal information
- The right to request deletion
- The right to correct inaccurate information
- The right to opt out of sale or sharing of personal information for cross-context behavioral advertising, we do not sell personal information and do not engage in cross-context behavioral advertising, so there is nothing to opt out of, but the right exists
- The right to non-discrimination for exercising your rights
- The right to appeal a decision we make about your request (write to support@rakyourlife.com with "Appeal" in the subject)
To exercise these rights, email support@rakyourlife.com. We may need to verify your identity before fulfilling the request.
10. International users
RAK Your Life is operated from the United States. If you access our services from outside the US, your information will be transferred to and processed in the US, where data protection laws may differ from those in your country.
If you are in the European Economic Area (subject to the EU General Data Protection Regulation), the United Kingdom (subject to the UK GDPR and the Data Protection Act 2018), or Switzerland (subject to the revised Federal Act on Data Protection), we rely on Standard Contractual Clauses or equivalent safeguards for international transfers. You have the right to access, correct, delete, restrict, object to processing, and request portability of your personal information, and to withdraw any consent that you previously gave us. You may also lodge a complaint with your local supervisory authority.
11. How long we keep your information
| Category | Retention |
|---|---|
| Newsletter email address | Until you unsubscribe + 30 days for log purposes |
| App account and content | For the life of your account, or until you request deletion |
| RAK AI chat history | Until you delete it from the app; or automatically deleted 24 months after your last app activity; or when you delete your account, whichever comes first |
| Application form responses (non-patients) | 2 years from submission |
| Clinical patient records | Per applicable state medical-records retention law (typically 7–10 years from last encounter; longer for minors) |
| Billing and tax records | 7 years (US tax law) |
| Web server logs | 90 days |
After the retention period, we delete or anonymize the information so it can no longer be associated with you.
12. How we protect your information
We use reasonable security practices including:
- Encryption in transit (HTTPS/TLS) and at rest for app data stored in our database
- Email-based one-time passcode authentication (no passwords to steal)
- Row-level security in our database so users can only access their own data
- Rate limiting and abuse detection on our API endpoints
- Access controls and audit logging for administrative access
- Regular dependency updates and security review of third-party providers
No method of transmission or storage is 100% secure. If we become aware of a security incident affecting your personal information, we will notify you and any required regulators without unreasonable delay, and no later than the timeline required by HIPAA (where applicable) or applicable state breach-notification law.
13. Children's privacy
The website and the app are not directed to children under 18 and we do not knowingly collect personal information from anyone under 18. If you believe a child under 18 has provided us with personal information, please contact support@rakyourlife.com and we will delete it.
14. Changes to this policy
We may update this policy from time to time. When we make material changes, we will update the Effective Date at the top, increment the version, and (for users with accounts) notify you in the app or by email before the changes take effect. The current version is always available at this URL.
15. Contact us
Questions about this policy, your information, or your rights:
Rakesh Jotwani, MD, PC
Email: support@rakyourlife.com
Mail:
1347 Linda Mar Shopping Ctr, Unit #2020
Pacifica, CA 94044