Introduction
Flagship Digital LLC ("we," "us," or "our") operates the Lexi AI Performance Coach application ("Lexi," "the App"). This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use Lexi.
By using Lexi, you agree to the practices described in this policy. If you do not agree, please do not use the App.
Contact: privacy@meetlexi.ai
Registered Agent: 7901 4th St N STE 300, St. Petersburg, FL 33702
Information We Collect
Information You Provide Directly
- Account information: Email address, password (hashed, never stored in plain text), display name
- Health and body composition data: Current weight, goal weight, body fat percentage, height, age, biological sex
- Nutrition data: Daily food logs, macro targets, meal descriptions, hydration logs, alcohol consumption logs
- Fitness data: Workout logs, exercise selections, sets, reps, weight, cardio sessions, soreness, stress levels
- Progress photos: Photos you upload for visual assessment, tagged with date and photo type (front, side, back)
- Journal entries: Personal health and wellness journal entries you choose to write
- Health conditions and limitations: Injuries, movement limitations, allergies, medications you disclose
- Recovery data: Sleep quality, soreness ratings (1–5), stress ratings (1–5), menstrual cycle phase (if provided)
- Voice recordings: Audio captured when you use voice input features (transcribed and discarded)
- Feedback and communications: Feedback reports, support requests
Information Collected Automatically
- Usage data: Features used, screens visited, session duration, button interactions
- Device information: Device type, operating system version, app version
- Authentication data: Session tokens (stored as hashed values only)
Information from Third-Party Services
- Apple Health (with your permission): Weight, steps, active and resting calories, heart rate, HRV, distance, workouts, sleep duration. You control this connection and can disconnect at any time.
- Apple Sign In / Google Sign In (if used): Email address and authentication token only
How We Use Your Information
- Provide AI coaching: Your health, nutrition, fitness, and body composition data is sent to Anthropic's Claude AI to generate personalized coaching responses, macro guidance, and workout recommendations
- Generate visual assessments: Progress photos are analyzed by Anthropic's Claude AI vision to score conditioning, symmetry, and fullness
- Transcribe voice input: Voice recordings are sent to OpenAI's Whisper service for transcription, then immediately discarded
- Sync health data: Apple Health data is stored to provide context to Lexi's coaching
- Send voice responses: Lexi's text responses are converted to audio via ElevenLabs text-to-speech
- Store progress: Track your weight, macros, workouts, and photos over time
- Improve the service: Aggregate, anonymized usage patterns help us improve Lexi
- Communicate with you: Send service notifications and onboarding emails
- Ensure safety: Monitor for crisis language or content requiring referral to professional support
Data Sensitivity Classification
We recognize that health data is sensitive. We classify your data by sensitivity level:
- Progress photos & VA results
- Voice recordings
- Journal entries
- Injury history & medical conditions
- Menstrual cycle data
- Eating disorder history
- Weight & body composition
- Body fat percentage
- Macro & calorie data
- Hydration & alcohol logs
- Workout & fitness data
- Fasting windows
AI Processing Disclosure
Lexi is powered by artificial intelligence. When you interact with Lexi:
- Your messages, health data, and context are sent to Anthropic (Claude AI) for processing
- Your progress photos are sent to Anthropic (Claude AI vision) for visual assessment
- Your voice input is sent to OpenAI (Whisper) for transcription
- Lexi's voice responses are generated by ElevenLabs text-to-speech
We have configured Zero Data Retention (ZDR) with Anthropic — your data is not used to train Anthropic's models. OpenAI Whisper transcription is processed and discarded.
Lexi is not a licensed medical professional, registered dietitian, or certified personal trainer. Lexi's coaching is for informational and motivational purposes only and is not a substitute for professional medical, nutritional, or fitness advice.
Beta Program — Operator Review of Tester Conversations
If you participate in the Lexi beta program via TestFlight, you acknowledge and consent that authorized members of the Lexi team (operators) may review your conversations with Lexi and your account data for the limited purposes of:
- Diagnosing bugs and unexpected behavior reported during the beta
- Improving Lexi's coaching responses, safety guardrails, and product quality
- Validating Lexi's adherence to the OBAB methodology and Alexis's coaching principles
- Investigating account issues, billing inquiries, or safety concerns you raise
This operator-review access applies only to users designated as beta testers (is_test = TRUE in our systems) and only while the beta-program operator-review feature flag is active. Every operator view of beta tester data is recorded in our audit log, including the operator identity, timestamp, and scope of access.
This access does not apply to production (non-beta) users. Once Lexi launches publicly, operator access to user conversations transitions to the user-initiated support pathways described in our public Customer Support Flow, which require explicit, time-bound user authorization or a documented legal/safety basis.
If you wish to withdraw from the beta program at any time, contact us at privacy@meetlexi.ai. Withdrawal terminates beta access and triggers our standard data retention process described in Section 7.
Sub-Processors
We share data with the following third-party service providers to operate Lexi:
| Service | Purpose | Data Shared |
|---|---|---|
| Anthropic | AI coaching, visual assessment | Messages, health context, progress photos |
| OpenAI | Voice transcription (Whisper) | Voice audio (transcribed and discarded) |
| ElevenLabs | Voice response generation | Lexi's text responses only |
| Railway | Cloud hosting and database | All app data (encrypted at rest) |
| Cloudflare R2 | Progress photo storage | Progress photos (encrypted at rest) |
| SendGrid | Transactional email | Email address |
| Twilio | SMS notifications (if enabled) | Phone number |
| Apple | HealthKit data sync | Health metrics you authorize |
| Stripe | Payment processing | Payment information (not stored by us) |
We do not sell your personal data to third parties. We do not share your data with advertisers.
Data Retention
| Data Type | Retention Period |
|---|---|
| Active account data | Until account deletion |
| Deleted account PII | Anonymized within 30 days of deletion |
| Expired session tokens | Deleted after 30 days |
| API usage logs | 90 days |
| Phone verification codes | 24 hours |
| Audit logs | 365 days |
| Progress photos | Until deleted by you or account deletion |
| Journal entries | Until deleted by you or account deletion |
Upon account deletion, we anonymize your personally identifiable information within 30 days — within the 45-day maximum required under Washington's My Health MY Data Act (MHMDA) and Connecticut's CTDPA.
Your Rights
All Users
- Access your data
- Correct inaccurate data
- Delete your account and associated data
- Export your data
- Withdraw consent for optional data processing
- Disconnect Apple Health at any time
Washington State (MHMDA)
- Right to confirm whether we process your consumer health data
- Right to access your consumer health data
- Right to withdraw consent
- Right to deletion within 45 days of request
- Right to appeal our decisions
California (CMIA)
- Right to access medical information we hold
- Right to know how medical information is shared
- Prohibition on sharing medical information without authorization
Connecticut (CTDPA), Illinois (BIPA), Texas (CUBI)
Applicable rights under each state's data protection law apply to residents of those states.
To exercise any of these rights, contact us at privacy@meetlexi.ai. We will respond within 45 days.
Biometric Data (Illinois BIPA)
If you use voice input features or upload progress photos, you may be providing biometric identifiers subject to the Illinois Biometric Information Privacy Act (BIPA). By using these features, you provide written consent to our collection and processing of this data as described in this policy. Biometric data is not sold or shared beyond the sub-processors listed above.
Children's Privacy
Lexi is intended for users aged 17 and older. We do not knowingly collect personal information from anyone under the age of 17. If you believe a minor has provided us with personal information, contact us at privacy@meetlexi.ai and we will delete it promptly.
Data Security
- Encryption at rest for all stored data (Cloudflare R2, Railway)
- Encrypted HTTPS/TLS for all data in transit
- Hashed session tokens (never stored in plain text)
- Zero Data Retention configuration with Anthropic
- Role-based access controls — only authorized personnel access production data
- Regular security reviews of new endpoints and features
Despite these measures, no system is completely secure. We encourage you to use a strong password and enable biometric authentication within the App.
Mental Health and Crisis Content
Lexi includes safety guardrails for mental health content. If Lexi detects language related to suicide, self-harm, or eating disorders, it will refer you to professional resources and will not attempt to coach through these situations.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification. Continued use of the App after changes take effect constitutes your acceptance of the updated policy.
Contact Us
For privacy questions, data requests, or concerns:
Email: privacy@meetlexi.ai
Mail: Flagship Digital LLC, 7901 4th St N STE 300, St. Petersburg, FL 33702
For urgent privacy matters, please include "URGENT PRIVACY" in your subject line.