embodi

Policy

Privacy Policy

Last updated: 23 April 2026

Pre-launch draft. This policy is a working draft. A final, legally reviewed version will be published before Biology Blueprint goes on sale. Questions or concerns: reach us at hello@embodi.life.

Who we are

Embodi is a brand of EFG Endeavors LLC, a United States limited liability company registered in Florida. We build hormonal health education products, beginning with the Biology Blueprint digital course.

What this policy covers

This policy describes what personal data we collect from you, how we use it, who we share it with, how long we keep it, and the rights you have over it. It applies to everyone who visits embodi.life, joins our waitlist, purchases a course, or otherwise interacts with Embodi.

What we collect

We collect only the data we need to deliver our products and run the business:

  • Email address, when you join the waitlist, create an account, or purchase a course.
  • Name, when you create an account or make a purchase.
  • Purchase records, including the product bought, the amount paid, the currency, and the transaction reference. We never see or store your full card number.
  • Course progress, including which sections you have marked as read, after the course ships.
  • Basic technical data such as browser type and approximate location, needed to deliver the site and detect abuse.

We do not collect cycle data, biometric data, or any other sensitive health information in the course portal. When we eventually ship the Embodi mobile app, it will have its own, stricter privacy policy specifically for the health data it captures.

How we use it

We use your data to:

  • Deliver the courses and products you have purchased.
  • Send transactional emails (purchase confirmations, sign-in links, refunds).
  • Respond when you contact us.
  • Comply with legal obligations (tax records, fraud defence).
  • Improve the service based on aggregate, non-identifying usage patterns.

Who processes your data

We use a small number of well-known service providers to run Embodi. Each is bound by its own data processing agreement with us and is used only for the purpose described:

  • Stripe, for payment processing.
  • Clerk, for authentication and account management.
  • Neon, for the encrypted database that stores your profile and purchase records.
  • Sanity, for hosting course content.
  • Resend, for transactional email delivery.
  • Vercel, for hosting the website and course portal.
  • Cloudflare, for domain services.

We do not sell your data. We do not share it with advertisers. We do not use third-party advertising or tracking pixels on embodi.life.

How long we keep your data

When you request account deletion, we apply a tiered approach that honours your choice while meeting our legal obligations:

  • Access is revoked immediately. You cannot sign in, and your courses become inaccessible.
  • Your personal details (name, email, and similar identifying fields) are anonymised thirty days after your request. This window exists so you can reverse a deletion request if it was made in error. After thirty days, the anonymisation is permanent.
  • Your transaction records (purchase amount, date, currency) are retained for seven years for tax and fraud-defence purposes, but are no longer linked to an identifiable you.
  • Any future health data, in the Embodi app, is hard-deleted on request with no retention.

Your rights

You have the right to:

  • Ask what data we hold about you.
  • Correct anything that is wrong.
  • Request deletion of your account (subject to the tiered policy above).
  • Export your data in a portable format.
  • Complain to your local privacy regulator if we are not meeting our obligations.

To exercise any of these rights, email hello@embodi.life. We will respond within thirty days.

Security

All data is encrypted in transit (TLS) and at rest (AES-256 via our database provider). We use industry-standard authentication, access controls, and audit logs. No service can guarantee absolute security, but we hold ourselves to the standards required by New Zealand's Privacy Act 2020 and the European Union's GDPR as our baselines.

Children

Embodi is not directed to children under sixteen. We do not knowingly collect data from children. If you believe a child has provided us with data, contact us and we will delete it.

Changes to this policy

We will post any material changes here, update the "Last updated" date, and notify registered users by email if the change affects them. This page is the canonical record.

Contact

Questions about this policy, or anything else, to hello@embodi.life.