Privacy & Consent Notice

Notice at Collection

This Notice at Collection summarises the categories of personal information ToneWell collects, the purposes for which we use it, and your rights. Full detail is in the sections that follow.

In plain English

ToneWell records 30 seconds of your voice and turns it into a Performance Readiness Scan Report. This page tells you exactly what we collect, why, who we share it with, how long we keep it, and what your rights are. By ticking the consent box on the recording screen, you confirm you have read this notice and agree to ToneWell processing your information as set out below.

ToneWell is a wellness and readiness tool. It is not a medical device, a diagnostic service, or a substitute for healthcare. Your scan does not diagnose, treat, cure, or prevent any disease or medical condition.

We do not sell your voice recording. We do not use it to identify you biometrically. We do not share your data with advertisers. We do not use it to make legal, medical, financial, employment, or insurance decisions about you.

1. About ToneWell

ToneWell, Inc. is a Delaware corporation operating a consumer wellness platform at www.tonewell.co. You record approximately 30 seconds of your voice through your device. Our voice-analysis technology produces structured signal outputs from that recording, and we generate a Performance Readiness Scan Report that includes a coherence score, a daily directive (Push, Maintain, or Recover), three priorities, a breakdown across eight readiness signals (energy, hydration, mineral load, sleep, stress, inflammation, toxins, and pathogens), and a short-term roadmap.

The report is designed to help you decide where to focus your energy, recovery, and lifestyle priorities. It is framed as readiness and priorities. It does not make diagnostic claims about specific biomarkers or medical conditions. This framing is enforced by ToneWell’s editorial standards and applied at the point report content is generated.

ToneWell is not a medical service. ToneWell does not provide medical, psychological, nutritional, or pharmaceutical advice. If you have a health concern, please speak to a licensed healthcare professional. Do not use ToneWell as the basis for decisions about medication, treatment, or clinical care.

ToneWell’s services are directed to users in the United States. If you access ToneWell from outside the United States, see section 14.

2. What you are consenting to

By ticking the consent box on the recording screen, you confirm that you understand and agree to all of the following.

3. Information we collect

We collect the following categories of personal information. The category labels in brackets correspond to the categories defined under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

4. How we use your information

We use your information to:

• Generate, deliver, and store your Performance Readiness Scan Report
• Operate your ToneWell account, including future scans and historical comparisons
• Process payments and fulfil purchases
• Communicate with you about your scan, account, and support requests
• Send product updates, educational content, and offers, only where you have opted in to marketing
• Improve the ToneWell platform, including report quality, interpretation accuracy, user experience, and reliability
• Monitor security, prevent fraud, and investigate technical issues
• Meet legal, tax, accounting, and regulatory obligations
• Generate de-identified or aggregated insights for internal product improvement and research

We do not use your information to make medical diagnoses or to make legal, financial, insurance, or employment decisions about you.

5. Where the information comes from

We collect personal information directly from you (when you create an account, record your voice, fill in fields, or contact us), automatically when you use the website (cookies, server logs, analytics), and from our service providers (for example, our payment processor confirms a payment status, and our voice-analysis partner returns the structured signal outputs derived from your recording).

6. Who we share your information with

ToneWell shares information only with trusted service providers who help us deliver the platform, and only for that purpose. Each is bound by a written data processing agreement and is permitted to use information only as necessary to provide its service to ToneWell. Under California law, these providers are our “service providers” and “contractors,” not third parties for the purposes of “sale” or “sharing.”

The categories of provider we use are:

• Voice-analysis technology. Converts your recording into structured signal outputs. ToneWell uses a single licensed voice-analysis technology partner under a written data processing agreement.
• Cloud infrastructure and database — Supabase, hosted on Amazon Web Services (US East). Storage, authentication, and core platform services.
• Application hosting — Vercel. Hosts the ToneWell web application and pipeline workers.
• Payment processing — Stripe. Processes purchases.
• Email delivery — Postmark. Sends transactional emails such as your magic link and your report.
• SMS delivery — Twilio. Sends text notifications if you have opted in.
• Report rendering — APITemplate.io. Generates the PDF version of your report.
• AI report generation — OpenAI (default), Anthropic (configured alternative). Translates structured signal output into report language. These providers receive the structured outputs of your scan, not your raw voice recording.
• Network and security — Cloudflare. DNS, SSL, and bot protection.
• Monitoring and analytics — Sentry, UptimeRobot. Platform reliability and error monitoring.
• Professional advisors. Legal, accounting, and compliance advisors where needed.

ToneWell will publish an updated list of subprocessors as the platform evolves. We will not add a new category of provider that materially changes how your data is processed without updating this notice.

We may also disclose information where required to comply with the law, respond to a lawful request, protect rights and safety, or in connection with a corporate transaction such as a merger, acquisition, or sale of business assets. In any such transaction, your information will continue to be protected by this notice or one materially equivalent.

We do not sell your voice recording, your scan results, or any other personal information, and we do not share personal information for cross-context behavioural advertising.

ToneWell honours Global Privacy Control (GPC) signals from your browser as an opt-out preference signal under California and other state privacy laws.

7. How long we keep your information

We retain personal information only as long as we need it for the purposes set out in this notice. Indicative retention periods are below. Final retention periods are set out in ToneWell’s internal data retention schedule and may be updated from time to time.

If you close your account or request deletion, we will delete or anonymise your personal information within a reasonable period, subject to any legal obligation to retain specific records (for example, tax records).

8. How we protect your information

ToneWell uses administrative, technical, and organisational safeguards designed to protect your information from unauthorised access, loss, misuse, alteration, and disclosure. These include:

• Encrypted storage and encrypted transport between systems
• Role-based access controls and least-privilege permissions across our database and infrastructure
• Append-only storage of raw voice analysis output, so historical scan data cannot be silently altered
• Authenticated access to reports — your full report is gated behind your account session and cannot be accessed by a public link
• Vendor due diligence and written data processing agreements with all providers handling your information
• Logging, monitoring, and incident response procedures
• US-region cloud infrastructure with point-in-time recovery
• Rate limiting and bot protection at the network edge

No system is completely secure. You are responsible for protecting your account credentials, for using a secure device, and for not sharing your magic-link emails or report links with others. If you believe your account has been compromised, contact hello@tonewell.co immediately.

ToneWell maintains an incident response procedure and will notify affected users and applicable regulators of personal data breaches as required by state and federal law.

9. Voice data and biometric considerations

Voice recordings are sensitive. ToneWell treats your recording, the structured signal outputs derived from it, and your report as confidential and uses them only for the purposes set out in this notice.

ToneWell does not use your voice recording to identify you as a unique individual. ToneWell does not create or store a voiceprint, biometric template, or similar identifier intended to identify you. Voice analysis is used only to generate readiness signals for your report.

10. Your rights

11. Children's privacy

ToneWell is not intended for children. ToneWell does not knowingly collect personal information from children under 13 in compliance with the Children’s Online Privacy Protection Act (COPPA). If we become aware that we have collected personal information from a child under 13 without verifiable parental consent, we will take reasonable steps to delete it.

If you are between 13 and 18, you should only use ToneWell with the consent and active involvement of a parent or guardian. By ticking the consent box, you confirm you are at least 18 or that you have the consent and involvement of a parent or guardian.

California, Connecticut, and certain other states impose additional protections for users under 16 or under 18, including limits on the sale or sharing of personal information of minors. ToneWell does not sell or share personal information for any user, regardless of age.

12. HIPAA and healthcare relationships

ToneWell is a consumer wellness platform. ToneWell is not a healthcare provider, health plan, or healthcare clearinghouse, and is not subject to the Health Insurance Portability and Accountability Act (HIPAA) when you use the service as an individual consumer.

Information you provide directly to ToneWell as a consumer is not protected health information (PHI) under HIPAA. It is consumer wellness information, protected by this notice and by applicable state and federal consumer privacy laws.

If, in future, ToneWell works with a HIPAA-covered entity (such as a healthcare provider or health plan) in a way that involves protected health information, ToneWell will enter into a Business Associate Agreement and follow the applicable HIPAA requirements for that specific relationship. Unless ToneWell has signed a separate agreement of that kind that applies to your information, the information you provide directly to ToneWell as a consumer is not governed by HIPAA.

13. Communications, marketing, and SMS

ToneWell sends transactional messages — your scan, your account activity, and support replies — as part of the service. These are not marketing and you cannot unsubscribe from them while you have an active account.

ToneWell will only send you marketing emails if you have separately opted in. You can unsubscribe at any time using the link in any marketing email or by emailing hello@tonewell.co. Marketing consent is granular and is not bundled with consent to use the service. ToneWell complies with the CAN-SPAM Act for commercial email.

SMS messaging. If you opt in to SMS, ToneWell will send transactional notifications (for example, that your report is ready) and, if you separately opt in, marketing messages. SMS opt-in is collected through a clear, separate consent on the recording flow, in compliance with the Telephone Consumer Protection Act (TCPA). Message and data rates may apply. Reply HELP for help, STOP to opt out. Frequency varies based on your account activity. ToneWell does not share SMS opt-in data or phone numbers with third parties for marketing purposes.

14. Users outside the United States

ToneWell is based in the United States and our services are directed to US users. If you access ToneWell from outside the United States, your information will be transferred to and processed in the United States, which may have different privacy protections than your home jurisdiction.

15. AI and automated processing

ToneWell uses artificial intelligence — large language models — to help interpret your structured scan signals and generate the language of your report. AI receives the outputs of voice analysis (a structured set of signals and observations), not your raw voice recording. The model used is configurable; the current default is OpenAI gpt-4.1-mini, with Anthropic available as a configured alternative. ToneWell may change AI providers or models over time, subject to the protections set out in this notice.

AI-generated content is constrained by ToneWell’s editorial standards and claims-language guardrails, which keep your report focused on readiness and lifestyle priorities and prevent diagnostic claims about specific biomarkers or medical conditions. These guardrails are applied at the system level, not left to the model alone.

ToneWell does not use AI to make automated decisions that have legal, financial, employment, insurance, or medical effects on you. You always have the right to contact us at hello@tonewell.co to ask questions about how your report was generated or to request human review. Several state privacy laws (including those of California, Colorado, and Connecticut) give you rights related to automated decision-making and profiling — ToneWell honours those rights as set out in section 10.

16. Service reliability and partial results

ToneWell is built so that processing failures are visible to you, never silent. If our pipeline cannot map enough of your recording into clean signals to produce a full report, you will receive one of the following outcomes:

• A partial report, clearly flagged as partial, where most signals were mapped but some were not. Your scan credit is consumed.
• A system failure outcome, where too few signals were mapped to produce a meaningful report. Your scan credit is restored to your account so you can re-record at no additional cost. We do not silently fail or deliver an incomplete report without telling you.

You will always receive an honest explanation of what happened and your next step. ToneWell’s internal admin systems flag every partial or failed scan for review.

17. Cookies and tracking

ToneWell uses cookies and similar technologies to operate the website, remember your session, measure performance, understand traffic sources, and improve our marketing. Some cookies are strictly necessary for the service to function. Others are optional and used for analytics, performance, or marketing.

Where required by state law, ToneWell will request your consent or provide a clear opt-out for non-essential cookies. ToneWell honours Global Privacy Control (GPC) browser signals as an opt-out preference signal. You can also manage cookies through your browser settings. Disabling certain cookies may affect how the website works.

18. Third-party links and services

The ToneWell website and reports may contain links to third-party websites, tools, products, practitioners, affiliates, or partners. ToneWell is not responsible for the privacy practices, content, or security of those third parties. You should review the privacy policies of any third-party service you use.

19. Enterprise and partner agreements

If ToneWell enters into a separate written agreement with an enterprise client, practitioner, affiliate, or institutional partner that governs how your information is handled in that relationship, that agreement will control to the extent of any conflict with this notice for that specific relationship. ToneWell will only enter into such agreements where the protections offered to you are at least equivalent to those in this notice.

20. Governing law and disputes

This Privacy & Consent Notice and any dispute arising out of it are governed by the laws of the State of Delaware, without regard to its conflict of laws principles. The state and federal courts located in Delaware will have exclusive jurisdiction over any such dispute, except that nothing in this section limits your right to bring a complaint to a privacy regulator with jurisdiction over you (including, where applicable, the California Privacy Protection Agency, your state Attorney General, the US Federal Trade Commission, the UK Information Commissioner’s Office, or an EEA supervisory authority).

Nothing in this notice waives any right you have under applicable consumer privacy law that cannot be waived as a matter of law.

21. Changes to this notice

ToneWell may update this Privacy & Consent Notice from time to time. The “Last Updated” date at the top of the notice reflects the latest version. If we make material changes, we will notify you by email, by an in-product notice, or by another reasonably prominent method. Where required by law, we will obtain fresh consent before applying the new notice to existing users.

Continued use of ToneWell after a non-material update means you accept the updated notice.

22. Contact us

For privacy questions, data subject requests, or any concerns about this notice, contact:

The consent you give

By ticking the consent box on the recording screen, you confirm that:

• You are at least 18 years old, or you have the consent and involvement of a parent or guardian.
• You have read and understood this Privacy & Consent Notice.
• You agree to ToneWell collecting, processing, sharing with the providers listed in section 6, and storing your voice recording and related information to generate your Performance Readiness Scan Report and operate your account, on the terms set out in this notice.
• You understand ToneWell is a wellness and readiness tool, not a medical service.

Marketing email and SMS consent are captured separately on the recording screen and are not bundled into this consent. You can use ToneWell without consenting to marketing.