Resetful
Sign in Get started

Last updated: April 27, 2026

Privacy policy

Resetful is built for licensed dietitians, nutritionists, and registered dietitian nutritionists (RDNs) supporting GLP-1 clients on Wegovy, Ozempic, Mounjaro, and Zepbound. Protected health information (PHI) and client logs deserve a clear, narrow, and accountable data policy.

1. What we collect

When a dietitian creates a Resetful workspace and invites a client, we process the minimum data required to deliver GLP-1 nutrition coaching:

  • Account data: name, email, professional credentials, billing details for the practice.
  • Clinical context: the GLP-1 medication, dose, phase (Titration, Maintenance, Tapering, Discontinuation), nutrition plan, and goals the dietitian configures.
  • Client logs: meal photos, voice notes, weight, symptom tags, and chat messages the client submits through the white-label client app.
  • Operational metadata: session timestamps, audit trails, and aggregate usage telemetry needed to keep the platform reliable.

2. HIPAA posture and BAA

Resetful is HIPAA-ready and signs a Business Associate Agreement (BAA) with every paid practice before clients are invited. PHI is processed only under that BAA. We do not require a BAA for the public marketing site, but every authenticated practice surface, client app, and AI workflow operates under one.

3. Encryption and storage

  • PHI is encrypted in transit with TLS 1.2+ and at rest with AES-256.
  • Storage and compute run in US-based regions with HIPAA-eligible cloud providers under signed BAAs.
  • Access is gated by role-based permissions, multi-factor authentication for staff, and tamper-evident audit logs.

4. AI providers and training

Resetful uses third-party large language models to draft session briefs, parse meal photos, and power the 24/7 AI client coach. We send only the data needed for each request and operate exclusively under enterprise terms that prohibit using your data to train foundation models.

  • Client PHI is never used to train any AI model — ours or a vendor's.
  • Inference traffic to AI providers is covered by signed BAAs or HIPAA-equivalent terms.
  • Dietitians can review or edit anything the AI drafts before it reaches a client.

5. Sharing and subprocessors

We share PHI only with subprocessors that are contractually required to safeguard it under HIPAA — for example, our hosting provider, AI inference vendor, transactional email service, and customer support tooling. We publish an up-to-date subprocessor list on request and notify practices before adding a new subprocessor that touches PHI.

6. Your rights and client rights

  • Clients can request a copy of their data through their dietitian or by emailing hello@resetful.com.
  • Practices can export workspace data in a structured format at any time.
  • On request, we delete or de-identify PHI within 30 days, except where retention is required by law.

7. Cookies and analytics

The marketing site uses a privacy-first analytics provider that does not set cookies, does not track individual visitors, and does not collect PHI. The dietitian and client apps use only the cookies and local storage required to keep you signed in and the session secure.

8. Changes and contact

We will update this policy as Resetful evolves. Material changes are announced in-product and by email at least 14 days before they take effect. Questions, BAA requests, or data inquiries can be sent to hello@resetful.com.