Privacy Policy
Version: v0.1 · Last Updated: July 3, 2026
Pear Partners LLC d/b/a Pragma · 8 The Green, Suite A, Dover, DE 19901 · hello@pragmahealth.ai
Part I — Introduction & Definitions
1. About This Document
This Privacy Policy, Terms of Service, and Data Governance document explains how Pragma collects, uses, and protects your information, the rules governing your use of the site and community, and the privacy and security practices — including HIPAA-aligned safeguards — that apply to your health-related data. Please read it carefully before using the Service, as it governs your relationship with Pragma.
2. Who We Are
Pragma is operated by Pear Partners LLC, a Delaware limited liability company doing business as "Pragma" ("Pragma," "Pear Partners," "we," "us," or "our"). We operate the website located at https://www.pragmahealth.ai (the "Site") and the associated mobile-responsive application, community features, tracker, healthcare-professional verification program, and related services (collectively, the "Service").
Registered address: 8 The Green, Suite A, Dover, DE 19901
General contact: hello@pragmahealth.ai
3. Definitions
- "Service" means the Site, the intake and recommendation experience, the daily tracker/check-in tools, the community feed, the HCP verification portal, the brand/supplement partner portal, and any related features Pragma makes available.
- "Recommendation Engine" or "Engine" means the rules-based, artificial-intelligence-assisted system Pragma uses to synthesize a user's inputs into personalized nutrition and supplement guidance, described further in Part II, Section 2 and Part III, Section 4.
- "Consumer" or "User" means an individual who uses the Service to receive personalized nutrition or supplement guidance.
- "HCP" means a licensed healthcare professional (e.g., MD, DO, RD/RDN, DCN, NP, PA, CNM, PharmD, or other licensed practitioner) who participates in Pragma's HCP verification program.
- "Personal Information" means information that identifies, relates to, or could reasonably be linked with an identified or identifiable individual.
- "Health Information" or "Consumer Health Data" means Personal Information that identifies a consumer's past, present, or future physical or mental health status, including reproductive or hormonal health status, and is used to identify a consumer's health status, consistent with the usage of that term under applicable state consumer health data laws.
- "De-Identified Data" or "Aggregate Data" means information that has been processed so that it can no longer reasonably be used to identify an individual, and that Pragma maintains and uses only in de-identified or aggregated form, as described in Part III, Section 5.
Part III — Privacy Policy
1. Scope
This Privacy Policy explains how Pragma collects, uses, discloses, and safeguards information from (a) Consumers using the Service to receive personalized guidance, and (b) Healthcare Professionals participating in the HCP verification program described in Part V. By using the Service, you agree to the collection and use of information as described here. If you do not agree, please do not use the Service.
2. Information We Collect
2.1 Information Consumers Provide Directly
- Contact and account information (name, email address, password).
- Intake and profile information: life stage (e.g., perimenopause, hormonal birth control use, GLP-1 medication use, postpartum), reported symptoms, current medications and prescriptions — including pregnancy or nursing status, which we use as a gating input to suppress or flag certain recommendations — current supplements, dietary preferences, budget, and goals.
- Laboratory information you choose to share, either by uploading a lab document (which our systems process with AI to extract structured values) or by entering values manually.
- Daily check-in and tracker data, such as self-reported sleep, energy, mood, pain, cycle-phase context, hydration, exercise, supplement adherence, and free-text journal notes.
- Community content you choose to post, including anonymous or named posts and replies.
- Communications you send to us, such as support requests and feedback.
2.2 Information Healthcare Professionals Provide
If you apply for Verified HCP status, we additionally collect the credentialing information described in Part V, Section 2, including your name, credential/designation, specialty, training background, current practice or institution, license number and state, and optional bio and professional website.
2.3 Information Collected Automatically
- Log data (IP address, browser type, device information, pages visited, time spent).
- Cookies and similar tracking technologies (see Section 8).
- Analytics data via Google Analytics (GA4) or similar tools.
2.4 Planned Data Types (Forward-Looking)
We do not currently collect wearable-device or genetic data. If we add these data types in the future, we will update this Privacy Policy first and obtain your separate opt-in consent before any such collection begins.
2.5 Sensitive and Reproductive Health Information
Much of the information described in Section 2.1 — including life stage, hormonal and reproductive health context, medication and pregnancy/nursing status, and lab values — may be considered sensitive personal information or "consumer health data" under applicable law, including HIPAA-adjacent state statutes such as Washington's My Health My Data Act and comparable laws in other states. We collect this information only to the extent necessary to provide personalized recommendations, only with your knowledge that you are voluntarily providing it, and we apply the heightened protections described in Part IV to it.
3. How We Use Your Information
- Provide, operate, and personalize the Service, including generating your Recommendation Engine output and re-running the Engine as new tracker or lab data comes in.
- Generate optional deliverables you request, such as a supplement wallet card or the paid Pragma Report.
- Produce de-identified, aggregated cohort insights (for example, "women like you" benchmarking) as described in Section 5.
- Communicate with you, including responding to inquiries and sending service or account notifications.
- Improve, test, and monitor the effectiveness of the Service and the Recommendation Engine, including reviewing flagged outputs with our Clinical Advisory Board and Registered Dietitian staff.
- Detect, prevent, and address technical issues, fraud, or misuse.
- Verify HCP credentials as described in Part V.
- Comply with legal obligations.
We do not sell your personal information to third parties.
4. The Pragma Recommendation Engine and Automated Processing
The Engine uses the information described in Section 2 to generate personalized nutrition and supplement guidance, drawing on the rules-based logic, curated open-source health literature, and vetted proprietary clinical content described in Part II, Section 2. Certain Engine functions are performed with the assistance of a third-party AI/large-language-model provider (currently Anthropic) under contractual data-protection terms described in Part IV. We do not use the Engine to make decisions that produce legal effects or similarly significant effects concerning you without the opportunity for human involvement: flagged, higher-risk, or ambiguous scenarios are designed to surface "provider question" prompts that direct you to a licensed clinician rather than resolving the question algorithmically. Patterns in Engine performance are periodically reviewed by Pragma's Registered Dietitian clinical leadership, with higher-complexity items referred to our Clinical Advisory Board for consultation, in order to refine rules and safety logic; that review uses de-identified information as described in Section 5, not your individual identified profile, except where a Pragma team member is directly assisting with your account (e.g., customer support).
5. De-Identification, Aggregation, and Cohort Data
Pragma's systems are architected around three data zones: (1) identified data tied to your account, (2) protected data used to power your personalized experience, and (3) a de-identified "learning" copy used to improve the Service. On a regular automated schedule, Pragma generates the de-identified learning copy using a process consistent with the HIPAA Safe Harbor de-identification method. That de-identified data may be used at the individual record level (for example, to analyze and refine Engine rules) or further aggregated (for example, to power cohort-benchmarking features like "women like you"). When Pragma's Clinical Advisory Board or, where applicable, brand or HCP partners review usage patterns to improve the Engine or evaluate products, they see only de-identified information, never your individually identified profile. We do not attempt to re-identify de-identified data, and we contractually prohibit third parties who receive de-identified data from attempting to re-identify it.
7. Your Privacy Rights and Choices
Depending on your state jurisdiction, you may have the right to:
- confirm whether we collect, share, or sell your personal information or consumer health data;
- access the personal information and consumer health data we hold about you, including a list of third parties with whom it has been shared;
- correct inaccurate information;
- request deletion of your information, including from our service providers and affiliates;
- object to or restrict certain processing, and opt out of the sale or sharing of personal information (Pragma does not sell personal information as described above);
- request a portable copy of your data; and
- withdraw consent, where processing is based on consent.
To exercise these rights, contact us at hello@pragmahealth.ai. We will respond consistent with applicable law.
The Service is intended for use by individuals located in the United States. It is not directed to residents of the European Union, United Kingdom, or other jurisdictions outside the United States. If you access the Service from outside the United States, you do so on your own initiative and consent to having your information processed in the United States.
9. Data Security
We implement administrative, physical, and technical safeguards designed to protect your information, described in detail in Part IV. These include encryption of data in transit and at rest, role-based access controls, audit logging, and U.S.-based cloud infrastructure. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
10. Data Retention
We retain personal information for as long as necessary to provide the Service and fulfill the purposes described in this Policy, unless a longer retention period is required by law. You may request deletion of your data at any time (see Section 7).
11. Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected such information, we will take steps to delete it.
12. International Data Transfers
Pragma's infrastructure is U.S.-based. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last Updated" date. Continued use of the Service after changes constitutes acceptance.
14. Contact Us
If you have questions about this Privacy Policy or our data practices, or want to exercise a privacy right, contact us at: Pear Partners LLC d/b/a Pragma, 8 The Green, Suite A, Dover, DE 19901, hello@pragmahealth.ai.
Part IV — HIPAA-Aligned Data Practices
1. Our Approach to HIPAA
HIPAA's obligations generally attach to "Covered Entities" (health plans, health care clearinghouses, and health care providers who transmit health information electronically in connection with certain standard transactions) and their "Business Associates." Pragma's direct-to-consumer nutrition education Service does not currently bill insurance, does not operate as a health plan or clearinghouse, and is designed not to constitute the practice of medicine. On that basis, Pragma likely does not currently meet the statutory definition of a HIPAA Covered Entity or Business Associate with respect to its direct-to-consumer Service.
Because Pragma collects sensitive reproductive and hormonal health information regardless of its formal HIPAA status, we have voluntarily built what our internal governance documentation refers to as a "HIPAA-equivalent" safeguards program modeled on the HIPAA Security Rule and Privacy Rule, described below. We use this approach, and describe our practices as "HIPAA-compliant data practices" in marketing contexts, to signal the rigor of our safeguards — not to represent that Pragma is a Covered Entity.
2. Administrative Safeguards
- A designated privacy and security lead responsible for this program.
- Workforce training on data handling, confidentiality, and incident response.
- Role-based access management following a least-privilege model, so that only personnel who need access to identified health information for their role can obtain it.
- A written incident response plan.
- Vendor risk assessment for any service provider that touches user data, including execution of data protection or Business Associate Agreements where appropriate.
3. Physical Safeguards
Pragma is cloud-hosted and does not maintain on-premises servers or physical media containing user data. Physical security of the underlying infrastructure is provided by our cloud hosting provider, Amazon Web Services (AWS), at its U.S.-based data centers.
4. Technical Safeguards
- Encryption of data in transit (TLS) and at rest (AES-256 or equivalent).
- Authentication and role-based access controls.
- Audit logging of access to sensitive data.
- Automatic session timeouts.
- Regular backups and a disaster recovery plan.
5. Infrastructure and Hosting
Pragma's Service is hosted on Amazon Web Services, using U.S.-based regions/data centers only. Data flows through three architectural zones of increasing restriction: an identified zone tied to your account, a protected zone containing data used to power your personalized experience (access to which is limited to the systems and personnel that need it, and which is covered by Business Associate Agreements or equivalent data-protection terms with the relevant providers — currently AWS, our AI/large-language-model provider Anthropic, and our internal admin tooling provider Retool), and a de-identified "learning" zone generated on a regular automated schedule using a process consistent with the HIPAA Safe Harbor de-identification method.
6. Healthcare Professional Data Handling
HCP license numbers and related verification data are stored encrypted, access to them is restricted to the personnel responsible for verification, and they are used solely to confirm licensure — including, where appropriate, cross-checking against a state medical board lookup — before Verified HCP status is granted. License numbers are never displayed publicly. See Part V for the full HCP Data Addendum.
7. If Pragma Becomes a HIPAA Covered Entity or Business Associate
If Pragma enters into clinical partnerships, offers RD consult or similar clinical services, or integrates with covered entities or health systems in a way that meets HIPAA's statutory definitions, Pragma will execute appropriate Business Associate Agreements, update this Part IV and its underlying compliance program, and provide notice to affected users before those changes take effect.
8. Breach Notification
In the event of a breach of security involving unsecured personal or health information, Pragma will notify affected individuals, and where applicable, regulators, without unreasonable delay and consistent with the FTC's Health Breach Notification Rule and applicable state breach notification laws, and, to the extent HIPAA's Breach Notification Rule applies to a given data set or partnership, consistent with that Rule's standards as well.
9. State Consumer Health Data Laws
Certain state laws — including Washington's My Health My Data Act and similar consumer health data statutes in other states — impose HIPAA-like transparency and consent obligations on companies, like Pragma, that are not HIPAA Covered Entities but that collect consumer health data. Part III, Sections 2, 5, and 7 of this document are designed to satisfy those disclosure and consent requirements; this should be confirmed against the current text of each applicable state law before publication, as this area of law is evolving quickly.
Part V — Healthcare Professional (HCP) Data Addendum
1. Purpose
This Addendum governs the collection, verification, use, and display of information from licensed healthcare professionals who apply for Verified HCP status on Pragma. It is incorporated into, and forms part of, the Terms of Service (Part II, Section 7) and Privacy Policy (Part III, Section 2.2).
2. Information Collected From HCPs
- First and last name.
- Credential or designation (e.g., MD, DO, RD/RDN, DCN, NP, PA, CNM, PharmD, PhD, or other licensed HCP).
- Specialty or area of practice.
- Where you trained (medical school, residency, or fellowship) — optional but encouraged.
- Current practice or institution — optional but encouraged.
- License number and licensing state — used for verification only and never shown publicly.
- Professional website or profile — optional, helps expedite verification.
- A short bio for the community — optional.
3. Verification Process
Applications are reviewed manually by the Pragma team, which cross-checks submitted credentials — including, as needed, a lookup against the applicable state medical or professional licensing board — before granting Verified HCP status. Verification typically takes 2–3 business days. Applicants are notified by email once a decision (verified, rejected, or flagged for further review) is made.
4. Public Display and Transparency Requirement
Once verified, your credential and general practice area are always visible when you engage in the community (for example, "Dr. Navarro, MD — Verified HCP"). This transparency requirement is non-negotiable, because it is what allows other users to identify and trust HCP participation in the community. You may separately choose whether to display your specific practice or institution name and optional bio. Your license number is never displayed publicly under any circumstance.
5. Use of HCP Data
We use HCP data to verify licensure, administer the Verified HCP badge and associated community privileges, and moderate HCP participation in the community. We do not sell HCP data. Where Pragma's Clinical Advisory Board or engineering team reviews community engagement patterns to improve the Recommendation Engine or community moderation, that review uses de-identified, aggregated information consistent with Part III, Section 5.
6. HCP Community Conduct and Professional Standards
- Represent your credentials, training, and practice accurately and keep your profile current.
- Do not use your Verified HCP status to promote a specific brand, product, or sponsor without clear disclosure.
- Stay within your professional scope of practice when responding in the community, and do not provide individualized diagnosis or treatment through the Service.
- Comply with Pragma's community moderation policies (Part II, Section 6).
7. Removal or Revocation of Verified Status
Pragma may revoke Verified HCP status at any time, including for loss or suspension of licensure, submission of inaccurate credentials, violation of this Addendum, or violation of the Terms of Service's community guidelines.
Part VI — General Provisions
1. Order of Precedence
This document is organized into Parts for clarity, but Parts II (Terms of Service), III (Privacy Policy), IV (HIPAA-Aligned Data Practices), and V (HCP Data Addendum) together form a single agreement between you and Pragma. In the event of a direct conflict between Parts on a given topic, the more specific provision controls (for example, Part V controls over Part III on HCP-specific data questions).
2. Severability
If any provision of this document is held invalid or unenforceable, that provision will be limited or eliminated to the minimum extent necessary, and the remaining provisions will remain in full force and effect.
3. No Waiver
Our failure to enforce any right or provision of this document will not be considered a waiver of that right or provision.
4. Assignment
You may not assign or transfer these Terms without our prior written consent. We may assign or transfer these Terms without restriction, including in connection with a merger, acquisition, or sale of assets.
5. Force Majeure
Pragma will not be liable for any failure or delay in performance resulting from causes beyond its reasonable control.
6. Notices
We may provide notices to you via email, through the Service, or by posting on the Site. You may provide notice to us at the contact information below.
7. Contact Information
Pear Partners LLC d/b/a Pragma
8 The Green, Suite A, Dover, DE 19901, hello@pragmahealth.ai