milli Join early access

Legal

Privacy Policy

Last updated June 30, 2026

This Privacy Policy explains how Milli Health ("Milli," "we," "us") collects, uses, shares, protects, and lets you control your information. It covers both:

  • the millihealth.com website, including the early-access waitlist (the "Site"); and
  • the Milli app and its supporting services — your AI healthcare companion (the "App").

Together we call these the "Services." Milli is currently rolling out through early access, so some App features described here may not be available to everyone yet. Your health information is some of the most personal information you have, and we treat it that way.

The short version. You own your data. We use it to make Milli helpful to you — never to sell you out. We don't sell your personal information, we don't show you ads, and we don't use your health data to train third-party AI models. Connections like Apple Health and Oura are read-only and opt-in. You can export or delete your data at any time. The website waitlist collects an email and a few optional answers — please don't send health details through it.

1. Who this applies to

The Services are intended for adults (18 and older) in regions where Milli is offered. Milli is a personal wellness and health-organization companion. It is not a medical provider, medical device, or emergency service, and using the Services does not create a doctor–patient relationship. See our medical disclaimer.

2. Information we collect

From the website & waitlist

  • Waitlist details you provide: your email address and any optional answers (the role you identify with, what you'd want Milli to help with, the tools you use today, TestFlight interest, and an optional free-text note).
  • Basic technical context: a one-way hashed form of your IP address (used only to limit spam and abuse — we do not store your raw IP), your browser's user-agent, the referring page, and any campaign (UTM) parameters in the link you arrived from.

From the Milli app

  • Account & identity: your phone number for passwordless sign-in, and a profile you build over time (such as your name, basic details, and the goals you share).
  • Health & wellness information you choose to provide or connect — this is the heart of how Milli helps you, and is only collected with your permission. It can include: metrics from Apple Health and connected devices like Oura (for example sleep, readiness, heart rate, HRV, temperature, and activity); things you log (food, mood, symptoms, activity, medications and supplements, and vitals such as weight or blood pressure); medications and care plans, including a doctor's plan you import; and medical records you upload or connect (such as labs, allergies, immunizations, visit history, procedures, and family history).
  • Your conversations with Milli: chat messages, voice input, and photos you send (for example a meal, a symptom, or a document). Some processing — like reading text from a photo — happens on your device.
  • Care network & sharing: if you invite people (a partner, parent, or clinician) into your care circle, we record who you've shared with and exactly what you chose to share.
  • "What Milli learned": a patient-owned memory of preferences and context that helps Milli personalize — which you can view, edit, and delete.
  • Device & usage information: app version, device type, diagnostics, and security/audit events (such as sign-ins, data syncs, and AI actions). These operational logs are kept free of your health details.

You're always in control of what you connect or share. You can use much of Milli without connecting every source, and you can disconnect a source or revoke a permission at any time.

3. How we use your information

  • To provide the Services: understand your health information, explain it in plain language, help you follow your plan, track what matters, prepare better questions for your care team, and check back with you.
  • To personalize Milli's help and nudges to you, within limits you set.
  • To keep the Services safe and working — preventing spam, abuse, and fraud, and diagnosing technical problems.
  • For the waitlist: to add you to early access, send you updates about Milli, and understand in aggregate who is interested so we can plan the product.
  • To comply with our legal obligations and enforce our Terms.

What we never do: we don't sell your personal information; we don't use it for third-party advertising; and we don't use your health data to train AI models for anyone other than serving you, or share it with other users. Milli only ever uses your information to help you — never another person's data, and never the reverse.

4. Apple Health, Oura & other connections

Connections are read-only and opt-in. You choose each source and exactly what to share, you can see what Milli reads, and you can disconnect at any time — after which Milli stops reading from it.

  • Milli reads the data you approve through each source's official, secure sign-in. We never see your passwords for those services, and Milli does not change your accounts, your device, or your goals in them.
  • Data received from Apple Health is used only to provide the Services to you. Consistent with Apple's requirements, we do not use Health data for advertising or sell it, and we do not share it with third parties for their own purposes.
  • Oura, Apple Health, and other product names are trademarks of their respective owners; Milli is independent and not endorsed by them.

5. How Milli's AI uses your information

Milli is powered by AI that runs partly on your device and partly on our secure backend. We've designed this with privacy first:

  • The app never sends your data directly to outside AI providers, and AI service keys are never stored in the app.
  • When health information is involved, it is processed only through vetted, contracted infrastructure under appropriate data-protection terms (including Business Associate Agreements where applicable). Sensitive routing is off by default and gated.
  • The context Milli uses is scoped to what's needed to answer you, and the content of your conversations is not written into our operational logs.
  • Every health answer is source-backed and shows "what Milli used," and you can review Milli's AI action history. Anything that could change your records, plan, or medications is presented as a proposal for your approval — Milli does not act silently.
  • High-risk situations are handled by deterministic safety rules, not model guesswork, and route you to real help.

6. How we share information

We share information only in these limited ways:

  • Service providers (sub-processors): companies that help us run the Services — for example cloud hosting and databases, AI infrastructure, SMS and email delivery, and security/anti-abuse tools — acting on our instructions under contractual and data-protection obligations, and only as needed.
  • People you choose: your care network sees exactly what you grant, and nothing more. You can change or revoke any share at any time.
  • Legal & safety: when required by law, to respond to valid legal process, or to protect the rights, safety, and security of people and the Services.
  • Business transfers: if Milli is involved in a merger, acquisition, or asset sale, information may transfer as part of that transaction, subject to this Policy.

We do not sell your personal information, and we do not share it for cross-context behavioral advertising.

7. How we protect your information

  • Encryption in transit (TLS everywhere) and protection of data at rest.
  • Least-privilege access controls, strong session tokens, and rate-limited, passwordless sign-in.
  • Audit logging of sensitive events (sign-ins, AI runs, tool calls, health syncs, care-network shares, and deletions) — recorded without your health details.
  • Separate development, staging, and production environments, and an incident-response process.

We design Milli to handle health information with health-grade safeguards. No method of storage or transmission is ever 100% secure, and we cannot guarantee absolute security; we work continually to protect your information and will notify you and authorities of incidents as required by law.

8. Data retention & deletion

We keep your information for as long as your account is active or as needed to provide the Services, and as required to meet legal, security, and accounting obligations. You're in control of removing it:

  • Delete on your device: clears local app data, cached files, tokens, and notifications.
  • Delete from our servers: you can request remote deletion from your profile. Deletion runs as a soft delete with a short grace period (about 7 days) during which you can undo, after which your data is permanently purged across our systems. Some non-identifying audit records may be retained as required by law or policy.
  • Export: you can request a portable copy of your data at any time.

For the waitlist, you can unsubscribe from updates at any time and ask us to delete your entry by emailing privacy@millihealth.com.

9. Your rights & choices

You can access, export, correct, and delete your information, withdraw consent, disconnect data sources, and review and edit "what Milli learned." Depending on where you live, you may have additional rights under laws such as the EU/UK GDPR or the California Consumer Privacy Act (CCPA/CPRA) — including rights to access, portability, correction, deletion, and to opt out of "sales" or "sharing" (which we don't do). We will not discriminate against you for exercising your rights. To make a request, contact privacy@millihealth.com; we may need to verify your identity first.

10. Emergencies & safety

Milli is not for emergencies and is not a substitute for professional care. If something may be urgent, Milli will say so plainly and point you to emergency services or a crisis line. If you may be experiencing a medical emergency, call your local emergency number or seek urgent care now.

11. Children

The Services are intended for adults 18 and older and are not directed to children. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact privacy@millihealth.com and we will delete it.

12. International users & data location

Milli is operated from the United States, and your information may be processed and stored in the United States and other countries where we or our service providers operate. Where required, we use appropriate safeguards for cross-border transfers. By using the Services, you understand your information may be processed in these locations.

13. Changes to this Policy

As Milli grows from a waitlist into a full app, we will keep this Policy current and update the date above when it changes. For material changes, we'll provide a more prominent notice (such as in the app or by email). Your continued use of the Services after an update means you accept the revised Policy.

14. Contact us

Questions, requests, or concerns about privacy? Email privacy@millihealth.com.