Privacy Policy

Last updated 3 JUL 2025

This Privacy Policy explains how Intra ("we," "our," or "us") collects, uses, shares, and protects your personal data—including health and fitness information—when you use the Intra platform (https://www.intra.so), including our iOS app and any connected wearable devices or wallet-based accounts.

By using Intra, you acknowledge and agree to the terms of this Privacy Policy.

Definitions

  • Account: Your user profile, created using a wallet or email.
  • Personal Data: Information that identifies you, including health and biometric data.
  • Health Data: Data from Apple HealthKit, Motion & Fitness, and connected wearables (e.g., heart rate, steps, sleep, activity).
  • Device: Any internet-connected tool used to access Intra (e.g., iPhone, iPad).
  • Usage Data: Interaction logs (e.g., pages viewed, session time, clicks).
  • Vana Protocol: Privacy infrastructure used to encrypt and manage user-owned data.
  • DataDAO: Collective governing how Personal & Health Data is used.
  • Thirdweb: A secure wallet management platform used for authentication and wallet generation.

Data We Collect

a. Personal Data:

  • Wallet address or email (only wallet address is visible to us, even if you sign up with email).
  • Health and biometric data from Apple HealthKit, Motion & Fitness, and supported wearables (e.g., Oura, Apple Watch).

b. HealthKit and Motion & Fitness Data

With your explicit consent, we access and process the following HealthKit and Motion & Fitness data types:

  • Heart rate (resting, active)
  • Steps and walking/running distance
  • Sleep analysis
  • Activity energy (calories burned)
  • Workouts and exercise minutes
  • Motion data (e.g., flights climbed, cycling distance)

We do not use HealthKit or Motion & Fitness data for advertising or marketing purposes. We do not share HealthKit or Motion & Fitness data with third parties for unrelated purposes.

c. Cookies & Usage Data

  • We use cookies to enhance functionality. You may disable cookies, but some features may not work correctly.
  • Usage data is collected to improve platform experience.

d. Login and Wallet Creation via Thirdweb

  • We use Thirdweb to provide secure login and wallet management.
  • When you log in with email, Thirdweb generates an EVM-compatible blockchain wallet for you. The private key for this wallet is generated and managed securely within Thirdweb’s infrastructure, using secure enclave technology.
  • The private key is never exposed to Intra or its operators. Only you, the authenticated user, can access and use your wallet through Thirdweb’s wallet management interface. If you choose, you may export your private key directly from Thirdweb after authentication, following their security procedures.
  • All sensitive operations, such as transaction signing, occur within Thirdweb’s secure enclave environment.

3. How We Use Your Data

  • To provide personalized health insights, feedback, and leaderboards.
  • To award points or incentives based on activity.
  • To enable computation on your de-identified and encrypted data (with your explicit consent) by third parties, governed by the DataDAO.
  • Intra does NOT conduct any health-related human subject research. Any third parties wishing to do computation on user data for the purpose of research, subject to DataDAO's permission, must secure approval from an independent ethics review board.
  • To maintain, improve, and secure our platform.
  • To communicate with you (e.g., updates, notifications).

HealthKit and Motion & Fitness Data:

  • Health data is accessed only with your explicit, opt-in consent.
  • Data is used solely to provide health-related features and analytics within Intra.
  • Health data is never used for advertising, marketing, or data brokerage.

4. Data Sharing and Disclosure

  • With Your Consent: Your de-identified and encrypted data may be used for research or computation, as governed by the DataDAO, only if you grant permission.
  • No Raw Data Sharing: Raw HealthKit or Motion & Fitness data is never shared with third parties or visible to humans or organizations.
  • Aggregated/De-identified Data: Only aggregated or de-identified outputs may be shared for platform features or research, never the underlying raw data.
  • Legal Requirements: We may disclose data if required by law or to protect rights, property, or safety.

5. Data Security

  • All personal and health data is encrypted at rest and in transit using industry-standard protocols (including TLS v1.2 or newer).
  • Data is processed within privacy-preserving Trusted Execution Environments (TEEs) via the Vana Protocol.
  • For approved AI training or research, your encrypted data may be decrypted and processed within a secure, isolated TEE. This environment is designed to prevent any human or external system from accessing your raw data during computation.
  • Wallets created via Thirdweb are managed using secure enclave technology; only authenticated users can access or export their wallet private keys through Thirdweb’s platform, never through Intra or its operators.
  • We regularly review our security practices to protect your data, but no system is 100% immune to breaches.

6. Data Retention & Deletion

  • Your data is retained only as long as necessary for the purposes described or as required by law.
  • You may request deletion or revoke your data contribution at any time, subject to protocol and governance constraints.

7. Children’s Privacy

  • Intra is not intended for users under 13.
  • We do not knowingly collect data from children under 13. If we discover such data, it will be promptly deleted.

8. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted here with an updated "Last Updated" date.

9. Data Contribution, Rewards, and AI Model Training

When you contribute your data to Intra, you join a DataDAO—a decentralized group that manages and governs specific datasets. Your data, combined with others, becomes more valuable and can be used for AI research and applications.

a. How You Earn Rewards for Your Data

  • Rewards:
    • You may be eligible for rewards or incentives based on the quality and completeness of your data contributions, and the DataDAO’s standing within the community.
    • Rewards are distributed in cycles (epochs), with the most valuable and high-quality DataDAOs recognized and rewarded by the community.
    • The structure and form of rewards may evolve over time and can include monetary compensation or other incentives, as determined by DataDAO governance.
  • Community-Driven Value:
    • The value of your data is determined transparently by community participation and voting, not by a centralized platform. This ensures fairer, market-driven compensation and ongoing improvement of dataset quality.

b. How AI Companies Train on Your Data—Privacy by Design

  • AI companies and researchers may request to train models on the data held by DataDAOs.
  • Your raw data is never shared:
    • All data computation and AI model training occurs within Trusted Execution Environments (TEEs)—secure, isolated hardware enclaves that process encrypted data. Within these environments, your data may be decrypted and used for computation, but is never accessible to any human or external system.
  • Proof of Contribution:
    • When you contribute data, Vana’s validators use TEEs to verify the quality, authenticity, and uniqueness of your data, without exposing the raw content outside the secure environment.
    • Only a cryptographic “proof of contribution” is posted on-chain, which determines your eligibility for rewards.
  • Data Standardization and Portability:
    • DataDAOs use standardized structures and metadata, so your data can be safely and efficiently used for a wide range of AI applications—such as health research, fitness analytics, or general AI model training—while maintaining your privacy and control.

c. Security and Privacy Protections

  • Non-custodial Data Model:
    • Data is encrypted and managed so that only approved computations within TEEs can access decrypted data, and only for the duration of authorized processing.
  • TEE Security:

    • TEEs ensure that data is only used for authorized computations, preventing leaks or misuse.
    • No raw data leaves the secure enclave; only aggregated or de-identified outputs are accessible to AI companies, and only with DataDAO approval.
  • On-chain Transparency:
    • All contributions, rewards, and data usage events are transparently recorded on the blockchain, ensuring accountability and traceability.
  • Revocation Rights:

    • You may revoke your data contribution at any time, subject to protocol and governance limitations.

For more information, see Vana’s technical documentation and DataDAO rewards overview.

Contact Us

Have questions? Contact us at: 📧 hello@biohackerdao.org

by
Icon
©2024
Support
Privacy Policy
User Consent