Privacy Policy

We collect the following categories of information to provide and improve our services:

• Health data from Apple HealthKit — heart rate, step count, sleep analysis, workout activity, and other health metrics. We access this data in read-only mode with your explicit permission.
• Lab results — scanned via OCR (powered by Spike API) or manually entered by you, including biomarker names, values, and reference ranges.
• Account information — your name and email address, collected through Sign in with Apple.
• Usage analytics — app interactions, feature usage patterns, and session data collected via PostHog to help us improve the product.
• Crash and performance data — error reports, stack traces, and device information collected via Sentry to diagnose and fix issues.
• Purchase and subscription data — subscription status, purchase history, and entitlement information managed through RevenueCat.

Your information is used for the following purposes:

• Provide personalized health insights, trend analysis, and biomarker tracking based on your health data and lab results.
• Generate AI-powered summaries and explanations of your health metrics using Google Gemini 2.0 Flash.
• Sync your settings, preferences, and health data across your devices via Firebase Cloud Firestore and Cloud Storage.
• Improve app performance, stability, and user experience through analytics and crash reporting.
• Process subscription payments and manage your entitlements through the Apple App Store and RevenueCat.

Healthlytic uses artificial intelligence to provide health insights. It is important that you understand how your data is processed by AI services:

• Your health metrics, lab result text, and biomarker data may be sent to Google's Gemini AI service (via Vertex AI) for analysis and interpretation.
• This data is processed to generate plain-language health insights, trend summaries, and biomarker explanations.
• AI processing occurs only when you explicitly request analysis, such as tapping “Analyze” or viewing AI-generated summaries.
• Google processes this data in accordance with their Cloud Data Processing Addendum and does not use it to train their models.
• AI-generated insights are for informational purposes only and may contain inaccuracies. They do not constitute medical advice and should not be used as the sole basis for any health-related decisions.

We use the following third-party services to operate Healthlytic. Each service has its own privacy policy governing how they handle your data:

• Firebase (Google) — Authentication, Cloud Firestore database, and Cloud Storage for syncing your data across devices.
• Google Vertex AI (Gemini) — AI-powered health insights, biomarker analysis, and plain-language summaries.
• RevenueCat — Subscription and payment management, entitlement tracking.
• PostHog — Product analytics and feature usage tracking.
• Sentry — Error tracking, crash reporting, and performance monitoring.
• Spike API — OCR document processing for scanning and digitizing lab results.

We implement industry-standard security measures to protect your data:

• Local data is stored using SwiftData and is encrypted at rest by the iOS operating system through hardware-backed encryption.
• Cloud data is stored in Firebase Cloud Firestore and Cloud Storage, both of which encrypt data in transit (TLS) and at rest (AES-256).
• Authentication credentials and sensitive tokens are stored in the iOS Keychain, which provides hardware-level security.
• All network communications between the app and our services are encrypted using TLS 1.2 or higher.

• Your account and health data are retained for as long as your account remains active and you continue to use the service.
• Analytics data collected via PostHog is anonymized after 90 days and cannot be linked back to your identity.
• Crash reports and error logs collected via Sentry are retained for 90 days and then automatically deleted.
• Upon account deletion, all personal data associated with your account will be permanently purged from our systems within 30 days.

You have the following rights regarding your personal data:

• Access — Request a copy of all personal data we hold about you.
• Export — Export your health data and lab results in a portable format.
• Deletion — Request deletion of your account and all associated personal data.
• Opt out of analytics — Disable analytics collection from within the app settings.
• Revoke HealthKit access — Withdraw HealthKit permissions at any time through iOS Settings > Privacy & Security > Health.

To exercise any of these rights, contact us at privacy@healthlytic.app.

Apple HealthKit data is subject to additional protections in accordance with Apple's guidelines:

• We access HealthKit data in read-only mode. We do not write data to HealthKit.
• HealthKit data is never used for advertising, marketing, or data-mining purposes.
• HealthKit data is never sold to third parties, data brokers, or information resellers.
• HealthKit data is never used for cross-app tracking or user profiling.
• HealthKit data remains on your device unless you explicitly use features that require cloud processing (such as AI analysis or cross-device sync).

• Healthlytic is not a medical device and has not been evaluated or approved by the FDA or any other regulatory body.
• The app is not intended for the diagnosis, treatment, cure, or prevention of any disease or medical condition.
• AI-generated insights are informational only, may be incomplete or inaccurate, and should not be relied upon as medical advice.
• Always consult a qualified healthcare provider before making any medical decisions, changing medications, or starting new treatments based on information provided by the app.
• Healthlytic does not replace professional medical advice, diagnosis, or treatment. If you have a medical emergency, call your local emergency services immediately.

Healthlytic is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal data from a child under 13, we will take steps to delete that information as promptly as possible. If you believe we have collected information from a child under 13, please contact us at privacy@healthlytic.app.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you through the app or via email to the address associated with your account. Your continued use of Healthlytic after any changes to this policy constitutes your acceptance of the updated terms.

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us at:

privacy@healthlytic.app