← Salve Security Methodology Transparency Privacy Terms Consumer Health Data

Consumer Health Data Privacy Policy

Effective: May 2026

About this policy

This policy is specifically about consumer health data. It supplements our general Privacy Policy, and where the two differ for consumer health data, this policy controls. It is written to address consumer-health-data laws such as Washington's My Health My Data Act, and similar laws in other states. It applies to everyone who uses Salve, not only Washington residents.

What consumer health data means

Consumer health data is information that identifies your past, present, or future physical or mental health. In Salve that includes the health records you enter and anything reasonably linked to your health status.

The consumer health data we collect

Records you enter: medications, conditions, allergies, vitals, symptoms, journal entries, appointments, lab results, procedures, immunizations, insurance and appeals records, cycle tracking, to-dos, and similar.
Health metrics synced from a wearable you connect (for example heart rate, sleep, glucose).
Health content in your Sage conversations and any context Sage saves to personalize future answers.
Patterns and insights Salve derives from the above.
Approximate location, only if you set one, used to fetch weather and pollen that some health features use. It is not used to identify you or for advertising.

Where it comes from

You provide it directly, or it is synced from a device or service you choose to connect through its own sign-in (OAuth). Salve does not buy consumer health data and does not obtain it from data brokers.

How we use it

Only to provide the features you use: storing and showing your records, syncing connected devices, generating the insights and AI responses you ask for, and sending the reminders you opt into. We do not use consumer health data for advertising, and we do not profile you for advertising.

Who we share it with

We do not sell consumer health data. We do not share it for advertising. We disclose it only to the service providers needed to run the app or a feature you choose to use, and only to the extent that feature needs:

Supabase: database hosting for your records, AI chat history, and related data.
Vercel: application hosting and the serverless API relays.
Google Gemini and/or Anthropic Claude: AI features, only with your consent; your health profile and current chat are sent per request.
Wearable APIs (Oura, Fitbit, Dexcom, Withings, Whoop) and the Terra aggregator: only if you connect a device.
Stripe: subscription billing only. No health data is sent to Stripe.
Sentry: crash reporting, with request bodies dropped and known health fields scrubbed before sending.
Open-Meteo: weather and pollen by location only, with no health information.

These providers process the data on Salve's behalf to deliver the service. Each AI provider also handles the data it receives under its own policy; we send the minimum the feature needs.

Your consent

Before any consumer health data is stored, we ask for your consent, and we ask for each thing separately rather than bundling it into the Terms:

Collecting and storing your health data, which is required for Salve to function.
Sending data to AI providers or connected devices when you use those features, which is optional and off unless you turn it on.
Selling your data: we never ask for this and never do it.

You can withdraw the sharing consent at any time in Settings under Data, Your data rights. Withdrawal applies going forward. To withdraw collection consent, erase your data or delete your account, also in Settings.

Your rights

You can exercise these yourself in the app:

Access and copy: view all your data in the app, and export it (optionally encrypted) from Settings.
Correct: edit any record.
Delete: erase all data, or permanently delete your account, which cascades across every table and cannot be reversed.
Withdraw consent: as described above.

For any request you cannot complete yourself, email salveapp@proton.me. We will respond within 45 days. We will not discriminate against you for exercising these rights.

Geofencing

Salve does not use geofences, and does not place any virtual boundary around a healthcare facility, to locate, track, collect data from, or send notifications to anyone based on proximity to that facility.

Security

Consumer health data is protected with database row-level security scoped to your account, encryption in transit, an encrypted on-device cache, and a passphrase-based lock we are rolling out on the most sensitive sections. See the in-app Security page for current status.

Contact

Questions or requests about consumer health data: email salveapp@proton.me.

Home · Security · Methodology · Transparency · Privacy Policy · Terms of Service · Consumer Health Data