Back to Home

Privacy Policy

Last updated: June 16, 2026

For a plain-language summary of what we can and cannot read about you, see our Transparency page.

1. Introduction & Our Commitment

Sovei ("we," "our," or "us") is committed to protecting your privacy and the security of your personal health information. This Privacy Policy explains how we collect, use, store, and protect your data when you use our health and fitness tracking application.

We understand that health data is among the most sensitive personal information, and we have designed our systems with privacy as a core principle. Your health data belongs to you, not us.

Our Privacy Promise:Your health data is end-to-end encrypted with a key only you hold — our servers store scrambled data we can't read. We will never sell your personal health information, we anonymize your data before any AI processing, and you can export or delete it at any time.

2. Your Data, Encrypted by Default

Everything you log in Sovei is end-to-end encrypted on your device with a key only you hold. When it syncs across your devices, our servers store only scrambled data (ciphertext) they cannot read — your food logs, your weight, your lab results, even your name. We built it this way on purpose: we don't want your data, we want to help you use it.

On the free plan, everything you track stays on your own device — none of your health data is stored on our servers at all. We only keep the encrypted, scrambled copy when you turn on cloud backup to sync across your devices, which is part of our paid plans.

There is one exception, and you control it. If you turn on Easy Recovery, we keep a spare key so we can help you back into your account if you forget your password — which means we could then read your data. It stays off unless you choose it. Our Transparency page spells out exactly what we can and cannot read under each setting.

Data You Log and Track (encrypted — we can't read it)

Everything in this list is encrypted on your device before it is ever stored or synced. We keep only ciphertext:

  • Nutrition: Food logs, calories, macronutrients, micronutrients, water intake, meal timing
  • Workouts: Exercise type, duration, sets, reps, weights, workout history
  • Labs: Lab test results, biomarker values (de-identified from original reports)
  • Sleep: Sleep duration, quality, patterns
  • Body Metrics: Weight, body measurements, body fat percentage
  • Menstrual Cycle: Period dates, symptoms, flow, predictions (if you choose to track)
  • Medications: Medication names, dosages, schedules, refill reminders
  • Supplements: Supplement names, dosages, timing
  • Injuries: Injury type, affected body areas, recovery status
  • Mobility: Assessment results, range of motion data

The health-relevant basics in your profile are encrypted the same way: your name, date of birth, biological sex, height, weight, activity level, and primary goal. We can't read those either.

Account Data We Can Read

To run your account and the features you ask for, a small amount of data is stored in a form our servers can read:

  • Email address — required to create and secure your account.
  • Username — your public handle, so friends can find and mention you.
  • Optional social profile — if you use the social features, the display name and photo you choose. You control who sees them, and your real name stays private unless you make it public.
  • Workout-planning preferences — a few non-sensitive settings such as your available equipment, gym type, experience level, and diet style, used to build your programs.
  • Billing details — handled by our payment processor (Stripe) for subscriptions. We never see your full card number.
  • Operational and technical data — device and push-notification info, app version, basic usage patterns, and the IP address kept with our security and audit logs for fraud prevention. Crash reports have health data stripped out before they are sent.
  • How you found us— if you arrive from one of our campaigns, ads, or referral links, we record the marketing source (such as the campaign or referral tag and the click identifier in the link) and the page you landed on. We use this only to understand which of our own efforts bring people to Sovei — see "Marketing analytics" below.

You can choose not to provide optional data, but some features may be limited without it.

3. We Do Not Sell Your Data

Sovei does not sell, rent, or trade your personal health information to third parties. Period.

Your health data stays encrypted under your own key — but even setting that aside, we have no intention of monetizing it through sales to advertisers, data brokers, research institutions, or any other third parties.

What We Mean by "No Data Sale"

  • We do not sell your health data to advertisers
  • We do not sell your health data to data brokers
  • We do not sell your health data to insurance companies
  • We do not sell your health data to employers
  • We do not sell your health data to pharmaceutical companies
  • We do not sell your health data to research institutions without your explicit consent
  • We do not share your health data with third parties for their marketing purposes

Future Data Monetization Policy

If our business model ever changes to include any form of data monetization or sharing beyond what is currently described in this policy, we commit to:

  1. Advance Notice: We will notify you at least 30 days before any such change takes effect
  2. Opt-In Only: Any new data sharing will be strictly opt-in. Your data will never be shared without your explicit consent
  3. Compensation: If you choose to opt-in to data sharing programs, you will receive compensation in the form of app credit or subscription discounts
  4. Granular Control: You will be able to choose exactly what data to share and with whom
  5. Easy Withdrawal: You can withdraw consent at any time without penalty

Under California law (CCPA/CPRA): We confirm that we have not sold personal information of California consumers in the preceding 12 months and do not intend to do so.

4. Labs Data: Special Privacy Protections

We apply enhanced privacy protections to lab result data. This data is among the most sensitive health information, and we treat it with the highest level of care.

On-Device Processing

When you upload a lab report PDF or take a photo of your results, the file is processed entirely on your device (in your web browser or mobile app). The original PDF or image is never uploaded to or stored on our servers. We use client-side technology to extract text from the document without transmitting the file itself.

Automatic De-identification

Before any extracted text leaves your device, we automatically remove personally identifiable information (PII) including:

  • Patient names
  • Dates of birth
  • Social Security Numbers
  • Medical Record Numbers (MRN)
  • Account and insurance numbers
  • Addresses, phone numbers, and email addresses
  • Ordering physician names
  • Lab facility identifiers
  • Specimen and accession numbers
  • Insurance information

What We Store

We only store the extracted biomarker values (e.g., "Total Cholesterol: 180 mg/dL") after you review and approve them. Like the rest of your health data, they are encrypted on your device with your key before they are stored or synced — we hold only ciphertext we can't read.

Everything we keep from a report — marker names, values, units, reference ranges, dates, and any lab or doctor name you choose to save — is encrypted the same way. We never store the original PDF or image; it stays on your device.

AI Processing

To extract structured data from lab reports, we use artificial intelligence services. The AI only receives de-identified text containing lab values—it never sees your name, date of birth, or any other personal identifiers. The AI cannot determine whose lab results it is processing. See the "AI Processing & Anonymization" section for more details on how we protect your data during AI analysis.

Labs Data Is Never Shared

Your lab results are never shared with third parties except for the de-identified AI processing described above. We do not share your lab data with:

  • Insurance companies
  • Employers
  • Research institutions (without explicit opt-in consent)
  • Pharmaceutical companies
  • Healthcare providers (unless you explicitly choose to export your data)

5. Medication Tracking Privacy

Medication data is highly sensitive information that could affect insurance coverage, employment, or personal relationships if disclosed. We apply special protections to this data.

What Medication Data We Collect

  • Medication names (using standardized RxNorm identifiers)
  • Dosage information
  • Schedule and timing
  • Adherence tracking (whether you marked a dose as taken)
  • Notes you add (optional)

Medication Data and AI Processing

When medication data is included in AI-powered features such as health insights or program generation, medication names and dosages may be shared with AI providers to ensure accurate recommendations and safety checks (e.g., exercise contraindications). Your medication data is associated only with an anonymous identifier — AI providers cannot determine your identity.

Medication Data Is Never Shared

Your medication information is never shared with:

  • Insurance companies
  • Employers
  • Pharmaceutical companies
  • Pharmacies
  • Healthcare providers (unless you explicitly export your data)
  • Family members or emergency contacts (unless you configure this feature)

Data Source

We use RxNorm, maintained by the U.S. National Library of Medicine, for medication identification. This is a one-way lookup—no personal data is sent to RxNorm; we only retrieve standardized medication information.

6. AI Processing & Anonymization

Sovei uses artificial intelligence to provide features like meal plan generation, workout programming, lab results analysis, and health insights. We take extensive measures to protect your privacy when using AI services.

Where AI Conversations Live

Your AI conversations, the assistant's memory of patterns it has learned about you, and your daily insights are stored on your device first, encrypted with a key only you hold. If you have cloud backup turned on (Settings → AI → Cloud backup), the encrypted copies are also synced across your devices through our servers. The servers store ciphertext only; they cannot decrypt the conversation or the memory without your key.

Which AI Powers Your Coach

You can use AI two ways. With Bring-Your-Own-Key (BYOK), you add your own API key and your requests go straight from your device to the provider you choose — currently xAI (Grok), Anthropic (Claude), Google (Gemini), or a local or OpenAI-compatible endpoint. That data is handled under your own account and the provider's terms; we are not in the request path.

With Managed AI (the default on paid tiers), Sovei sends the request for you. We only use providers that contractually agree not to train their models on the data we send, and we de-identify it first. We don't name a specific managed provider here because it may change — but the no-training requirement and the de-identification always apply. Your health data is used only to generate responses for you, not to improve any provider's general models.

In-Transit Visibility During an AI Request

When you ask the AI coach a question with our default (Managed) AI, your device assembles the request from your local data and sends it through our server to the AI provider. For the brief moment the request transits our server, it is visible to us in memory — we do not log it, do not write it to disk, and do not retain a copy after the response returns. Our server is a strict pass-through.

When you bring your own AI key (BYOK), your device sends the request straight to the provider you chose. We are not in the request path, and we have no record of what was sent or what came back.

How We Protect Your Data During AI Processing

Before any data is sent to AI providers, we strip all personally identifiable information. The following is never sent to AI providers:

  • Name and identity: Your name, email address, username, and account ID are never included in AI requests
  • Contact information: Phone numbers, mailing addresses, and other contact details are never shared
  • Location: Geographic information is stripped entirely
  • Financial and insurance data: Payment information, insurance details, and employer information are never sent
  • Appearance and demographics: Photos, hair color, eye color, ethnicity, and other physical descriptors are never shared

Health Data Shared With AI for Accuracy

To provide accurate, personalized health recommendations, certain health metrics are shared with AI providers. These are essential for calculating nutritional needs, generating safe workout programs, and interpreting lab results:

  • Age: Used to calculate basal metabolic rate, recommend age-appropriate exercise intensity, and interpret lab reference ranges
  • Biological sex: Used for accurate nutritional targets, exercise programming, and lab result interpretation
  • Weight and height: Used for calorie and macronutrient calculations, workout load recommendations, and BMI-based health assessments
  • Fitness profile: Goals, experience level, available equipment, injuries, and dietary restrictions — needed for safe, relevant recommendations
  • Health data you log: Nutrition entries, workout history, sleep patterns, lab values, and other data you choose to track — used to generate insights about your specific health trends

This health data is associated only with an anonymous identifier and cannot be linked back to your identity by AI providers.

What AI Providers Cannot Determine

AI providers cannot determine:

  • Your identity, name, or email address
  • Your location or address
  • Your employer or insurance provider
  • Your appearance or demographic information
  • Any way to contact you directly

Anonymous Account Identifiers

Throughout our system, your health data is associated with an anonymous identifier (UUID), not your email address or name. This means even our internal systems do not directly link your personal identity to your health records in most operations.

Aggregate Analytics

Any analytics we perform on user data for product improvement use aggregated, de-identified data that cannot be traced back to individual users. For example, we might analyze "average protein intake across users in their 30s" but never "what John Smith ate for lunch."

Marketing Analytics

To understand how people discover Sovei and which of our own campaigns are worth continuing, we keep a small amount of first-party, internal marketing data. It has two parts. First, the acquisition source described above (how you found us), kept with your account. Second, an anonymous, coarse audience signal — an age band (for example 25–34), biological sex, and the channel you came from — worked out on your device from what you enter at sign-up. This coarse signal is not your exact date of birth or any of your encrypted profile, and it is stored on its own with no link back to your account or your health data, so it cannot be traced to you.

We never share any of this with Meta, Google, TikTok, or any other advertising platform. We do not use advertising pixels, tracking SDKs, or ad-platform conversion APIs (such as the Meta Conversions API or Google Enhanced Conversions). In the EU, EEA, and UK we collect this marketing data only if you opt in.

7. Third-Party Services

We use third-party services to provide our functionality. We carefully select partners who maintain high privacy and security standards. Here is a complete list of services that may process your data:

AI Service Providers

Two paths exist. With Managed AI (default for paid tiers), your de-identified data goes through a provider we select that contractually agrees not to train on it; we don't name a specific managed provider here because it may change. Bring-Your-Own-Key (BYOK) lets you supply your own API key for any supported provider; in that mode the request goes from your browser directly to the provider you chose, under their terms — we are not in the request path and have no record of what was sent.

  • xAI (Grok) — BYOK only. Health analysis, meal plans, workout programs, coaching, content processing. Only de-identified data is shared.
  • Anthropic (Claude) — BYOK only. Same scope as xAI. Only de-identified data is shared.
  • Google (Gemini) — BYOK only. Available when you add your own Gemini API key in settings. De-identified context is sent directly from your browser to Google under Google's terms.
  • Local / OpenAI-compatible endpoint — BYOK only. If you point Sovei at a self-hosted or third-party OpenAI-compatible endpoint, your context goes to whatever URL you configured. We do not validate or inspect the destination.
  • Cloudflare Workers AI — managed only. Image moderation pre-filter and audio transcription. Only images that leave your device reach the moderation pre-filter — see the profile-photo and recipe-photo entries below for the conditions under which an image leaves your device in the first place. Cloudflare processes the bytes only for the immediate inference call and does not retain training-eligible copies under their Workers AI terms.

Infrastructure & Hosting

  • Supabase: For secure data storage, authentication, and database hosting. Supabase is SOC 2 Type II certified and provides encryption at rest (AES-256) and in transit (TLS 1.3).
  • Vercel: For web application hosting. Vercel processes only technical data (IP addresses, request logs) and does not have access to your health data.
  • Upstash: For caching services that improve app performance. Only anonymous identifiers are used for caching.
  • Cloudflare R2: For object storage of images that leave your device. Files are stored under random UUID keys with no correlation to your account email or name. What lands on R2 differs by image type and account state:
    • Profile photos. Free accounts: your profile photo never leaves your device. It is kept locally on the device where you set it and is not uploaded to our servers. Paid accounts with cloud sync turned on: your photo is uploaded to our servers so it can sync across your devices and be visible to the audience you choose (everyone, or friends only). You can change the audience at any time in Settings → Profile; when you do, we update who can see the photo, but we do not re-upload or move the file.
    • Progress photos. End-to-end encrypted in your browser before they are sent. Cloudflare holds only ciphertext that we have no key to decrypt.
    • Recipe photos. Uploaded when you attach a photo to a recipe you want to keep or share, so the recipe renders the same image across your devices.

Error Monitoring

  • Sentry: For application error and crash reports. Health-data fields and identifiers are stripped from every event before it leaves your browser by an in-process scrubber; Sentry receives only the error type, stack trace, and a per-session correlation ID. Session replay is disabled. Sentry is a processor, not an analytics or advertising service.

Address Autocomplete

  • Google Places API: When you type an address into a search field that supports autocomplete, the partial query is sent to Google to return suggestions. No health data is included; the query is the address fragment you typed.

Payment Processing

  • Stripe: For payment processing and subscription management. Stripe processes your payment information but does not have access to your health data. Stripe is PCI DSS Level 1 compliant.

Nutrition Data Sources

  • USDA FoodData Central: We query the USDA food database to provide accurate nutrition information. No personal data is sent to the USDA—we only send food search queries.
  • Open Food Facts: We query this open food database for barcode lookups. No personal data is sent to Open Food Facts—we only send barcode numbers.

Verification Services

  • SheerID: For student, military, and healthcare worker discount verification. SheerID receives only the information needed to verify your eligibility status (name, email, institution). SheerID does not receive any health data.

Health Platform Integrations

  • Apple Health / HealthKit (iOS): If you connect Apple Health, we import health data (steps, weight, sleep, workouts) with your permission. You may optionally enable export to send your manually logged data back. No data is sent to Apple unless you explicitly enable export—HealthKit runs entirely on your device.
  • Google Fit / Health Connect (Android): If you connect Google Fit or Health Connect, we import health data (steps, weight, sleep, workouts) with your permission. You may optionally enable export to send data back. No data is sent to Google unless you explicitly enable export in your sync settings.

Email Communications

  • Resend: For transactional emails (password reset, subscription confirmations). Resend receives your email address but no health data.

Note:We do not use any third-party advertising, tracking, or analytics services that would share your data with advertisers. Our marketing analytics are entirely first-party and internal — see "Marketing Analytics" in Section 6. We never send your data to Meta, Google, TikTok, or any ad platform, and we use no advertising pixels or conversion APIs.

8. Data Security

We protect your data with several layers of security — starting with the strongest one.

End-to-End Encryption (the part that matters most)

Your health data is encrypted on your device with a key only you hold. When it syncs, our servers store only ciphertext — scrambled data we cannot read or decrypt. By default we hold no key to it: a database breach would expose ciphertext that is useless without your key, and if we received a subpoena we would have nothing readable to hand over.

The one exception is Easy Recovery, which you turn on yourself. If you enable it, we keep a spare key so we can help you recover your account if you forget your password — which means we could then decrypt your data. It stays off unless you choose it. See our Transparency page for a line-by-line breakdown of what we can and cannot read under each setting.

What our servers can still see

To carry your encrypted data between your devices, our servers need a few plain facts about it — never the contents. So that you have the full picture, here is everything they can see:

  • That a record exists, which kind it is (for example, a workout or a sleep entry), and when it last changed or synced — but never what is inside it.
  • The public parts of your profile that you choose to share — your username, display name, and avatar.
  • The account essentials we need to run your account — your email, your billing identity (handled by Stripe), and a few non-sensitive app and workout-planning preferences.

Everything else you log is scrambled data we can't read.

Encryption in Transit and at Rest

  • All data in transit is encrypted using TLS 1.3
  • All data at rest is encrypted using AES-256 encryption
  • Database connections use encrypted channels
  • Backup data is encrypted

Access Controls

  • Row-Level Security (RLS) ensures users can only access their own data
  • Production database access is limited to essential personnel only
  • All administrative access is logged and audited
  • We use multi-factor authentication for all administrative accounts

Infrastructure Security

  • We use SOC 2 Type II compliant cloud infrastructure (Supabase)
  • Regular security assessments and penetration testing
  • Automated vulnerability scanning
  • Rate limiting to prevent abuse
  • DDoS protection

Secure Development

  • Secure coding practices following OWASP guidelines
  • Input validation on all user-submitted data
  • No secrets or API keys in client-side code
  • Regular dependency updates for security patches

9. Your Rights

You have comprehensive rights over your health data. We have built tools directly into Sovei to help you exercise these rights:

Access

You can view all data we store about you at any time through the app. Navigate to Settings → Your Data to see a complete overview of your stored information.

Export (Data Portability)

You can export your data in standard formats (JSON, CSV) at any time. Your export includes:

  • Profile information
  • All nutrition logs
  • All workout logs
  • Lab results
  • Sleep logs
  • Cycle tracking data
  • Medication tracking
  • AI conversation history
  • Settings and preferences

Correction

You can correct or update any inaccurate data directly in the app. If you need assistance, contact us at [email protected].

Deletion

Two deletion paths exist and they behave differently — please choose carefully.

Per-category deletion (Settings → Your Data → delete a specific category, e.g. Sleep, Workouts, Cycle): the rows are immediately hidden from the app and enter a 30-day soft-deletion recovery window. You can restore them at any point in those 30 days from Settings → Privacy. After 30 days they are permanently and irreversibly purged.

Full-account deletion (Settings → Your Data → Delete Account): this enters a 30-day recovery window. After you confirm (and re-enter your password), your account is paused right away and we email you a one-click link to cancel. You can restore your account any time in those 30 days by signing back in or using that link. After 30 days, your account, every health-data table tied to it, and your sign-in record are permanently deleted and can no longer be recovered. If you may want your data back later, export it first (Settings → Your Data → Export).

In both cases:

  • Audit logs are retained for 6 years per regulatory requirements (these contain only metadata, not your actual health data)
  • Payment records may be retained as required by financial regulations
  • Backups are purged on the platform provider's standard schedule (typically within 90 days)

Opt-Out

You can opt out of:

  • Marketing emails (via unsubscribe link or Settings)
  • Push notifications (via device settings)
  • Specific feature data collection (via Settings → Privacy)
  • Health platform integrations (disconnect anytime in Settings)

Restrict Processing

You can request that we restrict processing of your data while you verify its accuracy or while we assess a deletion request.

How to Exercise Your Rights

Most rights can be exercised directly in the app under Settings → Your Data. For any requests that cannot be completed in-app, or if you need assistance, contact us at [email protected]. We will respond within 30 days.

10. Data Retention

We retain your health data for as long as your account is active. This allows you to track trends over months and years. If you delete your account, the data is removed immediately (see §9 above for the difference between per-category and full-account deletion). The exceptions are limited records we are required by law to retain — primarily audit metadata and payment records — described below.

Per-Category Deletion & Recovery

When you delete a category of health data (e.g. all your sleep logs), the rows enter a 30-day soft-deletion recovery window. During this window:

  • The rows are immediately hidden from the app and no longer visible in your dashboard, logs, or reports
  • You may recover them at any time from Settings → Privacy
  • After 30 days, the rows are permanently and irreversibly deleted and cannot be recovered by you or by us

Full-Account Deletion

Deleting your entire account (Settings → Your Data → Delete Account) enters a 30-day recovery window. Your account is paused immediately and permanently deleted after 30 days unless you cancel — by signing back in or using the one-click link in the email we send. Export your data first if you may want it later.

Active Account Data

While your account is active, all health data is retained indefinitely unless you choose to delete specific entries. You control what data to keep and what to remove.

Inactive Account Policy

If your account stays inactive for an extended period — our guideline is 36 months with no logins — we may delete it and its associated data to minimize the information we hold. Where we have a way to reach you, we will aim to give you notice beforehand so you can keep your account active.

Retention Periods

The following table summarizes how long different categories of data are retained:

Data CategoryRetention Policy
Health data (nutrition, workouts, sleep, body metrics, cycle, medications, supplements, injuries)Retained while account is active; 30-day recovery period after deletion, then permanently deleted
Lab resultsRetained while account is active; 30-day recovery period after deletion, then permanently deleted. Anonymized copies may be retained up to 6 years per healthcare compliance requirements
AI conversations30-day recovery period after deletion, then permanently deleted
Audit logs (PHI access, consent records)6 years (legal compliance; metadata only, no health data)
Payment records7 years (financial compliance)
Edge function logs90 days
Threat detection logs180 days after resolution
BackupsPurged from backup systems within 90 days of deletion

Legal Hold: If required by legal proceedings, relevant data may be preserved beyond the retention periods listed above.

PHI Audit Logs

To comply with healthcare data protection best practices, we maintain audit logs that record when protected health information (PHI) is accessed. These audit logs are retained for 6 years after the access event, even if you delete your account. Audit logs contain only metadata (timestamps, action types, user identifier hashes) and do not contain the actual health data that was accessed.

Consent Records

Records of your privacy consent choices (when you granted or withdrew consent for specific data processing) are retained for 6 years for legal compliance purposes. This helps us demonstrate that we obtained proper consent for data processing.

11. State-Specific Privacy Rights

California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you
  • Right to Delete: You can request deletion of your personal information
  • Right to Correct: You can request correction of inaccurate personal information
  • Right to Opt-Out of Sale: We do not sell your personal information, so there is no sale to opt out of
  • Right to Limit Use of Sensitive Personal Information: You can request that we limit our use of sensitive personal information to what is necessary to provide the service
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

California "Shine the Light" Law: We do not share personal information with third parties for their direct marketing purposes.

Washington Residents (My Health My Data Act)

If you are a Washington resident, you have additional rights under the Washington My Health My Data Act:

  • Right to Know: You can request a list of all third parties with whom we have shared your consumer health data
  • Right to Withdraw Consent: You can withdraw consent for the collection or sharing of consumer health data at any time
  • Right to Delete: You can request deletion of your consumer health data
  • Geofence Prohibition: We do not use geofencing around healthcare facilities to collect or use consumer health data

Virginia, Colorado, Connecticut Residents

If you are a resident of Virginia, Colorado, or Connecticut, you have similar rights under your state's privacy laws, including the right to access, correct, delete, and obtain a copy of your personal data, as well as the right to opt out of targeted advertising (which we do not conduct).

Nevada Residents

Nevada residents have the right to opt out of the sale of personal information. As stated above, we do not sell personal information. If you wish to be added to our internal "do not sell" list, contact [email protected].

European Union Residents (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • Legal Basis: We process your data based on your explicit consent, which you can withdraw at any time
  • Right to Object: You can object to processing of your personal data
  • Right to Restrict Processing: You can request restriction of processing of your personal data
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority

12. International Data Transfers

Sovei is based in the United States. If you are accessing our service from outside the United States, please be aware that your data will be transferred to, stored, and processed in the United States.

For users in the European Economic Area (EEA), we rely on the following mechanisms for international data transfers:

  • Standard Contractual Clauses approved by the European Commission
  • Your explicit consent when you create an account

Our data processors (Supabase, Stripe, AI providers) also maintain appropriate safeguards for international data transfers.

13. HIPAA Compliance Notice

Sovei is a consumer health application and is not a covered entity under HIPAA (Health Insurance Portability and Accountability Act). HIPAA applies to healthcare providers, health plans, and healthcare clearinghouses—not to consumer health apps like ours.

However, we voluntarily adopt many HIPAA-aligned practices to protect your health information, including:

  • Data encryption at rest (AES-256) and in transit (TLS 1.3)
  • Access controls and authentication
  • PHI audit logging with 6-year retention
  • Employee training on data privacy
  • Incident response procedures
  • Business Associate Agreements with applicable vendors

If you receive lab results through a healthcare provider, their handling of that information is subject to HIPAA. Our handling of data you voluntarily provide to us is governed by this Privacy Policy and applicable consumer privacy laws.

FTC Health Breach Notification Rule

As a provider of personal health records, we are subject to the FTC's Health Breach Notification Rule. In the event of a data breach involving your health information, we will notify you and the FTC as required by law. See the "Data Breach Notification" section below for more details.

14. Children's Privacy

Sovei is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13, in compliance with the Children's Online Privacy Protection Act (COPPA).

Users between 13 and 16 years of age in the European Union may require parental consent under GDPR. If you are in this age group, please ensure you have parental permission before using Sovei.

If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us immediately at [email protected] and we will:

  • Verify your parental relationship
  • Delete all personal information associated with the child's account
  • Terminate the child's account
  • Confirm deletion in writing within 10 business days

15. Cookies and Local Storage

Sovei uses cookies and similar technologies for the following purposes:

Essential Cookies

Required for authentication and maintaining your session. These cannot be disabled without affecting app functionality. Essential cookies include:

  • Session cookies for authentication
  • CSRF protection tokens
  • Security cookies

Preference Cookies

Store your settings like theme preference (dark/light mode), display units, and other UI preferences. These help us remember your choices so you don't have to set them every time you visit.

Local Storage

We use browser local storage to cache data for offline access and improve performance. Health data cached locally remains entirely on your device and is never transmitted unless you explicitly save or sync.

Analytics and Marketing (First-Party)

We use first-party cookies and local storage to run our own internal marketing analytics — for example, to remember which campaign or referral link brought you to Sovei and your coarse region (so we can ask for consent where it's required). This stays with us and is never shared with advertising or analytics companies. In the EU, EEA, and UK we use it only if you opt in. See "Marketing Analytics" in Section 6.

What We Do NOT Use

  • Advertising cookies
  • Third-party tracking cookies
  • Social media tracking pixels
  • Cross-site tracking
  • Device fingerprinting

We do not sell your browsing data or share it with advertisers.

16. Data Breach Notification

In the unlikely event of a data breach affecting your personal health information, we will:

  1. Notify affected users within 60 days of discovering the breach (or sooner if required by applicable state law)
  2. Notify the Federal Trade Commission (FTC) as required by the Health Breach Notification Rule
  3. Notify state attorneys general as required by state law
  4. Post notice on our website if the breach affects more than 500 individuals
  5. Notify major media outlets if the breach affects more than 500 residents of a single state

Breach notifications will include:

  • A description of what happened
  • The types of information involved
  • Steps we are taking in response
  • Steps you can take to protect yourself
  • Contact information for questions

17. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes:

  • Minor Changes: We will update the "Last updated" date at the top of this page
  • Material Changes: We will notify you by email and/or through a prominent notice in the app at least 30 days before the changes take effect
  • Changes Requiring Consent: If changes require additional consent under applicable law, we will obtain that consent before implementing the changes

We encourage you to review this policy periodically. Your continued use of Sovei after changes take effect constitutes acceptance of the revised policy.

A history of previous versions of this Privacy Policy is available upon request.

18. Contact Us

If you have questions about this Privacy Policy, want to exercise your data rights, or have concerns about our data practices, please contact us at:

Privacy Inquiries:
Email: [email protected]

Data Protection Officer:
Email: [email protected]

Email is the canonical channel for privacy inquiries. We'll publish a physical mailing address once incorporation is complete; until then, [email protected] is the route on record.

We aim to respond to all privacy inquiries within 30 days. For requests involving your data rights (access, deletion, correction), we will acknowledge receipt within 10 business days and complete your request within the timeframe required by applicable law.

Summary: At Sovei, your health data belongs to you — literally. It is encrypted with a key only you hold, so we store scrambled data we can't read (unless you turn on Easy Recovery). We never sell your data, and you can access, export, or delete it at any time. If you have any questions, we're here to help.