AIvora

Privacy Policy

Effective date: June 14, 2026 · Last updated: June 14, 2026

AIvora is an educational wellness tool, not a medical device. It does not provide medical advice, diagnosis, or treatment. Always consult a qualified clinician for medical decisions. In an emergency, call your local emergency number.

1. Who we are

AIvora ("we", "us") is a personal health companion app that lets you view your wearable metrics, clinical records, and upcoming appointments in one place, with optional AI-generated summaries. This policy explains what data the app accesses, how it is used, and your choices.

2. What data the app accesses

Apple Health / HealthKit (on your device): wearable metrics (heart rate, HRV, SpO₂, sleep, steps, activity) and clinical records you have connected in the iPhone Health app (lab results, medications).
Connected health systems via SMART-on-FHIR (e.g. Epic MyChart): if you choose to connect, we read upcoming appointments and, where authorized, lab observations, using read-only access scopes you approve.
Profile you enter: your name, age, and goal, stored locally on your device.

We request read-only access and only the data categories needed for the features you use. We never write to your medical record.

3. Where your data goes

On your device: health data from Apple Health stays on your device and is used to render your dashboard. Connection tokens are stored in the device secure keychain.
AI chat (optional): when you use the AI chat, a concise summary of your current metrics plus your message is sent to our backend, which relays it to Google's Gemini AI service (Google LLC) to generate a response. This is the only third party that processes your health data, it is used only to answer you in real time, and we do not store these messages.
We do not sell your data, and we do not use your health data for advertising.

4. Data retention & deletion

The app does not maintain a server-side database of your health records. AI chat requests are processed transiently to generate a reply and are not stored by us for profiling. Provider connection tokens remain on your device until you disconnect or uninstall. You can revoke a health-system connection at any time from that provider's patient portal (e.g. MyChart) and remove Apple Health access in iOS Settings → Privacy & Security → Health.

Deletion rights: because your data lives on your device, uninstalling the app removes the locally stored profile and connection tokens. You may also revoke access and request deletion of any account information by contacting privacy@myhealthsyncai.com; we will respond within a reasonable time.

Data is not retained after deletion. We keep no server-side copy, so once you uninstall the app (and disconnect any connections), no data about you is retained by us.

4a. HIPAA status

AIvora is not a healthcare provider, covered entity, or business associate under HIPAA. When you direct the app to access your health information, that information is provided to you, the individual, and is processed on your behalf to power the app's features. Use of the app does not create a provider-patient relationship.

5. Security

Connections use OAuth 2.0 with PKCE; tokens are kept in the device secure store; network traffic uses TLS. No security measure is perfect, and you use the app at your own discretion.

5a. Access logging & notifications

The app does not currently maintain an access audit log, and it does not send a notification each time your data is accessed. Because your data stays on your device and is only used to provide the app's features (with AI chat processed transiently), there is no central access record to surface. We may add access logging and notifications in a future version.

6. Your choices & rights

Decline or revoke Apple Health access in iOS Settings.
Disconnect a health system from its patient portal.
Skip the AI chat if you prefer not to share a summary with the AI provider.
Uninstall the app to remove locally stored profile and tokens.
Contact us to ask questions about your data (see below).

7. Age

AIvora is intended for users 18 and older. It is not directed to children, and we do not knowingly collect data from anyone under 18.

8. Changes

We may update this policy; material changes will be reflected by the "Last updated" date above.

9. Contact

Privacy requests: privacy@myhealthsyncai.com
General & support: support@myhealthsyncai.com