Privacy Policy

Last Updated: 1/28/2026

Available Health, Inc. ("we," "us," or "our") operates Available Health (the "App") and the associated website. This Privacy Policy describes how we collect, use, and protect your information when you use our services.

By using Available Health, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

A. Health Data (Stored Locally on Your Device)

Available Health allows you to import, store, and manage personal health records. All health data you import into Available Health is stored locally on your device and encrypted with AES-256-GCM encryption. Encryption keys are stored in Apple's Secure Enclave (on supported devices) and protected by biometric authentication (Face ID or Touch ID).

If you enable iCloud sync, your encrypted health data syncs across your devices via iCloud. The encryption keys sync separately through iCloud Keychain's end-to-end encryption. We cannot read your health data at any point in this process. For full technical details, see our Security page.

When you interact with AI features, portions of your health data may be sent to third-party AI providers (see Section 3). Before transmission, we apply de-identification processes designed to remove or obscure personally identifiable information such as names, dates of birth, addresses, and insurance identifiers. However, we cannot guarantee that all personal information will be successfully de-identified in every case.

B. Account Information (Stored in the Cloud)

When you create an account using Sign in with Apple or Sign in with Google, we collect and store the following information on our servers:

  • Your email address
  • Your name (as provided by the authentication service)

This account information is stored in Google Cloud Platform (Firestore) and is used to manage your account and subscription.

C. Payment Information

If you subscribe to a paid plan, your payment information is collected and processed by Stripe, our third-party payment processor. We do not store your credit card details on our servers. Please review Stripe's Privacy Policy for information on how they handle your payment data.

D. Usage Analytics

We collect anonymized usage analytics from both the App and our website to understand how our services are used and to improve the user experience. This analytics data does not include your health information.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve Available Health
  • Process your subscription and payments
  • Communicate with you about your account or our services
  • Analyze usage patterns to improve the App (using non-health analytics data)
  • Comply with legal obligations

3. Third-Party Services

Available Health integrates with third-party services to provide AI-powered features. When you use these features, de-identified portions of your health data may be transmitted to these services. Our PII Redaction System automatically scans every message and replaces identifying information (names, birth dates, phone numbers, addresses, insurance IDs) with anonymous equivalents before any data leaves your device. See our Security page for details on how this works.

A. Free Plan

If you use the free plan with your own OpenAI API key, your de-identified health data is sent to OpenAI's standard API services. This data is subject to OpenAI's Privacy Policy.

B. Paid Plan

Paid subscribers benefit from a HIPAA-compliant AI infrastructure hosted on Microsoft Azure with a zero-data-retention policy. Data sent to this service is processed and returned to your device without being retained in the cloud.

Data import features (available on paid plans) are processed through Google Cloud Platform (Vertex AI) under a HIPAA Business Associate Agreement.

C. Other Third-Party Services

  • Google Cloud Platform (Firestore): Stores account information
  • Stripe: Processes payments
  • Analytics providers: Collect anonymized usage data

4. Data Security

We take the security of your health data seriously. Available Health implements multiple layers of protection to ensure your information remains private and secure. For comprehensive technical details, please visit our Security page.

A. Encryption

All health data is encrypted with AES-256-GCM encryption before storage. This is the same encryption standard used by governments and financial institutions worldwide. Your data is encrypted at the field level, meaning even with direct database access, your information would be unreadable.

B. Secure Key Storage

Your encryption keys are stored in Apple's Secure Enclave on supported devices. The Secure Enclave is a dedicated security chip physically isolated from the rest of your device—the same technology Apple uses to protect Face ID data and Apple Pay credentials. On devices without a Secure Enclave, keys are protected by Apple's Keychain Services with hardware-backed protection.

C. Biometric Authentication

Access to your health data requires Face ID, Touch ID, or your device passcode. Your biometric data never leaves your device. When the app is locked or backgrounded, encryption keys are immediately cleared from memory.

D. iCloud Sync Security

If you enable cross-device sync, your health data is encrypted on your device before being synced via iCloud. Only encrypted ciphertext is transmitted to Apple's servers. Your encryption keys sync separately via iCloud Keychain's end-to-end encryption. Neither Apple nor Available Health can read your health data.

E. Account Security

Account information stored on our servers is protected using industry-standard security measures provided by Google Cloud Platform, including encryption at rest and in transit.

5. Data Retention and Deletion

Health data: Since your health data is stored locally on your device, you have full control over it. You can delete it at any time through the App or by removing the App from your device.

Account data: If you wish to delete your account and associated data from our servers, please send a written request to support@available.health. We will delete your account information within 30 days of receiving your request.

6. We Do Not Sell Your Data

We do not sell, rent, or trade your personal information or health data to third parties for marketing or advertising purposes.

7. Legal Disclosure

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

8. Children's Privacy

Available Health is intended for users who are 18 years of age or older. We do not knowingly collect personal information from anyone under the age of 18. If we become aware that we have collected personal information from someone under 18, we will take steps to delete that information.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email and update the "Last Updated" date at the top of this policy. Material changes will take effect 30 days after notice is provided. Your continued use of Available Health after changes become effective constitutes acceptance of the revised policy.

10. Contact Us

If you have any questions about this Privacy Policy or our security practices, please contact us at: support@available.health

For detailed information about our security architecture, visit our Security page.