Consumer Health Data Privacy Policy
Effective date: the date EverPine v0.1.0 is publicly released
This policy applies specifically to consumer health data that EverPine collects, and is provided in addition to our general Privacy Policy. It exists to meet consumer-health-data laws such as Washington's My Health My Data Act and Nevada's SB 370 (NRS 603A). It contains no marketing content.
1. Categories of consumer health data we collect
- Health records you enter or capture: visit dates, hospitals, visit types, notes, document images, diagnoses, medications, lab values, and reminders.
- Questions you ask the in-app AI assistant, and any health information you choose to include in feedback you send us.
- Account identifier: your email address.
We do not collect precise location, and we do not use geofencing.
2. Why we collect it
Solely to provide the app's function for you: to store, organize, and display your own health records, and to deliver the reminders you set. We do not use your health data for advertising, profiling, or any secondary purpose.
3. Sources
All consumer health data comes directly from you (entered manually, or captured by you via camera/import). We do not buy or obtain health data from third parties.
4. Consent
We collect and process your health data only after you give affirmative, opt-in consent in the app; this consent is separate from accepting our Terms of Service. AI recognition requires a separate, specific opt-in before any document image leaves your device. You may withdraw either consent at any time in the app, and withdrawal is as easy as giving consent.
5. How your health data is stored and whether it is shared
- Your health data is stored locally on your device, encrypted, by default.
- Cloud backup is on by default so you don't lose your records; backup data is end-to-end encrypted before leaving your device and our servers store only ciphertext we cannot read.
- We do not sell your health data. We do not share it with third parties for their own use.
- We do not allow any third party to collect your health data over time across different websites or online services when you use EverPine — the app contains no third-party analytics, advertising, or tracking SDKs.
- Service providers (processors) that process data only to provide the app to you:
- Google (Vertex AI / Gemini) — only if you opt in to AI recognition, or when you use the AI assistant: processes the document image you submit for recognition, in readable form and without automatic redaction, to extract fields; or processes your assistant question and the record excerpts needed to answer it, transiently, to generate the reply. Processing occurs on Google's enterprise Vertex AI (US / global infrastructure). Google acts as our service provider (processor); this is not a sale or a sharing of your health data, and the content is not used to train Google's models. However, under its terms of service, Google may retain request logs for a limited period for abuse monitoring and platform safety before deletion; we do not control this retention and disclose it here for transparency (consistent with §4 of our general Privacy Policy).
- Google Cloud (Cloud Run / Cloud SQL / Storage) — runs the service; stores end-to-end-encrypted ciphertext.
- Google (Firebase Authentication) and Resend — handle email sign-in codes (email address only; not health data).
6. Cross-border processing
If you use EverPine from Canada or Hong Kong, the health data processed by the service providers above (encrypted backup ciphertext; the readable image if you opt in to AI recognition; and readable question/record text when you use the AI assistant) is transferred to and processed in the United States / global regions of Google's infrastructure.
7. Retention
Your health data is retained for as long as you keep it. When you delete a record it is removed; when you delete your account, your cloud ciphertext is deleted after a cooling-off period (currently 7 days). Locally stored data is removed when you delete it or uninstall the app. A minimal security-event log (event types and timestamps only, never health content) is kept while your account exists and is permanently deleted 30 days after account deletion completes.
8. Your rights
You may:
- Access / export your health data;
- Correct any health data record you have entered (directly in the app, or by sending us a correction request);
- Delete any record, or delete your account with cascading deletion of cloud data;
- Withdraw consent to collection/processing of health data at any time;
- Request a list of the categories of third parties and specific affiliates with whom your health data has been shared. (We do not share your health data with third parties for their own use; the service providers that process it on our behalf are listed in Section 5.)
To exercise any of these, contact hi@everpine.life. We respond within 30 days. If we decline a request, you may appeal by replying to our response; we will reconsider and explain our decision.
9. Notice of changes to this policy
We may update this policy. Material changes will be notified to you in the app or by email, and the effective date at the top will be updated.
10. Contact
Data controller: Luwen Yu (individual developer). Contact: hi@everpine.life (written channel for privacy requests).