Consumer Health Data Privacy Policy

Effective date: the date EverPine v0.1.0 is publicly released

This policy applies specifically to consumer health data that EverPine collects, and is provided in addition to our general Privacy Policy. It exists to meet consumer-health-data laws such as Washington's My Health My Data Act and Nevada's SB 370 (NRS 603A). It contains no marketing content.

1. Categories of consumer health data we collect

We do not collect precise location, and we do not use geofencing.

2. Why we collect it

Solely to provide the app's function for you: to store, organize, and display your own health records, and to deliver the reminders you set. We do not use your health data for advertising, profiling, or any secondary purpose.

3. Sources

All consumer health data comes directly from you (entered manually, or captured by you via camera/import). We do not buy or obtain health data from third parties.

4. Consent

We collect and process your health data only after you give affirmative, opt-in consent in the app; this consent is separate from accepting our Terms of Service. AI recognition requires a separate, specific opt-in before any document image leaves your device. You may withdraw either consent at any time in the app, and withdrawal is as easy as giving consent.

5. How your health data is stored and whether it is shared

6. Cross-border processing

If you use EverPine from Canada or Hong Kong, the health data processed by the service providers above (encrypted backup ciphertext; the readable image if you opt in to AI recognition; and readable question/record text when you use the AI assistant) is transferred to and processed in the United States / global regions of Google's infrastructure.

7. Retention

Your health data is retained for as long as you keep it. When you delete a record it is removed; when you delete your account, your cloud ciphertext is deleted after a cooling-off period (currently 7 days). Locally stored data is removed when you delete it or uninstall the app. A minimal security-event log (event types and timestamps only, never health content) is kept while your account exists and is permanently deleted 30 days after account deletion completes.

8. Your rights

You may:

To exercise any of these, contact hi@everpine.life. We respond within 30 days. If we decline a request, you may appeal by replying to our response; we will reconsider and explain our decision.

9. Notice of changes to this policy

We may update this policy. Material changes will be notified to you in the app or by email, and the effective date at the top will be updated.

10. Contact

hi@everpine.life

Data controller: Luwen Yu (individual developer). Contact: hi@everpine.life (written channel for privacy requests).