Privacy Policy

Last Updated: April 19, 2026

Welcome to Evra Health (“Evra,” “we,” “us,” or “our”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services.

1. Information We Collect

1.1 Personal Information You Provide

When you register and use Evra, we collect:

• Account Information: Name, email address, phone number, date of birth, ZIP code, and timezone.

• Profile Information: Profile picture, blood type, and community username.

• Health Goals & Preferences: Health goals, dietary preferences, allergies, intolerances, existing medical conditions, and at-risk conditions.

• Medication Information: Medication names, refill dates, and duration.

1.2 Health Data

With your permission, we collect health data from:

• Wearable Devices & Health Apps (Apple HealthKit / Health Connect):

• Steps, distance walked/run, heart rate, resting heart rate, and heart rate variability (HRV).

• Sleep duration and stages, active energy/calories burned.

• Weight, height, body fat percentage, and BMI.

• Blood glucose levels, blood pressure (systolic/diastolic), and oxygen saturation.

• Body temperature, respiratory rate, VO2 Max, and dietary intake data.

• Lab Reports: When you upload lab reports (PDF), we extract test names, values, reference ranges, and dates.

• Medical Documents: When you connect MyChart or upload medical documents, we extract relevant health information.

1.3 Usage Data

We automatically collect:

• App usage analytics and feature interactions.

• Chat conversation history.

• Device information (type, OS version).

• Error logs and crash reports.

2. How We Use Your Information

2.1 Core Services

We use your information to:

• Provide personalized health insights and recommendations.

• Power our AI health assistant chat feature and meal plans.

• Track and display your health metrics.

• Send health alerts and notifications.

2.2 AI-Powered Features

IMPORTANT: Third-Party AI Service Disclosure

Evra uses OpenAI’s GPT models to power our AI features. When you use AI-powered features, certain data is sent to OpenAI’s servers for processing.

3. Third-Party AI Data Sharing

3.1 OpenAI Integration

The following data may be sent to OpenAI when you use AI features:

3.2 OpenAI’s Data Handling

• OpenAI processes data according to their Privacy Policy.

• OpenAI does NOT use data submitted via our API to train their models.

• Data is transmitted securely via encrypted connections and retained for up to 30 days for abuse monitoring.

3.3 Your Consent

You will be asked to provide explicit consent before using AI features. You can Accept, Decline, or Withdraw Consent at any time in Settings > Privacy > AI Data Sharing.

4. Other Third-Party Services

5. Data Security & Retention

• Security: Data is encrypted in transit (TLS 1.3) and at rest (AES-256). Health data is stored in HIPAA-aligned infrastructure.

• Retention: Data is retained while your account is active. AI processing logs are deleted after 90 days.

6. Your Rights and Choices

Depending on your location and applicable law, you may have the following rights regarding your personal data:

• Right to Be Informed. You have the right to be informed about how your personal data is collected and used. This Privacy Policy provides that information.
• Right of Access. You have the right to request access to the personal data we hold about you and obtain a copy of that data. View or export your health data in CSV, PDF, or XML format.
• Right to Rectification. You have the right to request correction of inaccurate or incomplete personal data.
• Right to Erasure (“Right to Be Forgotten”). You have the right to request deletion of your personal data, subject to legal and regulatory obligations.
• Right to Restrict Processing. You have the right to request that we limit the processing of your personal data under certain circumstances.
• Right to Object. You have the right to object to the processing of your personal data where such processing is based on legitimate interests or for direct marketing purposes.
• Right to Data Portability. You have the right to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another service provider.
• Right to Withdraw Consent. Where processing is based on your consent (including AI data processing), you may withdraw your consent at any time.
• Right Not to Be Subject to Automated Decision-Making. You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects.

Exercising Your Rights
You may exercise your rights by:

• Emailing: privacy@evrahealth.com
• Using in-app controls (Settings > Privacy)

We will respond to verified requests within applicable legal timeframes.

7. Region-Specific Rights

7.1 United States (CCPA)
If you are a California resident, you have the right to:

• Know what personal information is collected, used, disclosed, or shared
• Request deletion of your personal information
• Opt out of the sale of personal information (Evra does not sell personal data)
• Not be discriminated against for exercising your rights

7.2 India (DPDPA / SPDI Rules)
If you are located in India, you have the right to:

• Access your personal data
• Correct inaccurate or incomplete data
• Erase your personal data
• Withdraw consent for data processing at any time

Contact: dpo@evrahealth.com

7.3 EU / UK (GDPR)
If you are located in the European Economic Area (EEA) or the United Kingdom, you are entitled to all rights listed in Section 6.

You also have the right to lodge a complaint with your local data protection authority if you believe your data has been processed unlawfully.

8. Contact Us

For questions regarding this policy:

• Email: privacy@evrahealth.com

• Support: support@evrahealth.com

• Website: https://evrahealth.com/privacy

By using Evra, you acknowledge that you have read and understood this Privacy Policy.