Evra Health

Privacy Policy

Last updated: April 8, 2025

This Privacy Policy explains how Evra Health Inc. collects, uses, discloses, transfers, and stores information about Users of the Services. It is incorporated into our Terms of Service.

1. Overview

We value your privacy and have designed our data practices to respect and protect the information you entrust to us. This Privacy Policy describes:

  • What information we collect.
  • How we use the information.
  • When we may share it.
  • Your rights and choices.
  • How we protect your information.
  • How to contact us.

2. Health & Sensitive Information

When we collect, receive or maintain protected health information (“PHI”) in our capacity as a covered entity or business associate under HIPAA (or analogous jurisdictional law), we follow our Notice of Health Information Privacy Practices. If there is any conflict between this Privacy Policy and our Health Information Privacy Practices, the Notice will govern.

When handling PHI, we maintain audit logs and access controls consistent with HIPAA security requirements.

Evra may act as a business associate for certain partners and a direct-to-consumer wellness service for others. We will specify our HIPAA role in relevant service agreements and notices.

If we process biometric identifiers (such as heart rate variability, sleep stage data, or glucose readings), we do so with your consent and apply heightened security requirements for biometric data in accordance with applicable law.

3. Information We Collect

a) Information You Provide

  • Your name, date of birth, address, telephone number, email address, username/password, contact information, payment information.
  • Payment and transaction information (processed securely via third-party payment processors — we do not store full credit card details).
  • Health/medical information you provide (e.g., diagnoses, symptoms, health history, biometrics, wearable device data, meal/diet data, lab results).
  • Profile image (if you provide).
  • Any content you submit to public forums, comment features, or via chats with our providers/AI.

b) Technical & Usage Information

We may collect automatically: device information (type, OS, browser), IP address, location info (if enabled), cookies/web-beacons, log files, usage analytics, interaction with our Services.

c) Third-Party/Partner Data

We may receive information about you via affiliated partners or third-party integrations (e.g., wearable device manufacturers, health data platforms, labs) and combine with our data.

d) Wearable and Device Data

  • Activity & movement data
  • Sleep metrics and recovery data
  • Heart rate, HRV, respiratory rate, temperature trends
  • Nutrition, hydration, menstrual cycle, glucose data (when supported)

This information is used to deliver personalized insights and enhance your health experience. You may disconnect devices at any time through your device settings. We do not receive raw device credentials and do not access data outside what you authorize.

4. How We Use the Information

  • Providing, operating, maintaining and personalizing the Services.
  • Analyzing usage, improving the Services, developing new features, internal research.
  • Communicating with you (e.g., service announcements, reminders, marketing if you consent).
  • Compliance with legal obligations, fraud detection, security operations.
  • When acting as healthcare provider (or via partner) — treatment, payment, operations (per HIPAA) in applicable jurisdictions.
  • We may use your information, in de-identified and/or aggregated form, for broader population-level analysis of outcomes trends in order to evaluate, validate, and improve the safety, quality, and performance of our Services.

5. How We Share Your Information

  • Service providers/vendors who perform services on our behalf (hosting, analytics, payments) and abide by contractual obligations.
  • Affiliates or partners you have authorized (e.g., device makers, labs, meal-delivery integration) — always subject to your consent and contract terms.
  • We maintain a list of subprocessors and service providers and will make it available upon request.
  • Legal or regulatory authorities when required by law (e.g., court order, investigations).
  • In connection with business transactions (merger, acquisition, sale) — subject to contractual protections.
  • Aggregated or de-identified data that cannot reasonably identify you, which we may use or publish for research or insight.
  • We do not sell your personal data to third-party advertisers.

6. Transfers & International Processing

Your data may be processed/stored in the United States or other jurisdictions where we or our service providers operate. We will use appropriate safeguards (such as standard contractual clauses, encryption) for any cross-border transfers, in compliance with legal/regulatory requirements. Security measures include encryption in transit and at rest, access controls, intrusion detection, data minimization, and audit logging. We perform periodic reviews and vendor risk assessments.

7. Data Retention

  • User account and profile data: retained while your account is active and for up to 7 years after closure
  • Health and biometric data: retained for up to 7 years unless you request deletion sooner and no legal obligation applies
  • Log and device data: retained for 12–24 months
  • De-identified data: may be retained and used indefinitely for lawful business and research purposes

You may request account deletion by contacting legal@evrahealth.com. Certain information may be retained as permitted or required by law.

8. Cookies & Tracking Technologies

We and our service providers use cookies, web beacons, pixel tags, and similar technologies to collect information about website usage, deliver content and personalization, improve our Services and for security/fraud prevention. You may manage or disable cookies via browser/device settings; note this may affect functionality. We currently do not respond to browser “Do Not Track” (DNT) signals. We honor Global Privacy Control (GPC) signals as required by applicable law.

9. Your Rights & Choices

Depending on your jurisdiction you may have rights such as accessing, correcting, deleting, or objecting to processing of your personal data. For HIPAA-governed PHI, you may request an accounting of disclosures, amend your record, request restrictions, or inspect/copy information. You may withdraw your consent to the processing of your personal data at any time by contacting us at founders@evrahealth.com.

YOUR RIGHTS & PREFERENCES AS A DATA SUBJECT

Subject to the GDPR and applicable law’s limitations, the rights afforded to you as a data subject are:

  1. RIGHT TO BE INFORMED : You have a right to be informed about the manner in which any of your personal data is collected or used which we have endeavored to do by way of this Policy.

  2. RIGHT OF ACCESS : You have a right to access the personal data you have provided by requesting us to provide you with the same.

  3. RIGHT TO RECTIFICATION : You have a right to request us to amend or update your personal data if it is inaccurate or incomplete.

  4. RIGHT TO ERASURE : You have a right to request us to delete your personal data.

  5. RIGHT TO RESTRICT : You have a right to request us to temporarily or permanently stop processing all or some of your personal data.

  6. RIGHT TO OBJECT : You have a right, at any time, to object to our processing of your personal data under certain circumstances. You have an absolute right to object to us processing your personal data for the purposes of direct marketing.

  7. RIGHT TO DATA PORTABILITY : You have a right to request us to provide you with a copy of your personal data in electronic format and you can transmit that personal data for using another third-party’s product/service.

  8. RIGHT NOT TO BE SUBJECT TO AUTOMATED DECISION-MAKING : You have a right to not be subject to a decision based solely on automated decision making, including profiling.

In case you want to exercise the rights set out above you can contact us here: dpo@evrahealth.com.

The data provided by you as a Visitor, or when you sign up as a Customer / User or register for our Services will be processed by us for the purpose of rendering Services to you or in order to take steps prior to rendering such Services, at your request. Where such data is not being used by us to render Services to you, we shall explicitly seek your consent for using the same. You can choose to withdraw this consent at any time here.

Additionally, we may process your data to serve legitimate interests.

Accordingly, the grounds on which we can engage in processing are as follows:

NATURE OF DATAGROUNDS
Visitor Data
  • Consent;
  • Performance of a Contract; and
  • Legitimate Interest
  • Performance of a Contract; and
  • Legitimate Interest
Account Registration Data
  • Compliance with applicable laws;
  • Legitimate Interest
Service Usage Data
  • Performance of a Contract; and
  • Legitimate Interest
Data for Marketing our Services
  • Consent; and
  • Legitimate Interest

If you believe we have used your personal data in violation of the rights above or have not responded to your objections, you may lodge a complaint with your local supervisory authority.

10. Rights for California Residents (CCPA/CPRA)

If you are a resident of California, you have additional rights under the California Consumer Privacy Act (“CCPA”) and California Privacy Rights Act (“CPRA”), including the right to know, delete, correct, restrict, or opt-out of the sale/sharing of personal information. Contact: legal@evrahealth.com.

11. Rights for Users in India (DPDPA Compliance)

For users in India, Evra Health Inc. processes personal data in accordance with the Digital Personal Data Protection Act, 2023 (DPDPA). You may access, correct, delete, withdraw consent, or file a grievance regarding your data.

12. Rights for EEA & UK Users (GDPR/UK GDPR)

Right to access, correct, delete, restrict processing, transfer data, and object to automated decision-making. Contact: legal@evrahealth.com to exercise these rights or request our Data Protection Officer (DPO) contact.

13. Other International Users

If you access our services from outside the United States, you consent to processing and transfer of your information in accordance with this Policy and applicable law.

14. AI and Automated Decision-Making

Evra Health Inc. uses AI to provide personalized health insights and recommendations. We may use your data to deliver insights, identify trends, improve models, and conduct internal research. De-identified data may be used for AI improvement. You may opt out by contacting legal@evrahealth.com.

15. Security

We implement administrative, physical, and technical safeguards to protect your information. While we strive for strong protection, no system transmitted over the internet is completely secure.

16. Children

The Services are not directed to children under 18. We do not knowingly collect personal data from children without parental consent. If discovered, we delete such data. COPPA defines children under 13.

17. Changes to this Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be notified via email or a prominent site notice.

18. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at legal@evrahealth.com.

Join the Waitlist

Fill out the form below to join the waitlist!