Privacy Policy

HealthEcho ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect when you use the HealthEcho mobile application ("App"), how we use it, and the choices you have. Please read it carefully. By using the App you agree to the practices described here.

HealthEcho is not a covered entity under HIPAA, but we voluntarily apply HIPAA-aligned safeguards to all health data you provide because we believe you deserve nothing less.

1. Overview

HealthEcho helps you understand your health by analysing lab results, tracking vitals and medications, predicting health risks, and connecting you with direct-to-consumer lab testing. To do that, we need certain information from you. We collect only what is necessary to provide the service and we handle it with care.

2. Information We Collect

Information you provide directly

• Account information — name, email address, and password when you register.
• Health profile — date of birth, biological sex, height, weight, and other baseline data you choose to enter.
• Lab results — images or PDF uploads of blood test reports, and results delivered from partner labs.
• Vitals — blood pressure, heart rate, blood glucose, oxygen saturation, and any other measurements you log.
• Conditions & medications — diagnoses and medication lists you record in the App.
• Sleep data — sleep duration and quality entries you log manually or via connected devices.
• Chat messages — text you send to the AI Health Chat feature.

Information collected automatically

• Device identifiers, operating system version, and App version.
• Crash logs and diagnostic data to help us fix bugs.
• Aggregate, anonymised usage analytics (e.g. which features are used most often). We do not use individual-level analytics for advertising.

Information from third parties

• Lab results delivered electronically from partner laboratories when you order tests through the App.
• Apple Health (HealthKit) data — only if you explicitly grant permission. We do not use HealthKit data for advertising or share it with data brokers.

3. How We Use Your Data

We use your information solely to provide and improve HealthEcho:

• Analysing and explaining your lab results using AI.
• Powering the AI Health Chat with context from your health record.
• Generating personalised risk predictions and action plans.
• Tracking trends in your vitals, conditions, and medications over time.
• Fulfilling and importing results from direct-to-consumer lab orders.
• Sending you important account and health-related notifications (you can opt out of non-essential notifications).
• Improving the accuracy and safety of our AI models using aggregated, de-identified data only.
• Complying with legal obligations.

We do not use your health data for advertising, sell it to data brokers, or share it with insurance companies or employers.

4. How We Share Data

We do not sell or rent your personal information. We share data only in the following limited circumstances:

Service providers

We use carefully selected third-party vendors (cloud hosting, AI infrastructure, and lab ordering partners) who process data only on our behalf, under strict data processing agreements, and are prohibited from using your data for any other purpose.

Lab testing partners

When you order a lab test through the App, we share the minimum information necessary (name, date of birth, billing address) with the laboratory to fulfil your order. The lab's own privacy policy governs how they handle that data.

Legal requirements

We may disclose information if required by law, court order, or to protect the safety of users or the public.

Business transfers

If HealthEcho is acquired or merges with another company, your data may be transferred as part of that transaction. You will be notified in advance, and the acquirer must agree to honour this Privacy Policy or obtain your fresh consent.

5. Security

• All data is encrypted in transit using TLS 1.2 or higher.
• All data is encrypted at rest using AES-256.
• Access to personal health data within our team is role-based and logged.
• We conduct regular security reviews and vulnerability assessments.

No system is 100% secure. If we become aware of a breach affecting your data, we will notify you promptly as required by applicable law.

6. Data Retention

We retain your account and health data for as long as your account is active, or as needed to provide you the service. If you delete your account, we will permanently delete your personal health data within 30 days, except where we are legally required to retain certain records.

7. Your Rights & Choices

You have the following rights regarding your data:

• Access — request a copy of the personal data we hold about you.
• Correction — update or correct inaccurate data at any time within the App settings.
• Deletion — request permanent deletion of your account and all associated health data.
• Export — download your health data in a portable format.
• Opt out of AI model training — contact us to exclude your data from any model improvement processes.
• Revoke Apple Health access — disable HealthKit permissions at any time in iOS Settings → Privacy & Security → Health.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

8. Children's Privacy

HealthEcho is not directed at children under 13 (or under 16 in the European Economic Area). We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

9. International Data Transfers

HealthEcho is operated in the United States. If you use the App from outside the US, your information will be transferred to and processed in the US. We apply appropriate safeguards for any cross-border transfers in accordance with applicable law.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via the App or by email at least 14 days before the changes take effect. Your continued use of HealthEcho after that date constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions or concerns about this Privacy Policy or how we handle your data, please contact us:

HealthEcho is not a substitute for professional medical advice, diagnosis, or treatment. Always seek the advice of a qualified healthcare provider with any questions you may have regarding a medical condition.