Privacy Policy
Our Commitment to Your Privacy
At Arcvita ("Arcvita," "we," "us," or "our"), we exist to help you understand and improve your health. We know that health data is among the most personal information that exists — your lab results, sleep patterns, heart rate, and wellness goals paint an intimate picture of who you are. We take that responsibility seriously.
- Your health data is not for sale. We do not sell your personal information or health data to anyone, ever.
- We collect only what we need. We gather data to provide and improve the service, not to build advertising profiles.
- You control your data. You can view, export, and delete your data at any time.
- We are transparent about AI. When your data is processed by artificial intelligence, we tell you what's shared and why.
This Privacy Policy describes how we collect, use, share, and protect your personal information when you use the Arcvita mobile application, website (arcvita.health), and related services (collectively, the "Service").
1. Information We Collect
1.1 Information You Provide
- Account information: When you sign in with Apple, we receive your Apple ID user identifier and, if you choose to share it, your email address and name. We do not receive your Apple password.
- Lab reports and biomarkers: When you upload lab results (by photo or manual entry), we process the test names, values, reference ranges, units, and dates. This may include blood panels, metabolic markers, hormonal data, and other clinical measurements.
- Profile information: Optional information you provide about yourself, such as health goals, notes, or preferences.
1.2 Information Collected Automatically
- Health and fitness data from Apple HealthKit: With your permission, we read sleep duration, sleep efficiency, heart rate variability (HRV), resting heart rate, step count, active minutes, and active calories. We access HealthKit data solely to provide the Service. We do not use HealthKit data for advertising or marketing.
- Wearable device data: If you connect a Whoop, Oura, or other compatible device, we collect recovery scores, strain scores, workout data, and other metrics made available through that device's API with your authorization.
- Usage data: We collect basic information about how you interact with the app, such as features used, session duration, and crash reports. This helps us improve the Service.
- Device information: Device type, operating system version, and app version, used for compatibility and troubleshooting.
1.3 Information Generated by the Service
- Arcvita Score: A composite wellness score computed locally on your device from your health metrics.
- AI coaching conversations: When you interact with the AI health coach, your messages and the AI's responses are stored to maintain conversation continuity.
- Trends and insights: We generate trends, patterns, and correlations from your health data to surface insights.
2. How We Use Your Information
| Purpose | Examples |
|---|---|
| Provide the Service | Computing your Arcvita Score, displaying biomarker trends, delivering morning briefings |
| AI health coaching | Processing your health data and messages through our AI partner to generate personalized coaching (see Section 4) |
| Improve the Service | Analyzing usage patterns to fix bugs, improve features, and develop new capabilities |
| Communicate with you | Sending push notifications (with your permission), responding to support requests |
| Ensure security | Detecting and preventing fraud, abuse, or unauthorized access |
We do not use your information for:
- Advertising or marketing to third parties
- Building advertising profiles
- Training AI models on your personal health data
- Making eligibility decisions about you (insurance, employment, credit, etc.)
3. How We Store and Protect Your Information
3.1 Local-First Architecture
Arcvita is designed with a local-first architecture. The majority of your health data — including your Arcvita Score, HealthKit data, wearable data, and conversation history — is stored locally on your device using Apple's SwiftData framework. Data stored on your device is protected by iOS Data Protection, which encrypts it when your device is locked.
3.2 Cloud Storage
Some data is stored in our cloud database (hosted on Supabase in the United States) to enable features like cross-device access, backup, and biomarker trend analysis. Cloud-stored data includes:
- Biomarker values from uploaded lab reports
- Lab report metadata (date, source)
- User profile information
Cloud data is:
- Encrypted in transit using TLS 1.3
- Protected by Row-Level Security (RLS) — each user can only access their own data
- Authenticated via Sign in with Apple tokens
3.3 Encryption
We use AES-256-GCM encryption for sensitive data at rest. Encryption keys are stored in the iOS Keychain, which is backed by the Secure Enclave on supported devices.
3.4 Access Controls
- All API requests require authentication
- Service-level API keys are stored server-side and never embedded in the app
- Per-user rate limiting prevents abuse
- AI coaching requests and data deletion events are logged for security auditing
4. Artificial Intelligence and Third-Party Processing
4.1 AI Health Coaching
Arcvita's health coaching feature uses artificial intelligence provided by Anthropic (Claude AI) to analyze your health data and provide personalized insights. Before your first AI interaction, you will be asked to review and consent to this data sharing.
When you use AI coaching, the following data may be sent to our AI processing infrastructure:
- Your health metrics (sleep, HRV, activity, recovery scores)
- Biomarker values, reference ranges, and flags from lab reports
- Your coaching conversation messages
- Your Arcvita Score and component breakdown
What is NOT sent:
- Your name, email address, or Apple ID
- Your photos or images (except lab report images during scanning)
- Your location data
- Your device identifiers
4.2 How AI Data Is Protected
- AI requests are routed through our secure proxy server — your device never communicates directly with the AI provider
- The AI provider's API key is stored server-side and never touches your device
- Conversation data is processed in real-time and not used to train AI models
- Per-user rate limiting prevents abuse
4.3 AI Limitations
Arcvita's AI coaching is not a medical service. It provides wellness information and general health coaching based on your data. It does not diagnose conditions, prescribe treatments, or replace professional medical advice. Always consult a qualified healthcare provider for medical concerns.
5. How We Share Your Information
We do not sell your personal information. We share your information only in the following limited circumstances:
5.1 Service Providers
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Cloud database and authentication | Account info, biomarkers, lab reports |
| Anthropic | AI health coaching (via our proxy) | Health metrics, biomarkers, coaching messages |
| Apple | Authentication (Sign in with Apple) | Authentication tokens |
| Cloudflare | Website hosting (arcvita.health) | Website visitor data (IP, pages viewed) |
Our service providers are contractually required to protect your data and use it only for the purposes we specify.
5.2 Connected Devices
When you connect a wearable device (Whoop, Oura), data flows from that device to Arcvita. We do not send your Arcvita data back to the device manufacturer unless you explicitly enable such sharing.
5.3 Legal Requirements
We may disclose your information if required by law, regulation, legal process, or governmental request. We will notify you of such requests when legally permitted to do so.
5.4 Business Transfers
If Arcvita is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via the app or email before your information becomes subject to a different privacy policy.
5.5 With Your Consent
We may share your information in other ways if you specifically direct us to do so.
6. Your Rights and Choices
6.1 Access and Export
You can view all of your health data within the app. You may export your data as a JSON file from Profile → Privacy & Data, or by contacting us at privacy@arcvita.health.
6.2 Deletion
You can delete your data at any time:
- Local data: Signing out of the app clears all local data from your device
- Cloud data: Use the "Delete All Data" option in Profile → Privacy & Data, or contact us at privacy@arcvita.health
- We will delete your data within 30 days of your request
6.3 HealthKit Permissions
You can revoke Arcvita's access to HealthKit at any time via the Apple Health app (Settings → Privacy & Security → Health → Arcvita). Revoking access stops new data collection but does not delete previously collected data from Arcvita.
6.4 AI Coaching Consent
You can decline AI coaching during the initial consent flow. If you previously consented, you can disable AI coaching by signing out and back in, which resets your consent preferences.
6.5 Push Notifications
You can manage notification preferences in your device's Settings app.
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Until you delete your account |
| Biomarkers and lab reports | Until you delete your account or request deletion |
| Health metrics (cloud backup) | Until you delete your account or request deletion |
| Coaching conversations | Until you delete them or delete your account |
| Usage data | 12 months |
After deletion, data may persist in encrypted backups for up to 30 days before being permanently purged.
8. Children's Privacy
Arcvita is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us at privacy@arcvita.health and we will promptly delete it.
9. U.S. State Privacy Rights
9.1 California Residents (CCPA/CPRA)
If you are a California resident, you have the right to:
- Know what personal information we collect, use, and disclose
- Delete your personal information
- Opt out of sale or sharing of personal information — we do not sell or share your personal information for cross-context behavioral advertising
- Non-discrimination for exercising your privacy rights
To exercise these rights, contact us at privacy@arcvita.health.
9.2 Consumer Health Data
Arcvita processes consumer health data as defined by applicable state laws (Washington, Nevada, Connecticut, and others). We:
- Collect consumer health data only with your consent
- Do not sell consumer health data
- Do not use consumer health data for advertising or marketing purposes
- Provide you with the ability to delete your consumer health data
10. International Users
Arcvita is operated from the United States. If you are using the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where our servers and service providers are located. By using the Service, you consent to the transfer of your information to the United States.
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR), including the right to access, rectify, erase, restrict processing, data portability, and object to processing. To exercise these rights, contact us at privacy@arcvita.health.
11. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the app or by other means before the changes take effect. Your continued use of the Service after the effective date of a revised Privacy Policy constitutes your acceptance of the changes.
12. Contact Us
Email: privacy@arcvita.health
Website: arcvita.health
13. Apple HealthKit Disclosure
In accordance with Apple's requirements for apps that access HealthKit data:
- Arcvita does not use HealthKit data for advertising or similar services, including third-party advertising, advertising-based data mining, or information brokering.
- HealthKit data is not shared with third parties without your explicit consent, except as necessary to provide the core functionality of the Service.
- Arcvita does not disclose HealthKit data to the App Tracking Transparency framework.
This Privacy Policy is effective as of April 7, 2026 and applies to all users of the Arcvita Service.