Privacy Policy

Last updated: 2026-05-15

1. Who we are

Health Saviors (the "Service") is an AI-assisted health-tracking application. It is operated by the Health Saviors team ("we", "us"). Contact: admin@health-saviors.app.

2. What we collect

  • Account & identity: wallet address, optional display name, optional age / height / weight, chronic conditions you select.
  • Daily logs you create: water, meals (descriptions + AI-estimated nutrition), exercise, sleep, mood, meditation sessions, community posts.
  • Conversations: messages exchanged with the AI agents (stored to provide cross-session memory).
  • Push subscriptions: the browser push endpoint and keys, only when you opt in.
  • Operational data: request timestamps, IP at sign-in (audit log), basic user-agent.

3. How we use it

  • Provide the AI agents (Nurse, Gatekeeper, Nutritionist, MindCare) with the context needed to give personalized guidance.
  • Calculate streaks, daily progress, and reward eligibility.
  • Send the notifications you have enabled in Notifications.
  • Diagnose abuse, billing, and security issues.

4. Third-party services

  • xAI (Grok): message text + minimal user context (age, BMI, chronic conditions, recent topics) is sent to xAI to generate responses and to extract meals from chat. xAI's data handling: x.ai/legal/privacy-policy.
  • Neon (PostgreSQL): primary database. neon.tech/privacy-policy.
  • Vercel: hosting + edge delivery. vercel.com/legal/privacy-policy.
  • Browser push services (FCM / APNs / Mozilla) deliver the actual push payloads to your device.

5. Storage & security

  • Data is stored on Neon PostgreSQL with TLS in transit and at rest.
  • JWTs are signed; sensitive secrets server-side are encrypted (AES-256-GCM) with a key not stored in the database.
  • We do not sell your data. We do not run third-party advertising trackers.

6. Your rights

  • Access / export: contact us and we will return all data tied to your account.
  • Deletion: contact us to delete your account and all associated logs. Push subscriptions and notification preferences are removable from /notifications.
  • Correction: edit logs (e.g. meals) inline in each tracker, or contact us.
  • Withdraw consent: withdrawing consent stops new processing but does not affect lawful processing already done.

7. Retention

We retain logs and conversations for as long as your account is active. On account deletion we remove personal data within 30 days (longer only when legally required, e.g. anti-fraud audit logs).

8. Children

Health Saviors is not directed at users under 16. Do not create an account if you are under 16.

9. Changes

If we materially change this policy we will surface a notice in-app before continuing to process data under the new terms.

See also: Terms of Service.