Privacy Policy

Last updated: February 6, 2026

1. Who we are

Eva Health (“Eva,” “we,” “us”) operates the website evahealth.me and related services. We are committed to protecting your privacy and handling your data with transparency.

2. What data we collect

We only collect data you explicitly provide or consent to:

  • Account data: Email address, password (hashed), display name
  • Health data (with consent): Menstrual cycle dates, symptoms, mood, energy, sleep quality
  • Wearable data (with consent): Temperature, HRV, SpO2, sleep scores from connected devices
  • Preferences: Content feed selections, notification settings

3. How we use your data

  • To provide cycle tracking, predictions, and health insights
  • To display personalized content in your feed (with consent)
  • To enable doctor portal sharing (only data you explicitly select)
  • To process your subscription and payments via Stripe

4. Your rights

You have the right to:

  • Access: View all data we hold about you
  • Export: Download your data in JSON or CSV format
  • Rectify: Correct any inaccurate data
  • Delete: Permanently delete your account and all data
  • Restrict: Withdraw consent for specific data categories at any time
  • Portability: Receive your data in a machine-readable format

5. Data sharing

We never sell your data. Your health data is only shared when:

  • You explicitly create a share link for your healthcare provider
  • Required by law (we will notify you unless legally prohibited)

6. Data security

All data is encrypted at rest (AES-256) and in transit (TLS 1.3). Database access is enforced via Row Level Security, meaning even our own systems cannot access your data without your authentication.

7. Third-party services

  • Supabase: Database and authentication (US region)
  • Stripe: Payment processing (PCI-DSS compliant)
  • Vercel: Website hosting
  • Plausible: Privacy-first analytics (no cookies, no personal data)

8. Data retention

We retain your data for as long as your account is active. When you delete your account, all data is permanently removed within 30 days, including from backups.

9. Contact

For privacy inquiries, contact us at privacy@evahealth.me.