Privacy isn't something we bolted on. It's been a core pillar of how we operate since day one, and it's front and centre in the app from the moment you sign up:

This post will be a broad overview of our approach to privacy and security, but you can read our full Privacy Policy if you want more information.

There are two terms worth knowing before we start. PII (Personally Identifiable Information) is anything that identifies you: name, date of birth, address. PHI (Protected Health Information) is anything that identifies you in a medical context: symptoms, treatments, conditions, lab results.

How we use your data

We use your data for two things: keeping the app running, and learning how to make it run better.

Your check-ins, patterns, treatments, and timeline don't work without storing what you tell us. The same goes for the essentials happening in the background, like making sure you can log in, fixing bugs, and sending you the emails you asked for.

We also collect anonymized metrics about how you use the app (data that's had identifying information stripped out), and we use these internally only. This is how we figure out which features are working, which flows need tweaking, and where to invest next.

What we never do with your data

We will never send your PII or PHI to any third party without your explicit consent. We don't use your health data to advertise to you. What you've logged about your conditions, symptoms, or treatments stays out of any ad targeting. And we keep your health data away from the tools that don't need it: the systems that send our emails, run our support chat, or process payments never see what you've logged.

Health research, if you want in

Chronic conditions are under-researched, under-funded, and slow to diagnose. We think the data users track every day in Human Health can change that, by helping researchers spot patterns faster, run studies that actually reflect lived experience, and ultimately get better treatments and diagnoses to the people who need them. That's why we partner with research organizations, and why we vet every one of them carefully before any data is shared.

Today, we use fully anonymized and aggregated health data (data that's been combined across many people so no individual can be identified) to help us and our research partners answer questions like: are people more likely to rate their anxiety as 'major' during summer or winter? Does daylight savings affect sleep ratings?

Users can also opt in to be matched for specific research opportunities. If you consent, we'll use your health data to check whether you're a match for upcoming studies and send you invitations. Every study is opt-in, which means nothing happens without your explicit consent. Before you agree to anything, we'll make it clear what the study is for, who your data will be shared with, exactly what data will be shared and how it will be used, and how your data will be deleted when the study ends.

You can read more about our research approach on the blog.

How we stay compliant

We are fully GDPR compliant and voluntarily apply HIPAA-aligned privacy and security standards. In practice, this means we store sensitive data only for as long as strictly needed, you can request copies of your data at any time, and you can delete your data easily.

We treat GDPR and HIPAA as the minimum bar. Just because something is legal doesn't mean it's the most ethical option, so for every new feature we launch, we carefully consider best practices and how we might go beyond them. Our whole team is trained in handling data and IT systems in line with GDPR, HIPAA, and the security practices relevant to their role.

How we work securely

We store your PII and PHI encrypted at rest in Google Cloud Platform, using industry best practices. We also build with "Privacy by Design" and "Security by Design" as defaults, thinking carefully about how data is collected, where it goes, and how it's used.

A Privacy by Design example: we use PostHog for the internal app metrics mentioned above. Instead of taking the easy route and adding a tracking pixel that hoovers up everything you tap, we explicitly opt-in each action we want to record and send it via our own servers, which strictly limits what gets tracked.

A Security by Design example: we don't store passwords. Since launching Sign In With Apple and Google, over 90% of users choose one of those options. For anyone who signs up with email and password, we outsource password storage to Google (Firebase), so we couldn't leak your password even if we wanted to.

We engage a third party to run security penetration testing every year and we also run a yearly HIPAA compliance audit.

If you have questions about the above, or any related questions about data privacy, security, compliance please drop us a line support@human.health and we’ll share more information.