CareVault ("we," "our," or "us") is a personal health organizer that helps individuals and families manage medical records, medications, appointments, and documents. This Privacy Policy explains what data we collect, how we use it, and your rights.
CareVault is not a HIPAA-covered entity and does not provide medical advice. If you require HIPAA-compliant storage, please contact us before using the service.
2. Data We Collect
We collect only what you choose to provide:
Account data: email address, display name, blood type
Health records: medications, conditions, allergies, appointments, doctors — entered by you
Documents: files you upload (PDFs, images). These are stored encrypted at rest in Supabase Storage.
Emergency contact: name, phone number, relationship — stored in your secure account profile
Usage data: server logs for error diagnosis (no behavioral tracking)
We do not sell, rent, or share your personal or health data with third parties for commercial purposes.
3. How We Use Your Data
To provide the CareVault service — display, organise, and search your health records
To process documents using AI (OpenAI API) — your document text is sent to OpenAI for structured extraction only. OpenAI's API does not use API data for model training by default.
To send medication and appointment reminders (when enabled)
To diagnose errors and improve reliability
4. Data Storage and Security
Data is stored in Supabase (PostgreSQL) hosted on AWS
Documents are stored in private Supabase Storage buckets with access-controlled signed URLs
All connections use TLS/HTTPS
Passwords are never stored — authentication is handled by Supabase Auth
5. Your Rights
Access: You can view all your data within the app at any time
Export: Data export functionality is coming soon
Deletion: You can delete your account and all associated data from Settings → Delete account. Deletion is permanent and immediate.
Correction: You can edit all your records within the app
For EU/EEA residents: you have rights under GDPR including access, rectification, erasure, and portability. Contact us at privacy@carevault.app.
6. Data Retention
Your data is retained as long as your account is active. When you delete your account, all personal data, health records, and uploaded documents are permanently and immediately deleted from our systems.
7. Third-Party Services
Supabase — authentication and data storage (privacy policy)