Privacy Policy

Last Updated: December 20, 2025

Our Privacy Commitment

At Solari Health, your privacy is our top priority. We believe health data is deeply personal and should be protected with the highest security standards. This policy explains how we collect, use, protect, and handle your information.

Our Promise: We will NEVER sell your health data to third parties. Your information exists solely to help you manage your health.

1. Information We Collect

Account Information

  • Email address: For account creation and communication
  • Password: Securely hashed and stored via AWS Cognito
  • Account metadata: Creation date, last login

Health Information (Encrypted)

  • Symptom entries: Names, severity, dates, and detailed notes (encrypted)
  • Doctor visits: Doctor names, contact information, diagnoses, and treatments (encrypted)
  • Medications: Names, dosages, and effectiveness (encrypted)
  • Timeline metadata: Dates and entry timestamps

Optional Demographics (Not Encrypted)

  • Birth year: For age-appropriate AI insights
  • Sex/Gender: For relevant health recommendations
  • Additional health context: Optional information to improve AI analysis accuracy
  • Note: All demographics are optional and can improve AI recommendations but are not required

Technical Information

  • IP address: For security and fraud prevention
  • Browser/device info: To optimize your experience
  • Session data: To keep you securely logged in
  • Error logs: To improve platform reliability (health data automatically redacted)

2. How We Use Your Information

Primary Uses

  • Secure Storage: Organize and protect your health timeline with end-to-end encryption
  • AI Analysis: Generate personalized health insights and pattern recognition
  • Service Delivery: Provide core platform functionality
  • Account Management: Authentication and security

AI-Powered Features

When you use AI insights, we:

  • Decrypt your data temporarily in your browser to prepare it for analysis
  • Send decrypted data securely via HTTPS to our AI partners
  • Generate insights including symptom patterns, correlations, and potential specialist recommendations
  • Return results to you — AI providers do not store your health data
  • No logging: Solari Health does not store AI prompts or responses on our servers

Multi-Agent Analysis Mode

When using our Multi-Agent analysis option:

  • Your health data is sent to both Anthropic Claude and DeepSeek simultaneously
  • Both AI providers analyze your data independently for cross-validation
  • Results are combined to provide higher-confidence insights
  • Neither provider stores your data — analysis is performed in real-time only

Why decryption is necessary for AI: AI cannot analyze encrypted data. Your data is decrypted in your browser, sent over encrypted HTTPS connections, analyzed in real-time, and immediately discarded by AI providers. Neither Anthropic nor DeepSeek store your health information.

AI Disclaimer: All AI-generated insights are for informational and educational purposes only. They are not medical advice and should never replace professional medical consultation. Always consult qualified healthcare providers for diagnosis and treatment.

3. Cookies & Local Storage

We use cookies and browser storage to provide essential functionality. We do not use advertising cookies or third-party tracking cookies.

Essential Cookies

  • Session token: Keeps you securely logged in (7 days)
  • Authentication token: Verifies your identity with AWS Cognito (7 days)
  • CSRF token: Protects against cross-site request forgery attacks (24 hours)

Local Storage (Browser)

We store the following data locally in your browser:

  • Encrypted health data: Your timeline entries, encrypted with AES-256-GCM
  • Encryption keys: Your personal encryption keys for data security
  • User preferences: Demographics backup and display settings
  • App state: Whether you've seen the demo walkthrough, accepted disclaimers, etc.

No tracking cookies: We do not use Google Analytics, Facebook Pixel, or any third-party advertising or tracking cookies. Your browsing behavior is not tracked or sold.

4. Analytics & Error Monitoring

We use minimal, privacy-focused monitoring to maintain service quality and fix bugs quickly.

Error Monitoring (Sentry)

  • We use Sentry to detect and fix technical errors
  • All health data (symptoms, conditions, medications, notes) is automatically redacted before any error is logged
  • We use anonymized session recordings with all text and media masked to debug issues
  • These recordings cannot identify you or reveal your health data
  • Error data is used solely to improve platform reliability

What We Don't Do

  • We do not use Google Analytics or similar tracking services
  • We do not track your browsing behavior across sites
  • We do not build advertising profiles
  • We do not sell or share analytics data with third parties

5. Data Security & Encryption

End-to-End Encryption

What we encrypt (AES-256-GCM):

  • All symptom names and descriptions
  • Doctor names, phone numbers, and addresses
  • Medical diagnoses and treatment plans
  • Medication names and dosages
  • All notes and detailed observations

How encryption works:

  1. Each user has a unique encryption key generated in their browser
  2. Data is encrypted in your browser before transmission
  3. Encrypted data is stored in our database
  4. Only you can decrypt your data with your encryption key
  5. Even Solari Health staff cannot read your encrypted health data

Additional Security Measures

  • TLS/HTTPS: All data transmission uses 256-bit SSL encryption
  • AWS Cognito: Enterprise-grade authentication with secure password hashing
  • PostgreSQL: Industry-standard database with encrypted storage
  • CSRF protection: All state-changing requests validated against attacks
  • Rate limiting: Protection against brute force attacks
  • Content Security Policy: Protection against XSS and injection attacks
  • Security headers: HSTS, X-Frame-Options, and other protective headers

Your Security Controls

  • Strong password requirements enforced
  • Secure password reset via email verification
  • Automatic session expiration after 7 days
  • Complete account deletion with permanent data purging

6. Data Sharing & Third Parties

We Share Data ONLY With:

  • AI Analysis Providers (When You Request Insights):
    • Anthropic (Claude AI) — primary analysis
    • DeepSeek — secondary analysis for Multi-Agent mode
    • Data sent: Decrypted symptoms, visits, medications, demographics
    • Data retention: Zero — providers do not store your health data
    • Purpose: Real-time analysis to generate health insights
  • Infrastructure Providers:
    • AWS Cognito (authentication) — receives email and hashed password only
    • Vercel (hosting) — no access to user data, no analytics enabled
    • Upstash Redis (session caching) — session tokens only, no health data
  • Error Monitoring:
    • Sentry — error logs with all health data automatically redacted
    • Session recordings with all text and media masked

We NEVER:

  • Sell your data to advertisers, marketers, or data brokers
  • Share your data with insurance companies
  • Use your data for purposes other than providing the service
  • Train AI models on your personal health data
  • Store AI analysis prompts or responses on our servers

7. Data Retention

Active Accounts

  • Health data retained as long as your account is active
  • You control what to keep or delete at any time
  • Encryption keys stored securely for the life of your account

Deleted Accounts

  • Immediate deletion upon account termination
  • No grace period or data recovery option
  • Encryption keys permanently destroyed
  • Anonymized aggregate statistics may be retained (no personal information)

Security & Error Logs

  • Login and security logs retained for 90 days
  • Error logs (with health data redacted) retained per Sentry's policies
  • Used only for security, fraud prevention, and service improvement

8. Your Rights & Controls

You Can Always:

  • Access: View all your health data anytime
  • Export: Download your complete timeline in JSON, CSV, or HTML format
  • Edit: Modify or update any entry
  • Delete: Remove individual entries or your entire account
  • Portability: Take your data to another platform

How to Exercise Your Rights

  • Export data: Use the Export button in your account menu
  • Delete account: Use the Delete Account option in settings
  • Questions: Email privacy@solarihealth.ai

9. HIPAA Compliance Status

Solari Health implements HIPAA-grade security measures including:

  • End-to-end encryption of Protected Health Information (PHI)
  • Secure authentication and access controls
  • Audit logs and activity monitoring
  • Data breach notification procedures
  • Regular security assessments and updates

Note: Solari Health is a personal health tracking tool and is not currently a HIPAA-covered entity or business associate. We are not a healthcare provider, health plan, or healthcare clearinghouse. However, we implement security measures that meet or exceed HIPAA standards to protect your data.

10. International Users

Solari Health is operated from the United States. By using our service:

  • You consent to data processing and storage in the United States
  • All data is encrypted regardless of location
  • We use standard contractual clauses for international data transfers
  • You may have additional rights under local laws (GDPR, CCPA, etc.)

11. California Privacy Rights (CCPA)

California residents have these rights:

  • Right to know: What personal information we collect and how we use it
  • Right to delete: Request deletion of your personal information
  • Right to opt-out: We don't sell data, so no opt-out needed
  • Right to non-discrimination: Same service regardless of privacy choices

To exercise these rights, contact: privacy@solarihealth.ai

12. European Users (GDPR)

Under GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten")
  • Restrict or object to processing
  • Data portability
  • Lodge a complaint with supervisory authorities

Legal basis for processing: Consent (you provide data voluntarily) and Legitimate Interests (providing health tracking services).

13. Children's Privacy

Solari Health is intended for users 13 years and older. We do not knowingly collect information from anyone under 13. If we learn we have collected data from a child under 13, we will delete it immediately.

For users under 18: We recommend discussing your use of Solari Health with a parent, guardian, or healthcare provider. While our platform is designed to help you organize and track your health information, involving a trusted adult can help you get the most out of your healthcare journey.

14. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. When we make significant changes:

  • We'll update the "Last Updated" date at the top
  • We'll notify you via email for material changes
  • You'll see a notification in the app
  • Continued use after changes constitutes acceptance

15. Contact Us

Questions about privacy or data protection? We're here to help:

Your Privacy, Your Control

Solari Health exists to help you understand your health journey. We believe in transparency, security, and putting you in control of your data. If you have any concerns or questions, please don't hesitate to reach out.

Return to Home

For the most current version of this policy, visit: solarihealth.ai/privacy