Privacy Policy

ClawHealth is designed for personal health organization, trend review, and Agent-assisted explanation. Unless we enter into a separate written agreement with a healthcare provider, insurer, or other regulated entity, ClawHealth is a consumer wellness service and is not acting as a HIPAA covered entity or business associate.

The service does not diagnose disease, provide emergency care, or replace a qualified clinician. Users should seek professional medical advice for medical decisions and emergency help for urgent symptoms.

• Account information, such as email address, sign-in status, session identifiers, subscription entitlement, and account settings.
• Health and fitness information authorized by the user through Apple Health / HealthKit, including supported wearable signals such as sleep, heart rate, HRV, resting heart rate, steps, activity energy, workouts, vitals, body measurements, glucose-related data when available, and nutrition-related data when authorized.
• Health context records created by the user or by the user-authorized Agent, such as nutrition records, checkup summaries, self-reports, symptoms, goals, profile notes, and structured Markdown health context documents.
• Agent access records, including Agent tokens, token status, event requests, insight write-backs, and operational logs needed to run the service. We do not ask users to share Agent tokens publicly.
• Payment and subscription information received through Apple App Store billing, such as product identifiers, entitlement status, and receipt validation information. We do not receive full payment card numbers.
• Consent and compliance records, such as whether the user accepted the Privacy Policy and Terms of Use, the policy version shown, and the time of the request.
• Technical information needed for security, reliability, abuse prevention, and support, such as request timestamps, app version, device platform, sync status, error logs, IP-derived security signals, and aggregated service usage.

• To sync and maintain a rolling health context from user-authorized data sources.
• To show health status, trends, records, and Agent-written insights in the iOS app and web panel.
• To allow the user’s Agent to query health context, write back structured records, and generate useful follow-up insights when the user has created an Agent token.
• To write nutrition entries to Apple Health only when the user has granted write permission and the entry reflects a meal or nutrition record explicitly created by the user or their Agent.
• To operate account security, authentication, entitlement checks, service reliability, troubleshooting, and customer support.
• To prevent abuse, investigate security issues, enforce our Terms of Use, and protect users and the service.
• To comply with legal obligations and App Store requirements.

ClawHealth only accesses Apple Health data after the user grants permission in iOS. Users can change these permissions at any time in Apple Health or iOS Settings.

• HealthKit data is used only to provide health and fitness features requested by the user.
• HealthKit data is not sold.
• HealthKit data is not used for advertising, marketing, or cross-app tracking.
• HealthKit data is not used to train advertising models or unrelated AI models. We will not use identifiable health records for model training without separate, explicit consent.
• HealthKit data is shared only when needed to provide the service, with user-authorized Agents, with infrastructure providers acting on our behalf, or when legally required.
• If nutrition write-back is enabled, ClawHealth writes only user-confirmed nutrition records and does not intentionally create false or misleading Apple Health entries.

ClawHealth lets users create Agent tokens so trusted Agents can query health context and write structured records or insights back to the account. A valid Agent token should be treated like a password. Users are responsible for choosing which Agent receives a token and for revoking tokens that are no longer needed.

Third-party Agents, chat products, automation tools, and messaging bridges may have their own privacy practices. ClawHealth is responsible for the ClawHealth service, but not for independent services that the user chooses to connect outside our control.

ClawHealth is designed around a health context model. Detailed wearable samples are intended to be kept for the latest 90-day window where detailed timing is most useful. Older information may be retained as daily or longer-term aggregates so trends remain available without preserving every raw sample indefinitely.

Structured health context records, such as nutrition records, checkup summaries, self-reports, and goals, are retained until the user deletes them or deletes the account data. Users can request or perform deletion from the iOS app where available.

We do not sell personal health information. We use service providers to operate hosting, database, authentication, email delivery, analytics required for reliability, and Apple App Store subscription validation. These providers process information for service operation and are not permitted to use it for their own advertising purposes.

When users connect an Agent, the Agent can access health context using the token the user creates. Users should keep Agent tokens private and revoke tokens they no longer trust.

We may disclose information when required by law, to protect the security of the service, to investigate misuse, or as part of a merger, acquisition, financing, or transfer of assets, subject to appropriate confidentiality and data protection commitments.

• Users can revoke Apple Health permissions in iOS Settings or Apple Health.
• Users can revoke or regenerate Agent tokens from ClawHealth.
• Users can delete stored health context from the iOS app where the deletion control is available.
• Users can cancel subscriptions through their Apple account subscription settings.
• Users can request help through the ClawHealth request access form and include “Privacy” in the message.

We use reasonable technical and organizational safeguards to protect health context and account data, including HTTPS transport, email-based sign-in, token-based Agent access, permission-based HealthKit access, data deletion controls, and operational logging for security and reliability. Access to production systems should be limited to personnel and service providers who need it to operate the service.

No online service can guarantee perfect security. Users should protect their email account, device passcode, Apple account, and Agent tokens. If you believe your account or token has been exposed, revoke the token or delete stored data from the app where available.

ClawHealth may process data using infrastructure providers in multiple regions. By using the service, users understand that their information may be processed outside their home country where allowed by law.

ClawHealth is not intended for children under 13. If we learn that a child under 13 has provided personal information, we will take steps to delete it.

We may update this policy as the product, law, or infrastructure changes. If changes are material, we will make reasonable efforts to notify users in the app or on the website. The effective date at the top shows when this version applies.

For privacy questions, use the request access form at clawhealth.site/request-access and include “Privacy” in the message.