Privacy Policy

Guava uses first party cookies to directly provide useful features such as login and remembering your settings. Cookies can be deleted at any time through your web browser settings, but after deleting them you may need to re-type your email or other credentials again to log into Guava. Our login screen offers you the option to "trust this device" which will store your email address in a cookie and keep you logged in for a longer period of time to make your Guava experience faster and more seamless.

We do not use 3rd party tracking or advertising cookies in the Guava portal (the main logged-in part of our app and website that contains personal health information). We may use analytics software from time to time on our public pages in order to understand the quality and effectiveness of our content. We do not sell this data.

You can delete your user account and data at any time from your Guava settings, and you can request a full download of your data at any time by emailing [email protected]. Download requests will take no longer than 30 days (or shorter if required by applicable law), but will usually be much faster. If Guava ever stops doing business or changes ownership through acquisition, you will receive an email giving you a chance to download or delete your data before new policies or deletions affect your data.

Guava generally allows you to input as much or as little data as you prefer. Only some data is required, such as an email address to manage your account. Most data is optional, such as full name and birth date. Guava features are generally more useful to you with more data, including the Insights and AI features if you choose to use them. Guava is able to collect almost any information related to your health, which may include contact info, medical records, insurance payment info, device data, journal entries, and more. The purpose for this data collection is to provide you with a comprehensive health account that you can use for any purpose related to managing your health, such as viewing charts, seeing insights, or sharing with a healthcare provider for better diagnosis and treatment.

Guava automatically collects error logs, audit logs, device data, and other technical data which may include IP address, browser or operating system, timestamps, and other data. This data is used for security, debugging, and maintaining performance and stability.

If you buy products or services from Guava, we collect payment info for the purpose of processing your payments and providing billing features like receipts and payment history.

If you use Guava's source integrations to patient portals and other apps, Guava stores all data that you allow when authorizing the integration. Some apps give you options for which data to sync, if you prefer to only sync some data. Patient portals may contain documents with extensive personal data, so if you want control over exact data types synced from your patient portal, we recommend you verify the content of your documents.

Guava will not share your personally identifiable data with any 3rd party unless you explicitly tell us to share with them, such as by clicking a share button in the Guava app. Guava uses some 3rd parties to process your data in order to deliver the Services to you, but this data is not shared with them for their own purposes. This includes the cloud services that Guava uses to store and manipulate data, such as Amazon Web Services, Cloudflare, and OpenAI. Your data is processed with minimal visibility such as by encrypting it at rest and in transit, or by only using brief "in-memory" processing which does not permanently store your data.

We do not sell your data. Every way we use your data is to provide you with better service.

By default, we only notify you to directly deliver our services, such as telling you about new health records, insights about your health, summaries of your activity, and billing. Notification types may include email, mobile app push, or other text messaging. Your notification preferences may be changed at any time from your Guava settings.

We will only email you marketing or promotional material if you indicate you are interested in receiving this type of material.

All data you upload or otherwise import into Guava may be viewed by authorized Guava employees when required in order to deliver the service to you. This may include directly obtaining your records from providers if you use one of our concierge services, or fixing and improving parts of the app when used with your data. Access to our databases and other files is only granted to employees on a need-to-know basis to minimize unnecessary access.

Data transfer and storage within Guava services use modern encryption and best practices to avoid unauthorized access. For example, passwords are one-way encrypted and unreadable by us, all communication is over HTTPS, and our databases use encryption at rest.

In the unlikely event that our systems are breached, we will immediately fix any damage and add more protection to prevent it from happening again. If your personal information is compromised, we will notify you of what was compromised and any recommended actions you should take.

The following policies apply only to certain users:

Residents of the European Economic Area, United Kingdom, or Switzerland: GDPR Privacy Addendum

Users who connect their Google Fit app to Guava: Google API Services User Data Policy (Guava complies, including the Limited Use requirements)