Privacy Policy

Guava uses first party cookies to provide useful features such as login and remembering your settings. Cookies can be deleted at any time in your web browser settings, but you may need to log in again. Our login screen lets you "trust this device" which stores your email address in a cookie and keeps you logged in longer. This can make Guava faster and easier to use.

We do not use 3rd party tracking or advertising cookies in the Guava portal. This portal is the main logged-in part of our app and website that contains personal health information. We may use analytics on our public pages to understand the quality of our content, but we do not sell this data.

You can delete your user account and data at any time from your Guava settings. You can also request a full download of your data at any time by emailing [email protected]. Download requests will take no longer than 30 days, or shorter if required by applicable law. If Guava ever stops doing business or changes ownership through acquisition, you will get an email with a chance to download or delete your data before new policies or deletions affect your data.

Guava lets you input as much or as little data as you like. Only some data is required, such as an email address to manage your account. Most data is optional, such as full name and birth date. Guava features are more useful with more data, including Insights and AI features if you choose to use them. Guava can collect almost any information related to your health. This may include contact info, medical records, insurance payment info, device data, journal entries, and more. The purpose of this data collection is to give you a complete health account that you can use for any health management purpose. These purposes may include viewing charts, seeing insights, or sharing with a healthcare provider for better care.

Guava collects error logs, audit logs, device data, and other technical data. This may include IP address, browser or operating system, timestamps, and other data. We use this data for security, debugging, and to keep the system fast and stable.

If you buy products or services from Guava, we collect payment info. We use it to process your payments and provide billing features like receipts and payment history.

If you use Guava's source connections to patient portals and other apps, Guava stores all data that you allow. Some apps let you choose which data to sync, in case you prefer to only sync some data. Patient portals may contain documents with a lot of personal data. So, if you want to control the exact data synced, you should check the content of your documents.

Guava will not share your personally identifiable data with a 3rd party unless you tell us to share with them. For example, you can click a share button in the Guava app. Guava uses some 3rd parties to process your data in order to deliver the Services to you. This data is not shared with them for their own purposes. This includes the cloud services that Guava uses to store and handle data, such as Amazon Web Services, Cloudflare, and OpenAI. Your data is processed with minimal visibility such as by encrypting it at rest and in transit, or by only using brief "in-memory" processing which does not permanently store your data.

We do not sell your data. Every way we use your data is to provide you with better service.

By default, we only notify you to deliver our services. This includes telling you about new health records, insights about your health, summaries of your activity, and billing. Notification types may include email, mobile app push, or other text messaging. Your notification settings may be changed at any time from your Guava settings.

We will only email you marketing or promotional material if you indicate you want it.

Data you put into Guava may be viewed by authorized Guava staff when required to deliver the service to you. This may include getting your records from providers if you use our concierge services. It may also include fixing and improving parts of the app when used with your data. Access to our databases and other files is only given to staff when needed.

Data transfer and storage in Guava services use modern encryption and best practices to avoid unauthorized access. For example, passwords are one-way encrypted and unreadable, communication uses HTTPS, and databases use encryption at rest.

If our systems are ever breached, we will immediately fix any damage and add more protection to stop it from happening again. If your personal info is compromised, we will tell you what was compromised and share any recommended actions you should take.

The following policies apply only to certain users:

Residents of the European Economic Area, United Kingdom, or Switzerland: GDPR Privacy Addendum

Users who connect their Google Fit app to Guava: Google API Services User Data Policy (Guava complies, including the Limited Use requirements)

Users of the TEFCA Nationwide Sync feature for US-based health records: TEFCA Privacy and Security Notice