Privacy Policy

Last updated · April 2026

PLACEHOLDER — REVIEW WITH COUNSEL This is a working draft. Before launch, replace this file with a privacy policy reviewed by a qualified attorney experienced in HIPAA and US consumer privacy. The structure below covers the substance you'll need.

At NEUVIA we treat your information — and the information of the person you care for — with the seriousness this disease demands. This policy explains what we collect, how we use it, who we share it with, and the controls you have.

1. What we collect

Information you provide

  • Account details (name, email, phone)
  • Patient profile (preferred name, diagnosis stage, triggers, communication preferences)
  • Medications, routines, mood & behavior logs, memories, photos, voice notes
  • Emergency contacts
  • Payment information (processed by Stripe — we don't store card numbers)

Information collected automatically

  • Device and operating system, app version, crash and performance data
  • Approximate location for safe-zone alerts (only with your permission)
  • Usage events (which screens, when) — never the content of conversations

Information from connected services

  • Apple HealthKit / Google Health Connect (only with your permission, and only the categories you grant)

2. How we use it

  • To deliver and improve the NEUVIA service
  • To send notifications you've requested (medication reminders, safety alerts, weekly summaries)
  • To generate reports, including doctor-visit summaries, that you can share at your discretion
  • To respond to support requests
  • To detect, prevent, and respond to fraud or abuse
  • To meet legal and regulatory obligations

We do not sell your data. We do not use protected health information for advertising. AI-training opt-in is off by default and clearly toggle-able in Settings.

3. How we share it

With members of your care team that you explicitly invite. With service providers (e.g., AWS, Anthropic, Twilio, Stripe, Clerk) under written agreements that restrict their use of your information to providing services to NEUVIA. With law enforcement only when required by law. With successors in the event of a merger or acquisition (you'll be notified before any change in ownership).

4. HIPAA

NEUVIA is a HIPAA-conscious software product. We are not a covered entity, but we treat the information you store with us as protected health information and have business associate agreements (BAAs) in place with vendors that touch it.

5. Security

  • TLS 1.3 in transit · AES-256 at rest, customer-managed keys
  • Field-level encryption for free-text PHI (notes, voice transcripts, Copilot messages)
  • Row-level security keyed to household; least-privilege access; quarterly access review
  • Append-only audit log on every PHI read/write
  • Annual third-party penetration testing

6. Your choices

  • Access, correct, or download your data from Settings
  • Delete your account at any time — we anonymize per HIPAA Safe Harbor
  • Toggle notifications, location sharing, and AI training individually
  • For California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), and similar states, we honor verifiable consumer requests via privacy@neuvia.care

7. Children

NEUVIA is not directed to children under 13. If we learn we've collected information from a child under 13, we'll delete it.

8. Changes

If we change this policy, we'll post the updated date above and, for material changes, notify you in the app and by email at least 30 days before they take effect.

9. Contact

Questions, requests, or concerns: privacy@neuvia.care
NEUVIA, Inc. — mailing address forthcoming.