Skip to main content

600+ people have already joined the waitlist · apply for early access

Back to Home

Consumer Health Data Privacy Policy

Required under the Washington My Health My Data Act

Last updated: May 26, 2026

This Consumer Health Data Privacy Policy is provided in compliance with the Washington My Health My Data Act (MHMDA). It describes how Ovaela ("Company," "we," "us," or "our") collects, uses, shares, and protects your consumer health data when you use Ovaela (the "Service"). This policy is separate from and in addition to our general Privacy Policy.

1. What Consumer Health Data We Collect

We collect the following categories of consumer health data:

  • Blood work results, lab values, panel types, reference ranges, and dates
  • Nutrition logs, meals, macronutrients, caloric intake, and dietary patterns, including voice-logged and photo-logged meals
  • Workout data, exercises, sets, reps, duration, and training history, including Pilates and running sessions
  • Supplement and medication information, supplement products, dosages, timing, and stacks, and the current medication list you choose to record
  • Wearable and connected-device metrics (e.g., recovery scores, heart rate variability (HRV), strain, and sleep performance) that you route into Ovaela through a third-party service you authorize, such as Apple Health or a wearable-data aggregator
  • Menstrual cycle data, cycle information and symptom logs, when applicable
  • Health profile and lifestyle context, medical conditions you record, allergies, wellness goals, activity level, alcohol use, and tobacco or nicotine use (including product type)
  • Demographic health context, age, biological sex, height, and weight, used to personalize your wellness analysis. We do not collect your race or ethnicity.
  • Photos, meal photos, supplement labels, and blood-work document scans you upload. Ovaela does not store the original photo or document scan with the saved log entry; after processing, Ovaela stores only the derived analysis, such as foods, macros, supplement details, or parsed lab markers
  • Daily check-in responses, self-reported wellness data and free-form chat transcripts collected through voice and text conversations
  • AI-generated wellness insights, observations, trend analyses, and pattern flags produced by the Service based on your data
  • Provider-search location, the ZIP or postal code you enter when using the in-app doctor directory (see Section 2 for how this is used and retained)

Where Ovaela offers genetic-file interpretation (for example, a 23andMe or AncestryDNA export), the raw genetic file is processed on your device and is not uploaded to or stored by Ovaela. We do not currently persist genetic markers, variant flags, or genetic-derived wellness interpretations. If a future version of the Service stores any genetic-derived information, we will update this Policy before enabling it.

2. How We Collect Your Health Data

We collect consumer health data through the following methods:

  • Directly from you, through manual data entry, voice check-in conversations, text-based health intake forms, and photo uploads (e.g., meal photos, supplement labels, and blood-work document scans)
  • From connected devices, through third-party services you authorize and connect (such as Apple Health, or a wearable-data aggregator), which relay only the metrics you approve from devices you own. Ovaela has no direct first-party integration with WHOOP or other wearable brands. The wearable-data aggregator used by the web app is identified in Section 4.
  • From a provider search, if you use the in-app doctor directory, the ZIP or postal code you enter is used to surface nearby providers. It is used for that search and is not retained beyond the session unless you save a provider to your profile.

We do not collect consumer health data from third-party data brokers, social media, or any source other than those listed above.

3. Purpose of Collection

We collect and process your consumer health data for the following purposes:

  • To provide AI-powered wellness observations and educational health insights
  • To store your health history so you can track your wellness over time
  • To generate trend analyses and visualizations of your health data
  • To detect patterns that may warrant a recommendation to consult your healthcare provider
  • To support a planned doctor-sharing workflow under which you could prepare and share a wellness summary with a healthcare provider with your explicit, per-instance consent. This workflow is not yet enabled in production (see Section 4)

4. Who We Share Your Health Data With

We share your consumer health data only in the following circumstances:

Healthcare Providers (Doctor-Sharing Workflow; Planned, Not Yet Enabled)

Ovaela does not currently share your consumer health data with any healthcare provider. The doctor feature on both the iOS app and the web app is, at present, an informational directory only. Ovaela does not transmit a wellness summary to any provider on your behalf from either surface, and does not currently generate provider-facing shareable links. Ovaela is designing a future web-app workflow that would let you generate a wellness summary and share it with a provider you select. As designed, that workflow would share only the raw consumer health data categories you select; each share would require separate, granular consent; you could revoke access at any time (which would permanently delete the shared summary from Ovaela's servers); access would be by a unique shareable link that you forward to your chosen provider; and providers would not log in to Ovaela or browse Ovaela users. That workflow is not yet enabled in production. Ovaela will update this Policy and the Privacy Policy before activating it. See the Privacy Policy §5 for the full description.

Service Providers and Processors

Supabase: provides encrypted database hosting and authentication. Your health data is stored in encrypted form at rest and in transit.

Anthropic (Claude AI): processes your health data to generate wellness insights. Data sent to Anthropic is used to generate your insights; Anthropic does not use commercial inputs or outputs to train its models by default.

Vercel: provides application hosting and server compute. Your health data transits Vercel's infrastructure over encrypted connections and may be processed transiently in server memory so the Service can operate; health data is not intentionally stored at the hosting layer.

Terra: a wearable-data aggregator used by the Ovaela web app. When you connect a wearable device through the web app, Terra relays the device metrics you authorize to Ovaela. Terra receives only those wearable metrics; it does not receive your other health data. On the native iOS app, Apple Health metrics (including WHOOP data you route through Apple Health) are read on your device and sent directly to Ovaela without Terra; other wearables you connect in the app (Oura, Fitbit, Garmin, Polar, Suunto, or Withings) are relayed through Terra, the same as on the web.

Perplexity: used to retrieve published research that enriches your wellness insights. Ovaela sends research queries derived from your health observations after attempting to remove direct identifiers; these queries may include non-identifying markers, values, or trends, but not your identity or your full stored health record.

Email delivery providers (Resend, and Postmark where configured): send Ovaela's account, security, sharing-related, and notification emails (such as sign-in links, password resets, and a reminder that your weekly snapshot is ready to view in the app). Ovaela does not include your personal health data, your logged entries, results, wellness metrics, or summaries, in the emails it sends to you; that data stays in the app behind your sign-in. The provider receives only your email address and the account or notification message needed to deliver it.

We do not sell your consumer health data. We do not share your consumer health data for advertising purposes. We will not sell your consumer health data without the separate valid authorization required by the My Health My Data Act. We will not collect, use, or share your consumer health data for any purpose not described in this policy unless we first provide any required notice and obtain any consent required by law. We also do not use a geofence around any health care facility to identify, track, collect data from, or send notifications to consumers based on their proximity to such a facility.

5. How to Withdraw Consent

You may withdraw your consent for the collection and use of your consumer health data at any time by:

  • Using the Settings > Privacy controls within the Ovaela application
  • Emailing admin@ovaela.ai with the subject line "Withdraw Consent"

Upon withdrawal, we will stop collecting new consumer health data. You may also request deletion of all previously collected data (see Section 6 below).

6. Your Rights

Under the Washington My Health My Data Act, you have the following rights regarding your consumer health data:

  • Right to access: You can request and download all consumer health data we hold about you in a portable format
  • Right to delete: You can request permanent deletion of all your consumer health data. We will comply within 30 days of your request.
  • Right to withdraw consent: You can withdraw your consent for collection and use of your consumer health data at any time, without penalty

To exercise any of these rights, use the in-app settings or email admin@ovaela.ai with the subject line "MHMDA Request." We will respond within 30 days.

7. Contact

Ovaela Privacy Team
Email: admin@ovaela.ai
Subject line: "MHMDA Request"

Ovaela provides wellness information, not medical advice. This is not a substitute for professional medical diagnosis or treatment. Always consult a qualified healthcare provider before making health decisions. Powered by AI, not a licensed healthcare professional.