Privacy Policy

Last updated: March 27, 2026

Our core commitment

HealthOS is a local-first app. All processing happens on your device. We do not collect, transmit, or store your health data on any external server. Your health records belong to you.

1. Information We Process

HealthOS processes the following types of data entirely on your device:

  • Health documents — images, PDFs, and text you scan or import
  • Extracted health data — medications, lab results, diagnoses, and clinical notes derived from your documents by the on-device AI
  • Voice recordings — audio captured for transcription, processed locally by the on-device Whisper model
  • FHIR data — if you connect a hospital account via SMART on FHIR, the retrieved data is stored locally on your device only

None of this data is transmitted to HealthOS servers or third parties.

2. Data Storage

All data is stored in a local SQLite database on your device. Original document files (images, PDFs) are stored in the app's private sandbox directory. iCloud backup is controlled entirely by your iOS iCloud settings — HealthOS does not independently upload data to any cloud service.

3. On-Device AI

HealthOS uses two on-device AI models:

  • Qwen 2.5 1.5B — for health data extraction and answering questions about your records
  • Whisper (ONNX int8) — for transcribing voice recordings

Both models run entirely on your device. No text or audio is sent to external inference services.

4. Hospital Connections (SMART on FHIR)

When you connect a hospital account via SMART on FHIR (e.g., Epic, Cerner):

  • You authenticate directly with your hospital — HealthOS never sees your hospital credentials
  • An access token is stored securely in your device's keychain
  • Retrieved FHIR resources are stored locally on your device only
  • You can disconnect any hospital connection at any time from within the app

5. Analytics and Tracking

HealthOS does not use any analytics SDKs, advertising identifiers, or tracking pixels. We do not collect crash reports, usage statistics, or any behavioral data.

6. Camera, Microphone, and Photo Library

HealthOS requests access to your camera, microphone, and photo library solely for document scanning and voice recording. This data is processed on-device and never transmitted externally.

7. Children's Privacy

HealthOS is not directed at children under 13. We do not knowingly collect personal information from children.

8. Your Rights

You have full control over your data:

  • Delete — delete individual records or all data from within the app
  • Export — export your records at any time
  • Disconnect — disconnect hospital connections from the app settings

Deleting the app from your device removes all locally stored data.

9. Changes to This Policy

We may update this policy as new features are added. Material changes will be communicated via an in-app notice. Continued use of the app after changes constitutes acceptance.

10. Contact

Questions about this policy? Contact us at sabber@healthos.live.