Privacy Policy
Your health data is sensitive. We treat it that way.
What we collect
Account information, the responses you provide in your assessment, labs and biomarkers you share, and product usage. Nothing else.
How we use it
Only to deliver and improve your personal experience inside EVORA OS. Your data is never sold and is never shared with advertisers, data brokers, or any third-party tracker.
Connected wearables and third-party health services
If you choose to connect a wearable or health service, we read a limited set of summary metrics through that provider's official API: from Oura — daily sleep, heart rate variability, resting heart rate, and activity; from WHOOP — daily recovery, sleep, strain, and workout / cycle summaries; from Garmin and Apple Health — the equivalent daily summaries you authorise. Access is read-only. We use this data solely to render your own dashboard, longitudinal observations, and personal recommendations inside EVORA OS. We never sell, rent, license, redistribute, or syndicate provider data to any third party; never use it in advertising; never share it with advertisers, data brokers, or analytics vendors; and never use it to train, fine-tune, or evaluate models for resale. We respect each provider's API rate limits and cache rules and do not retain raw payloads beyond what is needed to derive the observation shown in your dashboard. Each provider's own privacy policy continues to govern data inside their app — Oura: ouraring.com/privacy-policy · WHOOP: whoop.com/privacy · Garmin: garmin.com/en-US/privacy · Apple Health: apple.com/legal/privacy.
Disconnecting a wearable
Disconnecting a provider from your EVORA account immediately revokes our access token and permanently deletes the observations we received from that provider. Disconnecting in EVORA does not affect data stored inside the provider's own app — you control that separately. Deleting your EVORA account does the same for every connected provider.
Security and incident notification
Provider data is transmitted over HTTPS and stored encrypted at rest, with row-level access scoped to your account. If we become aware of any unauthorised access or use of provider-sourced data affecting your account, we will notify you without undue delay, as required by applicable law and by the WHOOP and Oura developer agreements.
Brand and trademark
Oura, the Oura Ring, WHOOP, Apple Health, Garmin, and other named devices are trademarks of their respective owners. EVORA OS is independent and is not affiliated with, endorsed by, or sponsored by these companies. We do not make public statements, press releases, or marketing claims about WHOOP, Oura, or any other provider without their prior written approval where required by their developer terms.
Data ownership
You own your data. You can export everything you've shared with EVORA at any time as CSV or FHIR-formatted JSON, and you can delete your account in one action.
No third-party trackers
EVORA OS does not run advertising pixels, session recorders, or behavioral analytics scripts. Anonymous server logs only.
Security
Data is encrypted in transit and at rest. Access is limited, role-based, and audited.
Your rights
You can request a copy of your data, correct it, restrict processing, or delete your account at any time from your account page or by emailing privacy@evora.health.
Contact
privacy@evora.health
Last updated: May 2026 · Draft