Sunu LogoSunu

Account & Privacy

How We Protect Your Health Data & Privacy

Learn about Sunu's privacy principles and how we keep your health information secure and private.

Your privacy is our top priority. We have designed Sunu to be private and secure by default, giving you complete control over your health information.

Our Core Privacy Principles

You Are in Control

Complete transparency:

  • You decide what data to share
  • Full control over Apple Health permissions
  • Can revoke access anytime
  • No hidden data collection

How to manage:

  • Grant or revoke permissions in iPhone Settings
  • Review at: Settings > Health > Data Access & Devices > Sunu
  • Change anytime without consequence
  • App respects all permission changes immediately

Temporary Processing

Your raw health data:

  • Processed temporarily to answer your questions
  • Immediately discarded after use
  • Never stored on our servers
  • Only kept long enough to provide response

What this means:

  • Heart rate readings aren't saved permanently
  • Sleep data analyzed and then removed
  • Activity metrics processed in real-time
  • Only analysis results retained, not raw data

Why it matters:

  • Minimizes data exposure risk
  • Reduces attack surface
  • Protects your privacy
  • Follows data minimization principles

Encrypted Conversations

What we do store:

  • Your chat history with the AI
  • Check-in entries
  • Meal logs
  • Health report preferences

How it's protected:

  • End-to-end encryption
  • Secure transmission (HTTPS/TLS)
  • Encrypted at rest
  • Industry-standard security

Access control:

  • Only you can access your data
  • Staff cannot view without authorization
  • No third-party access
  • Secure authentication required

No Sharing or Training

Your data is never:

  • Shared with third parties
  • Sold to advertisers
  • Used to train AI models
  • Provided to insurance companies
  • Given to employers
  • Shared with other users

Our commitment:

  • Your data stays private
  • Used only for your benefit
  • No monetization of your information
  • Ethical AI practices

What Data We Collect

Account Information

What we store:

  • Name and email address
  • Account creation date
  • Sign-in method (Apple ID)
  • Subscription status

Why we need it:

  • Account management
  • Communication
  • Service delivery
  • Subscription handling

Health Data We Access

From Apple Health (with permission):

  • Vitals and heart metrics
  • Activity and fitness data
  • Sleep information
  • Body measurements
  • Nutrition data
  • Lab results and clinical records

How we use it:

  • Display in the app
  • Generate health scores
  • Provide AI insights
  • Create visualizations

Important: Raw readings are processed temporarily and not permanently stored on our servers.

App Usage Data

What we collect:

  • Feature usage patterns
  • App performance metrics
  • Crash reports
  • Error logs

Why we need it:

  • Improve app functionality
  • Fix bugs and crashes
  • Enhance user experience
  • Optimize performance

What we don't collect:

  • Specific health values
  • Personal health details
  • Identifiable information in analytics
  • Sensitive content from chats

Data You Create

Permanently stored:

  • Chat conversations with AI
  • Check-in entries (mood, symptoms)
  • Meal logs and photos
  • Manual health entries
  • Notes and journal entries

Why we store it:

  • Provide continuity in conversations
  • Track patterns over time
  • Historical reference
  • Personalized insights

Your control:

  • Export anytime
  • Delete conversations
  • Clear check-in history
  • Remove meal logs

How We Protect Your Data

Technical Security Measures

Encryption:

  • HTTPS/TLS for all transmissions
  • AES-256 encryption at rest
  • Encrypted database storage
  • Secure key management

Access control:

  • Authentication required
  • Role-based access limits
  • Audit logging
  • Regular security reviews

Infrastructure:

  • Secure cloud hosting
  • Regular backups
  • Disaster recovery
  • DDoS protection

Privacy by Design

Architecture principles:

  • Data minimization
  • Purpose limitation
  • Storage limitation
  • Privacy-first features

Implementation:

  • Temporary health data processing
  • Encrypted conversations
  • Secure authentication
  • Isolated user data

Your Privacy Rights

Access Your Data

You can:

  • View all stored data
  • Export complete history
  • Download health reports
  • Review chat conversations

How to access:

  • Through app features
  • Export functionality
  • Support requests
  • Data portability tools

Delete Your Data

You can delete:

  • Individual conversations
  • Check-in entries
  • Meal logs
  • Account entirely

How to delete:

  • In-app deletion features
  • Account deletion (contact support)
  • Permanent and immediate
  • Cannot be recovered after deletion

Data Portability

Export options:

  • PDF health reports
  • Chat history
  • Check-in data
  • Meal logs
  • Complete data export

Standard formats:

  • PDF for reports
  • JSON/CSV for data
  • Compatible with other tools
  • Easy to archive

Third-Party Services

What We Use

Essential services:

  • Apple Sign In (authentication)
  • Cloud hosting (data storage)
  • Analytics (app improvement)
  • Payment processing (subscriptions)

What they access:

  • Only what's necessary
  • Subject to their privacy policies
  • GDPR compliant
  • Security audited

What We Don't Use

Never used:

  • Advertising networks
  • Data brokers
  • Social media tracking
  • Behavioral profiling services
  • Credit reporting agencies

Compliance and Standards

Regulatory Compliance

We comply with:

  • GDPR (European Union)
  • CCPA (California)
  • HIPAA awareness (not a covered entity)
  • Other applicable privacy laws

Your rights under GDPR:

  • Right to access
  • Right to erasure
  • Right to portability
  • Right to rectification
  • Right to object

Security Standards

Industry best practices:

  • OWASP security guidelines
  • SOC 2 principles
  • ISO 27001 concepts
  • Regular security audits

Transparency

Privacy Policy

Always available:

  • Detailed privacy policy
  • Plain language explanations
  • Regular updates
  • Change notifications

Where to find it:

  • In app: Profile > Privacy Policy
  • On website: sunu.health/privacy
  • Before account creation
  • Any time you need reference

Data Processing

What happens to your data:

  • Where it's stored (cloud region)
  • How it's processed
  • Who can access it
  • How long it's kept
  • How it's deleted

Full transparency:

  • No hidden practices
  • Clear documentation
  • Open communication
  • Trust through honesty

Children's Privacy

Age Requirements

Sunu is for:

  • Users 18 years and older
  • Or with parental consent
  • Not directed at children
  • No knowing collection from children

Parental control:

  • Review before child use
  • Supervise account creation
  • Monitor usage if allowed
  • Understand privacy implications

Data Breaches

Our Commitment

If a breach occurs:

  • Immediate investigation
  • User notification (if affected)
  • Regulatory reporting
  • Remediation actions
  • Transparent communication

Prevention measures:

  • Proactive security monitoring
  • Regular security assessments
  • Incident response plan
  • Employee training

Changes to Privacy Practices

How We Notify You

When we make changes:

  • In-app notification
  • Email announcement
  • Privacy policy update
  • Opt-in for material changes

Your options:

  • Review changes
  • Continue using app
  • Opt out of new practices
  • Delete account if desired

Questions and Concerns

Contact Us

How to reach us:

  • Email: privacy@sunu.health
  • In-app: Profile > Support
  • Response within 48 hours
  • Dedicated privacy team

We welcome:

  • Privacy questions
  • Data access requests
  • Deletion requests
  • Concerns or feedback

Best Practices for Your Privacy

What You Can Do

Enhance your privacy:

  • Use strong device passcode
  • Enable App Lock feature
  • Review Apple Health permissions regularly
  • Don't share device with others
  • Keep iOS updated
  • Use "Hide My Email" with Sign in with Apple

Be cautious about:

  • Sharing screenshots with PHI
  • Exporting data insecurely
  • Using on shared devices
  • Public WiFi without VPN

Comparison to Other Apps

Why Sunu Is Different

Many health apps:

  • Store all raw health data
  • Share data with partners
  • Use data for advertising
  • Train AI models on your data
  • Sell aggregated information

Sunu's approach:

  • Temporary processing only
  • No third-party sharing
  • Never for ads or training
  • Privacy-first architecture
  • Transparent practices

🔒 Privacy Promise

We will never sell your personal health data to third parties. Period. Your health information is sacred, and we're committed to protecting it with the highest standards of privacy and security.

📋 Full Details

This article provides an overview of our privacy practices. For complete legal details, please review our full Privacy Policy available at sunu.health/privacy or in the app at Profile > Privacy Policy.