Privacy Policy

1. Introduction

This Privacy Policy explains how Sunu Health ("we," "our," or "us") collects, uses, shares, and protects your information when you use our Sunu mobile application and related services (collectively, the "Service"). Your privacy is critically important to us, especially given the sensitive nature of health information.

By using Sunu, you agree to the collection and use of information in accordance with this policy. This policy is effective as of January 2025, and will be updated periodically to reflect any changes in our privacy practices.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly to us when you:

• Sign in with Apple (with the option to hide your email).
• Manually input your health profile data (e.g., conditions, medications).
• Grant access to your Apple Health data (e.g., clinical records, vitals, sleep, activity).
• Communicate with our AI assistant, including any text, images, or barcodes you send.

2.2 Information Collected Automatically

When you use our Service, we automatically collect:

• Device information (device type, operating system version).
• Log information and usage statistics to improve app functionality and user experience.

2.3 TrueDepth/ARKit Blink Signals (if you enable Blink features)

When you enable the Blink feature on supported devices, we access Apple's TrueDepth API via ARKit to read ARFaceAnchor.blendShapes coefficients only for eyelid closure: eyeBlinkLeft and eyeBlinkRight (values from 0.0 to 1.0 indicating relative lid closure). We do not collect or store RGB/IR images, depth maps, facial geometry meshes, Face ID templates, or any identifiers derived from facial geometry.

2.4 Voice and Audio Data (Optional Experimental Feature)

When you choose to use our experimental voice biomarker features:

• Voice recordings: Brief audio samples (typically 10-30 seconds) during guided exercises
• On-device processing: Initial analysis occurs on your device when possible
• Cloud processing: Advanced analysis may require secure cloud processing with immediate deletion after analysis
• No persistent storage: Voice recordings are automatically deleted after analysis unless you explicitly choose to save results
• Purpose limitation: Used solely for experimental wellness insights, never for identification, surveillance, or commercial purposes

3. How We Use Your Information

We use your information to:

• Provide, maintain, and improve our Service.
• Generate personalized health insights and recommendations when you interact with our AI assistant.
• Store your chat history to provide a persistent and synchronized conversation experience.
• Respond to your comments, questions, and support requests.
• Send you technical notices, updates, and security alerts.
• Monitor and analyze trends and usage to improve our Service.
• Detect, investigate, and prevent fraudulent or unauthorized activities.

When you use our AI features, a temporary subset of your recent health data is sent to our secure servers to provide context for the AI. The resulting conversation, which may include health information, is then stored as part of your chat history. We are committed to ensuring your personal data is never used to train our or any third-party AI models.

4. AI Health Insights and Medical Limitations

4.1 Nature of AI Health Insights

Our AI assistant analyzes your health data to provide personalized insights and suggestions. However, these insights:

• Are not medical diagnoses: The AI cannot diagnose medical conditions, interpret symptoms, or determine the medical significance of health data patterns.
• Are based on statistical patterns: Insights are generated from population-level data and may not account for your unique medical history or individual circumstances.
• Cannot replace professional judgment: Healthcare professionals have training, clinical experience, and access to comprehensive diagnostic tools that our AI lacks.
• May contain errors: Like all AI systems, our technology can make mistakes or misinterpret data.

4.2 Experimental Features and Beta Testing

Some features in Sunu may be experimental or in beta testing phases, including:

• Voice biomarker analysis: Experimental feature for wellness tracking only, not medical diagnosis
• Blink rate monitoring: Observational wellness tool, not a clinical assessment
• Symptom pattern analysis: Educational insights, not diagnostic determinations
• Sleep and activity correlations: Informational patterns, not medical interpretations

These experimental features are clearly marked in the app with appropriate disclaimers about their limitations and proper use.

4.3 When to Seek Medical Care

4.4 Liability Limitations

By using Sunu's AI health features, you acknowledge and agree that:

• You use these insights at your own discretion and risk
• We are not liable for any health decisions made based on AI-generated content
• We strongly recommend discussing any health concerns with qualified healthcare professionals
• You will not rely solely on our AI insights for medical decisions
• You understand the experimental nature of certain features

5. How We Protect Your Information

We implement robust, multi-layered security measures to protect your information:

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using industry-standard TLS.
• Encryption at Rest: All stored data, including your chat history, is encrypted at rest in our database using AWS Key Management Service (KMS) with AES-256 encryption.
• Secure Infrastructure: Our services are built on HIPAA-eligible AWS infrastructure, and we follow security best practices.
• Strict Access Controls: We enforce the principle of least privilege. Internal access to user data is strictly limited to authorized personnel for specific, legitimate purposes such as technical support and system maintenance, and all such access is logged and audited.
• No AI Model Training: Your personal data is never used to train our AI models or third-party AI systems.

While we implement safeguards designed to protect your information, no security system is impenetrable. We continuously improve our security practices to address new and evolving threats.

6. AI Model Training and Data Use

6.1 Personal Data Protection

6.2 Third-Party AI Services

We use third-party AI services (such as OpenAI, Anthropic, or Google) to power our health assistant. When using these services:

• Data minimization: We send only necessary context, not your complete health profile
• Contractual protections: Our agreements with AI providers prohibit using your data for their model training
• Encryption in transit: All data sent to third-party AI services is encrypted
• No persistent storage: Third-party services do not retain your data after processing
• API-only access: We use official APIs with enterprise-grade privacy protections

13. Regulatory Compliance and Standards

13.1 HIPAA Considerations

While Sunu is not a covered entity under HIPAA (Health Insurance Portability and Accountability Act), we voluntarily adopt HIPAA-inspired privacy and security practices to protect your health information:

• Technical safeguards including encryption and access controls
• Administrative safeguards including staff training and audit procedures
• Physical safeguards protecting our data centers and systems
• Regular security assessments and incident response procedures

13.2 FDA Regulatory Status

13.3 International Privacy Laws

We respect international privacy regulations including GDPR, CCPA, and other applicable laws:

• Right to erasure: You can request deletion of your personal data
• Data portability: You can export your data in machine-readable formats
• Consent management: You can withdraw consent for data processing at any time
• Breach notification: We will notify affected users of significant data breaches within 72 hours

14. Contact Us

If you have any questions about this Privacy Policy, please contact us at: