Privacy Policy

Last updated: 2026-03-30

1. Overview

NeuraHealth ("the App") is an AI-powered health monitoring research tool that uses your device’s camera to estimate vital signs via remote photoplethysmography (rPPG). The App is for research and educational purposes only and is not a medical device.

2. Data We Collect

  • Camera frames — processed in real-time on your device. Raw video is never transmitted or stored.
  • Derived vitals — heart rate, respiration rate, HRV, SpO₂ estimates, stress index, and metabolic predictions. These are stored locally on your device in an encrypted IndexedDB database.
  • Session metadata — timestamps, duration, and signal quality metrics.
  • Error and crash reports — anonymised stack traces sent to our error-monitoring service (Sentry) to improve reliability. No health data is included.

3. How We Process Data

All vital-sign inference runs on-device using WebAssembly and ONNX Runtime. Camera frames never leave your browser. Health data stored in IndexedDB is encrypted at rest using the Web Crypto API (AES-GCM 256-bit) with a per-device key.

4. Data Sharing

We do not sell, rent, or share your health data with third parties. Anonymised, aggregated usage analytics (page views, feature adoption) may be collected via privacy-respecting analytics tools. No personally identifiable health information is included.

5. Data Retention

Session data is stored locally on your device. You can delete all stored data at any time from the Settings page. Sessions older than 30 days are automatically purged.

6. Your Rights

  • Access & Export — export all stored sessions as JSON from the Settings page.
  • Deletion — clear all local data instantly.
  • Withdraw Consent — stop using the camera at any time; revoke camera permission in your browser settings.

7. Security

We implement industry-standard security measures including HTTPS-only transport, Content Security Policy headers where configured, AES-256-GCM encryption of stored session payloads where the Web Crypto API is available, optional server-proxied API access so upstream credentials are not embedded in the client bundle, and regular dependency auditing.

8. Children’s Privacy

The App is not intended for use by individuals under 18. We do not knowingly collect data from children.

9. Medical Disclaimer

NeuraHealth is not a certified medical device. Measurements are estimates intended for wellness and research purposes. Do not use this tool for clinical diagnosis or treatment decisions. Always consult a qualified healthcare provider for medical advice.

10. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via an in-app notification. Continued use after changes constitutes acceptance.

11. Contact

Questions about this privacy policy? Contact the NeuraHealth team at privacy@neurahealth.app.

Back to Home