Privacy Policy

Introduction

Hunuu Health Inc. ("Hunuu Health," "we," "us," or "our") is committed to protecting your personal health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, website, and mobile applications.

We are HIPAA compliant. Your health data is treated with the highest legal and ethical standards applicable to protected health information.

Information We Collect

We collect information you provide directly and information generated through your use of our platform:

• Account Information: Name, email address, date of birth, and account credentials
• Health & Biometric Data: Data from connected wearable devices including heart rate, HRV, sleep patterns, glucose levels, activity data, and other biometric measurements
• Lab & Clinical Data: Any health records, lab results, or clinical data you choose to upload
• Genomic Data: Genetic information you voluntarily provide for analysis
• Usage Data: How you interact with our platform, features used, and session information
• Device Information: Information about the devices and wearables you connect
• Payment Information: Processed securely through Stripe — we do not store payment card details

How We Use Your Information

• Provide and improve our AI-powered health intelligence platform
• Generate personalized health insights, predictions, and recommendations
• Enable Health Circle sharing features at your direction and with your explicit consent
• Process payments and manage your account
• Send platform updates, health alerts, and communications you've opted into
• Comply with legal obligations including HIPAA requirements
• Conduct anonymized research to improve health intelligence models (opt-out available)

HIPAA Compliance

Hunuu Health operates as a HIPAA-compliant platform. We implement the following protections:

• End-to-End Encryption: All health data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access controls limit who can access your data
• Audit Logging: All access to protected health information is logged
• Business Associate Agreements: All third-party vendors with access to PHI sign BAAs
• Breach Notification: We will notify you within 60 days of any discovered breach

Data Sharing

We do not sell your personal health data. Ever.

We may share information only in the following circumstances:

• With Your Explicit Consent: Health Circle sharing is entirely controlled by you via QR-gated permission tiers
• Service Providers: Trusted vendors who help operate our platform under strict confidentiality agreements
• Legal Requirements: When required by law, court order, or government request
• Safety: To prevent imminent harm to you or others
• Business Transfer: In the event of merger or acquisition, with advance notice to you

Your Rights

• Access: Request a copy of all personal data we hold about you
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your account and associated data
• Portability: Export your health data in standard formats
• Opt-Out: Opt out of anonymized research use of your data
• Restriction: Request restriction of certain processing activities

To exercise any of these rights, contact us at privacy@hunuuhealth.com. We will respond within 30 days.

Data Retention

We retain your health data for as long as your account is active and for up to 7 years after account deletion, as required by HIPAA regulations. You may request earlier deletion where legally permissible.

Children's Privacy

Hunuu Health is not directed to children under 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, contact us immediately.

Cookies & Tracking

We use essential cookies for platform functionality and authentication. We do not use advertising cookies or sell browsing data to advertisers. You may disable non-essential cookies in your browser settings.

International Users

Hunuu Health is operated in the United States. If you access our platform from outside the US, your information may be transferred to and processed in the United States, which may have different data protection laws than your country.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or prominent notice on our platform at least 30 days before changes take effect.

Our Commitment Against Government & Third-Party Surveillance

Your health data belongs to you. We have built Hunuu Health on a foundation of data sovereignty, and we make the following binding commitments:

• We never sell your data. Not to advertisers, data brokers, insurers, employers, or anyone else — for any price, ever.
• We never voluntarily share your data with any government. We do not provide your personal health information to any local, state, federal, or foreign government agency, law-enforcement body, intelligence service, or regulator for surveillance, profiling, enforcement, research, or any other voluntary purpose.
• We do not participate in bulk-data or backdoor programs. We have not built, and will not build, any mechanism designed to give a government standing or automated access to user data.
• Data minimization by design. We collect only what the product needs, we encrypt it at rest and in transit, and the less we hold, the less anyone can ever compel.

The single, narrow exception — required of every company that operates lawfully — is a valid, legally binding court order (such as a warrant or properly issued subpoena from a court of competent jurisdiction). In that event, and only in that event, we will:

• Disclose only the specific minimum data the order compels — never more;
• Challenge any request that is overbroad, defective, or unlawful, including in court;
• Notify the affected user in advance wherever we are legally permitted to do so, so you can seek to quash the order;
• Never treat such an order as license to share anything beyond its exact terms.

We will never voluntarily waive these protections, and we will never pretend a request is mandatory when it is not.

Data Retention Policy

We keep your data only as long as it is genuinely useful to you, and no longer. Our default posture is the shortest defensible retention for every data category, with a hard delete when you close your account.

While your account is active, we retain your health data so the platform can compute trends, your HIP score, and predictions for you. You can delete individual records at any time from within the app.

Data type	Retention
Account & profile	While active; deleted within 30 days of account closure
Biomarkers, labs, wearable data	While active; purged within 30 days of closure
HIP scores & derived analytics	While active; deleted with your account
Intimacy & sexual-wellness data	Shortest retention; never shared with clinicians or third parties; hard-deleted immediately on request or account closure
Connected-account tokens (devices, Google, etc.)	Until you disconnect; revoked & deleted on disconnect or closure
Analytics events	City-level only, no raw IP stored; aggregated and pruned on a rolling basis
Encrypted backups	Rolling window; deleted copies age out of backups within 90 days
Payment records	Retained only as long as tax/accounting law requires; held by our payment processor, not by us

Account deletion is a true hard delete. When you close your account, we permanently erase your personal health data from our live systems within 30 days and from our backups within 90 days. Deletion is irreversible — we do not keep a shadow copy. The only data that may persist is the narrow minimum any law (such as tax record-keeping for payments) strictly requires, and never your health data.

You may request deletion of specific data, export of your data, or full account erasure at any time by emailing privacy@hunuuhealth.com or using the in-app controls.