The short version: your health data exists in Livosa to serve you. We don't sell it, we don't show ads, we don't let AI providers train on it, and you can export or permanently delete everything at any time.
1. Who we are
Livosa ("Livosa", "we", "us") operates the Livosa mobile application and the website livosahealth.com. Livosa is the data controller for the personal data described in this policy. You can reach us at support@livosahealth.com.
2. What we collect
Information you give us
- Account data: email address and name when you sign up with email, Google Sign-In, or Sign in with Apple.
- Profile data: details you choose to add, such as age, sex, height, weight, and goals — used to compute your personal nutrition targets.
- Health & wellness logs: the entries you create in the app — meals and nutrition, medicines and supplements (including dose schedules and adherence), symptoms, mood, hydration, workouts, sleep, menstrual-cycle entries, vitals, lab results, and body-composition measurements.
- Photos: food photos you take for AI food recognition, and files you upload (e.g. lab-result documents).
- Voice input: if you use voice food logging, speech is transcribed on your device by your phone's speech-recognition service; we receive the resulting text, not a stored recording.
- Messages to the AI Coach: the questions you type or send in coach conversations.
Information collected automatically
- Usage and diagnostics: app interactions, crash reports, and performance data (Firebase Analytics and Crashlytics), plus basic device information (model, OS version, language).
- Purchase state: whether you have an active subscription, via RevenueCat and the app stores. We never see your full payment card details.
Information from connected platforms (optional)
- Health Connect (Android) / Apple Health (iOS): with your explicit permission, steps and workout data. See section 5.
The website itself (livosahealth.com) is a static site and does not set tracking cookies or run analytics.
3. How we use your data
- To provide the app: store your logs, compute nutrition totals and targets, schedule dose reminders, and sync your data across your devices.
- To power safety features: interaction scans across your medicines and supplements, drug–nutrient depletion flags, and adherence summaries. These use published reference data and run against your own logs.
- To generate insights, patterns, and AI Coach responses grounded in your own history.
- To send notifications you enable (e.g. dose reminders).
- To operate, debug, and improve the app (aggregate analytics and crash diagnostics).
- To provide support when you contact us.
We do not sell personal data. We do not show third-party advertising, and we never use health data for advertising of any kind.
4. AI features
Some features send data to an AI model to work. Every such request goes through our secure backend (Google Cloud Functions) — the app never talks to an AI provider directly, and requests are not accompanied by your name, email, or account identity. We use two AI providers:
- Google (Gemini models) powers the AI Coach (your question plus relevant context from your recent logs), photo and voice food recognition (the photo or transcribed description you submit), supplement and medicine information lookups, and insight summaries. Under Google's Gemini API terms for paid services, this content is not used to train Google's models.
- DeepSeek powers 7-day meal-plan generation. These requests contain only the nutrition context needed to build the plan — your targets, dietary preferences, and recent intake patterns — never your identity or contact details.
- AI features run only when you invoke them — nothing is sent to an AI provider in the background.
- AI responses are generated content and can be inaccurate; they are not medical advice.
5. Health Connect & Apple Health
If you choose to connect them, Livosa reads steps and workout data from Health Connect (Android) or Apple Health (iOS). Our use of this data follows Google's Health Connect Permissions policy and Apple's HealthKit guidelines, including their limited-use requirements:
- It is used only to provide the features you see — activity dashboards, energy-balance calculations, and your own insights.
- It is never used for advertising, never sold, and never shared with third parties except the infrastructure providers that store your account data (section 6).
- You can revoke access at any time in Health Connect / Apple Health settings or your device settings; Livosa keeps working without it.
6. Service providers we rely on
We share data only with the processors below, only to run the app, and only to the extent needed:
| Provider | What for | What they process |
|---|---|---|
| Google Firebase (Google LLC) | Authentication, database (Firestore), file storage, push notifications, analytics, crash reporting, abuse protection (App Check) | Account data, your logs, photos, device/usage data |
| Google (Gemini API) | AI Coach, photo & voice food recognition, supplement/medicine information, insight summaries | The content you submit to those features plus relevant log context — only when you use them, never with your account identity |
| DeepSeek | AI meal-plan generation | Nutrition targets, dietary preferences, and recent intake patterns — never your identity or contact details |
| Supabase | The shared food-nutrition catalog you search against | Your food search queries (not your identity or logs) |
| Open Food Facts | Barcode lookups for packaged foods | The barcode / product query only |
| RevenueCat | Subscription management | App-store purchase state and a pseudonymous app user ID |
| Google Play / Apple App Store | Payment processing for subscriptions | Handled under their own terms and privacy policies |
We may also disclose data if the law genuinely requires it, or as part of a business transfer — in which case this policy continues to apply and we would notify you.
7. How we protect your data
- All data is encrypted in transit (TLS) and encrypted at rest on Google Cloud infrastructure.
- Your records live in a per-user private area of our database; access rules prevent other users from reading them.
- Medicine vault: medicine names you place in the vault are additionally encrypted on your device with a key held in your device's secure storage — they leave your device only in encrypted form, and we cannot read them.
- Backend access is protected by Firebase App Check to block unauthorized clients.
- A local copy of your data is stored on your device (protected by your device's own security) so the app works offline.
8. Retention & deletion
We keep your data for as long as your account exists so the app can show your history. When you delete your account (Profile → Delete Account in the app, or by emailing us), your account, logs, photos, and preferences are permanently deleted immediately, and residual copies in backups are purged within 30 days. Full details and an app-free deletion path are on our account deletion page.
After deletion we may retain only: anonymized, aggregated statistics that no longer identify you, and minimal records where retention is legally required.
9. Your rights
Depending on where you live (including under the GDPR, UK GDPR, and the CCPA/CPRA), you have the right to:
- Access and portability — the app's built-in export produces your data as CSV or PDF at any time, no request needed.
- Correction — edit any log or profile field directly in the app.
- Deletion — delete individual entries in the app, or your entire account as described above.
- Objection / restriction — contact us to object to a specific processing activity.
- No discrimination — we never treat you differently for exercising these rights, and since we don't sell data, there is nothing to opt out of selling.
To exercise a right you can't complete in-app, email support@livosahealth.com. If you're in the EEA or UK, you also have the right to lodge a complaint with your local supervisory authority.
10. Children
Livosa is not directed to children and is intended for users aged 16 and over. We do not knowingly collect data from children under 16; if you believe a child has created an account, contact us and we will delete it.
11. International transfers
Our infrastructure providers (section 6) may process data on servers outside your country, including in the United States. Where required, transfers rely on appropriate safeguards such as the EU Standard Contractual Clauses implemented by those providers.
12. Changes to this policy
If we make material changes, we will update the effective date above and notify you in the app before the changes take effect. Continued use after notice means you accept the updated policy.
13. Contact
Questions, requests, or concerns: support@livosahealth.com.