Arteev Labs

Consumer Health Data Privacy Policy

Effective Date: June 12, 2026

Arteev Labs Inc. ("Arteev Labs," "we," "us," or "our") provides Arteev, a privacy-forward wellness pattern intelligence service. This Consumer Health Data Privacy Policy ("Consumer Health Data Policy") supplements our Privacy Policy and explains how we collect, use, share, retain, delete, and protect Consumer Health Data.

This Consumer Health Data Policy is intended to satisfy applicable United States consumer health-data privacy requirements, including the Washington My Health My Data Act, Nevada consumer health-data law, Connecticut consumer health-data requirements, and similar laws that may apply. If this Consumer Health Data Policy conflicts with our general Privacy Policy regarding Consumer Health Data, this Consumer Health Data Policy controls.

Arteev is not a medical device, clinical service, healthcare provider, emergency service, diagnosis tool, treatment tool, or crisis-monitoring service. We do not provide medical advice, mental-health advice, diagnosis, treatment, clinical interpretation, monitoring, or emergency response.

1. What Consumer Health Data Means

For purposes of this Consumer Health Data Policy, "Consumer Health Data" means personal information that is linked or reasonably linkable to a user and that identifies or could reasonably be used to infer the user's past, present, or future physical or mental health status.

Consumer Health Data is broader than Apple HealthKit or Google Health Connect data. It may include:

  1. Platform-authorized health and fitness data, such as steps, activity, sleep, heart rate, heart rate variability, workout, movement, or similar data that you authorize through Apple HealthKit, Google Health Connect, or another supported permission flow.
  2. User-entered wellness data, such as voice notes, text notes, journal-style entries, reflections, mood, energy, stress, routines, sleep comments, exercise comments, habits, symptoms, lifestyle patterns, goals, and similar information that you choose to submit.
  3. Voice transcripts and summaries, to the extent they contain or imply wellness, physical-health, mental-health, sleep, activity, habit, emotional-state, or routine-related information.
  4. Derived or inferred wellness insights, such as Cards, Weekly Pattern Reports, Morning Forecasts, pattern summaries, correlations, trend indicators, routine insights, and similar Arteev-generated outputs.
  5. Related metadata, such as timestamps, feature context, interaction metadata, consent records, and technical records when reasonably associated with Consumer Health Data.

We do not intentionally request sensitive personal information such as race, religion, political opinion, union membership, sexual orientation, sex life, criminal history, genetic information, reproductive health information, or precise health-facility location information. However, because Arteev allows free-form voice and text input, you may voluntarily include sensitive information in User Content. You should avoid submitting sensitive information that is unnecessary for your use of the Service.

2. Categories of Consumer Health Data We Collect

The Consumer Health Data we collect depends on the features you choose to use.

Category Examples Collection Source Purpose
Authorized health and fitness data Steps, sleep, heart rate, heart rate variability, activity, workout, movement, or similar categories you authorize Apple HealthKit, Google Health Connect, device permission frameworks, or other supported sources Provide wellness pattern intelligence, Cards, Weekly Pattern Reports, Morning Forecasts, and related user-facing insights
User-entered wellness logs Voice notes, text notes, reflections, mood, energy, stress, habit, routine, lifestyle, sleep, activity, or symptom-related entries you choose to submit You Generate transcripts, summaries, Cards, reports, forecasts, and personal pattern insights
Voice input and transcripts Voice audio submitted for transcription, resulting transcript text, transcript metadata You; transcription provider processing on our behalf Convert voice input into text and generate user-facing outputs
Generated wellness outputs Cards, Weekly Pattern Reports, Morning Forecasts, summaries, visualizations, correlations, and related insights Arteev processing based on your submitted or authorized data Display user-facing wellness pattern intelligence and help you understand trends
Interaction and feature metadata Report views, edits, saves, deletion actions, notification interactions, feature usage, timestamps Your use of the Service Operate, personalize, improve, secure, debug, and support the Service
Support-related Consumer Health Data Information you choose to include in customer support messages or screenshots You Respond to inquiries, troubleshoot issues, resolve disputes, and provide support

We collect only the Consumer Health Data reasonably necessary to provide the features you request, operate the Service, maintain security, comply with law, and support users.

3. Sources of Consumer Health Data

We collect Consumer Health Data from the following categories of sources:

  1. You, when you record voice input, type notes, save or edit Cards, submit support requests, use features, or provide consent.
  2. Your device and operating-system permission frameworks, such as Apple HealthKit and Google Health Connect, only after you grant permission.
  3. Arteev-generated processing, when the Service creates summaries, reports, forecasts, or insights from data you submitted or authorized.
  4. Service providers acting on our behalf, such as transcription, AI-generation, hosting, diagnostics, analytics, subscription, authentication, and push-notification providers, only as needed to operate the Service.

4. How We Use Consumer Health Data

We use Consumer Health Data only for the following purposes:

  1. to provide, operate, maintain, secure, and support the Service;
  2. to transcribe voice input and display transcripts;
  3. to generate, store, display, and retrieve Cards, Weekly Pattern Reports, Morning Forecasts, summaries, visualizations, and related insights;
  4. to analyze authorized health, sleep, activity, routine, mood, energy, and wellness pattern data for user-facing features;
  5. to personalize the Service based on user-selected settings and authorized data;
  6. to send Service-related notifications, such as report readiness, reminders, account notices, subscription notices, and security notices;
  7. to troubleshoot, debug, measure reliability, prevent fraud or abuse, and protect the Service;
  8. to respond to support requests and user inquiries;
  9. to perform deidentified, aggregated, pseudonymized, or statistical analysis for Service improvement, where reasonably designed not to identify a user;
  10. to comply with law, enforce our Terms, respond to lawful requests, and protect users, the public, and the Service.

We do not use Consumer Health Data for advertising, targeted advertising, cross-context behavioral advertising, third-party marketing, use-based data mining, insurance underwriting, employment eligibility, credit eligibility, healthcare eligibility, or sale to third parties.

5. Sharing of Consumer Health Data

We do not sell Consumer Health Data. We do not share Consumer Health Data with advertising networks, data brokers, insurers, employers, healthcare institutions, or third-party marketers.

We may disclose Consumer Health Data only as described below.

Recipient / Category Specific Provider or Affiliate Consumer Health Data Shared Purpose
Cloud hosting and backend infrastructure Supabase Inc. Account identifiers, User Content, transcripts, Cards, reports, forecasts, authorized health-related records, consent records, and related Service data Host, store, retrieve, secure, and operate the Service
Transcription and AI processing OpenAI, L.L.C. Voice audio for transcription, transcript text, and related technical metadata, to the extent needed for transcription or related AI processing Transcribe voice input and support requested features
AI generation Anthropic, PBC Voice transcripts, summaries, selected contextual data, and related user-facing content needed to generate Cards, reports, forecasts, and related outputs Generate user-facing Arteev Content
App stores and platform services Apple Inc.; Google LLC Login identifiers, payment metadata, push tokens, and operating-system permission or platform records; HealthKit / Health Connect data only to the extent controlled by those platform services Login, payments, push delivery, permission frameworks, and platform operation
Authentication and social login Kakao Corp.; Apple Inc.; Google LLC Login identifiers, nickname or name if provided, email if provided Account login and authentication
Subscription management RevenueCat, Inc.; Apple Inc.; Google LLC Purchase identifiers, entitlement status, subscription metadata; no voice transcripts or HealthKit / Health Connect data intentionally shared Subscription entitlement and paid-service operation
Error and crash diagnostics Sentry, Inc. Error logs, crash logs, diagnostics, technical metadata, and limited user identifiers where necessary for debugging; we configure the Service to avoid sending voice transcripts, free-text content, and Health Data where reasonably practicable Troubleshooting, reliability, security, and diagnostics
Product analytics, where enabled Amplitude, Inc. Pseudonymous user/device identifiers and in-app event metadata; no voice transcripts, HealthKit / Health Connect data, or free-text content intentionally shared Measure feature usage, conversion, retention, and product quality
Push-notification infrastructure Apple Push Notification service, Firebase Cloud Messaging, Expo or related push infrastructure Push tokens, notification delivery metadata, and technical metadata; we avoid sensitive Consumer Health Data in push notification content where reasonably practicable Deliver user-enabled notifications
Professional advisors and legal/compliance recipients Legal, accounting, security, or compliance advisors; law enforcement or regulators where legally required Consumer Health Data only as reasonably necessary Legal compliance, rights protection, security, fraud prevention, and lawful requests
Corporate transaction recipients Successor, acquirer, investor, financing party, or asset purchaser Consumer Health Data only if reasonably necessary and subject to protections no less protective than this Policy unless users are notified and given legally required choices Merger, acquisition, financing, reorganization, sale of assets, or business transfer

Affiliates. Arteev Labs currently does not share Consumer Health Data with corporate affiliates for their own independent purposes. If this changes, we will update this Consumer Health Data Policy and obtain consent where required.

Processors and service providers. We require service providers that process Consumer Health Data on our behalf to process it only according to our instructions, for the purposes disclosed in this Consumer Health Data Policy, and subject to appropriate contractual restrictions.

6. Consent and Withdrawal

Where consent is required by applicable law, we will request consent before collecting or sharing Consumer Health Data. Consent requests will identify the categories of Consumer Health Data involved, the purpose of collection or sharing, the categories of recipients, and how you can withdraw consent.

You may withdraw consent through:

Withdrawing consent may make certain features unavailable or less accurate. For example, if you revoke HealthKit or Health Connect permission, Arteev will stop collecting new data from that source, but features that depend on that data may no longer work as intended.

7. Your Consumer Health Data Rights

Subject to applicable law and reasonable identity verification, you may request to:

  1. confirm whether we collect, share, or sell Consumer Health Data about you;
  2. access Consumer Health Data we hold about you;
  3. receive a list of categories of third parties and affiliates with whom we have shared or sold your Consumer Health Data, where applicable;
  4. correct inaccurate Consumer Health Data where applicable;
  5. delete Consumer Health Data;
  6. withdraw consent for future collection or sharing;
  7. appeal a denied request where applicable law provides such right.

You may exercise these rights through:

We may ask for information reasonably necessary to authenticate your request. We will not require you to create a new account to exercise your rights, but we may require you to use your existing account where reasonable.

Where Washington consumer health-data law applies, we will respond without undue delay and generally within 45 days after receiving your request. If reasonably necessary, we may extend the response period once by an additional 45 days and will explain the reason for the extension. If we deny a request, you may appeal by replying to our response or contacting hello@arteev.co with the subject line "Consumer Health Data Appeal." If your appeal is denied and applicable law provides that right, we will provide information about how to contact the relevant state Attorney General.

We will not unlawfully discriminate against you for exercising your Consumer Health Data rights.

8. Deletion

When you request deletion of Consumer Health Data, we will delete or deidentify Consumer Health Data from production systems unless retention is required or permitted by law, such as for security, fraud prevention, legal compliance, dispute resolution, tax, accounting, or consumer-protection obligations.

Where required by applicable consumer health-data law, we will also notify processors, contractors, affiliates, and other applicable recipients with whom we have shared your Consumer Health Data of the deletion request and instruct them to delete the Consumer Health Data, subject to legal exceptions.

Consumer Health Data in backups will be deleted, overwritten, or rendered inaccessible according to backup retention cycles. Where Washington consumer health-data law applies, deletion from archived or backup systems may be delayed only as permitted by law and will not exceed six months after authentication of the deletion request.

9. Retention

We retain Consumer Health Data only for as long as reasonably necessary for the purposes described in this Consumer Health Data Policy, unless a longer period is required or permitted by law.

Consumer Health Data Type Retention Period
Voice recording files stored by Arteev Deleted after transcription is completed or after failure handling, generally within a short technical processing period
On-device live transcript display Not intentionally stored by Arteev unless submitted or saved
Voice transcript text 30 days from collection unless saved as part of a Card, summary, report, support request, legal hold, or user-selected retained content
Cards, Weekly Pattern Reports, Morning Forecasts, summaries, and generated insights While account is active unless deleted earlier by user request or Service design
HealthKit / Health Connect data collected by Arteev While account is active and permission remains valid, unless deleted earlier by user request or Service design
User-entered wellness logs While account is active unless deleted earlier by user request or Service design
Consent records and policy acceptance records During account life and as long as necessary to demonstrate compliance
Security, fraud, and abuse records Generally up to 1 year from detection unless longer retention is necessary for legal, security, or regulatory reasons
Support records Generally up to 3 years from inquiry resolution or as required by applicable law

Service providers may retain data according to their applicable commercial/API terms, data processing agreements, order forms, and technical configurations. We use contractual and technical measures to restrict service-provider use to authorized purposes.

10. Security

We apply administrative, technical, and organizational safeguards appropriate to the sensitivity of Consumer Health Data, including:

  1. limiting access to personnel, processors, and contractors who need access for disclosed Service purposes;
  2. encryption in transit using TLS 1.2 or higher where technically supported;
  3. encryption at rest using AES-256 or equivalent protections where supported;
  4. database access controls, including Row-Level Security where applicable;
  5. authentication and authorization controls;
  6. logging, monitoring, and anomaly detection for security-relevant events;
  7. vendor review and contractual data-protection obligations;
  8. restricted production access and environment-based secret management;
  9. periodic review of security and privacy procedures.

No method of transmission or storage is completely secure. We cannot guarantee absolute security.

11. No Sale of Consumer Health Data

We do not sell Consumer Health Data. If we ever propose to sell Consumer Health Data, we will not do so unless we first obtain a valid authorization that is separate from any consent to collect or share Consumer Health Data and satisfies applicable law. We do not condition use of Arteev on signing an authorization to sell Consumer Health Data.

12. No Health-Facility Geofencing

We do not use geofencing around in-person healthcare facilities to identify or track users seeking healthcare services, collect Consumer Health Data, or send notifications, messages, or advertisements related to Consumer Health Data or healthcare services.

13. AI Processing

Arteev uses commercial/API AI services to provide requested features. Current AI-related providers include:

Provider Purpose Data Sent Training Restriction
OpenAI, L.L.C. Voice transcription and related AI processing Voice audio for transcription, transcript text, and related technical metadata We use commercial/API services and do not permit provider model training on Arteev user data unless you have separately and expressly consented or unless legally required disclosures and consent are completed
Anthropic, PBC AI generation for Cards, Weekly Pattern Reports, Morning Forecasts, and related outputs Voice transcripts, summaries, selected context, and related metadata needed to generate outputs We use commercial/API services and do not permit provider model training on Arteev user data unless you have separately and expressly consented or unless legally required disclosures and consent are completed

Provider retention may vary depending on commercial/API terms, data processing agreements, abuse-monitoring settings, safety settings, technical configurations, or order forms. Arteev does not use your personal information, User Content, Consumer Health Data, HealthKit / Health Connect data, voice transcripts, Cards, Weekly Pattern Reports, Morning Forecasts, or related insights to train or fine-tune AI models unless you separately and expressly consent.

14. Children's Data

The Service is intended for users aged 14 or older. For United States purposes, the Service is not directed to children under 13, and we do not knowingly collect personal information or Consumer Health Data from children under 13.

If we learn that we have collected Consumer Health Data from a child under 13, or from a child under 14 where our 14+ policy applies, we will delete the account and associated information unless a different action is legally required.

15. Contact

For questions, complaints, appeals, or requests regarding Consumer Health Data, contact:

16. Changes to This Consumer Health Data Policy

We may update this Consumer Health Data Policy from time to time. If we make material changes that affect Consumer Health Data, we will provide notice as required by law and obtain consent where required.

Previous versions will be made available in a policy archive where practicable.

Arteev Labs Inc.
Republic of Korea
arteev.co

Effective Date: June 12, 2026

© Arteev Labs Inc. All rights reserved.