Salud
  • Sign In
  • Create Account
  • My Account

  • Signed in as:

  • filler@godaddy.com

  • My Account

  • Sign out

Salud

Signed in as:

filler@godaddy.com

    Account

    • My Account

    • Sign out

    • Sign In
    • My Account

    Privacy Policy

    Privacy Policy — Salud AI


    Effective Date: February 2026

    Last Updated: February 2026


    1) Who We Are and Scope

    Salud AI (“Salud AI,” “we,” “us,” “our”) provides a consumer mobile/web application that helps users log and organize health‑related information, receive wellness and precautionary guidance, and generate sharable summaries. Salud AI is not a health care provider and does not offer medical care or telehealth at this time. The Service is available in the United States, India, Pakistan, Bangladesh, and Nigeria. This Privacy Policy explains how we collect, use, disclose, and protect information, including Consumer Health Data (CHD) and other personal information, and describes your rights and choices. This Policy applies to our app, website, and related services (collectively, the “Service”).


    Important: Some laws apply to data even if HIPAA does not. We operate with HIPAA‑aligned safeguards and also comply with state CHD laws (e.g., Washington’s My Health My Data Act and Nevada SB370) and the FTC Health Breach Notification Rule for health apps. If in the future we add clinical services or integrate with covered entities, certain data we handle may become Protected Health Information (PHI) under HIPAA; we’ll update this Policy and provide any required Notice of Privacy Practices at that time. For users in India, we comply with the Digital Personal Data Protection (DPDP) Act 2023 and CERT-In Directions. For users in Nigeria, we comply with the Nigeria Data Protection Act (NDPA) 2023. For users in Pakistan and Bangladesh, where no comprehensive data protection legislation is currently enacted, we voluntarily apply international best practices.


    2) Key Terms (Plain English)

    • Personal Information / Personal Data: Information that identifies or relates to you, like your name or email.

    • Consumer Health Data (CHD): Health‑related information regulated by certain states (e.g., WA, NV). It can include symptom logs, conditions, wellness goals, and location data associated with health inferences.

    • Protected Health Information (PHI): Individually identifiable health information regulated by HIPAA when handled by covered entities/business associates.

    • De‑identified / Aggregated Data: Data that cannot reasonably identify you.


    3) Information We Collect

    We collect information you provide, we receive automatically, and we get from integrations you choose to connect.

    You provide:

    • Account info: name, email, phone (optional), password.

    • Health inputs: symptoms, history, medications, lifestyle, uploaded documents (lab results, prescriptions, bills), notes, and goals you log.

    • Communications: messages to support, feedback, survey responses.

    • Consent choices: collection/sharing authorizations, marketing preferences.

    Automatically:

    • Device and usage data: app version, device type, OS, crash logs, session metrics, in‑app interactions.

    • Approximate location (if you enable it in your device settings). We do not use geofencing around health facilities.

    From integrations (optional, only if you connect them):

    • Apple Health, Google Fit, wearables, or EHR portals (e.g., through FHIR/SMART‑on‑FHIR) may send metrics you authorize (steps, heart rate, sleep, etc.). You can disconnect any time in settings.

    Payment data: If you purchase premium features, our payment processor (e.g., Stripe) collects card/billing details; we do not store full card numbers.

    Children: The Service is not for children under 13. If you are 13–17, use requires a parent/guardian’s consent. If we learn we collected data from a child under 13, we’ll delete it. The Service is not available to children under 13. In the United States, users aged 13–17 require parent/guardian consent. In all other countries, users under 18 require parent/guardian consent and supervision.


    4) How We Use Information

    • Provide and improve the Service (features, stability, safety, personalization).

    • Wellness guidance and content (informational only; no diagnosis or treatment).

    • Summaries and reports you can share at your discretion.

    • Customer support and communications about changes, security, and features.

    • Research and analytics (using de‑identified/aggregated data).

    • Compliance and safety (protect against fraud, security incidents, or misuse; meet legal obligations).

    We do not sell your CHD or PHI. We do not use geofencing around health care facilities.


    AI Features and Third-Party Processing

    Salud AI uses artificial intelligence to provide health coaching, extract structured health data, and generate personalized insights.


    To provide these features, we may transmit the content you submit (including health-related content) to third-party AI service providers (currently Groq and OpenAI). We apply automated redaction designed to remove common identifiers before sending content to AI processors where feasible. However, we do not guarantee that all identifiers are removed — please avoid including sensitive identifiers.


    AI responses may be inaccurate, incomplete, or inappropriate. You should verify any health information before relying on it. AI is not a substitute for professional medical advice.


    5) Our Legal/Compliance Footing (Multi-Country)

    • HIPAA (future‑ready): We implement HIPAA‑aligned safeguards. If/when Salud AI becomes a covered entity or business associate through new clinical features, we will issue a HIPAA Notice of Privacy Practices and update our vendor BAAs.

    • FTC Health Breach Notification Rule: As a health app, we will notify you (and, if required, regulators/media) in the event of certain data breaches not covered by HIPAA.

    • State CHD Laws (WA/NV and others): We obtain separate, distinct opt‑in consent before collecting or sharing CHD where required; we prohibit geofencing around health facilities; and we provide access/deletion/withdrawal rights as mandated.

    • California CPRA: If CPRA applies, we honor rights to know/access, delete, correct, limit use of sensitive personal info, and opt‑out of sale/share. We do not sell personal information.

    • India (DPDP Act 2023): We provide notice, obtain consent where required, and support data principal rights including access, correction, erasure, and grievance redressal. We treat health data as sensitive personal data under SPDI Rules. We maintain an incident reporting playbook for CERT-In (6-hour) and Data Protection Board (72-hour) notifications.

    • Nigeria (NDPA 2023): We process personal data based on lawful grounds including consent, support data subject rights, and maintain appropriate security measures. Health data is treated as sensitive personal data requiring explicit consent.

    • Pakistan: Pakistan does not currently have comprehensive data protection legislation. We voluntarily apply international best practices.

    • Bangladesh: Bangladesh does not currently have enacted comprehensive data protection legislation (a draft Data Protection Act is under consideration). We voluntarily apply international best practices.


    6) How We Share Information

    We share information only as needed and with protections:

    • Service providers (processors): cloud hosting, analytics, security, support, email/SMS, document processing—bound by contracts to use data only to provide services for us and to protect it.

    • Integrations you enable: Apple Health/Google Fit/EHRs—data flows as you authorize and control.

    • At your direction: If you share a report with your clinician or third parties, that disclosure is initiated by you.

    • Legal/safety: To comply with law, regulation, court order, or to protect rights, safety, or security.

    • Business transfers: In a merger, acquisition, or similar event; we’ll require successors to honor this Policy.

    • De‑identified/aggregated data: For research, analytics, or insights that do not identify you.

    We do not use geofencing to identify, track, or target users around health facilities, and we do not sell CHD. If in the future we consider selling CHD, we would first obtain valid written authorization in states that require it and give you clear choices. At present, we do not sell CHD.


    7) Your Rights and Choices

    Account & Preferences. You can update profile info and manage connected integrations in settings.

    Access, Correction, Deletion, and Consent Withdrawal.

    • Request access to or deletion/correction of your data.

    • Withdraw consent for CHD collection/sharing (where required); we’ll stop future collection/sharing and delete per law (subject to lawful retention needs).

    • We will verify requests and respond within applicable timelines.

    California (CPRA) rights (if applicable): know/access, delete, correct, limit sensitive personal information use, and opt‑out of sale/share (we do not sell). We do not discriminate for exercising rights.

    Washington (MHMDA) & Nevada (SB370) rights (if applicable): clear CHD privacy disclosures, separate opt‑in consent for collection and for sharing, no geofencing, and rights to access and delete CHD; processes for revoking authorizations and processors bound by contract.

    India (DPDP) rights: You may request access, correction, and erasure of your personal data, withdraw consent, and seek grievance redressal. You may nominate someone to exercise rights on your behalf. Unresolved grievances may be filed with the Data Protection Board of India (DPB).

    Nigeria (NDPA) rights: You may request access to your personal data, rectification, erasure, restriction of processing, data portability, and objection to processing. You may lodge a complaint with the Nigeria Data Protection Commission (NDPC).

    Pakistan and Bangladesh: You may request access to, correction of, or deletion of your personal data at any time. You may withdraw consent for data processing.

    To exercise rights: email info@salud.love or use in‑app privacy controls. We will verify your identity and fulfill requests as required by law.


    8) Security

    We use administrative, technical, and physical safeguards designed to protect data (e.g., encryption in transit/at rest, access controls, audit logging, vulnerability management). No system is 100% secure. If a breach occurs, we will notify you and applicable authorities consistent with law.


    9) Data Retention

    We retain data only as long as needed for the purposes in this Policy, to provide the Service, for security/fraud prevention, to comply with legal obligations, and to resolve disputes. You may request deletion at any time—subject to legal retention requirements.


    10) International Users

    The Service is available in the United States, India, Pakistan, Bangladesh, and Nigeria. For users in India, core application data is stored in India (Mumbai region). For users in all other countries, data is stored in the United States. Some service providers (including AI processors) may process data in the United States or other jurisdictions where they operate. We do not currently operate in the EU/EEA/UK.


    11) Third‑Party Websites/Services

    We are not responsible for third‑party sites/services linked in the app. Review their privacy policies.


    12) Changes to This Policy

    We may update this Policy. We will post the updated version with a new Effective Date and notify you of material changes (e.g., via email, in‑app).


    13) Contact Us

    Salud AI Privacy Team

    Email: info@salud.love

    If you have a disability and need this Policy in an alternative format, contact us.

    India Grievance Officer (DPDP/SPDI) 

    Email: grievance@salud.love

    Response Time: We aim to respond within 30 days.

    Copyright © 2026 Salud - All Rights Reserved.

    Powered by

    • Privacy Policy
    • Terms of Use
    • CHD Privacy Policy