Privacy Policy

Your privacy matters. Read PRIVAWELL's comprehensive privacy policy covering data protection, GDPR compliance, AES-256 encryption, and how we keep your family's health information secure.

PRIVAWELL is a private family health vault. This policy explains how we handle the health information you store in your vault — with the short version being: it belongs to you, we protect it, and we never sell it.

What data PRIVAWELL stores

PRIVAWELL stores only the information you choose to enter or upload:

• Family member profiles — names, dates of birth, and basic health identifiers you provide
• Medical timeline entries — conditions, diagnoses, medications, vaccinations, test results, and health events
• Uploaded documents — lab reports, imaging results, vaccination certificates, specialist letters, and other medical files
• Account information — email address, household settings, and subscription status

We do not collect browsing behaviour for advertising, sell data to third parties, or use your health records to train AI models without explicit consent.

How PRIVAWELL protects your data

Who can access your records

Access to your vault is governed by role-based permissions that you control:

• You — full access to your household vault and all family member records
• Invited family members — access limited to what you configure for each person
• Healthcare providers — access only via secure, time-limited share links you generate. Links expire automatically. Providers do not require a PRIVAWELL account.
• PRIVAWELL staff — cannot read the content of your health records. Administrative access is limited to account-level metadata required for technical support.

GDPR and your rights

PRIVAWELL complies with the EU General Data Protection Regulation (GDPR). As a user, you have the right to:

• Access — request a copy of all personal data we hold about you
• Rectification — correct any inaccurate personal data
• Erasure — request permanent deletion of your account and all associated data
• Portability — export your data in a machine-readable format at any time
• Objection — object to any processing not strictly necessary for the service

To exercise any of these rights, contact [email protected]. We respond to data requests within 30 days.

Data sharing

PRIVAWELL does not sell your health data. Sharing occurs only in the following circumstances:

• You share a summary with a healthcare provider via a link you generate
• Required by law or valid legal process
• Necessary to prevent harm to you or others in an emergency

We use third-party infrastructure providers (hosting, payments, email delivery) under strict data processing agreements. These providers cannot access the content of your health records.

Frequently asked questions about PRIVAWELL's privacy

Does PRIVAWELL sell my health data?

No. PRIVAWELL does not sell, share, or monetise your health data. Your records are stored for your use only and are never accessed for advertising or third-party purposes.

Can PRIVAWELL staff read my medical records?

No. Technical staff may access account-level metadata for support purposes, but cannot read the content of your health records. All records are encrypted.

What happens to my data if I cancel?

You may export your data at any time. Upon account closure, you have 30 days to export before permanent deletion is initiated.

Is PRIVAWELL GDPR compliant?

Yes. Data is stored in Europe, processing is limited to what you provide, and your rights to access, export, correct, and erase your data are fully supported. Contact [email protected] for any data request.

Questions about privacy? Contact [email protected]. See also: How PRIVAWELL protects your health data | Terms of Service

Create Your Private Family Vault ← Back to PRIVAWELL Home