Privacy & Data Ownership
Your health data belongs to you. Here's how we protect it.
Privacy & Data Ownership
AVYCENNA is built on a simple principle: your health data belongs to you. You decide who sees it, you can download it at any time, and you can delete it permanently whenever you want. No exceptions.
Data Ownership
Everything you enter into AVYCENNA — check-ins, symptoms, medications, wearable readings, journal notes — is owned by you, not AVYCENNA.
- Download anytime. Export your complete health record from Settings → Export Data. You'll receive a JSON file containing everything: every check-in, every symptom log, every medication entry, and every wearable data point.
- Delete anytime. Delete individual records, specific data types, or your entire account at any time.
- No lock-in. Exported data is in an open JSON format. You can import it into a spreadsheet, share it with another provider, or just archive it.
Doctor Access: The Grant System
Your health data is private by default. Doctors cannot look up your data — they can only access what you explicitly share with them via a grant.
Here's how it works:
- You initiate. Either you invite a doctor, or a doctor requests access. In either case, you review and approve before any data is shared.
- You choose what they see. Grants are permission-scoped. You can give a doctor access to your check-ins without giving them access to your symptoms or medications.
- You can revoke at any time. Revoke a grant from Profile → My Doctors → [Doctor Name] → Revoke Access. Access stops immediately.
- You can see the audit log. Every time a doctor views your data, it's logged with a timestamp.
What Doctors Can and Can't See
| Data | With Grant | Without Grant |
|---|---|---|
| Check-in scores (mood, energy, focus, sleep, steps) | Visible (requires check_ins grant) | Not visible |
| Journal notes | Visible (part of check_ins) | Not visible |
| Symptoms | Visible (requires symptoms grant) | Not visible |
| Medications & adherence | Visible (requires medications grant) | Not visible |
| Wearable biometrics | Visible (requires check_ins grant) | Not visible |
| AI insights | Never shared | Never shared |
| Your contact info | Not shared via AVYCENNA | Not visible |
| Insight history | Never shared | Never shared |
AI insights are yours alone. Doctors see the raw data — check-in scores, symptom logs, etc. — but never the AI interpretations. This preserves clinical autonomy and avoids AI-generated text influencing clinical decisions without context.
Revoking Doctor Access
To revoke a doctor's access:
- Go to Profile → My Doctors
- Tap the doctor whose access you want to revoke
- Tap Revoke Access and confirm
Access is revoked immediately. The doctor will no longer be able to view your data through the dashboard or API. Any data they previously viewed remains in the audit log.
Security
- Encryption in transit. All communication between the app, web dashboard, and API uses HTTPS/TLS. There is no unencrypted path to your data.
- Encryption at rest. Your data is stored in an encrypted PostgreSQL database. Backups are also encrypted.
- No plaintext passwords. AVYCENNA uses passwordless email OTP login. There is no password to steal.
- API keys hashed. API keys are stored as SHA-256 hashes — even AVYCENNA's own team cannot read a key after it's created.
- Minimal access principle. AVYCENNA staff cannot access your health data for any purpose other than resolving a support issue you've opened, and only with your explicit consent.
Account Deletion
To delete your account, go to Settings → Account → Delete Account. You'll be asked to confirm.
Account deletion:
- Permanently removes all check-ins, symptoms, medications, wearable data, and journal notes
- Revokes all doctor grants immediately
- Deletes all API keys
- Cannot be undone
Your data is fully purged within 30 days of deletion.