Privacy Policy

Last Updated: 04/06/2026

Your privacy is our priority. We never sell your health data.

Veevo Technologies, Inc., doing business as Veevo Health ("Veevo," "we," "us," or "our"), operates the Veevo Health platform, including our mobile applications, website, and services (collectively, the "Service"). This Privacy Policy describes how we collect, use, disclose, and protect your information when you use any part of our Service, including the Veevo Health app and our preventive health screening services.

Veevo Health is not a healthcare provider. We are a health technology and wellness platform. To the extent we handle protected health information on behalf of independent licensed physicians ("Affiliated Providers"), we do so as a Business Associate under HIPAA.

Please also review our Terms of Use and Disclosures.

1. Information We Collect

We collect the following categories of information to provide and improve our Service:

a. Account and Profile Information

Name, email address, date of birth, and login credentials. Profile details you provide (e.g., gender, height).

b. Health and Wellness Data

If you use the Veevo Health app:

Self-reported health data: weight, blood pressure readings, blood sugar, diet, and other health metrics you manually log
Wearable and connected device data: information synced from Apple Health, Google Health Connect, and other compatible devices (e.g., heart rate, steps, activity data, sleep data)
Blood test results: lab reports you upload to the platform
Viva AI interactions: questions you ask Viva (our AI health assistant), including any photos, documents, previous lab results, or other files you upload during conversations

If you use our preventive health screening services:

Intake form information: medical history, risk factors, medications, symptoms, and contraindications
Diagnostic results: imaging reports, diagnostic imaging data, laboratory results, and clinical notes received from Affiliated Providers, imaging centers, and laboratories with your authorization

c. Technical and Usage Data

Device information (device type, operating system, browser type), log data (IP address, access times, pages viewed, app interactions), and cookies and similar tracking technologies (see Section 9).

d. Payment Information

Payment information is processed by our third-party payment processor. We do not store credit card numbers.

2. How We Use Your Information

We apply a data minimization principle — we only collect and use the information reasonably necessary for each purpose:

Provide personalized wellness insights: Analyze your health data to deliver personalized heart health insights and educational content through the app
Facilitate preventive health screening services: Coordinate clinical evaluations, imaging, and laboratory services with Affiliated Providers and imaging centers
Power Viva, our AI assistant: Process your questions, uploaded files, and health context to provide relevant, personalized responses
Communicate with you: Send service-related notifications, appointment reminders, and customer support; deliver results notifications via the Veevo platform or through your Affiliated Provider
Operate and improve the Service: Maintain, troubleshoot, and enhance the functionality, performance, and security of our platform
Research and development: Use de-identified and aggregated data for research and development (see Section 4)
Legal compliance: Fulfill our legal obligations, resolve disputes, and enforce our agreements

3. We Do Not Sell or Share Your Data

We do not sell, rent, or trade your personal information or health data to third parties for monetary or other valuable consideration. We do not "share" your personal information for cross-context behavioral advertising as defined by the California Privacy Rights Act (CPRA). This applies to all categories of data we collect. This commitment applies under all applicable laws, including the CCPA/CPRA.

4. Research and De-Identified Data

We may use de-identified and aggregated data (data that can no longer be linked back to you) for research purposes, including research and development and advancing cardiovascular health science. We de-identify data using methods informed by the HIPAA Safe Harbor standard (45 C.F.R. § 164.514) and CCPA requirements, including removing direct identifiers and implementing technical and organizational safeguards to prevent re-identification. De-identified data is not considered personal information and is not subject to the restrictions of this policy.

If we use identifiable health data for research, we will obtain your consent or ensure adequate protections are in place as required by applicable law.

5. How We Share Your Information

We only share your information in the following limited circumstances:

Affiliated Providers: When you use our screening services, we share your intake information with independent licensed physicians for clinical evaluation and your results are received back through the platform
Imaging centers and laboratories: To facilitate diagnostic imaging and laboratory services you request
AI service providers: To power Viva, our AI health assistant, we send your messages and health context to third-party AI service providers. These providers process your data solely to generate responses on our behalf and are contractually prohibited from using your data for their own purposes, including training their AI models. See our Disclosures page for current providers.
Service providers: Third-party vendors who help us operate the Service (e.g., cloud hosting, analytics, customer support), contractually bound to use your data only as directed by us
With your consent: When you explicitly direct us to share your information
Legal requirements: When required by law, regulation, legal process, or governmental request
Safety and security: To protect the rights, safety, or property of Veevo, our users, or the public
Business transfers: In connection with a merger, acquisition, or sale of assets, we will notify you before your data becomes subject to a different privacy policy

6. Health Data Security

Veevo Health is not a healthcare provider, health plan, or healthcare clearinghouse, and we are not a HIPAA-covered entity. However, because we handle sensitive health information, we implement administrative, technical, and physical safeguards informed by industry standards, including:

Encryption of data in transit and at rest
Access controls and security monitoring
Regular security assessments
Service providers who access health data are bound by written agreements requiring appropriate security measures
When we act as a Business Associate to Affiliated Providers, we enter into Business Associate Agreements as required by HIPAA

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. If you become aware of any unauthorized access to your account, please contact us immediately.

7. Your Rights Under U.S. Law

a. General Rights (All Users)

Regardless of your state of residence, you have the right to:

Access and obtain a copy of the health data we hold about you
Request correction of inaccurate health data
Request deletion of your account and associated data (see our Delete Account page)
Download your data in a portable format

b. California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act and the California Privacy Rights Act provide you with additional rights:

Categories of personal information we collect

Identifiers: Name, email address, IP address, account ID. Source: directly from you or automatically via device. Purpose: account creation, communication, security. Disclosed to: service providers.
Personal information under Cal. Civ. Code § 1798.80: Name, address. Source: directly from you. Purpose: account management. Disclosed to: service providers.
Commercial information: Purchase history. Source: transaction records. Purpose: billing, service delivery. Disclosed to: payment processors.
Internet/electronic activity: Log data, device info, pages viewed, app interactions. Source: automatically collected. Purpose: service operation, analytics, security. Disclosed to: analytics providers.
Sensitive personal information (health data): Blood test results, weight, blood pressure, wearable data, diagnostic imaging results, intake form health history, Viva AI chat content including uploaded photos and documents. Source: directly from you, connected devices, Affiliated Providers, imaging centers. Purpose: provide personalized wellness insights, facilitate screening services, power Viva AI assistant. Disclosed to: Affiliated Providers, imaging centers, AI service providers, cloud hosting providers. Retention: duration of active account plus 90 days after deletion; limited records retained as required by law.

Sale and sharing: We do not sell any category of personal information. We do not "share" any category of personal information for cross-context behavioral advertising as defined by CPRA § 1798.140(ah).

Your CCPA/CPRA rights

Right to know: Request the categories and specific pieces of personal information we have collected
Right to delete: Request deletion of your personal information, subject to certain exceptions
Right to correct: Request correction of inaccurate personal information
Right to opt out of sale/sharing: We do not sell or share your personal information; there is nothing to opt out of
Right to non-discrimination: We will not discriminate against you for exercising your privacy rights
Right to limit use of sensitive personal information: Request that we limit use of your sensitive personal information (including health data) to what is necessary to provide the Service

To exercise these rights, contact us at privacy@veevo.health. We will verify your identity and respond within 45 days.

8. State Consumer Health Data Laws

Several U.S. states have enacted laws specifically governing consumer health data collected outside of HIPAA-covered relationships. We comply with these laws where applicable, including the Washington My Health My Data Act, Connecticut CTDPA, Nevada, and others. See our separate Consumer Health Data Privacy Policy for additional details and state-specific rights.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to operate our Service:

Essential cookies: Required for the Service to function (e.g., authentication, security). First-party session cookies that expire when you close your browser or after a set period.
Analytics cookies: Help us understand how users interact with the Service so we can improve it. May be first-party or third-party with varying durations.

We do not use advertising or behavioral tracking cookies. You may manage cookie preferences through your browser settings.

Do Not Track signals: Our Service does not currently respond to Do Not Track (DNT) browser signals. However, we do not engage in cross-site tracking or behavioral advertising.

10. Data Retention and Deletion

We retain your personal information and health data for as long as your account is active or as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements.

Account and profile information: Duration of active account plus 90 days after deletion
Health and wellness data: Duration of active account plus 90 days after deletion
Viva AI interactions: Duration of active account plus 90 days after deletion
Technical and usage data: Up to 24 months from collection
Billing and transaction records: As required by tax and financial regulations (typically 7 years)

You can delete your account and associated data from within the app. See our Delete Account page for instructions. Following deletion, we will take reasonable steps to delete or de-identify your data, typically within 90 days, except where retention is required by law or necessary to resolve disputes.

Signed consent forms, authorizations, and records of agreement to our Terms of Use (including the arbitration agreement) may be retained beyond account deletion as necessary to establish or defend legal claims, for a period consistent with applicable statutes of limitation.

De-identified and aggregated data used for research may be retained indefinitely, as it cannot be linked back to you.

11. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify you and applicable regulatory authorities as required by law, including the FTC Health Breach Notification Rule (16 C.F.R. Part 318) and applicable state breach notification laws. Where a breach is likely to result in a high risk to your rights, we will notify you directly without undue delay.

12. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at privacy@veevo.health.

13. Third-Party Services and Integrations

Our Service integrates with third-party platforms such as Apple Health and Google Health Connect. When you connect these services, we receive data according to the permissions you grant. You can disconnect at any time through your device or app settings.

We use third-party AI services to power Viva, our AI health assistant. When you interact with Viva, your messages and relevant health context are sent to these providers to generate responses. See our Disclosures page for details on current AI providers and how your data is handled.

We do not control the privacy practices of third-party services and encourage you to review their respective privacy policies. Our Service may contain links to third-party websites for which we are not responsible.

14. International Users

Veevo Health is based in the United States. If you are accessing the Service from outside the United States, your data will be transferred to, stored, and processed in the United States.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website with a revised effective date and, if appropriate, by sending you an email notification. Your continued use of the Service after changes take effect constitutes your acceptance of the updated policy.

16. Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have a complaint, please contact us:

Veevo Technologies, Inc. d/b/a Veevo Health
Privacy Officer: Arvind Srivastav
Email: privacy@veevo.health
Mail: Veevo Technologies, Inc., Attn: Privacy Officer, 601 Van Ness Ave, San Francisco, CA 94102

17. Complaints

If you believe your privacy rights have been violated, you may file a complaint with:

Our Privacy Officer at privacy@veevo.health
The Federal Trade Commission (FTC) at reportfraud.ftc.gov
The California Attorney General
The Washington State Attorney General
Your state's attorney general