Privacy Policy
Last updated: April 14, 2026
1. Who We Are
SOVR Health, Inc. ("SOVR", "we", "us") operates a personal health data analysis and education platform. We help users understand their biomarkers and connect them with licensed healthcare professionals when needed. SOVR does not diagnose, treat, or prescribe.
2. Data Controller
SOVR Health, Inc. is the data controller for personal data collected through sovrhealth.com. For questions about data processing, contact our Data Protection Officer at [email protected].
3. Special Category Data (GDPR Article 9)
We process health-related data, which is classified as special category data under GDPR Article 9. We process this data only with your explicit consent, which you provide during onboarding. You may withdraw consent at any time by contacting us or deleting your account, though this may limit our ability to provide personalized health education.
4. What Data We Collect
| Category | Examples | Legal Basis |
|---|---|---|
| Account | Name, email, shipping address | Contract performance |
| Health profile | Age, sex, goals, medications, allergies, conditions | Explicit consent (Art. 9) |
| Lab results | Blood biomarker values uploaded by you or labs | Explicit consent (Art. 9) |
| Payment | Stripe customer ID (we never store card numbers) | Contract performance |
| Usage | Pages visited, feature interactions | Legitimate interest |
5. How We Use Your Data
We use your data to: (a) generate personalized health education reports based on your biomarkers; (b) connect you with licensed physicians for independent clinical review; (c) fulfill supplement and lab test orders; (d) improve our platform and algorithms. We do not sell your personal data to third parties.
6. Data Processors & Transfers
We share data with the following processors under Data Processing Agreements (DPAs):
- Laboratory partners (blood test processing — US-based, CLIA/CAP certified)
- Licensed physician network (independent clinical review)
- Pharmacy partners (prescription fulfillment, when ordered by your physician)
- Stripe (payment processing)
- Cloud infrastructure providers (data hosting, encrypted at rest and in transit)
For transfers outside the EEA, we rely on Standard Contractual Clauses (SCCs) or adequacy decisions.
7. Data Retention
We retain your health data for as long as your account is active. Upon account deletion, we delete personal data within 30 days, except where retention is required by law (e.g., financial records for tax compliance).
8. Your Rights (GDPR Articles 15–22)
You have the right to:
- Access your personal data
- Rectify inaccurate data
- Erase your data ("right to be forgotten")
- Restrict processing
- Data portability — receive your data in a structured format
- Object to processing based on legitimate interest
- Withdraw consent at any time without affecting prior processing
- Lodge a complaint with your local supervisory authority
To exercise any right, email [email protected]. We respond within 30 days.
9. Security
We use industry-standard encryption (TLS in transit, AES-256 at rest), access controls, and regular security audits to protect your data.
10. Changes to This Policy
We may update this policy and will notify you via email or in-app notice for material changes. Continued use after notification constitutes acceptance.
11. Contact
SOVR Health, Inc.
Data Protection Officer: [email protected]
General inquiries: [email protected]