Further Health

Privacy Policy

Privacy Policy.

Version 5 · Effective 2026-06-13

Privacy Policy

Plain-English summary

  • Further Health is a privacy-first, local-first general-wellness and educational tool. It is not a medical device and does not diagnose, treat, mitigate, prevent, or cure disease.
  • We do not sell your personal information or health data, we do not "share" it for cross-context behavioral advertising, and we never give it to advertisers, data brokers, insurers, or employers. The only recipients are the service providers in Section 7.
  • Your sensitive health data (lab results, genetic data, medical records, cycle entries, wearable detail) is processed and stored on your own device, encrypted with AES-256-GCM. Only a pseudonymized subset (no direct identifiers) ever reaches a cloud service, and only when you request a Premium AI Analysis.
  • You can export, delete, or revoke any data source at any time. Revoking a wearable connection or deleting your account triggers the deletion timelines below.
  • You have rights under the GDPR/UK GDPR, the CCPA/CPRA, the Washington My Health My Data Act, Nevada SB 370, GINA (for genetic data), and other laws. We honor them regardless of where you live.

This summary is for convenience only. The full Privacy Policy below is the binding document. Effective date: June 13, 2026.

Table of contents

1. About this Policy

This Privacy Policy explains how Further Health ("Further Health," "we," "us," or "our") collects, uses, stores, shares, and protects personal information when you visit further.health (the "Site") or use the Further Health application or any associated service (together, the "Service").

Further Health is a general-wellness and educational tool. It is not a medical device, and nothing about the Service constitutes individualized medical advice, diagnosis, or treatment. Decisions about your health should be made with a licensed healthcare provider. See our Wellness Disclaimer.

By using the Service, you agree to the practices described here. If you do not agree, please do not use the Service. Where we rely on your consent (for example, to process special-category health, genetic, biometric, or reproductive data), you may withdraw it at any time as described in Section 14.

2. Who we are and how to contact us

Further Health is the data controller (or "business," depending on the law that applies to you) of the personal information described in this policy. The operating entity is Further Health LLC.

  • Privacy and data-rights requests: privacy@further.health
  • General support: support@further.health
  • Data Protection Officer: not appointed; privacy inquiries go to privacy@further.health.
  • EU representative under GDPR Article 27: the Service is offered only in the United States and is not directed to the European Economic Area, so no EU representative has been appointed.
  • UK representative under UK GDPR Article 27: the Service is not directed to the United Kingdom, so no UK representative has been appointed.

We will respond to verified requests within the timeframes required by the law that applies to you (typically 30 days under the GDPR/UK GDPR, 45 days under the CCPA/CPRA, and 30 days under the Washington My Health My Data Act).

3. Scope

This policy covers the Site and the Further Health application when used as a consumer product. If we ever offer the Service to a healthcare provider or organization under a separate business-associate or data-processing agreement, that agreement will govern that relationship.

The Service connects to, or imports files from, third-party services at your direction (for example WHOOP, Oura, Apple Health, Quest Diagnostics, LabCorp, MyChart, consumer genomics services such as 23andMe, AncestryDNA, MyHeritage, and TellMeGen, and calendar providers such as Google Calendar, Apple Calendar, and Microsoft Outlook). Those services have their own privacy policies, which we encourage you to read. This policy explains how Further Health handles data we receive on your behalf — it does not change the practices of those services themselves.

4. Information we collect

We collect only the categories of personal information described below, and only for the purposes described in Section 5. Most sensitive health data is processed and stored on your device (Section 6).

4.1 Account information

When you create an Account we collect your email address and an optional display name. We never request a government-issued identifier, Social Security number, or full payment-card number except through a payment processor or platform (see Section 7).

4.2 Connected wearables (WHOOP, Oura, Apple Health)

When you authorize a wearable provider through OAuth, we receive an access token that lets us read the categories of data you authorized. We store the token in encrypted form on your device and use it only to fetch the data classes you authorize, for example:

  • WHOOP — heart rate, heart-rate variability (HRV), sleep stages and performance, recovery, strain, workouts, and skin temperature. We never request profile photos, payment information, or social-graph data.
  • Oura — heart rate, HRV, body-temperature deviation, blood-oxygen estimates, respiratory rate, sleep stages and score, readiness, and activity. We comply with the Oura Cloud API Agreement and Brand Guidelines, including that no Oura data is cached for longer than sixty (60) days.
  • Apple Health / HealthKit — only the data types you specifically authorize in the iOS permission sheet. HealthKit data is processed only on your device. Per Apple's rules, we do not use HealthKit data for advertising or other use-based data mining; we do not share it with third parties for advertising; we do not disclose it to a third party without your explicit permission; and we do not store it in iCloud.

You can disconnect any wearable from inside the Service at any time. Disconnection revokes our token, stops new data, and starts the deletion timeline in Section 13.

4.3 Laboratory results

You can upload lab reports as PDFs or photographs, or connect a laboratory or health-record provider, to import results. We extract structured values (analyte name, value, unit, reference range, specimen, collection date) and keep the underlying source document. The original document and the structured values are stored on your device, encrypted at rest.

4.4 Genetic data and polygenic scores

You may upload a raw genetic data file (for example from a consumer genomics service) or a clinical VCF. The file is parsed on your device. The Service computes polygenic scores and carrier/trait observations from the variants it analyzes. The raw file is stored on your device, encrypted at rest, and is never transmitted to our servers, our sub-processors, or any third party. Genetic data is treated with heightened protection under Section 9 (GINA).

4.5 Medical and clinical records

You may import C-CDA documents, FHIR bundles, scanned records, or PDFs of clinical notes, imaging reports, or prescriptions. The Service parses these locally and stores them on your device, encrypted at rest.

4.6 Menstrual-cycle and reproductive information

If you enable cycle tracking (eligible adults only, strictly opt-in), we collect the cycle and symptom information you log. This is reproductive and sexual-health information and is treated as sensitive consumer health data under Sections 10, 15, and 16. It is stored on your device, encrypted at rest, and is subject to the accelerated deletion timeline in Section 13.

4.7 Calendar (optional)

If you authorize a calendar connection, we read the start time, end time, title, and any keywords you choose, solely to let you correlate events with health signals. We do not read attachments, attendees, or meeting links. Calendar contents are stored on your device.

4.8 Device and log information

When you use the Site or Service, our hosting provider automatically logs information that every web service receives — IP address, user-agent, referrer, and the endpoint requested — for operating, debugging, and protecting the Service. We do not correlate this information with your health data.

4.9 Premium AI Analysis inputs

When you request a Premium AI Analysis, a pseudonymized subset of your data (with direct identifiers removed) is transmitted to our cloud large-language-model sub-processor to generate wellness observations. What is and is not transmitted is described in Section 6.

4.10 What we do not collect

  • We do not collect precise geolocation.
  • We do not collect mobile advertising identifiers (IDFA, AAID) and we do not run advertising or marketing trackers.
  • We do not collect your contacts, photo library, or microphone input (other than a photo of a document you choose to upload).
  • We do not buy personal information about you from data brokers, credit bureaus, or any third party.

4.11 Data-category, sensitivity, and source table

Data categoryExamplesSpecial category?Primary sourceWhere processed/stored
Account identifiersEmail, account ID, display nameNoYouServer (account) + device
Device/log dataIP, user-agent, request metadataNoAutomatic (hosting logs)Hosting provider
Billing referenceTokenized payment-method reference, billing emailNoPayment processor / platformProcessor / platform
Wearable biometricsHeart rate, HRV, sleep, respiration, temperature, SpO₂Yes (health)Wearable provider (OAuth)Device (pseudonymized subset to cloud on request)
Laboratory resultsAnalyte values, ranges, dates, source PDFYes (health)You / lab / EHRDevice
Genetic data + PGSRaw genotype file, computed scores, carrier/trait observationsYes (genetic)You (file import)Device only (never transmitted)
Medical recordsC-CDA, FHIR, notes, imaging reportsYes (health)You / EHRDevice
Cycle / reproductiveCycle and symptom logsYes (health; sex life)YouDevice (accelerated deletion)
Calendar (optional)Event start/end, title, keywordsNo (unless you add health detail)Calendar providerDevice
Inferences / observationsPattern, trend, and educational outputsDerivedGenerated by the ServiceDevice / pseudonymized cloud on request

4.12 Categories under the California Consumer Privacy Act

For California residents, the table below maps what we collect to the categories in Cal. Civ. Code § 1798.140(v) and the "sensitive personal information" subcategories in § 1798.140(ae).

CategoryCollected?Examples
A. IdentifiersYesEmail, account identifier, IP address (server logs)
B. Customer-records categories (§ 1798.80(e))LimitedEmail and tokenized payment-method reference (no card numbers stored by us)
C. Protected classificationsLimitedAge, sex assigned at birth (only as you provide it for reference-range/ancestry calibration)
D. Commercial informationLimitedRecords of your purchases or subscription tier
E. Biometric informationYesHeart rate, HRV, sleep, respiratory rate, body temperature, blood-oxygen estimates, genetic data
F. Internet/network activityLimitedStandard server access logs (no cross-site tracking)
G. Geolocation dataNoWe do not collect precise geolocation
H. Sensory dataLimitedPhotographs of lab reports you choose to upload
I. Professional/employment informationNo
J. Non-public education information (FERPA)No
K. InferencesYesPattern observations, trend summaries, and educational references generated from your data
Sensitive PI: log-in credentialsLimitedSalted password hash; we never see the cleartext
Sensitive PI: precise geolocationNo
Sensitive PI: genetic dataYesRaw genetic file processed locally; not transmitted
Sensitive PI: biometric for unique identificationNoWe do not use biometric data to identify individuals
Sensitive PI: health informationYesAll categories in Sections 4.2–4.6
Sensitive PI: sex life or sexual orientationOptionalReproductive and cycle-tracking information you voluntarily enable (Section 10)
Sensitive PI: racial/ethnic origin, religious/philosophical beliefs, union membershipNoExcept where you voluntarily import them in a medical record

We collect personal information from (i) you directly, (ii) the third-party services you authorize, (iii) the documents and files you upload, and (iv) standard server logs. We do not buy personal information from data brokers.

5. How we use your information and legal bases

We use personal information only to deliver the Service you asked for and for closely related operational purposes:

  • Authenticate you, run the application, and synchronize data between the connected services you authorize.
  • Generate the wellness observations, trend summaries, pattern descriptions, polygenic scores, and educational references the Service produces. These are informational context for conversations with your licensed clinician; they are not a diagnosis, treatment, mitigation, prevention, or cure of any disease, and are not a recommendation to take or not take a medication.
  • Provide the Premium AI Analysis when you request it (Section 6).
  • Respond to your support and privacy requests.
  • Maintain the security and integrity of the Service, prevent fraud and abuse, and comply with legal obligations.
  • Conduct internal product analytics on aggregated and de-identified usage data (for example, how many users connected a wearable in a week). We do not use your health data for product analytics. For de-identified data, we maintain the technical safeguards and contractual prohibitions on re-identification that the CCPA requires, and we do not attempt to re-identify it.

We do not use your information for advertising, profiling for marketing, automated decision-making with legal or similarly significant effects, credit scoring, insurance underwriting, or employment decisions.

5.1 Legal bases (GDPR / UK GDPR)

To the extent the GDPR or UK GDPR applies, we rely on the following legal bases:

PurposeArticle 6 basisArticle 9 basis (special-category data)
Provide core account and Service features you request6(1)(b) performance of a contract9(2)(a) explicit consent
Process health, genetic, biometric, and reproductive data to generate wellness observations6(1)(b) contract; 6(1)(a) consent where required9(2)(a) explicit consent
Premium AI Analysis (pseudonymized cloud processing)6(1)(b) contract; 6(1)(a) consent9(2)(a) explicit consent
Security, fraud prevention, and service integrity6(1)(f) legitimate interests9(2)(a) consent / 9(2)(f) legal claims, as applicable
Comply with legal obligations (for example, breach notification)6(1)(c) legal obligation9(2) as applicable
Aggregated/de-identified product analytics6(1)(f) legitimate interestsNot special-category once de-identified

Where we rely on consent (including explicit consent for special-category data), you may withdraw it at any time without affecting the lawfulness of processing already carried out (Section 14). Withdrawing consent for special-category processing may make parts of the Service unavailable.

6. Our privacy architecture (on-device and pseudonymized cloud)

The Service is built local-first: your sensitive health data lives on your device, not on our servers.

  • Two-tier on-device model. Raw personal health information (full lab values, raw genetic files, medical records, cycle entries, wearable detail) is held in an encrypted on-device store (Tier 1), encrypted at the column level with AES-256-GCM; the key is derived from your passphrase using Argon2id and managed through a key-encrypting-key / data-encrypting-key split. A separate on-device store (Tier 2) holds a pseudonymized copy from which direct identifiers (such as name, date of birth, and contact details) have been removed. Synchronization is one-way (Tier 1 → Tier 2); there is no reverse path.
  • Pseudonymized, not anonymized. We describe the Tier 2 / outbound data as pseudonymized. Although direct identifiers are removed, combinations of remaining values could in principle be re-identifiable, so we continue to treat that data as personal data with full safeguards. We do not claim it is anonymous.
  • What leaves your device. In the Service's automated flows, sensitive raw data does not leave your device in directly identifying form. Only a pseudonymized subset — after passing a deterministic outbound privacy filter and an additional safety check — is sent to our cloud AI sub-processor, and only when you request a Premium AI Analysis. Your raw genetic file is never transmitted at all.
  • Transport security. Outbound network calls are made over TLS 1.2 or higher.
  • Support emails. If you email our support address, the contents (including any health information you choose to include) are processed by our email provider (Section 7). We recommend you not include sensitive health details in support emails unless necessary.

7. How we share information and sub-processors

We never sell your personal information. We do not share your information with third parties for their own marketing, advertising, profiling, or data-broker purposes, and we never share your data with insurers or employers. We do not "share" personal information for cross-context behavioral advertising as defined by the CCPA/CPRA.

We share limited information only with:

  • Service sub-processors and providers that operate the Service under contract (see the directory below).
  • The connected services you authorize. When you authorize a service such as WHOOP or Oura, we exchange authentication tokens to receive the data you asked us to receive.
  • Legal and safety recipients when required by law (for example, a valid subpoena), when necessary to investigate fraud or protect the rights, property, or safety of any person, or in connection with a business transfer (in which case the successor will be bound by this policy or one at least as protective). For reproductive and sexual-health data, see the heightened protections in Section 10.

When we use sub-processors, we do so under written contracts that require confidentiality, security, and use only for the purposes we instruct. We will publish or notify any change to our sub-processor list at least thirty (30) days before it takes effect, and we will identify the then-current payment processor at the point of purchase. A current list is available on request from privacy@further.health.

7.1 Sub-processor directory

Sub-processorPurposeData categoryJurisdictionTransfer mechanism
Vercel Inc.Hosting, edge delivery, and standard server logs for the Site (further.health)Identifiers (IP, user-agent, request metadata)United StatesEU SCCs (Module 2) + UK Addendum
Railway Corp.Hosting and standard server logs for the Service application and APIsIdentifiers (IP, user-agent, request metadata)United StatesEU SCCs (Module 2) + UK Addendum
Anthropic, PBCCloud large-language-model processing of pseudonymized prompts for Premium AI AnalysisPseudonymized health-pattern descriptions (no direct identifiers)United StatesEU SCCs (Modules 2/3 as applicable) + UK Addendum, under Anthropic's data-processing addendum
U.S. National Library of Medicine / NIH (PubMed, MedlinePlus)De-identified literature lookupsNo personal information; query strings onlyUnited StatesNot applicable (no personal data transferred)
MyVariant.info / variant-annotation lookupsDe-identified variant annotation for educational genetic informationNo direct identifiers; variant identifiers onlyUnited StatesNot applicable (no personal data transferred)
Google LLC (Google Workspace)Support email inboxEmail address and any content you voluntarily includeUnited StatesEU SCCs (Module 2) + UK Addendum
Stripe, Inc. (or processor named at point of purchase)Subscription and one-time billingEmail, billing-address subset, tokenized payment-method referenceUnited StatesEU SCCs (Module 2) + UK Addendum
Apple Inc.App distribution (App Store), in-app purchase/billing, and device-side HealthKit framework (no off-device transfer to Apple by Further Health)Account identifier and billing relationship managed by Apple; no health data transferred to Apple by Further HealthUnited StatesApple's standard developer-program and platform terms

If we ship through another distribution platform, that platform operator may process your account/billing relationship under its own terms; we will update this directory accordingly.

8. Wearable and connected services

Each connection is governed by the third party's own terms and privacy policy as well as this policy.

8.1 WHOOP

When you connect WHOOP, we exchange tokens under WHOOP's API Terms of Use and use WHOOP data only to power wellness features for you. We do not market, sell, license, or lease WHOOP data, and we do not expose it to any third party except as described in Section 7. We delete cached WHOOP data when our access is revoked or this agreement terminates. To revoke access, visit your WHOOP account at whoop.com.

8.2 Oura

When you connect Oura, we exchange tokens under the Oura Cloud API Agreement. Oura may collect use data related to your use of the Oura API and platform, including data collected through your authorization of the connection, and may use such usage data for its business purposes. We use Oura data only to power wellness features for you; we do not use Oura data in advertisements; we do not directly or indirectly disclose, market, sell, license, or lease Oura data to any third party (including advertisers and data brokers); and we comply with Oura's Brand Guidelines. No Oura data remains in our cache for more than sixty (60) days. With respect to data flowing between Further Health and Oura, each party acts as an independent data controller within the meaning of Article 26 of the GDPR. To revoke access, visit cloud.ouraring.com.

8.3 Apple Health / HealthKit

When you grant the iOS app access to specific HealthKit data types, the Service reads those types on your device. Per Apple's rules, we do not use HealthKit data for advertising or other use-based data mining, we do not share it with third parties for advertising, we do not disclose it to a third party without your explicit permission, and we do not store it in iCloud. You can revoke any HealthKit permission at any time in iOS Settings.

8.4 Laboratory and clinical-record providers

When you connect a laboratory or health-record provider, we use a one-time credential or OAuth token to fetch the records you choose. Records are stored on your device. You can disconnect any provider at any time.

8.5 Calendar providers

The calendar connection is read-only and limited to the start time, end time, title, and any keywords you specify. We do not read attachments, attendees, or meeting links. You can revoke calendar access at any time.

9. Genetic information (GINA)

We treat genetic information with extra care because it can never be re-issued.

  • Your raw genetic data file is parsed locally on your device and is never transmitted to our servers or to any third party.
  • We never use, sell, transfer, or disclose genetic data to health insurers, life insurers, employers, employment screeners, or anyone making credit, lending, or housing decisions, consistent with the U.S. Genetic Information Nondiscrimination Act (GINA, Pub. L. 110-233) and analogous state and international laws.
  • We do not include genetic information in any advertising, analytics, or research dataset.
  • Polygenic scores and genetic observations are probabilistic, research-grade, educational wellness information — not a clinical genetic test, not a diagnosis, and not medical advice. They are calibrated to ancestry groups and may be less accurate for some ancestries, and should be confirmed clinically. See the Wellness Disclaimer.
  • You can delete your genetic data and the derived findings from inside the Service at any time. Deletion removes the data from your device and from any encrypted device backup we manage.

10. Reproductive and sexual-health information

We treat reproductive and sexual-health information with heightened sensitivity in light of the post-Dobbs legal landscape, the Washington My Health My Data Act, Nevada SB 370, and similar laws.

  • The Service's cycle-tracking and related reproductive features are strictly opt-in (eligible adults only). You can disable them at any time; on disabling, we delete the data on the accelerated schedule in Section 13.
  • Reproductive and sexual-health data is processed and stored on your device, encrypted at rest, and is never shared with advertisers, data brokers, insurers, or employers.
  • We do not respond to law-enforcement or other third-party requests for reproductive or sexual-health data without lawful process, and we will challenge requests that are facially invalid or that we believe are inconsistent with applicable law. Where law allows, we will notify you of a request before complying so you have an opportunity to object.
  • The Service does not infer pregnancy, fertility status, ovulation for contraceptive purposes, or any clinical condition from cycle data. Cycle features are wellness pattern observation only — not contraceptive, not a fertility/TTC tool, not diagnostic, and not an aid in detection.

11. International data transfers

The Service is intended for users in the United States and is not directed to individuals located in the European Economic Area or the United Kingdom; we do not knowingly target them.

The Service is operated from the United States. If you nonetheless access the Service from the EEA, the United Kingdom, Switzerland, or another jurisdiction with data-transfer rules, the limited data we process on our cloud sub-processors may be transferred to and processed in the United States. We rely on the European Commission's Standard Contractual Clauses (SCCs), including (where applicable) Module 2 (Controller to Processor) and Module 3 (Processor to Processor), on equivalent UK and Swiss addenda, and on supplementary technical measures — including encryption in transit and at rest, column-level on-device encryption for health data, pseudonymization, and a deterministic outbound privacy filter — to provide appropriate safeguards. The applicable module is identified in our agreement with each sub-processor. You may request a copy of the relevant transfer mechanism from privacy@further.health.

12. Data security

Security is the foundation of the Service rather than an afterthought.

  • Sensitive on-device health data is encrypted column-by-column with AES-256-GCM. The key is derived from your passphrase using Argon2id and split into a key-encrypting key (KEK) and per-record data-encrypting keys (DEKs), so changing your passphrase re-wraps the KEK rather than re-encrypting every record.
  • In automated flows, sensitive raw data — full lab values, genetic files, medical records — does not leave your device in identifiable form. Only a pseudonymized subset, after passing a deterministic outbound privacy filter and an additional safety check, is sent to our cloud AI sub-processor.
  • Outbound network calls are made over TLS 1.2 or higher.
  • We implement organizational and technical measures consistent with Article 32 of the GDPR (Section 12.1).

No security program is perfect. If you discover a vulnerability, please write to privacy@further.health and we will respond promptly.

12.1 Technical and organizational measures (Article 32 GDPR)

  • Pseudonymization and encryption. Column-level AES-256-GCM for sensitive on-device data; Argon2id passphrase-derived key wrapped via a KEK/DEK split; deterministic pseudonymization on outbound calls; TLS 1.2+ for all transport; encryption of backups and exports at rest.
  • Confidentiality. Least-privilege engineering access; confidentiality obligations for all contractors and employees and in every sub-processor agreement; multi-factor authentication on administrative consoles; just-in-time privileged access for production systems.
  • Integrity. Versioned source control with mandatory review and automated security checks before merge; cryptographic integrity (GCM authentication) tags on every encrypted column to detect tampering; deterministic re-execution of the outbound privacy filter on every call.
  • Availability and resilience. Redundant hosting; automated failover for critical surfaces; encrypted database snapshots retained for a rolling window; documented disaster-recovery procedures.
  • Restoration after incident. Tested backup-restoration procedures; documented incident-response runbooks; root-cause and remediation reports for every incident.
  • Testing and evaluation. Continuous static-analysis and dependency-vulnerability scanning; periodic penetration testing; periodic review of these measures; a vulnerability-disclosure channel.
  • Data minimization and purpose limitation. We collect only the categories in Section 4 and use them only for the purposes in Section 5; we do not repurpose personal information without a new lawful basis.
  • Sub-processor due diligence. Each sub-processor undergoes a written security and privacy review before onboarding and is monitored for compliance.
  • Personnel and training. All personnel with access to personal data complete privacy- and security-awareness training at least annually.
  • Logging and monitoring. Audit logs of administrative actions; alerting on anomalous access; logs retained only as long as needed for security and audit.

13. Data retention and deletion

We keep personal information only as long as needed for the purposes in Section 5, plus a short period for legal, security, audit, or accounting purposes.

Data typeRetention rule
Account data (email, identifiers)While your account is active, plus up to thirty (30) days after deletion to complete deletion across backups
Wearable data (WHOOP, Oura, Apple Health)Per your on-device configuration; on revocation or account deletion, on-device data is deleted and any cached off-device data held by sub-processors is deleted within thirty (30) days. No Oura data remains in our cache for more than sixty (60) days under any circumstance. Apple HealthKit data is processed only on your device
Lab results, genetic data, medical recordsStored on your device until you delete them or delete the Service. We do not keep off-device copies
Cycle / reproductive dataOn disabling cycle tracking: a short grace period (up to seven (7) days), after which Tier 1, Tier 2, and audit-log values are stripped; any outbound-processing deletion request is initiated promptly. This timeline is designed to comply with the Washington My Health My Data Act
Logs (hosting)Typically thirty (30) days or less
Support correspondenceUp to two (2) years from last contact, then deleted

You can request deletion of any data we hold by writing to privacy@further.health. We will complete verified deletion within thirty (30) days under the Washington My Health My Data Act, within forty-five (45) days under the CCPA/CPRA, and within thirty (30) days under the GDPR/UK GDPR (extendable by two months for complex requests, with notice).

14. Your privacy rights

Subject to the law that applies to you and to identity verification, you have rights to:

  • Access the personal information we hold about you (GDPR Art. 15; CCPA § 1798.110).
  • Correct inaccurate personal information (GDPR Art. 16; CPRA right to correct).
  • Delete personal information (GDPR Art. 17; CCPA § 1798.105; MHMDA RCW 19.373.030; analogous state laws).
  • Restrict certain processing or object to processing based on legitimate interests (GDPR Art. 18, 21).
  • Data portability — receive a copy in a machine-readable format (GDPR Art. 20; CCPA right to know).
  • Withdraw consent at any time, without affecting the lawfulness of prior processing (GDPR Art. 7(3)).
  • Opt out of sale or sharing of personal information (CCPA/CPRA § 1798.120). We do not sell or share personal information for cross-context behavioral advertising; this right is preserved by default.
  • Limit use of sensitive personal information (CPRA § 1798.121).
  • Non-discrimination for exercising any of these rights.
  • Appeal a denial (under state laws that provide an appeal right; see Sections 15–16).
  • Lodge a complaint with a supervisory authority — your local data-protection authority in the EEA, the UK Information Commissioner's Office, or your state attorney general in the US.

To exercise any right, write to privacy@further.health. We may need to verify your identity. You may use an authorized agent under the CCPA/CPRA; we may require written proof of authorization. We do not charge a fee for verified rights requests. We honor verifiable opt-out signals such as Global Privacy Control (GPC) where applicable.

Residents of California: in the twelve (12) months preceding this policy, we collected the categories in Section 4 for the purposes in Section 5; we did not sell or share personal information for cross-context behavioral advertising; and we did not knowingly sell or share personal information of consumers under sixteen (16). The Service is offered only to adults aged eighteen (18) or older.

14.1 State-by-state rights summary

StateStatuteSelected rights honored
CaliforniaCCPA / CPRAKnow, access, delete, correct, opt-out of sale and sharing, limit sensitive PI, non-discrimination, authorized agent
VirginiaVCDPAAccess, correct, delete, portability, opt-out of sale and targeted advertising, opt-out of profiling with legal effect, appeal
ColoradoCPASame set as Virginia; recognized universal opt-out (e.g., GPC)
ConnecticutCTDPA (incl. consumer-health-data amendments)Same set as Virginia; explicit consumer-health-data protections; consent for sensitive data
UtahUCPAAccess, delete, portability, opt-out of sale and targeted advertising
TexasTDPSAAccess, correct, delete, portability, opt-out of sale, targeted advertising, profiling
OregonOCPAAccess, correct, delete, portability, opt-out of sale, targeted advertising, profiling; sensitive-data opt-in
MontanaMCDPAAccess, correct, delete, portability, opt-out of sale and targeted advertising
IowaICDPAAccess, delete, portability, opt-out of sale and targeted advertising
TennesseeTIPAAccess, correct, delete, portability, opt-out of sale, targeted advertising, profiling
IndianaINCDPAAccess, correct, delete, portability, opt-out of sale, targeted advertising, profiling
DelawareDPDPAAccess, correct, delete, portability, opt-out of sale, targeted advertising, profiling
New HampshireNHPAAccess, correct, delete, portability, opt-out of sale, targeted advertising, profiling
New JerseyNJDPAAccess, correct, delete, portability, opt-out of sale, targeted advertising, profiling; financial info treated as sensitive
MarylandMODPAAccess, correct, delete, portability; sensitive-data sale prohibited; heightened minimization
MinnesotaMCDPAAccess, correct, delete, portability, opt-out of sale, targeted advertising, profiling; right to question a profiling decision
WashingtonMy Health My Data ActSee Section 15
NevadaSB 370 (consumer health data)See Section 16

Where the law of your residence imposes additional or stronger requirements, we honor those as well.

15. Washington consumer-health-data policy (MHMDA)

This section satisfies our obligation to publish a separate consumer-health-data privacy policy under RCW 19.373.020 of the Washington My Health My Data Act (MHMDA) and applies in addition to the rest of this Privacy Policy. This section, together with the rest of this Policy, is our MHMDA Consumer Health Data Privacy Policy.

15.1 Categories of consumer health data we collect

  • Biometric and physiological data, including heart rate, HRV, sleep stages, recovery, strain, respiratory rate, blood-oxygen estimates, and body temperature (from wearables).
  • Diagnoses, conditions, medications, immunizations, and other clinical information you import from medical records.
  • Laboratory results and reference ranges.
  • Genetic data and findings derived from genetic data.
  • Reproductive and sexual-health data, including menstrual-cycle information when you enable cycle tracking.
  • Mental-health and wellness self-reports.
  • Health-related inferences and observations the Service generates from the above.

15.2 Sources

We collect consumer health data from you directly, from the third-party services you authorize (Section 8), and from the documents and files you upload.

15.3 How and why we collect and use consumer health data

We collect and use consumer health data only to provide the wellness and educational features you request, as described in Section 5, and we obtain your consent for the collection and (where applicable) sharing of consumer health data separately from other terms.

15.4 Categories of consumer health data shared, and recipients

We share consumer health data only with the sub-processors listed in Section 7, only as necessary to operate the Service for you, and only after pseudonymization for cloud-AI calls. We do not sell consumer health data, and we do not share it for advertising or profiling. We do not collect or use a "geofence" around any facility that provides in-person health-care services.

15.5 Affiliates with whom data is shared

None at present.

15.6 Your MHMDA rights

  • Right to confirm whether we collect, share, or sell your consumer health data, and to access it.
  • Right to withdraw consent to the collection and sharing of your consumer health data.
  • Right to have your consumer health data deleted, including (where technically feasible and lawful) to direct us to ask our sub-processors and affiliates to delete it.
  • Right to non-discrimination for exercising any of these rights.
  • Right to appeal a denial. We will respond to an appeal in writing within forty-five (45) days, explaining the decision. If your appeal is denied, you may submit a complaint to the Washington State Office of the Attorney General using the consumer-complaint form at atg.wa.gov/file-complaint, or by writing to: Office of the Attorney General, Consumer Protection Division, 800 Fifth Avenue, Suite 2000, Seattle, WA 98104.

15.7 How to exercise these rights

Email privacy@further.health with the subject line "Washington consumer health data" and tell us which right you wish to exercise. We will respond within thirty (30) days (extendable by fifteen (15) days when reasonably necessary, with notice).

16. Nevada and other consumer-health-data laws

For residents of Nevada, this section addresses Nevada SB 370 (NRS Chapter 603A, consumer health data). We do not sell your consumer health data, and we will honor a verified request to opt out of any sale and to confirm our collection of your consumer health data. We do not use a geofence around an in-person health-care facility to identify or track consumers or to send health-related advertising. To exercise a Nevada right, email privacy@further.health with the subject line "Nevada consumer health data." We honor comparable consumer-health-data protections in other states (such as Connecticut's consumer-health-data amendments) as described in Sections 14–15.

17. Biometric information

Several U.S. state laws regulate biometric information separately, including the Illinois Biometric Information Privacy Act (BIPA, 740 ILCS 14/1 et seq.), the Texas Capture or Use of Biometric Identifier Act (CUBI, Tex. Bus. & Com. Code § 503.001), and Washington's biometric statute (RCW 19.375).

  • We do not collect, use, store, or disclose any biometric identifier (such as a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry) for identification of individuals, and we do not generate any such identifier from photographs or voice recordings.
  • Wearable physiological data (heart rate, HRV, sleep, respiratory rate, blood-oxygen estimates, temperature) and laboratory analyte values are used solely for the wellness purposes in Section 5. We do not use them to identify or authenticate any person.
  • Genetic data is treated separately under Section 9 (GINA) and is never used for identification.
  • Where state law requires written consent before collecting a regulated biometric identifier, we obtain it at the point of collection; where no regulated identifier is collected, we still apply the Section 12 safeguards to all physiological data.

18. HIPAA status

Further Health is not a HIPAA Covered Entity, and we do not act as a Business Associate of any Covered Entity in our consumer service. The information you provide is generally not regulated as "protected health information" under HIPAA. That HIPAA does not apply does not mean your information is unprotected — it is protected by this Policy, by the Section 12 security measures, and by other laws (the FTC Act, the Washington My Health My Data Act, the GDPR, and others). If we ever offer the Service under a Business Associate Agreement to a provider or organization, we will do so under a separate written agreement.

19. Health Breach Notification Rule

The Service holds personal-health-record-related information. If we discover a breach of unsecured individually identifiable health information, we will notify affected individuals without unreasonable delay and no later than sixty (60) calendar days after discovery. For breaches affecting 500 or more individuals, we will notify the U.S. Federal Trade Commission and prominent media within the same period; for breaches affecting fewer than 500 individuals, we will notify the FTC as the Rule requires — in each case in accordance with the FTC Health Breach Notification Rule (16 C.F.R. Part 318) and any other applicable law, subject to any law-enforcement delay request. We will also comply with applicable state breach-notification laws.

20. Children

The Service is intended for adults aged eighteen (18) or older. We do not knowingly collect or process personal information from anyone under 18. We comply with the U.S. Children's Online Privacy Protection Act (COPPA, 15 U.S.C. §§ 6501-6506), the GDPR's Article 8 provisions, and analogous laws. If you believe a minor has provided us with personal information, write to privacy@further.health and we will delete it promptly and confirm in writing.

21. Cookies and similar technologies

The Site does not run advertising or analytics cookies. The Site uses your browser's local storage only to remember your theme preference (light or dark mode). The Service uses session tokens that are strictly necessary to keep you signed in and that we do not use for tracking. We do not implement cross-context behavioral advertising.

Our hosting provider writes standard server access logs as described in Section 4.8. These are not cookies and are used only for the limited operational purposes in that section. We do not sell or share personal information for cross-context behavioral advertising, so the Service has no such opt-out to interpret; we nonetheless honor any verifiable opt-out request received through Global Privacy Control (GPC), the "Do Not Track" (DNT) header, or by direct email.

22. Automated processing and AI

The Service uses statistical, algorithmic, and machine-learning techniques, including (for Premium AI Analysis) a large language model, to organize your data and surface patterns. Further Health does not use these outputs to make automated decisions about you that produce legal or similarly significant effects within the meaning of Article 22(1) of the GDPR (such as decisions about employment, insurance, or credit). Outputs are presented to you for your own use in conversations with your licensed clinician, who remains the decision-maker for any clinical action. Where outputs are AI-generated, they are identified as such. AI outputs may be incomplete or contain errors and are wellness-tier and non-diagnostic; see the Wellness Disclaimer. The Service is not a substitute for a licensed clinician.

23. Changes to this Policy

We may update this Privacy Policy from time to time. The "Effective date" at the top reflects the most recent change. Material changes will be communicated through the Service or by email at least thirty (30) days before they take effect, and where required by law (or where the change materially affects special-category processing or your consent) we will obtain your renewed consent. Your continued use of the Service after a non-material change constitutes acceptance of the updated policy.

24. Contact

For privacy questions, data-rights requests, or to report a security concern:

See the companion Terms of Service and Wellness Disclaimer.

View this version (v5) at a permanent URL · Previous versions remain available at their dated URLs for your records.