Privacy Policy
Your records are yours. We built ChartHaven so we can't read them.
Last updated: June 26, 2026
The short version: Your medical records are encrypted on your device with a key only you hold. We store data we cannot read. We never sell your information, and your AI companion, Haven, answers only from your own records — nothing leaves your control without your action.
This Privacy Policy explains what information ChartHaven Inc. ("ChartHaven," "we," "us") collects, how we use it, and the choices you have. It applies to the ChartHaven website, mobile app, and related services (together, the "Service").
1.The information we collect
We deliberately collect as little as possible. Depending on how you use the Service, this may include:
- Account information — your email address and authentication data (including multi-factor authentication secrets) used to create and secure your account.
- Your medical records — the record exports you choose to upload (for example C-CDA, FHIR, or PDF files from patient portals). These are end-to-end encrypted on your device before they reach us. We store only ciphertext we cannot decrypt.
- Waitlist information — if you join our waitlist, we collect your email address so we can notify you about access.
- Limited technical data — basic, security- and reliability-related logs (such as error reports and request metadata). We do not use third-party advertising trackers.
2.How your records are protected
When you add records, they are encrypted using a key generated and stored in your device's secure hardware (the Secure Enclave on Apple devices). The encryption key never leaves your device in a form we can use. Because of this design:
- We cannot read, decrypt, or hand over the contents of your records.
- Records are decrypted only on your device, for you.
- If you delete a record or your account, the encrypted data is removed from our systems.
3.How we use information
We use the limited information we collect to:
- Provide, maintain, and secure the Service and your account;
- Let Haven, our AI companion, organize and explain your records — grounded only in your own data and processed on your behalf;
- Communicate with you about access, updates, and support;
- Detect, prevent, and respond to fraud, abuse, and security incidents;
- Comply with legal obligations.
4.How Haven (AI) uses your data
Haven answers questions using only the records you have added. It is designed to cite where each fact came from and to tell you when it does not have an answer. We do not use the contents of your records to train general-purpose AI models, and we do not share your records with third parties to train theirs.
5.Sharing and disclosure
We do not sell your personal information. We share information only in these limited cases:
- At your direction — when you choose to share a summary or send a records request to a provider, ChartHaven acts on your instruction. You control what is shared and can revoke access.
- Service providers — vetted vendors (for example, cloud hosting and infrastructure) who process data on our behalf under confidentiality and security obligations, and who cannot access your decrypted records.
- Legal requirements — when required by law or to protect the rights, safety, and security of users and the public. Because your records are end-to-end encrypted, we cannot produce their contents.
6.Data retention
We keep your information for as long as your account is active or as needed to provide the Service. You can delete individual records or your entire account at any time; we remove the associated encrypted data from our active systems and from backups on a rolling basis.
7.Your rights and choices
You can:
- Access, export, or delete your records at any time within the app;
- Delete your account and associated data;
- Unsubscribe from non-essential emails;
- Request information about the data we hold, subject to applicable law.
Depending on where you live, you may have additional rights under laws such as the GDPR or CCPA. To exercise any of these, contact us at [email protected].
8.Health information
ChartHaven is a patient-controlled tool: you decide what records to add and with whom to share them. We apply healthcare-grade security practices to protect your data. ChartHaven is not a healthcare provider and does not provide medical advice; Haven's explanations are for your understanding and are not a substitute for professional care.
9.Children
The Service is not directed to children under 13, and we do not knowingly collect their personal information. If you believe a child has provided us information, contact us and we will delete it.
10.Changes to this policy
We may update this policy as the Service evolves. We will post the new version here and update the "Last updated" date. Material changes will be communicated to you directly where required.
11.Contact us
Questions about this policy or your data? Email us at [email protected].