Privacy Policy

Effective date: May 21, 2026

Hepatica: AI Fatty Liver Companion ("the App") is developed and published by Valerii Loveiko. We take your privacy seriously and are committed to protecting your personal information. This privacy policy explains how the App collects, uses, stores, and protects your data.

    Summary: Your lab values, meal photos, lab-report photos, medication and alcohol logs, FibroScan scores, and AI Coach chat history are stored locally on your device. Meal photos, lab-report photos, and Coach messages are sent to secure third-party AI services only after you give per-feature consent, and are not retained by those providers after processing. We do not collect your name or email, we do not use advertising or tracking SDKs, and we do not sell, share, or monetize your personal data.

Educational only: Hepatica is a Health & Fitness wellness companion, not a medical device. The App does not diagnose, treat, cure, or prevent any condition. Always consult your doctor or hepatologist before starting, changing, or stopping any treatment. See the Medical Disclaimer.

1. Information We Collect

1.1 Health and Lab Data You Enter

Hepatica lets you record liver-related health information so you can track it over time. This includes:

Blood lab values you enter or scan — ALT, AST, GGT, ALP, bilirubin, albumin, platelets, HbA1c, triglycerides, fasting glucose, ferritin, and a FIB-4 score the App calculates from values you provide
FibroScan results (CAP / liver-stiffness kPa) that you enter from your own clinical report
Weight, blood pressure, waist measurement, and symptom notes (fatigue, nausea, and similar)
Optional onboarding answers (age band, the cohort that best describes your situation)

All of this is stored exclusively on your device. It is used for trend charts, the multi-lab dashboard, doctor-shareable reports, and to give the AI Coach context. It is never transmitted to any external server.

1.2 Lab-Report Photos

When you use the Lab Interpreter, you may photograph a printed or on-screen blood-panel report so the App can read the values for you. Lab reports can contain personal identifiers (your name, date of birth, a medical-record number).

The photo is sent — only when you tap to scan it and after you accept the per-feature consent — via encrypted HTTPS to our AI vision provider (see §3.1) for optical character recognition
Only the recognised lab values are kept in the App; you can review and correct them
The image itself is processed and discarded — it is not retained by the AI provider after processing, and Hepatica does not upload it to any server of ours
You may crop or cover identifying details before scanning; the App only needs the test names and numbers
You can also enter every value manually and never use the photo feature at all

1.3 Meal Photos (Photo Food Scanner)

When you use the Photo Food Scanner, the App accesses your camera or photo library at your explicit request to capture a meal. These photos are:

Used to generate an educational "liver-risk" rating for the meal (a simple safe / moderate / limit indication)
Stored locally on your device as part of your meal log
Sent — only after per-feature consent — to our AI vision provider (see §3.1) for the rating, then not retained by the provider
Never used for face recognition or any biometric analysis — the scanner looks at food, not people. Hepatica does not compute, store, or transmit facial landmarks or biometric templates

The App does not scan your photo library and does not collect EXIF metadata (location, date, camera model) from your photos.

1.4 AI Liver Coach Chat Data

When you use the AI Liver Coach, your messages and the AI's responses are handled as follows:

Messages are sent — only after explicit per-feature consent — via encrypted HTTPS to our AI text provider (see §3.2), proxied through our Cloudflare Worker
Chat history is stored locally on your device
Every Coach response is grounded in an on-device clinical knowledge base; citations link to the source guideline (AASLD, AGA, EASL, Mayo Clinic, and selected PubMed extracts)
The on-device knowledge base never leaves your device
No photos, lab-report images, identifiers, or Apple Health records are sent to the chat provider — only your message text and a brief on-device context summary (your cohort, age band, and recent lab ranges) so the answer fits your situation

1.5 Medication and Alcohol Logs

If you log medications (for example Rezdiffra adherence, GLP-1 doses such as Ozempic / Wegovy / Mounjaro, or a Vitamin E protocol) or alcohol intake and a sober streak, this information is:

Stored exclusively on your device
Used for timeline visualizations, recovery tracking, and the doctor-shareable PDF
Never transmitted to any external server

Hepatica does not prescribe, supply, or modify any medication or dose. The medication log is solely a personal journal of what you are already doing under your own clinician's care.

1.6 Apple Health Data

With your permission, Hepatica can read selected data from Apple Health (for example body mass, HbA1c, steps, active energy). This access is read-only — the App does not write to Apple Health. Data read from Apple Health is used on-device for your dashboard and trends and is never transmitted off the device. You can grant or revoke this access at any time in iOS Settings → Privacy & Security → Health.

1.7 Subscription Information

Hepatica offers optional subscriptions and a one-time purchase managed entirely through Apple's App Store and StoreKit. All payment processing and billing are handled by Apple — we do not collect, process, or store payment information. We use RevenueCat to track subscription status (see §3.4).

1.8 Anonymous Analytics

To understand aggregate App usage and reliability, Hepatica records a small amount of anonymous event data (for example "onboarding completed", "paywall viewed", a subscription event from RevenueCat) in our Supabase backend (see §3.5). These events are tied only to an anonymous, system-generated identifier. They contain no name, no email, no lab values, no photos, and no chat content.

1.9 Information We Do NOT Collect

Hepatica does not collect:

Your name, email address, phone number, or any contact information
Your physical location or GPS coordinates
Advertising identifiers (IDFA) or any identifier used for cross-app tracking
Browsing history or activity outside the App
Contacts, calendar, or other personal data from your device
Biometric identifiers, face-recognition templates, or face embeddings
Social media accounts or login credentials

2. How We Use Your Information

The information processed by the App is used exclusively for:

Multi-Lab Dashboard & trends: local visualization of your liver markers over time
Lab Interpreter: reading and explaining the values on a blood panel you scan or enter
Photo Food Scanner: an educational liver-risk rating for a meal you photograph
AI Liver Coach: generating sourced, citation-backed educational answers about liver health
Medication & Recovery tracking: local logs and streaks for adherence and alcohol recovery
Doctor-shareable PDF: an on-device export of your trend data for your appointment
Personalization: adapting in-app copy and Coach prompts to the cohort you selected
Reliability: anonymous, aggregate analytics to fix bugs and improve the App

We do not use your data for advertising, profiling, or any purpose unrelated to the core functionality of the App.

3. Third-Party Services

3.1 OpenAI (Lab OCR & Meal Scan — Optional)

When you scan a lab report or a meal, Hepatica uses OpenAI's vision models to read the report or rate the meal. This call only happens when you explicitly request it and after you accept the per-feature consent prompt.

The image is transmitted via encrypted HTTPS to OpenAI's API, proxied via a Cloudflare Worker
OpenAI returns recognised lab values, or a liver-risk rating for a meal
API inputs and outputs are not used to train OpenAI's models and are not retained after processing
No personal identifiers are sent alongside the image — only the image and the analysis instruction
For details, see OpenAI's API Data Usage Policy

3.2 DeepSeek (AI Liver Coach Text)

Hepatica uses DeepSeek's API to generate AI Coach responses, grounded by our on-device liver knowledge base. When you send a message:

The message text is transmitted via encrypted HTTPS to DeepSeek's API, proxied via a Cloudflare Worker
DeepSeek returns a generated response that the App grounds against the on-device citation corpus before presenting it
No photos, lab images, identifiers, or Apple Health data are ever sent to DeepSeek
A brief context summary (cohort, age band, recent lab ranges) is included so the response is tailored to your case
API inputs are not retained after processing

3.3 Cloudflare (API Gateway)

All AI requests are routed through a Cloudflare Worker proxy that forwards traffic to OpenAI and DeepSeek without logging or storing request bodies. The Worker exists solely to keep API keys server-side and to apply rate limiting.

3.4 RevenueCat (Subscription Management)

Hepatica uses RevenueCat to manage subscription status. RevenueCat receives an anonymous, system-generated user identifier, your subscription status (active, trial, expired), and the product identifier purchased. RevenueCat does not receive your name, email, lab values, photos, logs, or any personal information. For details, see RevenueCat's Privacy Policy.

3.5 Supabase (Anonymous Analytics Backend)

Hepatica uses Supabase to store anonymous usage and subscription events (see §1.8). Each event is tied only to an anonymous identifier and contains no personal health data, photos, or chat content. Supabase acts as our data processor for this limited, anonymous telemetry. For details, see Supabase's Privacy Policy.

3.6 Apple Services

StoreKit 2: subscription management and payment processing. All financial data is handled by Apple.
HealthKit: read-only access to the Apple Health categories you approve. Apple Health data stays on-device.
iCloud Backup: if enabled on your device, local App data may be included in your device backup. This is controlled by your device settings.

3.7 No Advertising or Third-Party Tracking SDKs

Hepatica does not integrate advertising networks, cross-app tracking SDKs, or third-party behavioral-analytics platforms (Google Analytics, Firebase Analytics, Mixpanel, Amplitude, the Meta SDK, and similar). The App contains no advertisements. The only off-device data flows are the AI processing, RevenueCat, and the anonymous Supabase telemetry described above.

4. Data Storage and Security

4.1 Local Storage

All lab values, FibroScan scores, meal photos, medication and alcohol logs, chat history, symptom notes, and personalization settings are stored locally on your device using Apple's standard storage frameworks, with file protection enabled. This data resides only on your device, is protected by your device's passcode / Face ID / Touch ID and encryption, is not accessible to the developer, and can be deleted at any time from within the App or by deleting the App.

4.2 On-Device Knowledge Base

The liver-health citation corpus ships embedded in the App and is queried entirely on-device. It contains extracts from AASLD, AGA and EASL guidelines, Mayo Clinic patient material, the Rezdiffra (resmetirom) FDA label, and selected PubMed literature on NAFLD/MASLD, alcohol-associated liver disease, and GLP-1 medications. It never leaves your device and is not personalized.

4.3 Network Security

All network communications are encrypted using industry-standard TLS 1.2+/HTTPS. No data is transmitted in plain text. The App enforces Apple's App Transport Security.

4.4 API Key Security

Third-party API credentials are kept server-side on the Cloudflare Worker and are not stored in plain text within the application.

5. Data Retention

Lab values, FibroScan scores, photos, logs, chat history: retained on your device until you delete individual items or uninstall the App
OpenAI / DeepSeek requests: not retained after processing — zero-retention API usage
Cloudflare Worker: no request bodies logged or retained
RevenueCat: anonymous subscription records retained per their data-retention policy
Supabase: anonymous event records retained for aggregate analytics; they contain no personal data
Subscription data (Apple): managed entirely by Apple

6. Your Rights and Choices

6.1 Camera, Photo Library and Health Access

You can revoke the App's camera, photo-library, or Apple Health access at any time through iOS Settings → Hepatica (and iOS Settings → Privacy & Security → Health). Without these permissions you can still use Hepatica as a manual tracker.

6.2 AI Consent

The first AI Coach message, the first lab scan, and the first meal scan each prompt you for explicit, separate consent. You can decline any of them and continue using Hepatica as a manual tracker. You can re-show these prompts from Settings.

6.3 Deleting Your Data

Because your personal data is stored locally on your device, you can delete individual entries within the App, use Settings → Delete all my data to wipe every log at once, or delete all data by uninstalling the App. No request to the developer is necessary — we do not hold your health data on external servers.

6.4 Subscription Management

Manage, cancel, or modify your subscription through iOS Settings → Apple ID → Subscriptions. Cancellation takes effect at the end of the current billing period. Refunds are handled by Apple.

7. Children's Privacy

Hepatica is not directed at children under 12 and is rated 12+ on the App Store. We do not knowingly collect personal information from children. If a parent or guardian is tracking on behalf of a younger family member, the consenting adult enters and reviews all data — no separate account or personal data is collected from the child.

8. International Users and Compliance

Hepatica is available worldwide. We comply with applicable data-protection regulations:

GDPR (EU/EEA) & DSGVO (Germany): minimal data collection, no profiling, no advertising. Legal basis: your consent (camera, photo, Health and per-feature AI consent) and legitimate interest (core service and anonymous reliability telemetry). Right to erasure: delete your data in-App or uninstall the App.
UK GDPR: the same rights and protections apply.
CCPA/CPRA (California): we do not sell or share personal information and do not use it for behavioral advertising.
PIPEDA (Canada): compliant — minimal, consent-based, secure.
Other jurisdictions: our privacy-by-design approach — minimal collection, local storage, no tracking, no advertising — is designed for global compliance.

9. Medical Disclaimer

Hepatica is an educational wellness companion, not a medical device. It does not diagnose, treat, cure, or prevent any condition. Lab interpretations, FibroScan tracking, FIB-4 scores, food ratings, and AI Coach answers are educational information and self-reported tracking, not clinical assessments. Always consult your doctor or hepatologist. See the full Medical Disclaimer.

10. Changes to This Policy

We may update this policy to reflect changes in functionality or regulations. Material changes will be indicated by updating the effective date. Continued use after changes constitutes acceptance of the updated policy.

11. Contact Us

For questions about this privacy policy or your data:

Developer: Valerii Loveiko
Email: sergejkar@gmail.com
Support: love8ko.github.io/hepatica/support.html

Medical Disclaimer · Terms of Use · Support