Privacy Policy

Effective date: May 14, 2026

Salvora: AI Eczema Flare Tracker ("the App") is developed and published by Valeriy Loveiko. We take your privacy seriously and are committed to protecting your personal information. This privacy policy explains how the App collects, uses, stores, and protects your data.

1. Information We Collect

1.1 Skin Photos and Camera Data

When you log a photo in Salvora's Photo Journal, the App accesses your device's camera or photo library at your explicit request. These photos are:

• Used solely for tracking the appearance of your eczema-affected skin over time
• Stored locally on your device as part of your photo journal
• Optionally sent — only after explicit per-feature consent — to our AI vision provider (see §3.1) for a text description that becomes part of the entry
• Never shared with other users, advertisers, or any third party beyond the AI provider listed in §3 and only when you opt in

The App does not scan your photo library and does not collect EXIF metadata (location, date, camera model) from your photos.

1.2 Face Data

Eczema flares often affect visible areas including the face. Photos you choose to log may incidentally contain your face. We refer to such photos collectively as "face data." This section explains exactly how this data is handled, in compliance with Apple App Store guideline 5.1.1.

• What is collected: Photos of skin areas that you choose to capture or import. Front-facing or close-up views may incidentally include the user's face. Photos are captured only at the user's explicit request.
• Purpose — eczema tracking only: Photos are used exclusively to track skin appearance over time and, optionally, to generate a text description for your journal entry. The App does not perform face recognition, face identification, biometric template extraction, biometric enrollment, emotion detection, age/gender estimation, or any other biometric analysis. Photos are never used to identify, authenticate, or distinguish between individual users.
• On-device processing: No facial landmarks, face embeddings, or biometric templates are computed, stored, or transmitted.
• Transmission: When you tap the AI description button, the photo is transmitted via encrypted HTTPS to OpenAI's GPT-4o Vision API, routed through a Cloudflare Worker proxy that forwards the request without logging or storing image content. No personal identifiers are sent alongside the photo.
• Third-party sharing: Photos are shared only with OpenAI (via the Cloudflare proxy) for the sole purpose of generating a text description of the visible skin. They are not shared with any other third party, advertiser, analytics service, or data broker. OpenAI processes API inputs under a zero-retention policy and does not use them to train models. See OpenAI's API Data Usage Policy.
• Retention: Photos are retained on the user's device only as part of the local photo journal. They are not retained on OpenAI's or our own servers. The user can delete any photo at any time within the App or by uninstalling the App.
• User control: Photo logging and AI description are entirely optional. The user can revoke camera or photo-library access at any time via iOS Settings → Salvora. Deleting the App removes all locally stored photos.

1.3 Self-Reported Severity (POEM)

When you log a photo or trigger entry, you may rate your symptoms using a Patient-Oriented Eczema Measure (POEM) inspired 0–28 scale. This is a self-report, not a clinical diagnosis. The score:

• Is generated by you on a slider — Salvora does not assign severity scores from photos
• Is stored exclusively on your device and used for trend visualization, doctor-shareable reports, and insight calculations
• Is never transmitted to any external server

1.4 AI Coach Chat Data

When you use the AI Coach, your messages and the AI's responses are processed and stored as follows:

• Messages are sent — only after explicit per-feature consent — via encrypted HTTPS to DeepSeek's API (proxied through our Cloudflare Worker) for response generation
• Chat history is stored locally on your device
• Every Coach response is grounded in our on-device eczema knowledge base — citations link to the source guideline (American Academy of Dermatology, National Eczema Association, Mayo Clinic, American Academy of Family Physicians, PubMed extracts)
• The on-device knowledge base never leaves your device
• No photos, identifiers, or HealthKit data are ever sent to the chat provider — only the message text and a brief on-device context summary (selected persona type, age band if you provided one, recent severity range)

1.5 Trigger and Treatment Log

If you log triggers (food, environment, sleep, stress, products) or treatments (topical corticosteroids, TCI, biologics, moisturizers, wet-wrap, or any custom entry), this information is:

• Stored exclusively on your device
• Used to generate timeline visualizations, trigger correlations, and the doctor-shareable PDF inside the App
• Never transmitted to any external server

Salvora does not recommend, prescribe, or modify treatment dosages. The treatment log is solely a personal journal of what the user is already doing. All treatment names visible in the App are for educational logging only and are not endorsed or supplied by the developer.

1.6 Subscription Information

Salvora offers optional weekly and annual subscriptions managed entirely through Apple's App Store and StoreKit framework. All payment processing, billing, and subscription management are handled by Apple. We do not collect, process, or store any payment information. We use RevenueCat, a third-party subscription management service, to track subscription status. RevenueCat receives an anonymous app user ID — no personal information is shared. For details, see RevenueCat's Privacy Policy and Apple's Privacy Policy.

1.7 Information We Do NOT Collect

Salvora does not collect:

• Your name, email address, phone number, or any contact information
• Your physical location or GPS coordinates
• Device identifiers (IDFA, IDFV) for advertising or tracking purposes
• Browsing history or activity outside the App
• Contacts, calendar, or any other personal data from your device
• Biometric identifiers, face recognition templates, face embeddings, or any biometric data used to identify or authenticate individuals (the photos described in §1.2 are used solely for skin tracking and are never converted into biometric templates)
• Social media accounts or login credentials

2. How We Use Your Information

The information processed by the App is used exclusively for:

• Photo Journal: Local storage of your skin photos for visual progress tracking
• Optional Photo Description: A text description of visible skin features, generated only when you tap the AI button per photo and after you accept the per-feature consent
• AI Coach: Messages are processed to generate sourced, citation-backed educational responses about eczema
• Trigger Tracker & Insights: Local pattern detection from the food/environment/lifestyle entries you tap
• Doctor-Shareable PDF: Optional export of your trend data, generated on-device for you to share with your dermatologist
• Persona-Aware Personalization: Adapting in-app copy and Coach prompts to the persona type you selected during onboarding

We do not use your data for advertising, profiling, marketing, or any purpose unrelated to the core functionality of the App.

3. Third-Party Services

3.1 OpenAI (Vision Analysis — Optional)

When you tap the AI description button on a photo, Salvora uses OpenAI's GPT-4o Vision API to generate a short text description of the visible skin features. This call only happens when you explicitly request it and after you accept the per-feature consent prompt.

• Your photo is transmitted via encrypted HTTPS to OpenAI's API (proxied via Cloudflare Worker)
• OpenAI returns a short text description (color, texture, distribution, presence of oozing or cracks)
• API inputs and outputs are not used to train OpenAI's models and are not retained after processing
• No personal identifiers are sent alongside your data — only the image and analysis instructions
• For details, see OpenAI's API Data Usage Policy

3.2 DeepSeek (AI Coach Text)

Salvora uses DeepSeek's API to generate AI Coach responses, grounded by our on-device eczema knowledge base. When you send a message:

• The message text is transmitted via encrypted HTTPS to DeepSeek's API (proxied via Cloudflare Worker)
• DeepSeek returns a generated response that the App grounds against the on-device citation corpus before presenting it
• No photos, identifiers, or HealthKit data are ever sent to DeepSeek
• A brief context summary (persona type, age band, recent severity range) is included so the response is tailored to your case
• API inputs are not retained after processing

3.3 Cloudflare (API Gateway)

All AI requests are routed through a Cloudflare Worker proxy that forwards traffic to OpenAI/DeepSeek without logging or storing request bodies. The Worker exists solely to keep API keys server-side and to apply rate limiting.

3.4 RevenueCat (Subscription Management)

Salvora uses RevenueCat to manage subscription status. RevenueCat receives:

• An anonymous, system-generated user identifier
• Subscription status (active, expired, trial)
• Product identifiers (which plan was purchased)

RevenueCat does not receive your name, email, photos, trigger log, treatment log, or any personal information. For details, see RevenueCat's Privacy Policy.

3.5 Apple Services

• StoreKit 2: For subscription management and payment processing. All financial data is handled by Apple.
• iCloud Backup: If enabled on your device, local App data may be included in your device backup. This is controlled by your device settings.

3.6 No Analytics or Advertising SDKs

Salvora does not integrate any analytics platforms (Google Analytics, Firebase, Mixpanel, Amplitude), advertising networks, crash reporting services beyond Apple's built-in diagnostics, or any other third-party tracking tools. The App contains no advertisements.

4. Data Storage and Security

4.1 Local Storage

All photos, journal entries, trigger logs, treatment logs, chat history, and personalization settings are stored locally on your device using Apple's standard storage frameworks (UserDefaults for structured logs, the Documents directory for photo files). This data:

• Resides only on your device's local storage
• Is protected by your device's built-in security features (passcode, Face ID, Touch ID, encryption)
• Is not accessible to the developer or any third party
• Can be deleted at any time by removing items within the App or by deleting the App

4.2 On-Device Knowledge Base

The eczema citation corpus (sqlite-vec format) ships embedded in the App and is queried entirely on-device. The corpus contains AAD / NEA / Mayo / AAFP / selected PubMed extracts focused on eczema, atopic dermatitis, TSW, and trigger-management literature. It never leaves your device and is not personalized.

4.3 Network Security

All network communications are encrypted using industry-standard TLS 1.2+/HTTPS protocols. No data is transmitted in plain text. The App enforces App Transport Security (ATS) as required by Apple.

4.4 API Key Security

Third-party API credentials are kept server-side on the Cloudflare Worker and are not stored in plain text within the application source code.

5. Data Retention

• Photos and journal entries: Retained on your device until you delete individual items or uninstall the App
• Chat history, trigger log, treatment log: Retained on your device until you delete individual items or uninstall the App
• OpenAI / DeepSeek requests: Not retained after processing — zero-retention policy for API usage
• Cloudflare Worker: No request bodies logged or retained
• RevenueCat: Anonymous subscription records retained per their data retention policy
• Subscription data (Apple): Managed entirely by Apple

6. Your Rights and Choices

6.1 Camera and Photo Library Access

You can revoke the App's camera or photo library access at any time through iOS Settings → Salvora. Without camera access, you can view your existing data but cannot capture new photos.

6.2 AI Consent

The first AI Coach message and the first AI photo description each prompt you for explicit, separate consent. You can decline either and continue using Salvora as a manual tracker. You can also re-show these prompts from Settings → AI consent.

6.3 Deleting Your Data

Since all data is stored locally on your device:

• Delete individual photos, chat threads, trigger entries, or treatment entries within the App
• Use Settings → Delete all my data to wipe all logs at once
• Delete all data by uninstalling the App
• No request to the developer is necessary — we do not hold any of your data on external servers

6.4 Subscription Management

Manage, cancel, or modify your subscription through iOS Settings → Apple ID → Subscriptions, or through the App Store. Cancellation takes effect at the end of the current billing period. Refunds are handled by Apple.

7. Children's Privacy

Salvora is not directed at children under 12. The App is rated 12+ on the App Store. We do not knowingly collect personal information from children. Caregiver lanes (parents tracking a child's eczema) are operated by the consenting adult — the parent enters and reviews all data on the child's behalf, and no separate account or personal data is collected from the child.

8. International Users and Compliance

Salvora is available worldwide. We comply with applicable data protection regulations:

• GDPR (EU/EEA): Minimal data collection, no profiling, no cross-border data storage. Legal basis: user consent (camera permission, per-feature AI consent) and legitimate interest (core service). Right to erasure: delete the App.
• UK GDPR: Same rights and protections as EU GDPR apply.
• CCPA/CPRA (California): We do not sell or share personal information. We do not use personal information for behavioral advertising.
• PIPEDA (Canada): Compliant — minimal collection, consent-based, secure.
• LGPD (Brazil): Processing based on user consent, limited to core service.
• Other jurisdictions: Our privacy-by-design approach — minimal collection, local storage, no tracking, no advertising — is designed for global compliance.

9. Medical Disclaimer

Salvora is an educational wellness companion, not a medical device. The App does not diagnose, treat, cure, or prevent any condition. AI Coach responses are sourced from published guidelines (AAD, NEA, Mayo, AAFP, PubMed extracts) and are intended for educational use only. Always consult a dermatologist or qualified healthcare provider before starting, changing, or stopping any treatment. AI photo descriptions are descriptive only and never constitute a clinical assessment or severity grade — the POEM score in the App is a self-report by the user.

10. Changes to This Policy

We may update this policy to reflect changes in functionality or regulations. Material changes will be indicated by updating the effective date. Continued use after changes constitutes acceptance of the updated policy.

11. Contact Us

For questions about this privacy policy or your data:

• Developer: Valeriy Loveiko
• Email: loveykovl@gmail.com
• Support: love8ko.github.io/salvora/support.html

Medical Disclaimer · Terms of Use · Support