Consumer Health Data Privacy Policy
1. Health data covered
If a user connects Google Health data, PersonaStack may request read-only categories for activity and fitness, health metrics and measurements, profile, settings, and sleep. Location and nutrition scopes are not requested. Health data may reveal physical condition, measurements, exercise, sleep patterns, demographic profile details, or related inferences.
2. Sources and purposes
Health data comes from the Google account a user separately connects. PersonaStack may use selected data only to provide the user-directed Agent, memory, analysis, or integration feature described at consent time; maintain the connection; secure the Service; and comply with law. PersonaStack must not add a new category, scope, purpose, or recipient until the notice is updated and new consent is recorded.
3. Sharing and recipients
At the user's direction, selected health data may be sent to the AI provider, Agent execution location, integration, or recipient named in the consent flow. Appointed infrastructure providers may process encrypted or operational data only to run PersonaStack. PersonaStack does not sell consumer health data. A consumer may request a list of third parties that received their health data through the contact page.
4. Separate consent
Health consent is separate from Terms acceptance, Privacy acknowledgment, marketing, general Google OAuth, and non-health Google Services. The consent record must identify this policy version, selected categories and scopes, purpose, recipients or recipient categories, timestamp, and method. Collection consent and sharing consent must be separate where law requires it.
5. Rights
A consumer may request confirmation, access, correction where applicable, deletion, a list of third parties, and an appeal through the contact page. PersonaStack does not offer a separate consumer-health consent-withdrawal control. Continued consent is required while Google Health is connected. A user who no longer consents must cancel or delete their PersonaStack account. Account deletion removes PersonaStack's hosted copy under the deletion process described in the Privacy Policy. A user-selected provider, integration, execution location, or recipient controls its own copy under its terms and deletion tools. PersonaStack does not promise a universal third-party deletion result.
6. Retention and security
Data is retained only for the consented feature, request completion, security, and narrow legal duties. Health data is not public catalog content. PersonaStack applies tenant authorization, scoped credentials, secret handling, and incident processes, but no system is perfectly secure.
7. Health incident response
PersonaStack investigates suspected unauthorized access, use, or disclosure involving consumer health data. We assess the affected data, people, recipients, and applicable notification duties for the incident.
Document record
This version is preserved at /legal/consumer-health/2026-07-18-r7/. See the change history. Content hash: sha256:1e93fc63e02fa2bc6d0689051fa28e8504441b265db9e608f437773a2f073176.