HealthOS - Privacy Policy
HealthOS

Privacy Policy

Last updated: 30 May 2026

HealthOS ("HealthOS", "we", "us") is operated by Luano Technologies, based in Pretoria, South Africa. This policy explains what personal information we collect through the HealthOS mobile application, how we use and protect it, and the choices and rights you have. By creating an account and using HealthOS, you agree to this policy.

HealthOS provides wellness tracking and decision support. It is not a medical device and does not provide medical diagnosis or treatment. Always seek the advice of a qualified health professional, and in an emergency contact your local emergency services rather than the app.

1. Who is responsible for your information

The responsible party (data controller) is Luano Technologies [registration number to be inserted], Pretoria, South Africa. For any privacy question or request, contact us at [email protected].

2. Information we collect

We only collect information that you choose to provide or that is needed to run the service:

  • Account details: your first name, surname and email address.
  • Health and wellness data you enter: daily measures such as weight, waist, sleep, hunger, energy and blood pressure; body composition and InBody readings (for example body-fat percentage, muscle mass, visceral fat, basal metabolic rate, body water and body circumferences); medications you record; your goals; weekly check-ins; the plans generated for you; and notes on your personal timeline.
  • Provider association: if you join a healthcare provider using a provider code, we record which provider organisation you belong to so that your clinician can support your care.
  • Technical data: a secure authentication session stored on your device so you stay signed in. We do not use advertising trackers.

3. How we use your information

  • To provide the core service: storing your entries, generating plans and insights, and showing your progress over time.
  • To enable clinician oversight where you have joined a provider, so your care team can review your data and add notes.
  • To manage your access, subscription status and account.
  • To respond to your support requests and keep the service secure and reliable.

4. Legal basis and consent

Health information is "special personal information" under South Africa's Protection of Personal Information Act (POPIA). We process it on the basis of your consent, given when you choose to enter it. You may withdraw consent at any time by deleting the relevant data or your account (see Section 8). Withdrawing consent may mean parts of the service can no longer function for you.

5. Who we share it with

  • Your healthcare provider: if you join a provider organisation, the clinicians at that organisation can view the data in your account to support your care. You can end this at any time using "Leave provider" in the app, which removes their access.
  • Service providers (processors): we use Supabase to host our database and manage authentication. Subscription and payment processing is handled by the Apple App Store, Google Play and/or Paystack; those providers handle payment details directly and we do not store your card information.
  • Legal reasons: we may disclose information if required by law or to protect the rights and safety of users.

We do not sell your personal information, and we do not use it for advertising.

6. Storage, security and international transfer

Your data is stored in our hosted database with access controls that restrict each record to you and, where applicable, your provider's clinicians. Information is encrypted in transit. Because our hosting provider operates data centres in various regions, your information may be stored or processed outside South Africa; we take reasonable steps to ensure it remains protected. No method of transmission or storage is completely secure, but we work to safeguard your data using appropriate technical and organisational measures.

7. How long we keep it

We keep your information for as long as your account is active. When you delete your account, we permanently erase your profile and associated health data from our systems, except where we are required to retain certain records by law.

8. Your rights and how to delete your data

Under POPIA you have the right to access, correct, and delete your personal information.

  • In-app deletion: open HealthOS, go to Settings → Account → Delete account. This permanently deletes your account and all associated health data.
  • By request: you can also email [email protected] to access, correct or delete your information, and we will action your request.

9. Children

HealthOS is intended for adults (18 and older) and is not directed at children. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.

10. Changes to this policy

We may update this policy from time to time. We will revise the "Last updated" date above and, where appropriate, notify you in the app. Continued use of HealthOS after a change means you accept the updated policy.

11. Contact us

Luano Technologies
[physical address to be inserted], Pretoria, South Africa
Email: [email protected]

© 2026 Luano Technologies. HealthOS and the HealthOS logo are trademarks of Luano Technologies.