Privacy & Security

We build trust through clarity. Here’s how we handle your data—in plain language, with no hidden catches. You stay in control.

Our principles

Four principles guide everything we do with your data:

  • Data minimisation – We collect only what’s needed to give you the service. We don’t ask for more than necessary, and we don’t keep data longer than needed for the features you use.
  • Local-first by default – Your health data stays on your device unless you choose to sync or export. Processing happens on your phone first. We don’t send your health data to our servers for analysis unless you explicitly opt in to a feature that requires it.
  • User control – You decide what leaves your phone. You can export your data, delete it, or revoke access to integrations at any time. We don’t assume consent beyond what’s strictly necessary to run the app.
  • Transparency – We explain what we do with your data in plain language. Our privacy policy and these principles are written to be readable. We update our practices and document them clearly.

Security

We protect your data with clear, specific practices. We avoid vague or absolute claims—here’s what we do:

  • Encryption at rest – Data stored on your device is protected using your device’s built-in encryption (e.g. iOS Data Protection, Android Keystore). We don’t store your health data on our servers in plain text.
  • Keys on your device – Keys used to protect your data are managed on your device. We don’t hold keys that would allow us to decrypt your health data.
  • Backups and device loss – If you use device backups (e.g. iCloud, Google Backup), your data may be included according to your backup settings. We recommend a strong device passcode and, where available, backup encryption. If you lose your device, you can revoke access from your account and, if you had sync enabled, access your data from a new device.

What we don’t do

  • We do not sell or share your personal health data without your explicit consent. You choose what, if anything, is shared.
  • We do not use your health data for targeted advertising.

What we design for (and what we don’t)

A simple view of what we protect against and what’s outside our scope:

In scope:

  • Protecting your data from unauthorised access on your device (e.g. via device encryption and app sandboxing).
  • Not using your health data for advertising, or selling or sharing it with third parties without your explicit consent.
  • Minimising data sent to our servers and encrypting it in transit when we do.

Out of scope:

  • Dara is not a medical device. We don’t make clinical claims or guarantee outcomes.
  • We don’t protect against physical access to an unlocked device or against malware on your device.

Back to home