PRIVACY & HIPAA
Your genome is the most personal data that exists. We built inevid's entire architecture around protecting it — not as an afterthought, but as the foundation every other decision rests on.
The short answer
We will never sell your data. We will never share it without your explicit permission. No inevid employee can read your genome file. When you delete your account, your data is cryptographically destroyed within 30 days — even we can't recover it.
That's the commitment. Everything below explains exactly how we back it up technically and legally.
Encryption — how your data is protected
Every user gets their own unique encryption key generated at account creation, stored in AWS Key Management Service (KMS) — not in our database. Your genome, bloodwork, and imaging files are encrypted with your personal key before they ever hit storage.
If someone broke into our servers, your files would be unreadable without your key. Your key lives in a separate hardened system that only exists as long as you have an active account.
Encryption standard
AES-256 at rest · TLS 1.3 in transit
Key management
AWS KMS — one unique key per user
Key rotation
Annual per AWS best practices
On deletion
Key destroyed = data permanently unrecoverable
Your genome never touches our servers
When you upload a genome file, it travels directly from your browser to encrypted AWS S3 storage via a time-limited secure URL. The file bytes never pass through inevid's application servers — this is an architectural decision, not just a policy.
Our servers only receive a notification that the upload completed. This eliminates an entire category of exposure risk and is why we can make HIPAA compliance claims that most health apps cannot.
How AI interacts with your health data
Eddie analyzes your health by working with extracted insights — not raw files. When reviewing your genetics, our system passes specific variant information (e.g., "user has MTHFR C677T variant") to the AI model. Your raw genome file, your name, your email, and your date of birth are never included in AI prompts.
All AI analysis runs under a HIPAA Business Associate Agreement with Anthropic. AI interaction logs are retained for 6 years as required by HIPAA, stored in encrypted storage.
Raw genome files sent to AI
Never
Name or email in AI prompts
Never
AI provider BAA
In place with Anthropic
Log retention
6 years, encrypted
Who can access your data
You, and only you — unless you explicitly grant access. No inevid employee can access your genome file under any circumstances without a documented, approved cause you've been notified about. Engineering works with synthetic test data only. Every internal access is logged.
You
Full access, always
Healthcare providers
Time-limited read-only links you create and can revoke
inevid employees
No access to health data — enforced architecturally, not just by policy
Third parties
Never, under any circumstances
Advertisers
We have none. No ads, ever.
Your rights
Download all your health data — genome variants, bloodwork, supplements, imaging, wearables — as a complete structured file at any time.
Request deletion and your encryption key is destroyed within 30 days. The data becomes permanently unrecoverable.
See exactly which genetic variants drove which recommendations. No black boxes.
If you participate in our anonymized research program, withdraw at any time with immediate effect.
You'll hear from us within 72 hours if your data is ever subject to a legal hold or government inquiry.
FOUNDING PRINCIPLE — NON-NEGOTIABLE
inevid will never sell, license, or transfer your health data or genomic data to any third party for any commercial purpose. This is written into our organizational documents and cannot be changed by any future terms of service update without your explicit individual consent — regardless of acquisition, merger, or change in control.
A note for beta testers
You're here early and we take that trust seriously. The same protections above apply to you in full. We are actively working toward SOC 2 Type II certification and have BAAs in place with AWS and Anthropic.
Questions about your specific data? Email [email protected] — you'll get a real answer.
inevid Data Lifecycle & Privacy Policy · Version 1.0 · February 2026