> For the complete documentation index, see [llms.txt](https://docs.ouva.co/security/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.ouva.co/security/privacy-and-data-policy.md).

# Privacy and Data Policy

Technology that respects human rights is as whenever possible decentralized, peer-to-peer, zero-knowledge, end-to-end encrypted, free and open source, interoperable, accessible, and sustainable. We strive to respect and protect civil liberties, reduce inequality, and improve access to quality care.

This Privacy Policy explains how Ouva collects, uses, stores, and protects data when the Ouva web-based application is deployed on customer-owned computers and displays. It is intended for enterprise IT, security, and compliance teams evaluating Ouva for healthcare, education, or public-facing installations in the United States and families.

## 1. Scope

* Applies to data processed **locally in the browser**, data sent to Ouva-managed cloud services, and data shared with third-party processors for diagnostics, hosting, and payments.
* Does **not** cover customer-integrated systems or content shown on Ouva screens.

## 2. At-a-Glance Data Inventory

| Category                | Collected Fields                                                              | Storage Location              | Retention                                         | Encryption                             | Access                              |
| ----------------------- | ----------------------------------------------------------------------------- | ----------------------------- | ------------------------------------------------- | -------------------------------------- | ----------------------------------- |
| Ephemeral Camera Frames | Raw RGB frames from attached webcam                                           | Browser memory only           | Discarded immediately after silhouette extraction | N/A (never leaves device)              | None (processed on device)          |
| Generated Silhouette    | Binary mask used for on-screen interaction                                    | Browser memory only           | Discarded after each frame                        | N/A (never leaves device)              | None                                |
| Diagnostic Events       | Username, browser & OS version, console logs, visited App pages, stack traces | Sentry Cloud (U.S.)           | 30–90 days, then auto-deleted                     | TLS in transit, AES-256 at rest        | Ouva developers (least-privilege)   |
| Device/Session Cookie   | Hash-based device ID for subscription enforcement                             | Local browser storage         | Until customer clears it or license released      | HTTPS in transit; same-site, http-only | Device/browser only                 |
| Account Record          | Name, email, unique ID, last sign-in timestamp                                | Supabase (AWS us-east-2 Ohio) | Until account deletion by customer/user           | TLS in transit, AES-256 at rest        | Authorized Ouva staff               |
| Payment Data            | Email address (passed to Stripe Checkout)                                     | Stripe                        | Per Stripe policy                                 | TLS in transit, AES-256 at rest        | Stripe; no Ouva access to card data |

***

## 3. Data We **Do Not** Collect

* No hospital patient names, MRNs, DOBs, diagnoses, or other protected health information (PHI)
* No live or stored video, audio, or biometric identifiers
* No location tracking, advertising IDs, or third-party cookies

## 4. Why We Process Data

* Provide real-time interactive content (local silhouette processing)
* Authenticate licensed devices and prevent unauthorized redistribution (cookie)
* Maintain user accounts and content libraries (Supabase)
* Troubleshoot errors and improve stability (Sentry)
* Process subscription payments (Stripe)

## 5. Retention & Deletion

* **Ephemeral visual data**: destroyed per frame; never written to disk.
* **Diagnostics**: auto-purged by Sentry after 30–90 days.
* **Account & subscription data**: retained until the customer or user requests deletion, after which records and related logs are purged within 30 days.
* **Payment data**: retained by Stripe in accordance with financial-regulation requirements.

Users or customer admins can request deletion via in-App controls or by emailing the Ouva support.

## 6. Data Security

* TLS 1.2+ enforced for all network traffic.
* Data at rest encrypted with AES-256 (Supabase / PostgreSQL, Sentry, Stripe, encrypted EBS volumes).
* Least-privilege IAM roles; MFA required for all Ouva production access.
* Annual penetration tests and continuous dependency patching.

## 7. Third-Party Processors

| Processor                       | Purpose                            | Certifications / Notes |
| ------------------------------- | ---------------------------------- | ---------------------- |
| Amazon Web Services (us-east-2) | Hosting, storage, compute          | SOC 2, ISO 27001       |
| Supabase                        | Managed PostgreSQL, authentication | Hosted on AWS; SOC 2   |
| Sentry.io                       | Error monitoring                   | SOC 2, GDPR-ready      |
| Stripe                          | Payment processing                 | PCI-DSS Level 1        |

No other analytics, CDN, ad network, or profiling service is used.

## 8. Children’s Privacy (COPPA)

Ouva may be used in settings serving children under 13.

* Personal accounts for minors require a parent or legal guardian to create and manage the login.
* No personal information is collected directly from children.
* Ephemeral camera data is processed locally and never stored.

## 9. User & Customer Controls

* **Deletion**: Admins can delete user or device accounts; associated data is removed within 30 days.
* **Cookie controls**: Clearing browser cookies removes the device-ID token; the screen will require re-activation.
