Legal

Privacy Policy

Effective Date: June 2, 2026  ·  Last Updated: June 2, 2026
Legal Entity: Our Goose Community LLC (doing business as Joriva)
Contact: founder@joriva.health

1. Introduction

Joriva is a metabolic health platform built for diabetes patients managing serious illness and the family members who support them. We take the privacy of your health information seriously. This Privacy Policy explains what information we collect, how we use it, with whom we share it, and what rights you have over it.

Please read this policy carefully before using the Joriva app. By creating an account and using Joriva, you agree to the practices described here.

2. Who We Are

Joriva is operated by Our Goose Community LLC, a South Carolina limited liability company doing business as Joriva. We are a direct-to-consumer health technology company — not a healthcare provider, health insurance plan, or healthcare clearinghouse.

3. Important Note on HIPAA

Joriva is not covered by HIPAA. We say this not to disclaim responsibility for your health data, but to be transparent about the legal framework that applies to us.

HIPAA applies to healthcare providers, health insurance plans, healthcare clearinghouses, and their business associates. Joriva is none of these things. You enter your own health data into Joriva voluntarily, using your own device, for your own personal management and caregiving purposes. This is confirmed by HHS guidance.

What law does apply to us: The FTC Health Breach Notification Rule (as amended July 29, 2024) explicitly covers health apps like Joriva. We are also subject to the FTC Act and applicable state privacy laws.

We have voluntarily adopted data security practices — encrypted transit, access controls, secure credential storage — consistent with responsible health data stewardship.

4. What Information We Collect

4.1 Health and Wellness Data

This is the core of what Joriva stores. You enter this data voluntarily or it is read from your device's health platform with your explicit permission:

  • Glucose readings: CGM readings via Apple HealthKit or Android Health Connect, manual finger-prick readings, and historical readings imported via CSV
  • Medications: Name, dose, unit, timing, and notes
  • Insulin: Dose, type, administration timing, injection site
  • Meals: Food items, portion sizes, and macronutrient data (calories, carbohydrates, protein, fat, fiber, sugar)
  • Exercise: Type, duration, intensity, and estimated calories burned
  • Symptoms: Type, severity, and timing
  • Blood pressure: Systolic/diastolic readings and pulse
  • Weight: Recorded weight entries over time
  • Treatment events: Cancer treatment cycles, procedures, medications administered by your care team, and other clinical events you choose to log
  • Notes: Free-text notes you attach to any log entry

4.2 Account Information

  • Email address, name, and password (stored as a one-way bcrypt hash — we cannot recover or read it)
  • Your role: patient, caregiver, or both
  • Account creation date and last active timestamp

4.3 Device Information

  • Your device's push notification token (used only to deliver glucose alerts)
  • Device name as registered in the app
  • Date of last active session

4.4 Food Database Query Terms

When you search for foods in the meal log, your search terms are sent to the USDA FoodData Central API and/or the Open Food Facts API. No personal health information is sent to these services — only the food name you search for.

4.5 Information We Do Not Collect

  • We do not collect your location
  • We do not use advertising networks
  • We do not use third-party analytics SDKs that collect behavioral data

5. How We Use Your Information

We use your health and account information for the following purposes, and no others:

  • Displaying your data to you in the Patient View
  • Sharing with your caregiver if you have linked one — you control this relationship
  • Sending glucose alerts when readings cross your personal thresholds
  • Generating doctor reports on request — reports are not stored after delivery
  • Improving system reliability via server error logs that do not contain your health data
  • Responding to your support requests
  • Future research contributions (opt-in only): De-identified data may in the future be shared with academic or non-profit research institutions. No such sharing is currently active. You will be given a clear opt-in opportunity before any of your data is included.

6. How We Share Your Information

We do not sell your health data. We do not share it with advertisers. We do not share it with data brokers.

We share information only in the following limited circumstances:

Recipient What They Receive Why
Your linked caregiver Your glucose readings, logs, and alerts You explicitly authorized this by accepting the caregiver link
Render Your encrypted data stored on PostgreSQL servers in the United States Our database host
RevenueCat Subscription status and a pseudonymous user identifier Subscription management; no health data shared
Apple / Google In-app purchase transaction records Required for App Store and Google Play billing
Expo Your device push token and notification content (glucose value and alert type) Delivery of glucose alerts to your device
USDA FoodData Central Food search terms only Retrieving nutritional data for meal logging
Open Food Facts Food search terms only Retrieving nutritional data for meal logging

We may also disclose information if required by law or court order, but we will notify you before doing so unless legally prohibited.

7. Caregiver Access

If you link a caregiver to your account, that caregiver can view your real-time and historical glucose readings, logged medications, insulin, meals, exercise, symptoms, blood pressure, weight, and treatment events, as well as your glucose alerts.

You control this relationship. You initiated it by accepting a caregiver invite, and you can terminate it at any time from the Settings screen. Termination immediately revokes your caregiver's access to your data.

Caregivers do not have the ability to enter data on your behalf through the standard interface.

8. Data Storage and Security

Your health data is stored in a PostgreSQL database hosted by Render in the United States. We use the following security practices:

  • Passwords: Stored as bcrypt hashes with 12 cost rounds. We cannot read or recover your password.
  • Authentication tokens: JSON Web Tokens (JWT) with 30-day expiry, stored on your device in iOS Secure Enclave / Android Keystore via Expo SecureStore.
  • Data in transit: All communication between the app and our backend occurs over HTTPS (TLS).
  • Access controls: Only authenticated, authorized accounts can access data.

No system is perfectly secure. We encourage you to use a strong, unique password and to notify us at founder@joriva.health if you suspect unauthorized access.

9. Data Retention

We retain your health data as long as your account is active. If you delete your account, we will delete your health records, log entries, caregiver links, and device registrations within 30 days. Account deletion can be requested by emailing founder@joriva.health.

Server logs (which do not contain health data) are retained for up to 90 days for debugging purposes.

10. Children's Privacy

Joriva is not intended for use by children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, please contact us at founder@joriva.health and we will delete the account.

11. California Residents

If you are a California resident, the California Consumer Privacy Act (CCPA) gives you additional rights:

  • Right to know: You may request a summary of the categories of personal information we have collected and the purposes for which we use it.
  • Right to delete: You may request deletion of your personal information, subject to certain exceptions.
  • Right to opt out of sale: We do not sell personal information. There is nothing to opt out of.
  • Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise these rights, email founder@joriva.health with the subject line "CCPA Request."

12. Changes to This Policy

We may update this Privacy Policy as the app evolves or as laws change. If we make material changes, we will notify you by email or through a prominent notice in the app at least 14 days before the change takes effect. Continued use of Joriva after the effective date constitutes your acceptance of the updated policy.

13. Contact Us

Questions about this policy or your data:

Our Goose Community LLC (Joriva)
founder@joriva.health
joriva.health

We will respond to privacy inquiries within 10 business days.