Privacy Policy
Last updated: February 2026
Salvor is a privacy-first health data platform. This policy explains what data we collect, why, how long we keep it, and what rights you have. We process health data — a special category under GDPR Article 9 — and take this responsibility seriously.
1. Who is responsible?
Salvor is operated by Joshua Grunenberg. For questions about your data, contact us at: privacy@salvor.eu
2. What data we collect and why
| Purpose | Data | Why | Legal basis |
|---|---|---|---|
| Account & authentication | Email, hashed password | To create and secure your account | Contract (Art. 6(1)(b)) |
| Health data | Sleep, activity, vitals, workouts, vaccinations, blood work, medications | Core platform functionality — sync, scores, dashboard | Explicit consent (Art. 6(1)(a), Art. 9(2)(a)) |
| Profile | Name, date of birth, blood type, height, weight, biological sex | Emergency card, wellness scores | Contract + consent |
| Doctor / Coach shares | Scoped subset of health data | Time-limited sharing links you create | Explicit consent |
| Research contribution | Anonymized health data (opt-in only) | Medical research contribution | Explicit consent |
| Audit log | User ID, action, resource, IP, timestamp | Security and compliance | Legitimate interest (Art. 6(1)(f)) |
3. Encryption and security
All health data is encrypted at rest using AES-256-GCM with per-user encryption keys (DEK). Your data is decrypted only during your session to compute scores and generate exports — the same model used by Oura and Whoop. For maximum control, you can self-host Salvor on your own infrastructure.
4. Where your data is stored
The Salvor cloud runs on Hetzner servers in Germany/EU (Falkenstein, Helsinki). No health data leaves the EU. Subprocessors:
- —Hetzner (DE/EU) — backend hosting, database, cache
- —Vercel (EU) — web app hosting (app.salvor.eu); no health data stored
- —Apple — Sign In, App Store distribution; no health data shared
5. How long we keep your data
All data is retained until you delete your account. Upon deletion, your account and all associated health data are permanently deleted within 30 days. Audit log entries are anonymized (user ID removed) and retained for 90 days for security purposes. Research contributions are anonymized and retained per study policy.
6. Your rights (GDPR)
You have the right to:
- —Access — request a copy of all your data
- —Portability — export your data in machine-readable format
- —Rectification — correct inaccurate data
- —Erasure — delete your account and all data
- —Withdraw consent — at any time, without affecting prior processing
- —Object — to processing based on legitimate interest
- —Lodge a complaint — with your national data protection authority
To exercise your rights, use the in-app settings or contact privacy@salvor.eu. We respond within 30 days.
7. Sharing and research
We do not sell your data. We do not share your data with third parties except: (1) subprocessors listed above, under strict data processing agreements; (2) researchers, if you have explicitly opted in — only anonymized data with differential privacy.
8. Wellness — not medical advice
Salvor is a general wellness platform. It is not a medical device and not intended to diagnose, treat, cure, or prevent any disease. Wellness scores and trends are informational only.
9. Changes to this policy
We may update this policy as the platform evolves. We will notify you of material changes via email or in-app notification. The date at the top of this page reflects the latest revision.
10. Contact
For privacy questions or data requests: privacy@salvor.eu For security issues: security@salvor.eu