TL;DR — Health Passport processes everything on your device. We do not collect, transmit, or store any data on external servers. Your health records never leave your phone.
1. Overview
Health Passport ("the App") is an on-device AI application that scans, categorizes, and stores medical documents. This privacy policy explains how the App handles your data.
We do not collect any personal data. Specifically:
No user accounts or registration required
No analytics or tracking
No crash reporting sent to external servers
No advertising or ad-related data collection
No location data collected
No cookies or web tracking
3. On-Device Processing
All AI processing in Health Passport happens entirely on your device:
Document scanning: Images are processed by on-device AI models. The primary model is Gemma 4 E2B (litert-community/gemma-4-E2B-it-litert-lm) running via Google AI Edge LiteRT-LM, with PaddleOCR as a fallback for document text extraction. No images are sent to any server.
Health vault: Your medical records are stored in local files on your device's internal storage. They are never uploaded or synchronized to any cloud service.
Chat/RAG: Questions about your health data are answered by on-device language models. No queries or responses leave your device.
Speech transcription: Audio is transcribed on-device using the Parakeet ASR model. No audio is transmitted externally.
4. Data Storage
The App stores the following data locally on your device:
Health vault files: Markdown files containing your medical records, organized by body system and timeline. Stored in the app's internal storage directory.
AI models: Downloaded model files (1-4 GB) stored in the app's internal storage. These are open-source AI models from HuggingFace litert-community (Gemma 4 E2B via Google AI Edge) and HuggingFace/NexaAI (PaddleOCR, Parakeet ASR).
Scanned images: Photos taken for document scanning are stored temporarily for processing.
All stored data is accessible only to the App and is deleted when you uninstall the App.
5. Network Usage
The App connects to the internet only to:
Download AI models: When you choose to download a model, the App fetches model files from HuggingFace (huggingface.co/litert-community or huggingface.co/NexaAI). No personal data is sent during this process — only standard HTTP requests for the model files.
No other network connections are made. The App functions fully offline after models are downloaded.
6. Camera & Microphone
The App requests camera and microphone permissions:
Camera: Used to photograph medical documents for on-device AI scanning. Photos are processed locally and never transmitted.
Microphone: Used for clinic visit transcription via on-device speech recognition. Audio is processed locally and never transmitted.
You can deny these permissions and still use the App's chat and health vault features.
7. Storage Permission
The App may request storage permission to:
Detect manually downloaded model files (e.g., GGUF models in the Downloads folder)
Export health records if you choose
8. Third-Party Services
The App does not integrate any third-party analytics, advertising, or data collection services. The only third-party interaction is downloading AI model files from HuggingFace, which is subject to HuggingFace's privacy policy.
9. Children's Privacy
The App is not directed at children under 13. We do not knowingly collect any data from children.
10. Data Deletion
Since all data is stored locally on your device:
You can delete individual health records at any time using the in-app file editor
You can delete all data by uninstalling the App
You can clear the App's data via Android Settings → Apps → Health Passport → Clear Data
11. Changes to This Policy
We may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last updated" date.