Arxova is a HIPAA-compliant health data platform that connects your wearables, lab results, medications, and medical records in one encrypted vault. ARIA, your personal AI health assistant, analyzes your data and delivers personalized insights.

How does Arxova protect my health data?

Your records are encrypted on your device before upload and stored permanently on Arweave. Every access event is logged on the Solana blockchain. Only you hold the decryption keys.

ARIA is Arxova's Real-time Intelligence Assistant. It learns your health patterns, analyzes your wearable data and lab results, and delivers personalized insights based on YOUR health history — not generic information.

What is the $ARXV token?

$ARXV is a utility token used within the Arxova platform. Users can earn $ARXV by choosing to share anonymized health data with research institutions, and spend tokens on premium features, extended storage, or partner health services.

Is Arxova HIPAA compliant?

Yes. Arxova is fully HIPAA compliant with end-to-end encryption, patient data protection at every layer, and cryptographic access controls.

Does Arxova qualify for FSA or HSA reimbursement?

Your Arxova subscription at $9.99/month may qualify for FSA and HSA reimbursement for those who qualify. Reimbursement eligibility varies by plan — confirm with your FSA or HSA provider before purchasing.

Privacy Policy

Effective Date: February 19, 2025

Last Updated: April 4, 2026

Arxova™ is owned and operated by HealthKey Labs, LLC doing business as Arxova™ (“Arxova,” “we,” “our,” “us”). Your privacy is our highest priority. We believe that you own and control your health data. Our role is to provide the technology that enables you to decide when, how, and with whom your data is shared.

This Privacy Policy explains what information we collect, how we use it, how we protect it, and your rights regarding your data when you use the Arxova™ mobile application and website (collectively, the “Service”). By using the Service, you acknowledge that you have read and agree to this Privacy Policy.

HIPAA Notice of Privacy Practices (Summary)

Arxova™ handles Protected Health Information (PHI) received via Fasten Health (electronic health records) in accordance with the Health Insurance Portability and Accountability Act (HIPAA). As a platform that receives PHI at your explicit direction, we are committed to the following:

We use and disclose your PHI only as you authorize, or as required by law.
You have the right to access, amend, and request an accounting of disclosures of your PHI.
You have the right to request restrictions on how your PHI is used.
We maintain a full HIPAA Notice of Privacy Practices, available at arxova.health/hipaa-npp, which governs the handling of all PHI received through the Service.

If you have questions about how your PHI is handled, contact us at contact@arxova.health.

1.Data We Do Not Collect

We do not collect or sell your personal health data.
We do not track your activity across apps or websites.
We do not store unencrypted personal information on our servers.
We do not use your health data for advertising or marketing purposes.

2.Data We Collect

2a. Account Information

When you create an account, we may collect your email address, display name, and authentication credentials (including your Solana wallet address for wallet-based authentication). This information is used solely for account management and communication purposes.

2b. Health & Fitness Data (via Apple Health and Google Health Connect)

With your explicit permission, Arxova™ connects to Apple Health (iOS) and Google Health Connect (Android) to read health and fitness data including, but not limited to: step count and distance, heart rate and resting heart rate, active energy and calories burned, workout and exercise session data, sleep data, and other health metrics you choose to share. This data is encrypted and stored securely. You control which data types to share, and you may revoke access at any time through your device settings or within the app.

2c. Wearable Device Integrations

Arxova™ integrates with third-party wearable devices and health platforms — including Oura, Withings, Polar, Garmin, and Dexcom (via Health Connect) — to collect biometric data such as heart rate variability, sleep stages, SpO2, continuous glucose readings, and activity metrics. Data collected from these integrations is encrypted, user-controlled, and never shared without your explicit consent. Each integration is governed by both this Privacy Policy and the respective third-party provider's privacy policy.

2d. Electronic Health Records (via Fasten Health)

With your explicit authorization, Arxova™ may receive electronic health records (EHR) from your healthcare providers via Fasten Health, using industry-standard FHIR and SMART on FHIR protocols. This data is transmitted entirely at your direction and handled on HIPAA-compliant infrastructure. EHR data is never shared with any third party without your explicit, separate consent. You may revoke EHR access at any time through the app.

2e. Medication & Vitals Tracking

If you choose to use our medication tracking and vital signs logging features, the data you enter is stored securely and encrypted. This data is never shared without your explicit consent.

2f. Permanent Health Record Storage (Arweave)

Arxova™ offers you the option to permanently store your health records on the Arweave network — a decentralized, permanent data storage protocol. If you choose to use this feature:

Your health data is encrypted on your device before it is uploaded. Only you hold the decryption key.
Arxova cannot access, read, modify, or delete data stored on Arweave.
Because Arweave is a permanent, decentralized network, data stored there cannot be deleted — even upon account deletion. This is clearly disclosed at the point of upload and requires your explicit, separate consent.
Arweave storage creates an immutable, cryptographic proof of existence for your health records. No raw health data is publicly visible.

2g. Blockchain & Wallet Data

Arxova™ operates on the Solana blockchain. When you use blockchain features, we may process your public wallet address and $ARXV token transaction data. Public wallet addresses and on-chain transactions are visible on the public blockchain by nature. No raw health data is ever written to or visible on the blockchain. The blockchain is used solely as a permission ledger — recording that consent was granted or revoked — and as a provenance layer establishing your ownership of health records.

2h. MoonPay (Fiat On-Ramp and Off-Ramp)

Arxova™ integrates MoonPay to allow you to purchase or cash out $ARXV tokens using fiat currency. MoonPay is an independent third-party service subject to its own privacy policy and KYC/AML compliance requirements. Arxova does not receive, process, or store your payment information or identity documents submitted to MoonPay. Any data you provide to MoonPay is governed exclusively by MoonPay's privacy policy.

2i. Usage & Analytics Data

We collect anonymized usage analytics to improve the app and website experience, including app feature usage patterns, crash reports and performance data, device type and operating system version, and general interaction data. This analytics data is never linked to your health data and cannot be used to identify you personally.

To better understand how visitors interact with our website, we use the following third-party analytics tools:

Microsoft Clarity — session recording and heatmap analytics to understand page behavior.
PostHog — product analytics to track feature usage and user flows within the platform.
Google Analytics GA4 — traffic attribution and behavioral analytics across our website.
Meta Pixel — conversion tracking to measure the effectiveness of our advertising campaigns.

These tools collect anonymized behavioral data about how you interact with arxova.health. None of them have access to your personal health data, medical records, or any information stored within the Arxova platform. You may opt out of analytics tracking through your browser settings or a privacy-focused browser extension.

3.Data Storage, Encryption & Breach Notification

All health data — whether from wearables, apps, EHR integrations, or manual entry — is encrypted in transit and at rest.
The Solana blockchain is used as a permission ledger and provenance layer only. No raw health data is ever stored on-chain.
Permanent health record storage on Arweave is encrypted on-device. Arxova holds no decryption keys.
We use industry-standard security practices and HIPAA-compliant infrastructure to protect your information.
In the event of a data breach affecting your personal or health information, we will notify you in accordance with applicable law, including HIPAA's Breach Notification Rule (within 60 days of discovery for breaches affecting 500 or more individuals, and as part of our annual summary for smaller breaches). We will notify you through the app, by email, or both, depending on the nature and scope of the breach.

4.Your Control & Rights

You choose which data to share and for what purpose.
You can revoke access to any data source at any time through the app.
When access is revoked, it is immediately terminated and logged on-chain.
You may request a complete export of your data at any time.
You may request full deletion of your account and all associated data by contacting us or through the app settings. Upon deletion, all personal data, health data, and account information will be permanently removed from our servers within 30 days.
Note: Data stored on Arweave is permanent by design and cannot be deleted upon request. This is disclosed before any Arweave storage occurs and requires your explicit consent.
If you are a California resident, you have additional rights under the CCPA, including the right to know what data we collect, the right to deletion, and the right to opt out of sale (we do not sell your data).
If you are in the European Economic Area, you have rights under the GDPR, including access, rectification, erasure, restriction of processing, and data portability.

5.Third Parties

No third party can access your data without your explicit, prior authorization.
Approved research or service partners receive only the data you consent to share.
We do not sell, rent, or trade your personal or health data to any third party.
Third-party integrations (Apple Health, Google Health Connect, Oura, Withings, Polar, Fasten Health) are governed by their respective privacy policies in addition to this one.
MoonPay's handling of payment and identity data is governed exclusively by MoonPay's privacy policy.

6.Research Data Sharing (Future Feature)

Arxova is developing a future feature that will allow you to optionally share de-identified health data directly with research institutions — and receive compensation in $ARXV tokens. This feature is not yet active. When it launches:

Participation will be entirely opt-in with a separate, explicit consent process.
Only de-identified data will be eligible for sharing.
You will control which data types are included and may withdraw at any time.
A supplemental Data Sharing Agreement will govern each transaction.

No health data is shared for research purposes today without your explicit action.

7.Device Permissions

Arxova™ may request the following device permissions:

Health data access (Apple Health / Google Health Connect) — to read and display your fitness and health metrics.
Push notifications — to send you reminders, activity updates, and token-related alerts.
Internet access — required for syncing data, blockchain transactions, and app functionality.

All permissions are optional and can be managed through your device settings at any time.

8.Data Retention

We retain your personal and health data only for as long as your account is active or as needed to provide the Service. If you delete your account, all associated personal data and health data will be permanently deleted from our servers within 30 days. Anonymized, aggregated analytics data that cannot be linked to any individual may be retained for service improvement purposes. On-chain permission records and Arweave-stored data are immutable by the nature of their respective networks.

9.Age Requirement

Arxova™ is intended solely for individuals who are 18 years of age or older. We do not knowingly collect personal information from anyone under the age of 18. If we become aware that we have collected data from a user under 18, we will take immediate steps to delete that information. If you believe a minor has provided us with personal data, please contact us at contact@arxova.health.

10.Compliance

We align our practices with HIPAA, GDPR, CCPA, and other applicable privacy laws. We are committed to maintaining the highest standards of data protection and user privacy. Arxova™ operates on HIPAA-compliant infrastructure and executes Business Associate Agreements (BAAs) with applicable service providers. A full HIPAA Notice of Privacy Practices is available at arxova.health/hipaa-npp.

11.Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes — such as adding new data categories, enabling new integrations, or changing how your data is used — we will notify you through the app and require your affirmative re-acceptance before you can continue using the Service. Non-material changes will be reflected in the “Last Updated” date at the top of this page. We encourage you to review this policy periodically.

12.Contact Us

Email: contact@arxova.health

Website: www.arxova.health

Operated by: HealthKey Labs, LLC d/b/a Arxova™

Address: 382 NE 191st St PMB #924568, Miami, FL 33179

Patent Pending — Serial No. 64/010,350 | Arxova™ is a trademark of HealthKey Labs, LLC