Security

All health data — whether entered manually, synced from a wearable, or received from your healthcare provider — is encrypted in transit and at rest using industry-standard encryption protocols. Your data is never transmitted or stored in plaintext.

When you choose to permanently store health records on the Arweave network, your data is encrypted on your device before it ever leaves. Only you hold the decryption key. Arxova cannot read, access, modify, or delete data stored on Arweave. This is not a policy — it is a technical guarantee enforced by cryptography.

Sensitive health data is never stored directly on the blockchain. Arxova uses HIPAA-compliant backend infrastructure as the primary data layer, with Arweave available for permanent, user-controlled record storage. The blockchain is never used to store raw health information.

The Solana blockchain records only two things: consent events (when you grant or revoke access to your data) and provenance records (cryptographic proof that a health record exists and that you authorized it). No personal health data is written to or readable from the blockchain. This creates an immutable, auditable trail of your data governance — without exposing anything sensitive publicly.

You can terminate any third party's access to your data instantly, at any time, through the app. Every grant and revocation is timestamped and logged on-chain, creating a permanent audit trail. Access is technically enforced — not just policy-based.

We do not sell, rent, trade, or monetize your health data. Period. Data is only shared when you explicitly authorize it, for the specific purpose you approve, with the specific party you select. This applies without exception.

Arxova operates on HIPAA-compliant infrastructure, including encrypted dedicated databases, audit logging, and Business Associate Agreements (BAAs) with applicable service providers. Electronic health records received via Fasten Health (FHIR/SMART on FHIR) are handled in strict compliance with HIPAA requirements. A full HIPAA Notice of Privacy Practices is available at arxova.health/hipaa-npp.

All third-party integrations — including Oura, Withings, Polar, Garmin, Dexcom (via Health Connect), and Apple Health — use secure OAuth 2.0 authentication flows. Access tokens are stored encrypted and never exposed to other users or systems. You can disconnect any integration at any time from within the app, immediately revoking Arxova's access to that data source.

Arxova does not handle, process, or store fiat payment information or identity documents. All fiat on-ramp and off-ramp transactions are processed exclusively by MoonPay, a licensed, regulated financial services provider. Arxova never sees your payment credentials.