You share things with Going Visible that you might not share with anyone else — the days when the pain is unbearable, the medications that help you get through, the notes you scribble before a doctor's appointment. We take that trust seriously. This page explains exactly how we protect it.
No small print. No vague promises. Just what we actually do.
Your clinical notes, health journal entries, medication names, lab results — all of it is encrypted by our application before it ever reaches the database. This means that even if someone broke into our database, they would see scrambled ciphertext. Not your words.
We use AES-256-GCM — the same encryption standard used in banking and healthcare systems worldwide.
We use AI to help you spot trends in your health — connections between sleep and pain, patterns in your energy levels, medication habits over time.
Before any of your data is processed by AI, we strip out everything that could identify you. Your name becomes [member]. Dates become relative offsets — "Day 3 of 7". Your providers' names are removed.
When you invite someone into your care circle, you choose precisely what they can see — and what they cannot. You can let someone see your pain scores but not your medication list. Your appointment summaries but not your pre-visit notes.
Every time a care circle member views your health data, it is logged. You can see who looked at what and when.
Your health information is not sold, rented, or shared with advertisers. Ever.
We use analytics to understand how the app is being used — things like which features people find helpful, and how onboarding can be improved. Our analytics system is self-hosted on our own servers. Health metrics, conditions, and clinical records are never included in any analytics event.
When you use Going Visible, you are the customer. Not the product.
You can export a complete copy of your health data at any time. It's yours, and you can take it with you.
If you want to delete your account, we give you a 30-day window to change your mind. After that, your identity — your name, email, and profile — is permanently deleted. If you want everything removed completely, you can request a full hard deletion. We'll review it manually and make it happen.
When we send you a notification — a medication reminder, a care circle alert, an insight — the message that goes to Apple or Google's servers is always neutral. Something like: "Open Going Visible to see your latest insight."
The full content is stored securely in our encrypted database. The app retrieves it when you open the notification. Your health content never travels through Apple or Google's infrastructure.
Everything on our servers is encrypted at rest. Clinical notes, journal entries, medication details, and lab results get an additional layer of encryption applied by the app itself before reaching the database. Two locks.
We never let the app decide who can see your data. Every access request is checked server-side, every time. There are no client-side shortcuts.
Our application logs never contain the words you write in your health journal, your medication names, or your clinical notes. When something goes wrong and we need to debug it, we see event types and IDs — not your health history.
Before any health data reaches an AI model, it passes through a scrubbing layer that removes your name, email, provider names, clinic names, and absolute dates. This step is not optional. It cannot be bypassed.
When you create your account, we record exactly what you agreed to and when. If our Privacy Policy changes meaningfully, we ask again.
No. Your journal entries and clinical notes are encrypted with a key that is not stored alongside the data. Database administrators see ciphertext. Only the running application — with the correct key — can decrypt them.
The AI processes patterns in your health data to generate insights. Before it does, your identifying information is removed. The AI never has access to your name, email, or anything that links the health patterns to you as a person.
You can change or remove care circle permissions at any time. Changes take effect immediately — the next time that person opens Going Visible, they see only what you've allowed. Their previous access is logged but not reversible; you can see a full history of what was accessed and when.
You can request a complete export of all your health data at any time. It's your data and you have the right to take it with you.
No. Your individual health data is not shared with any third party for commercial purposes. Research partnerships, if any, would be opt-in only and clearly communicated — never automatic.
We collect behavioural usage data: which features you use, how you navigate the app, whether onboarding steps are completed. We never include health values, conditions, or clinical data in analytics. Our analytics system runs on our own servers — it does not send data to third-party services.
We build to HIPAA-aligned standards even though we are not a covered entity. For EU users, we align with GDPR — right to erasure, right to portability, consent records, and data minimisation. We plan to pursue formal HIPAA certification when we build clinical system integrations.
People with invisible illnesses have often been disbelieved, dismissed, and misunderstood. The last thing you need is to worry about where your health data goes.
Going Visible was built on the belief that your health story is yours. We're here to help you understand it — not to profit from it.