Oravira Privacy Policy

Oravira · by Carson Rodrigues

Last updated: May 7, 2026

This Privacy Policy describes how the Oravira mobile application (the "App"), published on the Google Play Store and Apple App Store by Carson Rodrigues (the "developer", "we", "our", "us"), collects, uses, and protects personal information of its users ("you").

Oravira is a mobile-based oral health education tool intended for adults living with HIV who attend Antiretroviral Therapy (ART) centres in Goa, India. It is an educational tool, not a medical device, and does not provide medical advice, diagnosis, or treatment.

1. Who is responsible

2. What we collect

• Account information — username, name, hashed password, email (if you sign in with Google).
• Study demographics — age, gender, phone number, and address that you choose to enter on the Profile screen. Used only for your study enrolment record.
• User identifier — a randomly generated user ID used to associate your records.
• Push notification token — only if you grant notification permission. Used to deliver brushing, medication, appointment, and bedtime check-in reminders that you set.
• Oral health profile — ART start date, brushing/flossing frequency, last dental visit, optional demographics (age, gender, ART centre, ART duration in months) you choose to enter.
• Daily care logs — per-day record of which of the six care items (brush AM, brush PM, floss, tongue scrape, rinse, mouthwash) you completed.
• Symptom diary entries — checkboxes for white patches, ulcers, bleeding gums, dry mouth, bad breath, sensitivity, burning sensation, a 0–10 pain rating, and free-text notes you choose to enter.
• Hydration log — number of cups of water you record per day.
• HIV labs — viral load (copies/mL or "undetectable") and CD4 count (cells/µL) that you read off your ART centre slip and enter manually. Date of test and free-text notes are saved alongside.
• Appointments — clinical visits you choose to record (date, type — ART / lab / dental / other — location, notes) so the app can remind you 24 hours and 1 hour before.
• Brushing reminder times — the morning and evening times you choose, plus whether you enabled the bedtime check-in. Stored on the device only.
• Self-assessment outcomes — the severity result and decision path of any in-app self-check you complete. Stored on the device only.
• Knowledge quiz responses — answers and scores from in-app quizzes.
• Informed consent record — timestamp and version of the consent you accepted.
• Engagement events — which screens you opened and which features you used (used to evaluate the educational tool).
• AI chat messages — text you send to the in-app AI assistant is forwarded to a third-party AI provider (Groq) to generate a reply, and is not stored long-term on our servers.

3. What stays on your device only

The following data is processed entirely on your phone and never sent to our servers, unless you explicitly choose to share it with a clinician through the share sheet:

• Oral cavity photos — pictures you take or pick from your gallery to track changes in your mouth over time. They are stored in the app's private document directory and deleted when you uninstall the app.
• Brushing reminder schedules — the AM/PM times and bedtime check-in setting are stored in your device's secure preferences.
• Self-assessment history and the resulting risk tier shown on the Home dashboard.

4. What we do NOT collect

• Precise or coarse location
• Photos, videos, audio, or files from your device except the oral-cavity photos described above, which never leave the device
• Contacts, calendar, SMS, call history, or browsing history
• Financial or payment information
• Advertising identifiers (IDFA / Ad ID)
• Any health record from third-party services or hospitals — only what you enter directly

4. How we use your data

• App functionality — store your profile, calculate your streak, render your symptom history, schedule reminders.
• Research — Oravira is part of a research study on the effectiveness of mobile-based oral health education at ART centres in Goa. Aggregated, anonymised statistics may be analysed for that study.
• Service maintenance — diagnose bugs and improve the app.

We do not use your data for advertising, profiling, or third-party tracking. We do not sell or rent your data.

5. Sharing your data

• AI provider (Groq): the text of your AI chat messages is sent to Groq for response generation.
• Push notification provider (Expo / Apple / Google): push tokens are used to deliver your reminders.
• Hosting provider (Vercel and the database provider): data at rest is stored with our hosting providers under their security controls.
• Aggregated, anonymised research output may be published. Such output cannot identify any individual.
• Legal compliance: we may disclose data if required by law or to protect users' safety.

6. Data security

Passwords are hashed using bcrypt. Data is transmitted over HTTPS. The backend uses JWT-based authentication. We apply reasonable technical and organisational measures to protect your data, but no system can be guaranteed 100% secure.

7. Data retention

We retain your personal data for as long as your account is active. When you delete your account through our deletion page, your account record, oral health profile, daily care logs, symptom diary, hydration log, quiz responses, consent record, engagement events, and push tokens are permanently removed within a few seconds.

Aggregated, anonymised research statistics (which cannot identify you) may be retained for up to seven (7) years as required by standard research data-management practice. You can request exclusion from these aggregates by emailing the developer at the contact above.

8. Your rights

• Access: view your data inside the app.
• Update: edit your profile and answers at any time.
• Delete: remove your account and data through the deletion page.
• Withdraw consent: stop using the app at any time.
• Opt out of notifications: via your device settings.

9. Children's privacy

Oravira is intended for users aged 18 and older. We do not knowingly collect data from children under 18. If you believe a minor has registered, please contact the developer for immediate deletion.

10. International transfers

Data may be processed and stored on servers located outside India (e.g. by our hosting providers). By using the App, you consent to such transfers.

11. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the App after changes constitutes acceptance of the revised policy.

12. Contact