Privacy & Security

BetterStep is committed to protecting user data and providing transparent privacy controls.

Data Collection

BetterStep collects:

Profile information provided by users
Daily check-in responses
Quest completion data
Health data from connected devices (future)
Chat conversation history

User Privacy Controls

Health Permissions (Future)

When Health Connect integration is available:

Users control which data types to share
Data syncs automatically in the background
Users can disconnect devices at any time

Clinic Connection Controls

Control	Description
Data Sharing Toggle	Enable/disable per connected clinic
Disconnect	Remove clinic connection at any time
Multi-clinic	Independent controls per clinic

Confidential Tracking

Slip Tracking - Slip tracking is private by default. Only you see this data in your app. It's used to improve your personalized support and is only shared with connected clinics if you have approved the connection.

Data Security

Security Measure	Description
Encryption	All data encrypted in transit (TLS) and at rest (AES-256)
Authentication	Secure JWT tokens with optional Google OAuth
Webhook Security	Signature verification for all webhook payloads
Access Control	Role-based permissions with audit logging

Historical Data Handling

When a beneficiary disconnects from a clinic:

Data Type	Handling
Previously synced data	Retained by clinic for clinical records
New data	No longer shared
Chat conversations	Summaries retained, full text not shared

Data Retention

Data Category	Retention Period
Active user data	Duration of account
Deleted accounts	30 days, then purged
Clinical records	Per clinic policy
Audit logs	2 years

Data Points Overview