Tenssify (“we”, “us”) provides a personal blood pressure logging service. This policy explains what we collect, why, how it is protected, and your rights.
We process your data to provide the personal health journal you request: store and display your readings, charts, exports, optional alerts, optional AI explanations, and doctor-share links. We do not sell your PHI.
Health values are encrypted with AES-256-GCM using a per-user data key before they are written to Cloudflare D1. Looking at the database console shows ciphertext for blood pressure and related PHI fields, not your raw numbers. Sessions use HttpOnly cookies; the raw data key is not stored in browser localStorage. A server-side wrap of your data key (protected by Tenssify’s master key) lets our Workers decrypt your data only after authentication — for example to show your journal, run AI features you opt into, send critical alerts you enable, or serve a share link you created. This is server-recoverable encryption for those product features, not end-to-end encryption where only you can decrypt.
Optional AI features run on Cloudflare Workers AI after your authenticated session decrypts your data in memory. AI is educational and triage-oriented only: it does not diagnose, prognose, or recommend medication changes. Separate, revocable consents cover (a) educational AI on the current note/reading and (b) use of your encrypted history for insights, visit briefs, and reading review. Processing may occur on Cloudflare AI infrastructure outside Canada. Daily per-user quotas apply. We do not use your PHI to train public models. You can revoke AI consent anytime in Profile.
Data is hosted on Cloudflare infrastructure. Our current D1 database is located in Eastern North America. Cloudflare D1 does not currently offer a Canada-only jurisdiction lock. Optional AI inference may run in Cloudflare’s global AI network. We use application-layer encryption, access controls, and explicit AI consent to reduce risk while that limitation exists, and we will evaluate Canada-restricted storage options as Cloudflare expands jurisdiction support.
By creating an account, you give express consent for Tenssify to collect and process your PHI for the core journal purposes described here. Optional features require additional consent: AI educational use, AI history use, and critical-alert emails. Share links are user-created, time-limited, and minimized. You may withdraw optional consents in Profile or delete your account.
We retain your account and encrypted PHI while your account remains open. After you delete your account, associated PHI is removed from production storage. Limited anonymized operational logs may remain for security and abuse prevention.
We share data only with subprocessors needed to operate the service (Cloudflare for hosting/compute/AI, Resend for transactional email) and when you create a share link or request an alert/email. We do not sell personal information.
Privacy inquiries: privacy@tenssify.com
If you are in Canada and remain unsatisfied, you may contact the Office of the Privacy Commissioner of Canada, and Ontario residents may also contact the Information and Privacy Commissioner of Ontario.