Advoca Health Ltd

Consumer Health Data Privacy Policy

Washington My Health My Data Act

Last updated: March 17, 2026

This Consumer Health Data Privacy Policy is provided in compliance with the Washington My Health My Data Act (RCW 19.373) and applies to consumers whose consumer health data is collected in Washington State. This policy applies in addition to our general Privacy Policy. In the event of a conflict between this Consumer Health Data Privacy Policy and our general Privacy Policy regarding consumer health data, this Consumer Health Data Privacy Policy shall control for Washington consumers.

1. Categories of Consumer Health Data Collected and Purpose

We collect the following categories of consumer health data and use them for the purposes specified:

Audio Recordings of Health Appointments

  • Description: Live audio recorded through the Advoca app during health-related appointments, or recorded audio from telephone appointments uploaded by the consumer.
  • Purpose: To transcribe the appointment and generate a patient-friendly summary of the appointment content for the consumer’s personal use.
  • Audio is temporarily cached for processing and immediately deleted from our servers once processed. Audio is not permanently stored on our backend servers.

Transcripts of Health Appointments

  • Description: Raw and verified text transcriptions of audio recordings from health-related appointments.
  • Purpose: To provide the consumer with a text record of their appointment and to generate AI-powered summaries. Transcripts are also used for verification and error correction to improve summary accuracy.

AI-Generated Summaries of Health Appointments

  • Description: Summaries of health-related appointments generated by large language models (LLMs) in patient-friendly language, with links to verified health information sources.
  • Purpose: To help the consumer retain and understand information from their health appointments, communicate with carers and relatives, and conduct further research into their health.

Associated Appointment Metadata

  • Description: Date, time, and other metadata associated with appointment recordings and summaries.
  • Purpose: To organise and manage appointment records within the consumer’s account.

Optional Health Profile Data

  • Description: Health conditions, ongoing investigations, and other health-related information voluntarily provided by the consumer.
  • Purpose: To understand our user base, tailor the application to the consumer, and improve our Services.\

 

Consent to Collection and Sharing

The consumer’s consent to the collection of consumer health data is obtained through the App’s consent flow when the consumer agrees to our Privacy Policy and Terms and Conditions prior to using the Services. The sharing of consumer health data with the third-party processors identified in Section 4 of this policy is conducted under the strictly necessary exception (RCW 19.373 §6(2)), as such sharing is strictly necessary to provide the product or service that the consumer has requested. Without this sharing, Advoca cannot transcribe audio recordings or generate summaries, which are the core Services.

Anonymised (Deidentified) Data

With your separate and explicit consent, we may process certain data in a fully anonymised form for research, development, and commercial purposes. Under the Washington My Health My Data Act, data that has been fully deidentified is excluded from the definition of "consumer health data." To ensure this data remains exempt, Advoca publicly commits to:

  • Take reasonable measures to ensure the data cannot be associated with any consumer;
  • Maintain and process the data only in a deidentified fashion and not attempt to re-identify it

Because this data cannot be traced back to you, its use and sharing do not constitute the collection, sharing, or sale of consumer health data.

2. Categories of Sources from Which Consumer Health Data Is Collected

Consumer health data is collected from the following categories of sources:

  • Directly from the consumer: Audio recordings initiated by the consumer through the App, audio uploaded by the consumer from telephone recordings, and optional health profile data entered by the consumer.
  • Generated by the Services: Transcripts and summaries generated from audio recordings by our AI processing systems.

3. Categories of Consumer Health Data That Is Shared

The following categories of consumer health data are shared with third parties for the purposes of providing the Services:

  • Audio recordings are shared with Microsoft Azure (Microsoft Corporation)and Google Cloud Platform (Google LLC) for transcription processing. Zero data retention policies are in place; audio is processed and immediately deleted by the processor.
  • Transcripts are shared with Google Cloud Platform (Google LLC) for personal data removal, verification, and summary generation. Zero data retention policies are in place; transcripts are processed and immediately deleted by the processor.
  • App interaction data is shared with PostHog (PostHog Inc.) for analytics processing to improve our services.

Consumer health data is shared with these processors solely to the extent strictly necessary to provide the Services requested by the consumer. We do not sell consumer health data. We do not share consumer health data for advertising purposes.

If the consumer uses the in-app sharing feature, the consumer may choose to share specific transcripts and summaries with other Advoca users (e.g., carers, relatives). This sharing is initiated solely by the consumer and occurs only at the consumer’s direction.

4. Third Parties and Affiliates with Whom Consumer Health Data Is Shared

The following is a complete list of the categories of third parties and specific affiliates with whom we share consumer health data:

Microsoft Corporation (Microsoft Azure)

  • Category: Cloud infrastructure and transcription service provider
  • Data shared: Audio recordings (temporarily, for transcription processing only)
  • Location of processing: European Union
  • Data retention: Zero data retention — data is processed and immediately deleted
  • Contact: https://privacy.microsoft.com/ or [email protected]

Google LLC (Google Cloud Platform)

  • Category: Cloud infrastructure and AI processing service provider
  • Data shared: Audio Recordings and Transcripts (temporarily, for transcription, personal data removal, verification, and summary generation)
  • Location of processing: European Union
  • Data retention: Zero data retention — data is processed and immediately deleted
  • Contact: https://policies.google.com/privacy or via https://support.google.com/

Supabase Inc.

  • Category: Database hosting provider
  • Data shared: Summaries, verified transcripts, appointment metadata, and optional health profile data (for permanent storage)
  • Location of processing and storage: United Kingdom. 
  • Contact: https://supabase.com/privacy or [email protected]

PostHog Inc.

  • Category: Analytics processor
  • Data shared: App interaction data and device information
  • Location of processing and storage: European Union
  • Contact: https://posthog.com/privacy or [email protected]

Advoca Health Ltd does not have any affiliates with whom consumer health data is shared.

5. How to Exercise Your Rights

Under the Washington My Health My Data Act, you have the following rights regarding your consumer health data:

Right to Confirm and Access

You have the right to confirm whether we are collecting, sharing, or selling your consumer health data, and to access that data. You may exercise this right through the data access features within the Advoca App or by contacting us at [email protected].

Right to Withdraw Consent

You have the right to withdraw your consent to the collection and sharing of your consumer health data at any time. You may withdraw consent by:

  • Deleting your account through the App (which will delete all associated data)
  • Contacting us at [email protected] to request withdrawal of consent

Please note that if you withdraw consent to the collection and sharing of your consumer health data, we will no longer be able to provide the Services to you, as processing your health data is necessary to deliver the core functionality of Advoca.

If you have separately consented to the anonymisation and optional processing of your data, you may withdraw that specific consent independently through the App without affecting your ability to use the core Services.

Right to Delete

You have the right to request deletion of your consumer health data. You may exercise this right by:

  • Deleting specific appointment data (summaries, transcripts, and associated metadata) within the App
  • Deleting all data associated with your account within the App
  • Contacting us at [email protected] to request deletion

Upon receiving a verified deletion request, we will delete your consumer health data and direct our processors to delete any consumer health data in their possession. Given that our processors operate under zero data retention policies, there is no consumer health data retained by processors to delete.

Appeals Process

If we refuse or are unable to act on a request you have made regarding your consumer health data, you may appeal our decision. To submit an appeal:

  1. Email [email protected] with the subject line “MHMDA Appeal.”
  2. Include a description of your original request and the reason for your appeal.
  3. We will review your appeal and inform you in writing of our decision within forty-five (45) calendar days of receiving your appeal.
  4. Our response will include a written explanation of the reasons for our decision.
  5. If we deny your appeal, we will provide you with information on how to submit a complaint to the Washington State Attorney General, including the online complaint form available at: https://www.atg.wa.gov/file-complaint

Authorised Agents

You may designate an authorised agent to exercise your rights on your behalf. To do so, please provide the authorised agent with written permission signed by you, and contact us at [email protected] so that we can verify your identity and the agent’s authority.

This Consumer Health Data Privacy Policy contains only the information required under the Washington My Health My Data Act. For complete information about our data practices, please refer to our general Privacy Policy.