Third-Party Services
Effective Date: December 2024 | Last Updated: December 2024
Swasth integrates with various third-party services to provide enhanced functionality. This page describes these integrations and their implications for your data.
1. Overview
We integrate third-party services to provide features like AI analysis, health data sync, and authentication. Your use of these integrations is subject to both our terms and the third party's terms.
2. AI Service Providers
Swasth offers AI-powered features using a "Bring Your Own Key" (BYOK) model. You provide your own API keys.
2.1 Supported Providers
| Provider | Features Used | Data Shared |
|---|---|---|
| OpenAI | Health analysis, recipe suggestions | Health data, meal data (per request) |
| Anthropic (Claude) | Health insights, Q&A | Health data, queries (per request) |
| Google AI | Analysis features | Health data (per request) |
| DeepSeek | Analysis features | Health data (per request) |
| Mistral | Analysis features | Health data (per request) |
2.2 How BYOK Works
- You create an account with your chosen AI provider
- You obtain API keys from the provider
- You enter keys in Swasth settings
- Keys are stored securely on your device
- Data is sent directly to the provider when you use AI features
2.3 Data Handling
- Data sent to AI providers is governed by their privacy policies
- We do not control how providers process your data
- Providers may retain data per their policies
- Consider provider data retention when using sensitive health data
2.4 Provider Policies
3. Health Data Integrations
3.1 Google Fit
| Aspect | Details |
|---|---|
| Purpose | Sync health metrics between Swasth and Google Fit |
| Data Synced | Steps, heart rate, weight, sleep (bidirectional) |
| Authorization | OAuth2 with scope-limited permissions |
| Control | Enable/disable in Settings → Integrations |
4. Authentication
4.1 LaxharAccess
Authentication is provided by LaxharAccess, our OAuth2 identity provider.
| Aspect | Details |
|---|---|
| Purpose | Secure user authentication |
| Protocol | OAuth 2.0 with PKCE |
| Data Shared | Email, profile information |
| Security | No password stored by Swasth |
5. Weather Services
5.1 OpenWeather
| Aspect | Details |
|---|---|
| Purpose | Weather-based health recommendations |
| Data Shared | City/location (not precise coordinates) |
| Features | Weather insights for outdoor activities |
6. Notification Services
6.1 Web Push (VAPID)
| Aspect | Details |
|---|---|
| Purpose | Push notifications for reminders, messages |
| Data Shared | Device tokens, notification content |
| Control | Browser notification permissions |
7. Infrastructure Services
We use cloud infrastructure providers for platform operations:
- Database hosting: PostgreSQL cloud services
- File storage: Cloud storage for medical documents
- Hosting: Application hosting services
These providers process data as subprocessors under our direction and applicable data protection agreements.
8. Encryption Services
8.1 Matrix.org (Olm/Vodozemac)
| Aspect | Details |
|---|---|
| Purpose | End-to-end encryption for messaging |
| Technology | Olm/Vodozemac (Double Ratchet algorithm) |
| Data Processing | Encryption happens locally; no data sent to Matrix.org |
| Security Audit | Library audited by Least Authority |
9. Data Flows
Summary of data flows to third parties:
| Data Type | Third Parties | User Control |
|---|---|---|
| Health data (for AI) | Your chosen AI provider | Opt-in per feature |
| Health metrics sync | Google Fit | Opt-in connection |
| Location (city) | OpenWeather | Opt-in feature |
| Auth credentials | LaxharAccess | Required for login |
| Device tokens | Push services | Notification permissions |
10. Your Choices
You can control third-party data sharing:
- AI features: Don't add API keys if you don't want AI
- Google Fit: Disconnect in Settings → Integrations
- Notifications: Revoke browser permissions
- Location: Decline location permission requests
11. Changes to Integrations
We may add, modify, or remove third-party integrations. Material changes affecting data sharing will be communicated before implementation.
12. Contact
For questions about third-party services:
- Email: [email protected]
- Support: [email protected]
Remember: When you use features powered by third-party services, your data is subject to both our Privacy Policy and the third party's privacy policy. Review provider policies before enabling integrations.