Third-Party Services
Effective Date: February 2026 | Last Updated: February 2026
Swasth integrates with various third-party services to provide enhanced functionality. This page describes these integrations and their implications for your data.
1. Overview
We integrate third-party services to provide features like AI analysis, health data sync, and authentication. Your use of these integrations is subject to both our terms and the third party's terms.
2. AI Service Providers
Swasth offers AI-powered features using two models: "Bring Your Own Key" (BYOK) where you provide your own API keys, and free-tier providers where shared API credentials are used.
2.1 BYOK Providers
| Provider | Features Used | Data Shared |
|---|---|---|
| OpenAI | Health analysis, recipe suggestions | Health data, meal data (per request) |
| Anthropic (Claude) | Health insights, Q&A | Health data, queries (per request) |
| Google AI | Analysis features | Health data (per request) |
| DeepSeek | Analysis features | Health data (per request) |
| Mistral | Analysis features | Health data (per request) |
2.2 Free-Tier Providers
| Provider | Features Used | Data Shared |
|---|---|---|
| Groq | Free-tier AI inference for health analysis | Health data per request (shared credentials) |
| OpenRouter | Free-tier multi-model proxy for AI analysis | Health data per request (additional data intermediary) |
| Together AI | Free-tier AI inference for health analysis | Health data per request (shared credentials) |
| Cerebras | Free-tier AI inference for health analysis | Health data per request (shared credentials) |
2.3 Free-Tier vs BYOK AI Services
There are important privacy differences between BYOK and free-tier AI providers:
- BYOK providers: You provide your own API key. Data handling is governed by your direct agreement with the provider and your API key terms. You have full control over your data relationship with the provider.
- Free-tier providers: Shared API credentials managed by Swasth are used. Your data may be subject to the provider's standard data retention and processing policies for shared-tier usage, which may differ from paid API terms.
- OpenRouter note: OpenRouter acts as an intermediary proxy, meaning your data passes through an additional third party before reaching the underlying model provider.
- Recommendation: For sensitive health queries or data you want maximum control over, we recommend using BYOK providers where you manage your own API key and data terms directly.
2.4 How BYOK Works
- You create an account with your chosen AI provider
- You obtain API keys from the provider
- You enter keys in Swasth settings
- Keys are stored securely on your device
- Data is sent directly to the provider when you use AI features
2.5 Data Handling
- Data sent to AI providers is governed by their privacy policies
- We do not control how providers process your data
- Providers may retain data per their policies
- Consider provider data retention when using sensitive health data
2.6 Provider Policies
- OpenAI Privacy Policy
- Anthropic Privacy Policy
- Google Privacy Policy
- Groq Privacy Policy
- OpenRouter Privacy Policy
- Together AI Privacy Policy
- Cerebras Privacy Policy
3. Health Data Integrations
3.1 Google Fit
| Aspect | Details |
|---|---|
| Purpose | Sync health metrics between Swasth and Google Fit |
| Data Synced | Steps, heart rate, weight, sleep (bidirectional) |
| Authorization | OAuth2 with scope-limited permissions |
| Control | Enable/disable in Settings → Integrations |
4. Authentication
4.1 LaxharAccess
Authentication is provided by LaxharAccess, our OAuth2 identity provider.
| Aspect | Details |
|---|---|
| Purpose | Secure user authentication |
| Protocol | OAuth 2.0 with PKCE |
| Data Shared | Email, profile information |
| Security | No password stored by Swasth |
5. Weather Services
5.1 OpenWeather
| Aspect | Details |
|---|---|
| Purpose | Weather-based health recommendations |
| Data Shared | City/location (not precise coordinates) |
| Features | Weather insights for outdoor activities |
6. Notification Services
6.1 Web Push (VAPID)
| Aspect | Details |
|---|---|
| Purpose | Push notifications for reminders, messages |
| Data Shared | Device tokens, notification content |
| Control | Browser notification permissions |
7. Infrastructure Services
We use cloud infrastructure providers for platform operations:
- Database hosting: PostgreSQL cloud services
- File storage: Cloud storage for medical documents
- Hosting: Application hosting services
These providers process data as subprocessors under our direction and applicable data protection agreements.
8. Encryption Services
8.1 Matrix.org (Olm/Vodozemac)
| Aspect | Details |
|---|---|
| Purpose | End-to-end encryption for messaging |
| Technology | Olm/Vodozemac (Double Ratchet algorithm) |
| Data Processing | Encryption happens locally; no data sent to Matrix.org |
| Security Audit | Library audited by Least Authority |
9. Data Flows
Summary of data flows to third parties:
| Data Type | Third Parties | User Control |
|---|---|---|
| Health data (for AI — BYOK) | Your chosen AI provider | Opt-in per feature, your API key |
| Health data (for AI — free tier) | Groq, OpenRouter, Together AI, or Cerebras | Opt-in per feature, shared credentials |
| Health metrics sync | Google Fit | Opt-in connection |
| Location (city) | OpenWeather | Opt-in feature |
| Auth credentials | LaxharAccess | Required for login |
| Device tokens | Push services | Notification permissions |
| Symptom/recovery/beauty data | AI providers (if AI features used) | Opt-in per AI request |
10. Your Choices
You can control third-party data sharing:
- AI features: Don't add API keys or select a free-tier provider if you don't want AI
- Google Fit: Disconnect in Settings → Integrations
- Notifications: Revoke browser permissions
- Location: Decline location permission requests
11. Changes to Integrations
We may add, modify, or remove third-party integrations. Material changes affecting data sharing will be communicated before implementation.
12. Contact
For questions about third-party services:
- Email: [email protected]
- Support: [email protected]
Remember: When you use features powered by third-party services, your data is subject to both our Privacy Policy and the third party's privacy policy. Review provider policies before enabling integrations.