← Tenssify

Privacy Policy

Effective date: July 18, 2026 · Applies to residents of Canada, including Ontario · Written for PIPEDA and PHIPA alignment

Tenssify (“we”, “us”) provides a personal blood pressure logging service. This policy explains what we collect, why, how it is protected, and your rights.

1. What we collect

2. Why we collect it

We process your data to provide the personal health journal you request: store and display your readings, charts, exports, optional alerts, optional AI explanations, and doctor-share links. We do not sell your PHI.

3. Application-layer encryption

Health values are encrypted with AES-256-GCM using a per-user data key before they are written to Cloudflare D1. Looking at the database console shows ciphertext for blood pressure and related PHI fields, not your raw numbers. Sessions use HttpOnly cookies; the raw data key is not stored in browser localStorage. A server-side wrap of your data key (protected by Tenssify’s master key) lets our Workers decrypt your data only after authentication — for example to show your journal, run AI features you opt into, send critical alerts you enable, or serve a share link you created. This is server-recoverable encryption for those product features, not end-to-end encryption where only you can decrypt.

4. Artificial intelligence

Optional AI features run on Cloudflare Workers AI after your authenticated session decrypts your data in memory. AI is educational and triage-oriented only: it does not diagnose, prognose, or recommend medication changes. Separate, revocable consents cover (a) educational AI on the current note/reading and (b) use of your encrypted history for insights, visit briefs, and reading review. Processing may occur on Cloudflare AI infrastructure outside Canada. Daily per-user quotas apply. We do not use your PHI to train public models. You can revoke AI consent anytime in Profile.

5. Storage location & cross-border processing

Data is hosted on Cloudflare infrastructure. Our current D1 database is located in Eastern North America. Cloudflare D1 does not currently offer a Canada-only jurisdiction lock. Optional AI inference may run in Cloudflare’s global AI network. We use application-layer encryption, access controls, and explicit AI consent to reduce risk while that limitation exists, and we will evaluate Canada-restricted storage options as Cloudflare expands jurisdiction support.

6. Consent

By creating an account, you give express consent for Tenssify to collect and process your PHI for the core journal purposes described here. Optional features require additional consent: AI educational use, AI history use, and critical-alert emails. Share links are user-created, time-limited, and minimized. You may withdraw optional consents in Profile or delete your account.

7. Your rights (Canada / Ontario)

8. Retention

We retain your account and encrypted PHI while your account remains open. After you delete your account, associated PHI is removed from production storage. Limited anonymized operational logs may remain for security and abuse prevention.

9. Sharing

We share data only with subprocessors needed to operate the service (Cloudflare for hosting/compute/AI, Resend for transactional email) and when you create a share link or request an alert/email. We do not sell personal information.

10. Contact

Privacy inquiries: privacy@tenssify.com

If you are in Canada and remain unsatisfied, you may contact the Office of the Privacy Commissioner of Canada, and Ontario residents may also contact the Information and Privacy Commissioner of Ontario.