How Does Ovia Respond to Data Requests

Like any other company, Ovia may receive requests for account records from government, including law enforcement, and from private parties engaged in civil litigation. Here are some principles for users to understand:

  • If government, law enforcement or any civil litigant wants copies of any data held by Ovia, they must provide Ovia with a valid and legally-binding request (e.g., subpoena, court order) specifying the data that is sought. 
  • If Ovia receives such a request, we review it carefully before we respond. We reject any invalid requests.
  • To obtain data, the request must include identifying information that matches the information we have for that user, and we must be able to confirm that the request is for such user before we would provide any information.
  • Ovia will not provide data beyond the scope of the valid request. When possible, we will take reasonable steps to limit the scope of data provided. 
  • If we receive a request for your data, Ovia will provide notice to the account owner by sending an email to the email address on file for your account.  We may, however, withhold notice in certain circumstances, such as where the request relates to a person in danger or if the request is accompanied by a valid restriction against providing such notice or such notice is otherwise prohibited by law (i.e., non-disclosure or gag order). 
  • If you are concerned about the privacy of your Ovia data, you can delete it by exercising the self-serve options in any Ovia app. Go to the Settings menu and select “delete my account and data”. You can also request deletion by emailing us at support@oviahealth.com
  • When you delete your account and data, we delete your Ovia database entry entirely. Your principal database entry will be deleted immediately after your self-serve request or within 24 hours after Ovia’s support specialist acknowledges your deletion request if sent by email. Any historical data remaining in our data backups will be deleted automatically. For our principal backups this occurs no later than 35 days after primary data deletion, although data in secondary systems, such as our support and coaching databases and some Enterprise member data files, may be retained for longer periods. If we receive a legal request for information after final deletion of your data, we would not be able to fulfill the request because we would no longer have any of your data.
  • Please note that if you seek to delete your data after Ovia has received a government or other legally-binding request for it or when your data is otherwise subject to a preservation order, Ovia will be required to preserve your data in order to comply with the request.
  • If you receive coaching services from Ovia and indicate to Ovia that you or another person is in danger, we may have an obligation under mandatory child and adult safety reporting laws to report this to relevant authorities.