Salus Privacy
Salus is designed to keep health records local by default and limit outward sharing.
Salus is a local-first health operations system. It may process user-entered notes, authorized wearable data, medication logs, symptom entries, lab metadata, and appointment-preparation materials, but it is intended to keep raw records under the user's direct local control rather than treat the public website as a health-data backend.
Privacy policy for the Salus local-first health chief-of-staff system.
What Salus may process
Salus may process health-related information that the user enters or authorizes, including symptom notes, medication events, appointment details, lab-result metadata, routine summaries, and Oura-derived wellness data.
The system is intended to use that information to organize records, normalize inputs, prepare summaries, and support appointment preparation. It is not intended to profile users for advertising or sell health information.
How Oura access works
When connected to Oura, Salus is designed to use Oura's official OAuth2 server-side flow. The intended scopes are personal, daily, heartrate, workout, tag, session, and spo2, and Salus should only access the scopes the user has actually granted.
Oura access is meant to support local pulls of authorized data so Salus can build daily snapshots and derived personal summaries. Revoking Oura access through the user's Oura account should stop future authorized pulls.
How data is stored
Salus is designed to store raw imports as immutable local files and to generate normalized or derived artifacts downstream from those source records. The canonical record of imported data is intended to remain on the user's local machine or chosen local storage.
Secrets and tokens should not be committed to the public code repository. Runtime credentials are intended to live in local-only environment files or other non-repo storage under the user's control.
How outputs are shared
Salus may prepare concise daily, weekly, or appointment-specific summaries for the user. If a downstream communication channel is used, including Telegram, it is intended for short operational summaries rather than raw health-record exports.
Salus is not designed to publish raw health data to a public website, public repository, or broad distribution list as part of its ordinary operation.
Retention and user control
Because Salus is local-first, the user remains responsible for retaining, backing up, or deleting local records. Deleting or archiving local Salus files affects what the system can continue to reference.
The user can also revoke third-party access, such as Oura authorization, through the relevant provider's account controls. Revocation will not retroactively erase already-downloaded local records unless the user also removes those local files.
Medical and sensitive-information limits
Salus is intended to reduce operational sprawl around personal health records, not to create a substitute medical record system for hospitals, insurers, or emergency services.
If information appears urgent, safety-critical, or clinically significant, Salus should be treated as a prompt to contact a licensed clinician or emergency service rather than as a final decision-maker.