Almavivo

Privacy

Local-first by design.

Almavivo is built so the most sensitive thing about a health product — your answers — never reaches us. Everything personal happens in your browser. The only time data leaves your device is when you choose to export it or send it to a clinician.

What backs this up

It’s not a policy. It’s the architecture.

On your device, not ours

Your intake, lab values, ratings, journal, and generated plan are stored only in your browser's local storage. Clear them anytime — there is no copy on our servers because none was ever sent.

Enforced by your browser

Almavivo ships with a strict Content Security Policy that blocks every third-party script, font, image, and network call. If we ever accidentally introduce a tracker, your browser refuses to load it.

Verifiable, not promised

Open your browser's Network tab and use the site. You will see requests to almavivo.com and nothing else. The full audit lives on our transparency page.

What stays on your device

  • Every question and answer in the intake
  • Any lab values you enter (vitamin D, ferritin, B12, etc.)
  • Your generated supplement plan and explanations
  • Your saved list, favourites, and ratings
  • Your journal entries

All of the above is stored in your browser’s local storage. It never reaches our servers. If you clear your browser data — or use Incognito / Private mode — it is gone, and we cannot recover it because we never had it.

What we do not do

  • No accounts. No login. No password.
  • No profile attached to your answers.
  • No tracking pixels on the intake or results pages.
  • No third-party advertising scripts. Anywhere.
  • No selling, sharing, or trading of personal data — we have nothing to sell.

What we do see

We keep an old-school server-side hit counter — an integer per route, per day. When the server renders a page, that counter goes up by one. We do not write your IP address to disk, we do not set cookies, and we do not run any client-side analytics. Two visitors on the same day are indistinguishable in the counter. You can see the exact mechanism on the transparency page.

When data does leave your device

There is one moment in the flow where you can choose to share what Almavivo generated for you. It only happens if you initiate it, at the end, when you have your plan. You can:

  • Print or download the plan as a PDF, locally on your device.
  • Send a structured summary to a health professional you select — generated in your browser, sent through your own mail client to the address you enter.
  • Share a redacted copy with a partner, coach, or family member you choose.

Each of these is opt-in, requires a clear consent step, and shows you exactly what is about to be sent and to whom before anything moves. If you do not click send, nothing leaves your device. That moment is the first and only time your data is in motion.

If this ever changes

If we ever introduce optional features that require sending data to a server — for example, end-to-end encrypted sync across devices — we will update this page before shipping it, the feature will be opt-in, and the default will always remain: nothing leaves your device unless you ask it to.

Back up or move your profile

You can download a JSON backup of your intake, journal, and saved list — and reload it later or on another device. Export and restore both run entirely in your browser.

Back up or restore your data →

Clear your data

You can wipe everything Almavivo has stored at any time — intake, journal, saved list, all profiles. The wipe button on the data page does it in one click. You can also clear site data in your browser settings, or use Incognito / Private mode if you want a session that disappears when you close the tab.

Wipe data on this device →

Who can read your data on this device

Local-first means your answers stay on your device, but it’s worth being explicit about what that does and does not protect against. We think you deserve a real answer rather than a marketing one.

Other websites cannot read it. Browsers isolate storage per origin, so almavivo.com’s local storage is not visible to any other site you visit. Almavivo’s strict Content Security Policy also means no third-party script can run on our pages to read it.

Browser sync does not upload it. Chrome, Firefox, Safari, and Edge sync passwords, history, and bookmarks across your devices, but they do not sync localStorage. Your Almavivo data stays on the specific device where you entered it.

What can read it: you (via your browser’s developer tools — by design); anyone with access to your unlocked device and your browser profile; browser extensions you have installed that have permission to read site data; and forensic or backup tools that have filesystem access to your browser’s profile folder.

How to harden this. If your device’s disk is encrypted (FileVault on macOS, BitLocker on Windows, the default on iOS and Android), an attacker who steals your device cannot read the files at rest. We recommend turning that on if it is not already. Be thoughtful about which browser extensions you install — an extension with broad permissions can read every site’s storage, not just Almavivo’s. And use the wipe button before handing on a device you no longer control.

We deliberately do not encrypt local storage with a passphrase. Adding a login to a no-login product would create a data-loss footgun (lost passphrase = lost data with no recovery, since we keep nothing) without meaningfully closing the threats above. If you want biometric-gated access to Almavivo on a shared device, tell us — it is on the roadmap as an opt-in.

Not medical advice

Almavivo is an educational tool. Always talk to a qualified clinician before changing supplements, especially if you take prescription medication, are pregnant or breastfeeding, or have a chronic health condition.