METIS Health Navigator — Privacy Policy

Effective: March 29, 2026 · Last updated: July 6, 2026 · See also our Terms & Conditions

1. Information We Collect

METIS collects the following information when you create an account: your name, email address, and branch of military service. During the pilot program, we also collect your VA Benefit Summary Letter for verification purposes only. All health data you upload or connect (medical records, wearable data, genetic data) is stored exclusively on your device and is never stored or retained on any METIS server. (Some provider connections route through a transient, no-store relay to establish connectivity — see Section 4 — which keeps nothing.)

2. How We Use Your Information

Account information (name, email) is used solely to: verify your eligibility for the disabled veteran pilot program, communicate with you about your METIS account and the pilot program, and provide customer support. We do not sell, rent, or share your personal information with third parties for marketing purposes.

3. Data Storage & Security

METIS operates on a zero-trust, no-backend architecture. All health data is encrypted using AES-256-GCM with PBKDF2-derived keys (250,000 iterations) and stored in your browser's IndexedDB on your device. Encryption keys are non-extractable and derived from your password. There is no METIS server that stores, processes, or has access to your health data. Your data is yours.

4. Third-Party Data Sources

When you connect external data sources (VA.gov, Oura Ring, 23andMe, MyChart, etc.), METIS uses OAuth 2.0 to securely access your data from those services. Data retrieved from these sources is processed on your device and stored locally in encrypted form. METIS does not store your OAuth tokens on any server — they are kept in your browser session only.

A note on connectivity relays. Some healthcare providers' systems cannot be reached directly from your browser for technical reasons (cross-origin restrictions). To complete those connections, the request passes through a secure, transient relay operated by Divergent Labs LLC. This relay is a pass-through only: it carries the request over an encrypted connection and returns the response to your device, and it never stores, logs, or retains your requests, responses, or access tokens — they exist only in memory for the moment of the request and are then discarded. Nothing from these connections is written to any METIS server or database. Your health data continues to live only on your device.

5. VA Data

METIS accesses VA health data through the VA Lighthouse API program with your explicit authorization. VA data is subject to the VA's own privacy policies in addition to this policy. METIS does not share your VA data with any third party. All VA data retrieved is processed and stored exclusively on your device.

6. Cookies & Analytics

METIS does not use tracking cookies, advertising cookies, or third-party analytics services. The only browser storage used is for your encrypted health data (IndexedDB) and application settings (localStorage), both stored on your device only.

7. Data Retention & Deletion

METIS gives you two distinct and independent deletion rights — one instant and fully in your hands, one governed by our 45-day commitment:

🔒 Your health data — instant, self-serve deletion, anytime.

All health data (medical records, wearable data, genomic data, lab results) is stored exclusively on your device, encrypted with keys only you hold. It is never transmitted to or stored on any METIS server. You can permanently delete it yourself at any time directly within the app, by clearing your browser data, or by uninstalling the PWA — no request needed, no waiting, no approval required. This is immediate and irreversible.
📋 Your pilot account data — deleted within 45 days of your request.

The only information Divergent Labs LLC holds is your name, email address, and branch of service, used solely for pilot verification and communication. The METIS pilot program runs for 2 months from the date of your enrollment. Upon your written request to support@divergentlabs-evolve.com, Divergent Labs LLC will permanently delete 100% of your pilot account data within 45 days of receiving your request. At the conclusion of the pilot program, all pilot account data is permanently deleted regardless. Divergent Labs LLC retains zero participant data after the pilot ends.

In short: your health data is yours to destroy instantly, at any time, without asking anyone. The 45-day window applies only to the minimal administrative record we hold for pilot verification — your name, email, and branch of service. That is the entirety of what Divergent Labs LLC stores.

8. Children's Privacy

METIS is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When changes are made, we will notify you directly via the email address associated with your account prior to the changes taking effect. Changes will also be posted on this page with an updated effective date. Continued use of METIS after changes constitutes acceptance of the revised policy.

10. Contact Us

For privacy-related questions or to request deletion of your account information, contact: support@divergentlabs-evolve.com

11. Data Breach Notification

In the event of a data breach affecting your pilot account information (name, email address, branch of service), Divergent Labs LLC will notify you at your registered email address within 72 hours of becoming aware of the breach. The notification will describe:

Important: Your health data cannot be breached from METIS servers because it is never stored there. All health data lives exclusively on your device, encrypted with AES-256-GCM keys that only you hold. The only information held by Divergent Labs LLC is your name, email, and branch of service.

12. Business Transfer or Dissolution

In the event of a merger, acquisition, transfer of ownership, or dissolution of Divergent Labs LLC, you will be notified via email no less than 30 days in advance. At that time, you will have the right to choose one or more of the following options:

Any business transfer is additionally contingent upon the receiving entity honoring the permanent free access commitment made to all pilot program Veterans (see Terms & Conditions Section 11). This is a non-negotiable condition of any ownership transfer.

13. HIPAA Disclaimer

METIS Health Navigator is a personal health management tool designed to help individuals organize and understand their own health information. METIS is not a covered entity under the Health Insurance Portability and Accountability Act (HIPAA), as it does not provide healthcare services, process insurance claims, or operate as a healthcare clearinghouse.

However, METIS voluntarily implements security safeguards that meet or exceed HIPAA technical requirements, including:

If you use METIS to connect to a HIPAA-covered entity (such as the VA or your healthcare provider via MyChart), your data from those sources remains subject to the privacy protections of the originating covered entity. METIS does not alter or diminish those protections.

14. VA Lighthouse API Compliance

METIS accesses VA health data exclusively through the VA Lighthouse API platform, operated by the U.S. Department of Veterans Affairs. Use of VA data through METIS is subject to the VA Lighthouse API Terms of Service in addition to this Privacy Policy.

Specifically, METIS commits to the following in compliance with VA API program requirements: