MedKeep
Contact
Privacy & Security

What Health Apps Actually Know About You (And How to Choose One That Doesn't)

Before you store your family's most sensitive information in a health app, it is worth understanding exactly what most apps do with that data. The answer may surprise you.

MK
The MedKeep Team
Health Records & Privacy
9 June 2026
6 min read

The short version: Most health apps monetise your data in some form. The exceptions are apps that use on-device, zero-knowledge encryption — where the app genuinely cannot read your records even if it wanted to.

What health apps typically collect

When you sign up for a health app, you are usually asked to create an account. That account links your health data to an identity. Even apps that claim to "anonymise" data often retain enough detail — age, location, specific diagnoses — that re-identification is possible with sufficient data.

Beyond the health data you enter directly, many apps collect:

  • Device identifiers — unique codes that identify your specific phone, used to track you across apps even after you delete the app and reinstall it
  • Usage patterns — which features you use, how often, at what times of day
  • Location data — often requested as part of "personalisation" but retained and linked to your health profile
  • Third-party analytics — many apps embed tracking libraries from companies like Google, Meta, or Amplitude that collect data independently of the app's stated privacy policy

How health data is used — and why it has value

Health data is among the most commercially valuable personal data that exists. Insurance companies use it to assess risk. Pharmaceutical companies use it to identify potential trial participants. Advertisers use it to target people experiencing specific conditions with relevant products. Data brokers aggregate it and sell it in bulk.

A 2023 study found that a significant proportion of popular health apps shared user data with third parties, often without clear disclosure in the privacy policy. The language used in privacy policies is frequently designed to be technically accurate while remaining practically opaque.

When a health app is free, the product is usually the data.

Red flags in a health app's privacy policy

Privacy policies are long for a reason — the important details are buried. These phrases should cause you to look more carefully:

  • "We may share your data with trusted partners" — Who are these partners? What can they do with the data? These questions are rarely answered.
  • "Anonymised or aggregated data" — Anonymisation is frequently reversible with sufficient additional data. This phrase does not mean your data is safe from re-identification.
  • "To improve our services" — This broad phrase can cover almost any use of your data, including training AI models or sharing with subsidiaries.
  • No mention of encryption at all — If an app does not clearly state that your data is encrypted, assume it is not, or that the encryption is server-side (meaning the company holds the keys).

What good privacy actually looks like

The gold standard for a health app is zero-knowledge, on-device encryption. This means your data is encrypted on your device using a key that only you hold, before it is ever stored or transmitted. The company operating the app genuinely cannot read your records — not because they choose not to, but because they are technically incapable of doing so.

This architecture also means that if the company is breached, or compelled by a court order to provide data, all they can provide is ciphertext that is unreadable without your key.

A truly privacy-respecting health app will also be explicit about what it does not collect. "We do not sell your data" is less meaningful than "We do not collect any data that could be sold." The distinction matters.

Questions to ask before you download

Before installing any app to store your family's health records, find answers to these questions in the privacy policy and app documentation:

  • Is the data encrypted on my device, or on the company's servers? Who holds the encryption key?
  • Does the app require an account? Is it linked to my email address or phone number?
  • Does the app share data with third parties? Who, and for what purpose?
  • What data does the app collect beyond what I enter directly?
  • Can I export all my data and delete it completely if I choose to stop using the app?
  • Has the app published a clear, readable privacy policy — or is it deliberately obscure?

If you cannot find clear answers to these questions in the documentation, treat that absence as an answer in itself.

Published 9 June 2026 · 6 min read
Back to blog
Keep reading

More from the blog

Guides

How to Organise Your Family's Medical Records (And Keep Them That Way)

Every family accumulates health records faster than they realise. Here's how to turn that scattered pile into an organised digital vault that actually helps when it matters most.

20 May 2026·7 min read
Health Education

Blood Pressure Explained: What Your Numbers Actually Mean

120/80. 140/90. Numbers that appear on a monitor every few months and get filed away without much thought. Understanding what they actually mean could be one of the most useful things you do for your family's health.

8 May 2026·5 min read
Guides

The Complete Guide to Tracking Medications for Your Whole Family

The average adult over 65 takes five or more prescription medications. For a family with children, elderly parents, and chronic conditions in the mix, medication management becomes a significant responsibility. Here's how to get on top of it.

28 April 2026·8 min read

Your health records,
always with you.

Free to start. Your whole family on the Family plan. Encrypted on your device, we can't read it.

Download on theApp StoreGet it onGoogle Play