Terms of Service (ToS): Must include a heavy “Medical Disclaimer” and a limitation of liability.
Privacy Policy: Must explicitly state what data is collected, how it is stored, and—crucially—who you sell it to.
HIPAA BAA (If applicable): Only needed if your customers are healthcare providers.
Informed Consent: A “Just-in-Time” pop-up during onboarding that explains exactly what happens to the user’s blood pressure data.