Privacy Policy

1. The short version

Your Vault (your stack, dosing, daily check-ins, symptoms, goals, experiments, decoded labs, saved protocols, and your questions to our assistant) is encrypted at rest under a key envelope-wrapped per member. We do not sell your personal information, we do not show it to advertisers, and we do not use it to train third-party AI models. You can export or permanently delete your account and Vault at any time from Settings. Anything that contributes to our aggregate community or measured-outcomes data is strictly opt-in and de-identified.

2. Who we are (data controller)

The controller responsible for your personal information is [LEGAL ENTITY NAME], [ENTITY TYPE / REG. NO.], of [REGISTERED ADDRESS]. You can reach us at [PRIVACY CONTACT EMAIL]. [If applicable: EU/UK Representative under GDPR Art. 27 / UK GDPR, and Data Protection Officer contact.]

3. Information we collect

Information you provide

• Account data: your email address and authentication credentials; if you sign in with a third-party provider (e.g. Google), basic profile information they share with us.
• Vault content: the personal log you choose to add: the compounds in your stack and their dose, schedule, and timing; daily check-ins (energy, focus, mood, sleep); free-text symptoms, notes, goals, and decisions; medications you record; reconstitution calculations; saved and composed protocols; n-of-1 experiments and their outcomes; and your questions to our assistant.
• Optional profile/demographic data: if you provide it (e.g. age band, sex), used to personalize relevant context. You are not required to provide it.
• Lab reports (Decoder): when you upload a lab/blood report for decoding, the file is processed in memory for that session and is not stored; the structured marker values are saved to your Vault only if and when you choose to save the result.
• Communications: messages you send us (e.g. via our contact form or by email) and your support history.

Information collected automatically

• Device & log data: IP address, browser/device type, timestamps, and request metadata, used for security, abuse prevention, rate-limiting, and debugging.
• Product analytics: first-party, privacy-preserving usage signals (which features are used, in aggregate). We do not run third-party advertising trackers on your Vault content. [Confirm analytics provider(s) with counsel.]
• Cookies & local storage: see Section 13.

Payment information

Subscription payments are processed by our payment processor, Dodo Payments, under their own terms and privacy policy. We do not receive or store your full card number; we receive subscription status and limited transaction metadata needed to provide and manage your plan.

4. How and why we use your information

We use personal information to:

• provide, maintain, and secure the Service and your account;
• generate the features you request: grades, dossiers, interaction checks, protocol composition, lab decoding, n-of-1 verdicts, and answers from our assistant;
• personalize relevant context to your own stack and entries;
• process payments and administer subscriptions;
• communicate with you about the Service and respond to support requests;
• prevent fraud and abuse, enforce our Terms, and comply with law;
• with your opt-in consent, contribute de-identified data to our aggregate community and measured-outcomes datasets (Section 7).

Legal bases (EEA/UK)

Where the GDPR or UK GDPR applies, we rely on: performance of a contract (to provide the Service you sign up for); our legitimate interests (to secure, improve, and protect the Service, balanced against your rights); your consent (for processing health/sensitive data, optional cohort contributions, and any non-essential cookies, which you may withdraw at any time); and compliance with legal obligations.

5. Health and other sensitive data

Some information you choose to provide (the compounds and medications you take, symptoms, goals, and lab markers) may relate to your physical or mental health or wellness. We treat this as sensitive information and apply heightened protections.

We are not a healthcare provider, and SelfAssay is not a covered entity or business associate under HIPAA. The Service is a personal-research and decision-support tool, not a medical record. See our Terms of Service for the wellness/not-medical-advice disclaimer.

Consumer health data.Where laws such as the Washington My Health My Data Act, the Nevada Consumer Health Data Privacy Law, and similar state laws apply, certain information you provide may be “consumer health data.” We collect it only to provide features you request; we rely on your consent (given when you create an account and by your continued use under this Policy, and a separate, specific opt-in before any sharing into our aggregate datasets); we do not sell consumer health data; and we share it only with the service providers in Section 9 to operate the Service. You may withdraw consent and delete this data at any time (Sections 7, 11, and 12). [Counsel: confirm whether a standalone Consumer Health Data Privacy notice and a dedicated request/appeal process are required for your launch states.]

Where the GDPR/UK GDPR applies, we process special-category (health) data on the basis of your explicit consent, which you can withdraw at any time without affecting prior processing.

6. How your data is stored and secured

Each Vault section is encrypted at rest with a per-member data key, which is itself wrapped under a server-managed master key (envelope encryption). Embeddings derived from your free-text entries (used for your own semantic search, e.g. “when else have I felt like this?”) are stored separately, tagged to your member id, and are not shared with other members.

Important: not end-to-end encrypted. Because the Service provides server-side features (search, AI assistance, lab decoding, and opt-in aggregation), our systems are able to decrypt your Vault to perform the operations you request. Access is restricted, logged, and limited to what is needed to run those features. SelfAssay is not end-to-end encrypted, and we can technically access your content to provide the Service and comply with law.

We use administrative, technical, and organizational safeguards appropriate to the risk. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security. We will notify affected users and regulators of a personal-data breach where required by law.

7. Opt-in community and measured-outcomes data

By default, your entries are not contributed to any shared dataset. Two separate, optional contributions exist, each off by default and each independently withdrawable:

Community signal

If you opt in, the classified content of certain entries (e.g. effects and side-effects mentioned in your notes) is routed into aggregate, de-identified community counts and patterns. We never present verbatim user text or attribute it to you. Because these contributions are de-identified on entry, aggregate rows already contributed may not be individually retrievable after opt-out.

Measured-outcomes ledger

If you opt in, when you conclude an n-of-1 experiment we add a de-identified, structured outcome (the compound, what you tracked, the result and effect size, your adherence, and how long you tracked) to an aggregate “people like you, measured” dataset. It is keyed by a salted, one-way hash rather than your account id; aggregate results are only shown above a minimum group size (k-anonymity); and we never include your name, free-text notes, or raw lab values. Turning this off purges the rows you contributed.

You can change either choice at any time in Settings.

8. AI processing

To answer your questions and decode lab reports, we send the specific request and the minimum necessary context to our AI processors. A provenance gate is designed to send only the relevant request, never your entire Vault. We do not permit our AI processors to use your content to train their general models, and we do not use your Vault to train third-party models. AI outputs are generated automatically and may be incomplete or inaccurate; they are decision support, not a determination with legal or similarly significant effect, and a human (you) remains in control of all decisions.

9. How we share information (sub-processors)

We do not sell your personal information. We share it only with service providers who process it on our behalf under contract, and only as needed to run the Service:

• Supabase: database, authentication, and storage.
• Vercel: application hosting and delivery.
• OpenRouter and Google: AI model inference and embeddings for the requests you make.
• Dodo Payments: subscription billing.
• Resend: transactional and support email.
• Sentry: error monitoring and diagnostics.

We keep our current sub-processor list up to date and will provide it on request. [Counsel: confirm the complete list, DPAs, and any additional analytics/email/infra vendors before launch.]

We may also disclose information to comply with law or valid legal process, to enforce our Terms, to protect the rights, safety, and security of users or the public, or in connection with a merger, acquisition, or sale of assets (with notice as required by law).

10. International data transfers

We and our service providers may process your information in countries other than your own, including the United States. Where we transfer personal data out of the EEA, the UK, or Switzerland, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (and the UK Addendum), or another lawful transfer mechanism. [Counsel: confirm the transfer mechanisms in place with each sub-processor.]

11. Data retention

We retain your account and Vault for as long as your account is active. When you delete your account, we permanently delete your encrypted records and the derived embeddings, and purge your opt-in measured-outcomes rows, within [30] days, except where we must retain limited records to comply with law, resolve disputes, or enforce our agreements. Backups are cycled out on our normal rotation schedule. De-identified aggregate data that no longer identifies you may be retained.

12. Your rights and choices

From Settings you can, at any time, view and export your Vault and permanently delete your account. Depending on where you live, you may also have rights to:

• access, correct, or delete your personal information;
• port a copy of your data;
• object to or restrict certain processing, and withdraw consent;
• opt out of any “sale” or “sharing” of personal information and limit use of sensitive information (we do not sell or share personal information for cross-context behavioral advertising);
• not be discriminated against for exercising your rights.

EEA/UK (GDPR/UK GDPR): you have the rights above and may lodge a complaint with your supervisory authority (in the UK, the ICO). California (CCPA/CPRA): you have rights to know, delete, correct, and limit the use of sensitive personal information; we have not sold personal information in the preceding 12 months. Washington, Nevada, and similar consumer-health-data laws: you may withdraw consent, delete consumer health data, and (where provided by law) appeal a decision. To exercise any right, contact [PRIVACY CONTACT EMAIL]; we will verify and respond within the time required by applicable law. You may use an authorized agent where the law permits.

13. Cookies and similar technologies

We use strictly necessary cookies and local storage to keep you signed in, remember preferences, and secure the Service. We do not use third-party advertising or cross-site tracking cookies. Where required, we will request consent for any non-essential cookies and honor recognized opt-out signals (such as Global Privacy Control). [Counsel: confirm cookie banner/consent requirements per jurisdiction.]

14. Children

The Service is intended for adults 18 and older and is not directed to children. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us information, contact us and we will delete it.

15. Changes to this Policy

We may update this Policy from time to time. We will post the updated version here, revise the “last updated” date, and, for material changes, provide additional notice (e.g. in-app or by email) before they take effect where required.

16. Contact us

Questions or requests about this Policy or your data: [PRIVACY CONTACT EMAIL], [LEGAL ENTITY NAME], [REGISTERED ADDRESS].