Privacy Policy

Your privacy matters deeply to us. Healia ("we," "us," "our") is committed to protecting your personal information. This Privacy Policy explains what information we collect, how we use it, how we protect it, and your rights regarding your data.

1. Information We Collect

1.1 Information You Provide:

• Nickname or alias (NOT your legal name)
• Age
• Biological sex
• Country and region/state
• Known allergies
• Current medications
• Chronic health conditions
• Pregnancy or breastfeeding status (if applicable)
• Smoking status
• Activity level
• Insurance status (yes/no/underinsured — no policy details)
• Monthly health budget range
• Pharmacy access preference
• Email address (optional — only if you choose to provide it)
• Symptom descriptions and health questions
• Photos of health conditions (if you choose to upload them)

1.2 Information We Automatically Collect:

• Device type and browser information
• IP address (anonymized after processing for geolocation)
• Usage data (pages visited, features used, session duration)
• Cookie data (see our Cookie Policy)

1.3 Payment Information:

Payment processing is handled entirely by Stripe, Inc. We do NOT store credit card numbers, CVVs, or bank account information on our servers. We receive only a confirmation of payment status and a Stripe customer ID.

2. Information We Do Not Collect

We explicitly do NOT collect:

• Your legal/real name
• Your physical address
• Your Social Security number or government ID
• Your health insurance policy details
• Your medical records from other providers
• Facial photographs or biometric data
• Your employer information
• Information about minors without parental consent

3. How We Use Your Information

We use your information solely to:

• Provide and personalize the health guidance Service
• Generate treatment plans tailored to your profile
• Check for drug interactions and allergy conflicts
• Recommend products appropriate for your location and budget
• Send reminders and notifications (if you opt in)
• Process payments
• Improve our AI models and Service quality (using anonymized, aggregated data only)
• Respond to your inquiries and support requests
• Comply with legal obligations

4. How We Protect Your Information

• All data is encrypted in transit using TLS 1.3
• All data is encrypted at rest using AES-256 encryption
• Our database (Convex) employs enterprise-grade security measures
• Photos are processed by our AI systems and stored encrypted; they are automatically deleted after 180 days
• Access to user data is restricted to essential personnel only
• We conduct regular security audits

5. Data Sharing

We do NOT sell your personal information. Ever. Period.

We may share limited data with:

• Stripe, Inc. — Payment processing only
• AI Service Providers (Anthropic, OpenAI, Google) — Your symptom descriptions and photos are sent to AI models for analysis. These providers process data per their own privacy policies and do not retain consultation data for training purposes. We do not send your nickname, email, or identifying information to AI providers.
• Affiliate Partners (Amazon, iHerb, etc.) — When you click a product link, the retailer receives standard referral data (that you came from healia.space). They do NOT receive your health information.
• Email Service Provider (Resend) — If you provide an email for reminders, your email address is shared with our email delivery provider solely for sending notifications you requested.
• Law Enforcement — Only when required by law, subpoena, or court order.

6. Data Retention

• Active accounts: Data is retained as long as your account is active.
• Guest accounts: Automatically deleted after 90 days of inactivity.
• Consultation history: Retained until you delete it or your account is deleted.
• Photos: Automatically deleted after 180 days.
• Payment records: Retained for 7 years as required for tax and legal compliance.
• Anonymized aggregate data: May be retained indefinitely for Service improvement (this data cannot be linked back to any individual).

7. Your Rights

You have the right to:

• Access your data (view all information we hold about you in Settings)
• Export your data (download as JSON from Settings)
• Delete your data (one-tap deletion in Settings — permanent and irreversible)
• Delete specific consultations individually
• Opt out of email communications at any time
• Withdraw consent for data processing (by deleting your account)
• Correct inaccurate information (edit your profile in Settings)

8. GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland:

• Our legal basis for processing your data is your consent (which you provide by using the Service) and our legitimate interest in providing the Service.
• You have the right to lodge a complaint with your local data protection authority.
• You have the right to data portability (export your data in a structured format).
• You may request erasure of your data by contacting us at privacy@healia.space or using the in-app deletion feature.
• We do not transfer your data outside the EEA unless adequate safeguards are in place.

9. CCPA Compliance (California Users)

If you are a California resident under the California Consumer Privacy Act (CCPA):

• You have the right to know what personal information we collect, use, and disclose.
• You have the right to request deletion of your personal information.
• You have the right to opt out of the "sale" of your personal information. We do NOT sell your personal information.
• You have the right not to be discriminated against for exercising your privacy rights.
• To exercise these rights, contact us at privacy@healia.space.

10. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected data from a child under 13, please contact us immediately at privacy@healia.space and we will delete it promptly. Users aged 13-17 may use the Service only with parental consent.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy with a new "Last Updated" date and, if you have provided an email address, by sending you a notification.

12. Contact

For privacy-related questions or requests:

Email: privacy@healia.space
Website: healia.space
General inquiries: hello@healia.space

This policy is comprehensive; we recommend review with privacy counsel for your specific operations and jurisdictions.