Legal
Privacy Policy
A draft privacy policy, pending attorney review. Bracketed items are placeholders to be finalized.
- What we collect
- account data (email, and optionally name); authentication metadata (via [Supabase]); consent flags and timestamps; product usage (pages viewed, saved items, alert preferences). We do not collect health records, and we ask users not to send us health information about themselves.
- How we use it
- to operate your account and saved features; to send the alerts/updates you opted into; to improve the site; and — only with your marketing opt-in — to send information about new features or offerings. We do not condition access to the free educational content on marketing consent.
- Legal bases (where applicable, e.g. GDPR)
- contract (account), consent (marketing), legitimate interests (security, product improvement).
- Sharing
- with service providers who process data on our behalf (e.g. [Supabase] for auth/storage, [email provider] for messaging), under contract. We do not sell your personal data. We may disclose if required by law.
- Retention
- for as long as your account is active, plus [X] months, or until you ask us to delete it.
- Your choices/rights
- access, correct, export, or delete your data; unsubscribe from marketing at any time (link in every email). [Add CCPA "Do Not Sell/Share" and GDPR rights language as your audience geography requires.]
- Security
- encryption in transit, access controls, RLS on the datastore. No method is 100% secure.
- Age
- 18+ only; not directed to children.
- Changes / contact
- we'll post updates here and, for material changes, notify opted-in users. Contact: [privacy@provenpanel...].