⚠ Draft pending legal review. This is a comprehensive starting draft; a qualified Indian lawyer (DPDPA 2023) will review it before launch. Questions? privacy@healthcalculus.com

Privacy Policy

Last updated: 24 May 2026

healthcalculus is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights.

1. Who we are

healthcalculus is a family health platform. Contact: privacy@healthcalculus.com.

2. What data we collect

Account information

  • Email address
  • Name (optional), country, date of birth (optional)

Vault data

  • Lab reports (PDFs and images) and the values decoded from them
  • Family members you add (name, DOB, sex, relationship, any history you provide)
  • Doctor visit notes and the summaries generated from them

Usage data

  • Pages visited (via Plausible Analytics, which does not use cookies and does not collect personal data)
  • Calculator interactions, anonymised and aggregated only

What we do NOT collect

  • No tracking cookies, no device fingerprinting, no cross-site tracking
  • No data bought from third parties
  • We never sell your data, and we never use your reports to train AI models

3. How we use your data

To authenticate you, send transactional emails (magic links), decode your reports, display your family's records back to you, and generate summaries you request. Your vault is private — only you can see it.

4. Legal basis (GDPR / DPDPA 2023)

We process your data on the basis of your consent, the contract to provide the service, our legitimate interests (security, fraud prevention), and legal obligations.

5. Third-party services

  • Anthropic Claude API — processes report content and visit notes for decoding/summarising. Not used to train models.
  • Supabase — encrypted database and file storage.
  • Vercel — application hosting.
  • Cloudflare — DNS and DDoS protection.
  • Plausible Analytics — cookieless, privacy-respecting analytics.
  • Buttondown — newsletter (only if you subscribe).

6. Storage and security

Data is stored encrypted at rest. Report files live in private buckets with Row-Level Security — only you can access your own files. Authentication is passwordless (magic link), so there is no password to be breached. No system is perfectly secure, but we apply patches promptly and limit access tightly.

7. Children's data

healthcalculus is not for direct use by children under 18, but a parent or guardian may add a minor as a family member. Only the account holder can access a child's data, it is never used in analytics, and deleting the child removes all associated data.

8. Your rights

Under DPDPA 2023, GDPR and similar laws you can request access, correction, erasure, and a portable export of your data, object to processing, and withdraw consent. Email privacy@healthcalculus.com and we respond within 30 days. You can also delete your account and export your data from your vault settings.

9. Data retention

Account and vault data are retained while your account is active and deleted within 30 days of account deletion. Visit notes do not auto-expire — you control them. Analytics are aggregate-only.

10. Changes

We may update this policy as the product evolves; material changes will be notified and the “last updated” date kept current.

11. Contact

Privacy & data requests: privacy@healthcalculus.com
General: hello@healthcalculus.com