Privacy Policy

1. Data We Process

We process account identifiers (email, Firebase UID), plan preferences you submit, recommendation outputs you choose to save, and subscription metadata from Stripe.

2. Health-Data Scope and HIPAA Notice

This implementation is not represented as HIPAA-compliant and should not be used for protected health information workflows that require HIPAA safeguards.

3. How Data Is Used

Data is used to authenticate users, provide personalized recommendation workflows, save premium plans, and manage subscriptions. We do not sell personal data in this implementation.

4. Third-Party Processors

Authentication is provided through Firebase and billing through Stripe. Their independent terms and privacy policies apply to those services.

5. Security and Retention

We apply reasonable safeguards but cannot guarantee absolute security. Data retention should be limited to active account operations and legal obligations.

6. Your Controls

You can request account-data deletion from the account page in this implementation. Deletion may not remove records maintained independently by third-party providers.

7. Policy Updates

We may update this policy as the product evolves. Material changes should be communicated with a new effective date.