Privacy Policy

1. Controller

The controller responsible for data processing on this website is:
Dr. med. Carmen Pöhl
[Address]
[Email]

2. What data we collect

When you use Healicus, we may process the following data:

• Account data: Email address and password (managed by Supabase authentication)
• Health profile: Age, sex, dietary pattern, health conditions, allergies, and medications you voluntarily provide
• Chat history: Messages you send and AI responses, stored to maintain conversation context
• Wellness logs: Symptom ratings and outcome tracking you voluntarily submit
• Usage data: IP address, browser type, and pages visited (server logs)

3. Purpose and legal basis

• Providing the service: Your health profile and chat data are processed to generate personalized recommendations and safety checks (Art. 6(1)(b) GDPR — contract performance)
• Health data: Conditions, medications, and allergies constitute special category data under Art. 9 GDPR. We process this based on your explicit consent (Art. 9(2)(a) GDPR), given when you voluntarily enter this information
• Server logs: IP addresses are processed for security and abuse prevention (Art. 6(1)(f) GDPR — legitimate interest)

4. Third-party processors

• Supabase: Authentication and database hosting (AWS eu-central-1)
• Anthropic: AI model provider — chat messages are sent to Claude for response generation. Anthropic does not use your data for training. See Anthropic’s privacy policy
• ElevenLabs: Text-to-speech processing (only when voice features are used)

5. Data retention

Your account data and health profile are retained as long as your account is active. Chat history is retained to provide conversation continuity. You can delete individual conversations at any time. Deleting your account removes all associated data. Server logs are retained for 30 days.

6. Your rights

Under GDPR, you have the right to:

• Access your personal data (Art. 15)
• Rectify inaccurate data (Art. 16)
• Erase your data (Art. 17)
• Restrict processing (Art. 18)
• Data portability (Art. 20)
• Object to processing (Art. 21)
• Withdraw consent at any time (Art. 7(3))
• Lodge a complaint with a supervisory authority

To exercise any of these rights, contact us at [email@example.com].

7. Cookies

Healicus uses essential cookies for authentication session management only. We do not use analytics cookies, advertising cookies, or third-party tracking.

8. Data security

All data is transmitted over HTTPS. Health data is stored in a PostgreSQL database with access restricted to authenticated users. Passwords are hashed and never stored in plain text.

9. California residents (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information:

• Right to know: You can request what personal information we collect, use, and disclose
• Right to delete: You can request deletion of your personal information
• Right to opt out: We do not sell your personal information to third parties
• Non-discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise these rights, contact us at [email@example.com].

10. FDA disclaimer

The information provided by Healicus has not been evaluated by the Food and Drug Administration. This product is not intended to diagnose, treat, cure, or prevent any disease. The content is for educational and informational purposes only and should not be considered medical advice.