Acta
PricingSign inGet started

Legal

Privacy Policy

Last updated: April 2025

1. Who we are

Acta is a personal health record application. We build tools to help individuals organise and understand their own medical history. We are not a medical provider, insurer, or healthcare organisation.

2. What data we collect

We collect only what is necessary to provide the service:

  • Account data — your email address and password hash.
  • Health records — the medical documents, lab results, notes, and other records you choose to store.
  • Profile data — optional fields such as date of birth, sex, height, weight, and blood type that you voluntarily provide.
  • Usage data — counts of AI insight queries used per month (for rate limiting). We do not log AI query content persistently.

3. How we use your data

  • To store and display your health records to you.
  • To power AI features — your records are sent to Anthropic's API to generate insights. Data sent to Anthropic is governed by Anthropic's privacy policy.
  • To enforce monthly usage limits on AI features.
  • To send transactional emails (e.g., password reset).

We do not use your data for advertising, profiling, or any purpose other than operating the service.

4. Data sharing

We do not sell your data. We share it only with:

  • Supabase — our database and authentication provider. Data is stored encrypted at rest.
  • Anthropic — when you use AI features, relevant portions of your health records are transmitted to generate a response. Anthropic does not use API data to train models.

No other third parties receive your health data.

5. Data security

All data is encrypted in transit (TLS) and at rest. Access is restricted to your account via row-level security policies. We do not have access to your records except as required to operate infrastructure.

6. Your rights

  • Access — you can view all your data within the app at any time.
  • Export — you can download all your data as JSON from the Settings page.
  • Deletion — you can permanently delete your account and all associated data from the Settings page.
  • Correction — you can edit or delete any record at any time.

7. Data retention

We retain your data for as long as your account is active. When you delete your account, all associated data is permanently removed from our systems. Backups may retain data for up to 30 days after deletion.

8. Cookies and tracking

We use only essential session cookies required for authentication. We do not use analytics cookies, advertising pixels, or any behavioural tracking.

9. Children

Acta is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us with personal data, please contact us.

10. Changes to this policy

We may update this policy from time to time. We will notify you of material changes via email or a notice within the app. Continued use of the service after changes constitutes acceptance.

11. Contact

Questions about this policy? Email us at privacy@useacta.com.