Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your information.

Last updated: June 9, 2025

Quick Navigation

Data Collection

• Health Information
• Authentication Data
• Usage Information

Data Usage

• How We Use Data
• Legal Basis
• AI Features

Your Rights

• Privacy Rights
• Health Data Control
• Contact Information

Third Parties

• Service Providers
• Healthcare Sharing
• International Transfers

Security & Retention

• Data Security
• Data Retention
• Cookies

Legal Compliance

• GDPR & CCPA
• Age Restrictions
• Policy Updates

Introduction

Welcome to Reactions ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our allergy and skin condition tracking platform. We are committed to protecting your privacy and ensuring transparency about our data practices.

By accessing or using our services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.

Information We Collect

Health Information

Important Notice: We collect sensitive health information that you voluntarily provide. We are a tracking and management tool, not a healthcare provider, and do not provide medical advice or diagnosis.

We collect the following categories of user-provided health information:

Symptom Tracking Data:

Your reported allergic reactions and skin conditions
Severity levels as you assess them
Reaction types (rash, itching, swelling, etc.) that you experience
Timing and duration of symptoms as you record them

Trigger Information:

Items you report consuming (foods, medications, supplements)
Environmental factors you identify (pollen, dust, chemicals)
Products you note using (skincare, cosmetics, cleaning products)

Personal Health Monitoring:

Your daily symptom assessments
Severity scores you assign to your conditions
New product usage you choose to track
Personal health notes and observations you enter

Optional Information:

Photos of skin conditions (only when you voluntarily provide them for your own tracking purposes)
Location information about where reactions occurred (only when you choose to provide it)
Your reported medical context such as diagnosis dates, medications, and treatment history

Authentication and Account Information

We collect:

Email address for account creation and communications
Authentication credentials through Auth0 (encrypted and managed by Auth0)
Account preferences and settings
Profile information you choose to provide

Technical and Usage Information

We automatically collect:

IP address and device information
Browser type and operating system
Usage patterns and interaction data
Session information and login times

Communications

When you contact us, we collect and store your communications to respond to your inquiries and provide support.

Analytics and Performance

Basic visitor analytics
Performance monitoring information
System logs necessary for platform stability

How We Use Your Information

We use your information solely for the following purposes:

Service Provision: To operate our tracking platform and provide you with symptom and trigger management tools
Account Management: To authenticate users and maintain secure accounts
Communications: To send important service notifications and updates
Platform Improvement: To analyze usage patterns and enhance our services
Security: To protect against fraud and maintain platform security
Legal Compliance: To meet applicable legal requirements

Legal Basis for Processing

Health Information Processing

We process your sensitive health data based on:

Explicit Consent: You provide clear, informed consent for us to process your health data for symptom tracking and trigger identification through our platform
Service Provision: Processing necessary for the proper functioning of our symptom tracking and allergy management platform

Other Personal Data

For non-health information, we process data based on:

Service Agreement: Information necessary to provide our platform services
Legitimate Interests: For analytics, security, and service improvement
Legal Requirements: To comply with applicable laws
Consent: For optional features and communications

State Health Data Laws

Under applicable state health privacy laws (including Washington's My Health My Data Act, Nevada's SB370, and Connecticut's SB3), we process consumer health data based on:

Service Provision: Necessary to provide the tracking services you've requested
Explicit Consent: For any data use beyond core service provision

We do not sell health data under any circumstances.

Third-Party Service Providers

We work with carefully selected service providers who act as data processors to help us operate our platform:

Authentication Services: Secure user login and account management
Cloud Infrastructure: Secure data storage and platform hosting
Email Services: Transactional communications and notifications
Website Hosting: Platform delivery and performance monitoring

All service providers are bound by strict data protection agreements and process data only as necessary to provide their specific services to us.

AI-Powered Features

Our platform uses artificial intelligence to help you understand your health patterns.

How AI Assists You

Pattern Recognition: Analyzing your symptom data to help identify potential triggers
Personal Insights: Generating suggestions based on your tracking data
Data Summaries: Compiling your tracked information for easier review
Trend Analysis: Helping you understand patterns in your condition over time

Important Limitations

Our AI features are tools to help you manage your data - they are not medical advice, diagnosis, or treatment recommendations. Always consult healthcare professionals for medical decisions.

International Data Transfers

Your data may be processed in countries outside your residence, including the United States. We ensure protection through:

Certified data transfer frameworks where available
Standard contractual clauses for international transfers
Additional security safeguards for cross-border processing

Your Privacy Rights

Universal Rights

Regardless of location, you can:

Access your personal data
Correct inaccurate information
Delete your account and associated data
Control how your data is used
Withdraw consent for optional processing

Enhanced Health Data Rights

For health information specifically:

Data Export: Download your complete tracking data
Selective Deletion: Remove specific types of health data
Sharing Control: Manage any healthcare provider access
AI Opt-out: Disable automated analysis features

GDPR Rights (EU Residents)

EU residents have additional rights including data portability, processing restriction, objection to processing, and the right to withdraw consent.

CCPA Rights (California Residents)

California residents can know what information we collect, request deletion, and opt-out of data sales (which we don't engage in).

To exercise your rights: Contact us using the information below. We respond within 30 days for GDPR requests and 45 days for other requests.

Data Security

We implement industry-standard security measures including:

Encryption of data transmission and storage
Access controls and authentication systems
Regular security assessments
Incident response procedures
Employee security training

We cannot guarantee absolute security, but we continuously work to protect your information using reasonable security measures.

Data Retention

We retain data only as long as necessary:

Health Data: Until you delete your account or request specific deletion
Account Information: Until account closure
Security Logs: As required for security and legal compliance
Aggregated Analytics: De-identified usage patterns for service improvement

Account deletion requests are processed within 30 days.

Cookies and Tracking

We use cookies only for essential functionality.

No Google Analytics or other analytics cookies
No advertising or marketing tracking cookies
No social media tracking pixels
No third-party performance or behavioral tracking

Cookie Consent: Since we only use essential cookies that are necessary for the website to function, no consent is required under GDPR and other privacy laws. However, we provide a notice to inform you about our limited cookie usage.

You can control cookies through your browser settings, but disabling essential cookies will prevent you from logging in and using our services.

Age Restrictions

Our services are not intended for individuals under 16 years of age. We do not knowingly collect information from children. If you believe a child has provided information to us, please contact us immediately.

Policy Updates

We may update this policy to reflect service changes or legal requirements. Material changes will be communicated through:

Updated policy posting with revision date
Email notification to active users
In-platform notifications for significant changes

Contact Information

For privacy questions or to exercise your rights:

Email: Contact Form

Response Time: 30 days (GDPR) / 45 days (other requests)

For EU Residents: You may also contact your local data protection authority

This policy was last updated on June 9, 2025. Please review it periodically as it may change.

← Back to Home