Data Use Policy - StroomAI

Overview

To keep our prices affordable for healthcare professionals, we offer two pricing models:

Starter/Professional Plans: Lower prices in exchange for contributing de-identified data for research
Unlimited/Enterprise Plans: Higher prices with complete data privacy (no data collection)

You can also add a Privacy Add-On (+$50/month) to Starter or Professional plans to opt-out of data collection.

What Data We Collect (By Plan)

Starter and Professional Plans

We collect de-identified health data:

Biomarker values (e.g., "Vitamin D: 22 ng/mL") - but NOT linked to any person's name
Age bracket (e.g., "36-45 years old") - NOT exact age
Sex (male/female/other) - for demographic analysis
State only (e.g., "NY") - NOT city, zip code, or address
Recommended nutrients and foods
Medication types (generic names only, e.g., "omeprazole") - NOT dosages or brand names

We do NOT collect: Names, addresses, email addresses, phone numbers, exact ages, cities, zip codes, or any other personally identifiable information.

Unlimited and Enterprise Plans

No health data collection. Complete privacy included. We only collect account information (email, name) and usage statistics (how many analyses you perform) for billing and service improvement.

How We De-Identify Data (HIPAA Safe Harbor)

We follow HIPAA Safe Harbor de-identification standards, which means we remove or modify all 18 identifiers that could be used to identify a person:

Example of De-Identification:

❌ What we DON'T store:

"John Smith, 42 years old, 123 Main St, Brooklyn NY 11201, john@email.com, (555) 123-4567"

✅ What we DO store:

"Patient ID: random_abc123xyz, Age bracket: 36-45, State: NY, Month: 2025-01, Biomarker: Vitamin D = 22 ng/mL"

Key Points:

Each record gets a random ID that cannot be traced back to the original person
We only store month/year, not exact dates
We only store state, not city or zip code
We store age brackets (e.g., 36-45), not exact ages
No names, addresses, contact information, or other identifiers

This process makes it statistically impossible to identify any individual from the data we collect.

What We Do With the Data

1. Research

We aggregate de-identified data to conduct research on:

Population-level nutritional health trends
Biomarker patterns and correlations
Effectiveness of nutritional interventions
Regional health disparities

2. Data Sales

We may sell aggregated, de-identified datasets to:

Pharmaceutical companies (for nutritional research)
Research institutions and universities
Public health organizations
Government agencies (for population health studies)

Important: Individual data is never identifiable. All data is aggregated (combined with thousands of other records) before being shared or sold.

3. Platform Improvement

We use aggregated data to improve our platform, develop new features, and validate our biochemical pathway models.

Who Has Access to the Data

Only authorized parties have access to de-identified data:

Our Research Team: StroomAI employees who analyze aggregated data
Research Partners: Universities and research institutions (under strict data use agreements)
Pharmaceutical Companies: For nutritional research (aggregated data only)
Public Health Organizations: For population health studies

All data sharing is done under strict agreements that prohibit re-identification attempts and require data security measures.

How to Opt-Out of Data Collection

If you're on a Starter or Professional plan and want to opt-out of data collection, you have two options:

Option 1: Privacy Add-On

Add the Privacy Add-On (+$50/month) to your existing plan. This immediately stops all health data collection while keeping your current plan features.

Add Privacy Add-On →

Option 2: Upgrade to Unlimited

Upgrade to the Unlimited plan, which includes complete data privacy at no extra cost.

Once you opt-out, we will stop collecting new health data. Previously collected de-identified data cannot be removed (as it's already de-identified and aggregated), but no new data will be collected.

Data Retention

We retain de-identified research data for 7 years, which is standard for health research data. This allows for:

Long-term population health studies
Validation of research findings
Compliance with research data retention requirements

After 7 years, data is permanently deleted. Account information (email, name) is retained as long as your account is active, or until you request deletion.

Security Measures

We protect all data (including de-identified data) with:

AES-256 encryption at rest (when stored)
TLS 1.3 encryption in transit (when transmitted)
Secure US data centers with physical security
Access controls - only authorized personnel can access data
Regular security audits to identify and fix vulnerabilities
SOC 2 Type II certification (in progress, expected 2025)

Your Rights

You have the right to:

Access: Request information about what data we have about you
Opt-Out: Stop data collection by adding Privacy Add-On or upgrading to Unlimited
Delete: Request deletion of your account and associated data
Export: Export your account data in a machine-readable format
Correct: Update or correct inaccurate information

To exercise these rights: Email privacy@stroomai.com. We will respond within 30 days.

Why We Collect This Data

Data collection allows us to:

Keep prices affordable: Data sales offset platform costs, allowing us to offer Starter plans at $149/month instead of $200+
Advance science: Contribute to nutritional research that benefits everyone
Improve the platform: Use aggregated insights to make better recommendations
Validate pathways: Ensure our biochemical pathway models are accurate

This model is similar to how 23andMe, Tempus, and other health tech companies operate - offering lower prices in exchange for contributing to research.

Questions?

If you have questions about our data use policy, please contact us:

StroomAI Privacy Team
Email: privacy@stroomai.com

Related Policies

For more information, see: