Privacy Policy

Last Updated: 2025-01-15

At StroomAI, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our biochemical nutrition analysis platform.

By using our Service, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our Service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address (required for account creation)
  • Name (optional, for personalization)
  • Profile picture (if using Google OAuth)
  • Professional role and practice type (optional, for analytics)
  • State/region (optional, for demographic analysis)

1.2 Payment Information

Payment processing is handled by Stripe, a third-party payment processor. We do not store your credit card information. Stripe collects and processes payment data in accordance with their privacy policy and PCI-DSS standards.

1.3 Usage Data

We automatically collect information about how you use our Service, including:

  • Number of analyses performed
  • Features accessed
  • Time spent on the platform
  • Device information (browser type, operating system)
  • IP address (for security and fraud prevention)

1.4 De-Identified Health Data (Starter/Professional Plans Only)

Important: Data Collection by Plan Tier

Starter and Professional Plans: We collect de-identified health data for research purposes. This includes:

  • Biomarker values (without patient identifiers)
  • Demographic data: age brackets (e.g., 36-45), sex, state only (not city/zip)
  • Recommended nutrients and foods
  • Medication types (generic names only, no dosages)

NO personally identifiable information is collected. We use HIPAA Safe Harbor de-identification standards.

Unlimited and Enterprise Plans: No health data collection. Complete privacy included.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Service
  • Process your subscription and payments
  • Send you service-related communications
  • Respond to your inquiries and support requests
  • Detect and prevent fraud or abuse
  • Comply with legal obligations
  • For Starter/Professional plans: Conduct research on population nutritional health (using de-identified data only)

3. Data Sharing and Disclosure

3.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our Service:

  • Stripe: Payment processing (see Stripe's privacy policy)
  • Xata: Database hosting (data stored in US data centers)
  • Vercel: Application hosting (see Vercel's privacy policy)
  • Google: OAuth authentication (if you sign in with Google)

3.2 Research Partners (De-Identified Data Only)

For Starter/Professional Plans Only

We may share aggregated, de-identified data with:

  • Research institutions and universities
  • Pharmaceutical companies (for nutritional research)
  • Public health organizations
  • Government agencies (for population health studies)

Individual data is never identifiable. All data is aggregated and de-identified per HIPAA Safe Harbor standards. See our Data Use Policy for details.

3.3 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or to protect our rights, property, or safety, or that of our users or others.

3.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

4. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption at Rest: AES-256 encryption for stored data
  • Encryption in Transit: TLS 1.3 for all data transmission
  • Secure Data Centers: All data hosted in United States data centers
  • Access Controls: Limited access to personal data on a need-to-know basis
  • Regular Security Audits: We undergo regular security assessments
  • SOC 2 Type II: Certification in progress (expected 2025)

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

5. Your Rights and Choices

You have the following rights regarding your personal information:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and data
  • Opt-Out: Opt-out of data collection by upgrading to Privacy Add-On (+$50/month) or Unlimited Plan
  • Export: Export your data in a machine-readable format
  • Object: Object to certain processing activities

To exercise these rights: Email us at privacy@stroomai.com with your request. We will respond within 30 days.

6. Children's Privacy

Our Service is intended for healthcare professionals who are at least 18 years old. We do not knowingly collect personal information from children under 18. If you believe we have collected information from a child under 18, please contact us immediately.

7. International Users

Our Service is operated from the United States. If you are accessing our Service from outside the United States, please be aware that:

  • Your information may be transferred to, stored, and processed in the United States
  • US data protection laws may differ from those in your country
  • By using our Service, you consent to the transfer of your information to the United States

For users in the European Economic Area (EEA), we comply with GDPR requirements. Contact us at privacy@stroomai.com for GDPR-specific requests.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience. See our Cookie Policy for detailed information.

9. Changes to Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered users at least 30 days before they take effect.

The "Last Updated" date at the top of this page indicates when this policy was last revised. Continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact Information

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

StroomAI Privacy Team
Email: privacy@stroomai.com
Address: [Your Business Address]

By using StroomAI, you acknowledge that you have read and understood this Privacy Policy.