Privacy Notice.

Information is used solely to run your case. That includes determining whether the case fits the service, reviewing uploaded materials, confirming the appropriate session format, processing payment and scheduling, delivering the live session, creating and sending a post-session educational summary, supporting rescheduling, refunds, and follow-up, maintaining internal quality and incident records, and protecting the security and integrity of the service.

Information is not used for any other purpose — including artificial-intelligence or machine-learning model training, demonstrations, marketing, research, or third-party data products — unless you provide explicit, written consent for a specific other use.

Uploaded reports and images are stored on Cloudflare R2 with server-side encryption. Workflow records — case status, scheduling details, payment status, internal notes, and post-session summaries — are stored in a separate Supabase database, also encrypted. The two systems are kept separate by design: structured workflow data does not sit alongside the raw uploaded files.

Raw uploaded materials are retained for fourteen (14) days after the session and are then permanently deleted on an automatic schedule. The 14-day window exists to support brief follow-up questions after a session. Post-session summaries and minimal internal workflow records are retained for a short default period.

Sessions are not recorded by default, and routine full-session transcripts are not created.

Caregiver participation is join-only by default and does not automatically create shared access to uploaded materials, summaries, or future sessions.

Security posture: encryption in transit, encryption at rest, multi-factor authentication on accounts that touch infrastructure, role-based access controls, audit logging on sensitive operations, and automated retention and deletion practices.

Sensitive routes — upload, session, and deliverable pages — do not load third-party marketing or analytics trackers. Public-facing marketing pages may include privacy-respecting analytics; the goal is to keep sensitive workflows free of third-party tracking.

Submitted materials are not sold, rented, or licensed to any party. Materials are not shared with insurers, employers, or marketers. Information may be shared only as needed to operate the service (for example, with infrastructure providers under contract), with authorized caregivers where explicitly approved, or where required by law.

Materials are not used for AI or machine-learning model training, demonstrations, marketing, research, or any purpose outside of running your case, except where you provide explicit written consent for a specific use.

You may request deletion of your uploaded materials at any time, including before the default 14-day retention window has elapsed. Send a written request through the contact page; deletion will be confirmed in writing once completed.

You may request a copy of the structured workflow records associated with your case — for example, case status, scheduling details, and the post-session summary. Requests are responded to within a reasonable timeframe.

Questions about how information is handled may be directed to the contact page.