← Back to Arcolia

Privacy Policy

Last updated: March 2026

Our commitment

Arcolia is built for families managing sensitive health information. We take privacy seriously — not as a legal checkbox, but as a design principle. This policy explains what we collect, why, and how we protect it.

What we collect

  • Account information: Your email address, used for authentication and critical account communications.
  • Health records you enter: Daily Dumps, medication information, symptom logs, and emergency contacts that you voluntarily provide.
  • Usage data: Anonymous analytics about which features you use (no personal identifiers). We use Plausible Analytics, which does not use cookies and is GDPR compliant.

What we never do

  • We never sell your data to third parties.
  • We never use your health data for advertising.
  • We never share your data with AI model providers in a way that allows retention or training.
  • We never store Protected Health Information (PHI) outside of HIPAA-compliant infrastructure.

How we protect your data

All health data is stored in Supabase with Row-Level Security enforced — only your account can access your records. We use a Business Associate Agreement (BAA)-covered infrastructure. Data is encrypted in transit (TLS) and at rest.

AI processing uses zero-data-retention API endpoints. Your health information is not stored by AI providers after processing.

Your rights

You can request a full export or deletion of your data at any time by emailing privacy@arcolia.org. We will respond within 30 days.

Contact

Questions about this policy? privacy@arcolia.org

Arcolia is a documentation tool, not a medical device or diagnostic service. Nothing in this application constitutes medical advice.

Ready to get started?

Join the waitlist for early access.

Join the waitlist →