Privacy Policy

1. Information We Collect

Information You Provide

When you use LymeDiary, you may provide us with:

• Account Information: Email address, password, and optional profile information (name, profile picture)
• Health Information: Symptom logs, wellness scores, treatment records, notes, and other health data you choose to track
• Medical History: Diagnosis information, co-infections, treatment history, and healthcare provider details
• Community Content: Forum posts, comments, protocol experiences, and provider reviews
• Communications: Messages to our support team and feedback submissions

Information Collected Automatically

When you use our services, we automatically collect:

• Device Information: Device type, operating system, browser type, and unique device identifiers
• Usage Data: Features used, pages visited, time spent, and interaction patterns
• Log Data: IP address, access times, and referring URLs
• Analytics Data: Aggregated usage statistics to improve our services

2. How We Use Your Information

We use your information to:

• Provide Services: Enable symptom tracking, generate insights, create reports, and facilitate community features
• Improve Our Platform: Analyze usage patterns to enhance features and user experience
• Generate Insights: Use AI to identify patterns in your data and provide personalized insights (your data is never used to train our AI models without explicit consent)
• Communicate: Send service updates, security alerts, and optional newsletters
• Research: Create anonymized, aggregated insights about Lyme disease patterns (only with your opt-in consent)
• Safety: Detect, prevent, and address technical issues and security threats

3. Data Sharing and Disclosure

We Do Not Sell Your Data

We will never sell your personal health information to third parties. Period. This is a core commitment we make to our community.

Limited Sharing

We may share information only in these limited circumstances:

• With Your Consent: When you explicitly authorize sharing (e.g., sharing a doctor report)
• Service Providers: With trusted partners who help us operate our services (cloud hosting, analytics) under strict confidentiality agreements
• Legal Requirements: When required by law, legal process, or government request
• Safety: To protect the rights, safety, and property of LymeDiary, our users, or the public
• Research Partners: Anonymized, aggregated data only, with your opt-in consent

4. Data Security

We implement robust security measures to protect your information:

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Strict access controls and authentication for our systems
• Infrastructure: Hosted on SOC 2 compliant cloud infrastructure
• Monitoring: 24/7 security monitoring and incident response
• Regular Audits: Periodic security assessments and penetration testing
• Employee Training: All team members receive privacy and security training

5. Your Rights and Choices

You have control over your data:

• Access: View all your personal data through your account settings
• Export: Download your complete data in standard formats (CSV, PDF)
• Correction: Update or correct inaccurate information at any time
• Deletion: Request complete deletion of your account and data
• Consent Withdrawal: Opt out of optional data uses at any time
• Communication Preferences: Control which emails and notifications you receive

To exercise these rights, visit your account settings or contact us at privacy@lymediary.com.

6. Data Retention

We retain your information as follows:

• Active Accounts: We retain your data as long as your account is active
• Account Deletion: After you request deletion, we remove your data within 30 days
• Anonymized Data: We may retain anonymized, aggregated data indefinitely for research and improvement purposes
• Legal Requirements: We may retain certain information as required by law

7. Cookies and Tracking

We use cookies and similar technologies to:

• Keep you signed in
• Remember your preferences
• Understand how you use our services
• Improve our platform based on usage patterns

We use privacy-focused analytics (PostHog, self-hosted) rather than advertising-based tracking tools. We do not use cookies for advertising or cross-site tracking.

8. Children's Privacy

LymeDiary is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us immediately.

For users aged 13-17, we recommend using the platform with parental guidance. Parents or guardians can create accounts to help track a minor's health journey.

9. International Data Transfers

LymeDiary is operated from the United States. If you access our services from outside the US, your information may be transferred to and processed in the US. We ensure appropriate safeguards are in place for such transfers in accordance with applicable data protection laws.

10. California Privacy Rights (CCPA)

California residents have additional rights under the CCPA:

• Right to know what personal information we collect
• Right to delete personal information
• Right to opt out of the sale of personal information (we don't sell data)
• Right to non-discrimination for exercising privacy rights

11. European Privacy Rights (GDPR)

If you are in the European Economic Area, you have additional rights under GDPR, including the right to data portability, the right to restrict processing, and the right to lodge a complaint with a supervisory authority.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions about this Privacy Policy or our practices, please contact us:

• Email: privacy@lymediary.com
• Address: LymeDiary, Inc., [Address]

For security concerns, please email security@lymediary.com.