Privacy Policy

Last updated: February 2026

1. Information We Collect

We collect information you provide directly when using Iaso, including: account information (name, email address), health data entered during consultations, journal entries, and payment information processed through our secure payment provider. We also collect usage data such as device information and interaction patterns to improve the Service.

2. How We Use Your Information

Your personal data is used to: provide and personalize the consultation experience, generate SOAP notes and health recommendations, maintain your health knowledge base, process payments, communicate important service updates, and improve the quality of our AI models. We do not sell your personal health information to third parties.

3. Data Storage and Security

Your data is stored securely using enterprise-grade encryption with Supabase (PostgreSQL). We implement Row Level Security (RLS) policies to ensure users can only access their own data. All data transmission uses TLS encryption. We regularly review and update our security practices to protect your information.

4. Data Sharing

We do not sell, trade, or otherwise transfer your personal health information to third parties. We may share data with: service providers who assist in operating the platform (e.g., payment processing, hosting), and when required by law or to protect our rights. All third-party service providers are bound by strict confidentiality agreements.

5. Cookies and Analytics

We use Google Analytics to understand how users interact with Iaso. This helps us improve the user experience. We also use essential cookies for authentication and session management. You can manage cookie preferences through your browser settings.

6. Your Rights

You have the right to: access your personal data, request correction of inaccurate data, request deletion of your data, export your health data, and withdraw consent for data processing. To exercise these rights, contact us at the email below. We will respond to requests within 30 days.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Consultation history and health records are retained to maintain continuity of care. If you request account deletion, we will remove your personal data within 30 days, except where retention is required by law.

8. Children's Privacy

Iaso is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we discover that we have collected data from a child under 18, we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the Service. Your continued use of Iaso after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us at support@iaso.health .