Data Privacy & Security

Data Privacy & Security

We take the protection of your health data very seriously. Here's how we keep your information safe.

Encryption

• In transit — All data is transmitted over HTTPS/TLS encryption
• At rest — Your data is encrypted at rest in our database and file storage

Access Controls

• Row Level Security (RLS) — Powered by Supabase, ensuring your data is only accessible to you at the database level
• Authentication — Secure sign-in with email/password or Google OAuth
• Share links — Expire after 7 days, can be revoked at any time, and are read-only

AI Processing

• Your data is processed by our AI engines (Gemini and Claude) to generate playbooks
• Data is not stored by the AI providers after processing
• Data is not used for AI model training
• Only the minimum necessary information is sent for analysis

Data You Control

• Export — Download all your data as a JSON file from Account Settings
• Delete — Permanently delete your account and all data at any time
• Share management — View and revoke all active share links from your dashboard

What We Don't Do

• We never sell your data to anyone
• We never share your data with advertisers
• We never use your data for purposes other than generating your playbook
• We never contact you without your consent (no spam, no marketing emails without opt-in)

HIPAA Note

Carify is an informational tool, not a healthcare provider, so HIPAA does not directly apply. However, we follow HIPAA-aligned best practices for data security, access controls, and data minimization.