Privacy Policy

Overview

Peri Pro is a single-user personal health management web application owned and operated by the individual whose data it stores. It is not a multi-tenant service. This policy describes how the operator handles their own personal health information (PHI) within the application and any optional third-party integrations.

Data we store

Peri Pro stores health information you enter or that integrations import on your behalf, including: cycle tracking data, symptom severity logs, supplement and hormone therapy regimens, laboratory results, diagnoses, and reference notes. We also store your account email address for authentication.

Where data is stored

All data is stored in a Supabase PostgreSQL database hosted on AWS, encrypted at rest with industry-standard encryption (AES-256). All network traffic is encrypted in transit via HTTPS / TLS 1.2+. The application is hosted on Vercel.

Row-Level Security (RLS) is enabled on every database table such that records can only be read or modified by the authenticated user who owns them.

Authentication

Peri Pro uses passwordless magic-link authentication via Supabase Auth. We do not store passwords. Email addresses are used solely for sign-in and not for marketing or any other purpose.

Third-party integrations

With your explicit authorization, Peri Pro can connect to the following third-party services to import data on your behalf. Each integration uses OAuth or an API key that you provide. Tokens are stored encrypted in the database.

• Oura — daily import of temperature, sleep, HRV, and activity data from your Oura ring. Subject to Oura's privacy policy.
• Cronometer — daily import of food intake and nutrient data. Subject to Cronometer's privacy policy.
• Apple Health— via an iOS Shortcut you configure on your own device. Data is transmitted from your device to Peri Pro's webhook endpoint over HTTPS. Apple Health data is governed by Apple's policies on your device.

Disconnecting an integration in Settings revokes Peri Pro's access and stops further data import. Previously imported data remains in your database until you delete it.

LLM providers (data extraction)

When you upload documents (lab reports, screenshots, notes) to be parsed into structured data, the document text or images may be sent to a large language model API (Anthropic Claude or OpenAI) for extraction. These providers process the data per their respective data-handling agreements and do not retain it for model training when used through their standard API tiers. Original source documents remain stored in your private Supabase Storage bucket.

No third-party sharing or selling

Peri Pro does not sell, rent, share, or license your data to any third party for advertising, analytics, marketing, or any other purpose. There are no advertising networks, no behavioral tracking, and no analytics providers embedded in the application.

Cookies

Peri Pro uses only the cookies required for authentication (Supabase session cookies). No advertising, marketing, or analytics cookies are used.

Your rights

You can export all your data at any time from Settings. You can delete your account, which permanently removes all associated data from the database via cascading delete. Deletion requests are executed immediately.

Security incidents

In the event of a security incident affecting your data, the operator (yourself) will become aware through Supabase, Vercel, or integration provider notifications. As a single-user application, no other parties require notification.

Changes to this policy

This policy may be updated as the application evolves. The "Last updated" date at the top reflects the most recent revision. Material changes will be summarized in the changelog.

Contact

For questions about this policy or how data is handled, contact the operator at jennabradford@gmail.com.