Privacy Policy
Effective Date: February 17, 2026
Introduction
At Preact Health (“we,” “our,” or “us”), we are committed to protecting your privacy and ensuring the security of your personal health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our health scoring application and website.
Information We Collect
Personal Information
When you create an account, we collect:
- Name (first and last)
- Email address
- Date of birth
- Password (encrypted and hashed)
Health Information
To calculate your health score, we collect:
- Medical history and diagnoses
- Current health conditions
- Medications
- Family health history
- Lifestyle factors (diet, exercise, smoking status)
- Preventive care history (screenings, vaccinations)
Usage Information
We automatically collect:
- Log data (IP address, browser type, device information)
- Usage patterns and interaction with the application
- Session information
- Analytics data to improve our service
How We Use Your Information
We use your information to:
- Calculate Your Health Score — Process your health data through our proprietary algorithm
- Provide the Service — Maintain and improve your user experience
- Communication — Send you important updates, security alerts, and optional newsletters
- Research — Conduct aggregated, de-identified research to improve our scoring models
- Legal Compliance — Meet regulatory requirements and protect against fraud
Data Security
We implement industry-standard security measures:
- Encryption — All data is encrypted in transit (TLS/SSL) and at rest (AES-256)
- Access Controls — Role-based access with least-privilege principles
- Authentication — Secure password hashing using bcrypt
- Database Security — Isolated user and survey data pools with restricted permissions
- Regular Audits — Periodic security assessments and vulnerability testing
- Backup & Recovery — Automated encrypted backups stored securely
- Data Minimization — We only collect data necessary for scoring
- Audit Logs — Comprehensive logging of data access and modifications
Legal Basis for Processing (GDPR)
Under the General Data Protection Regulation (GDPR), we process your personal data based on:
- Consent — You provide explicit consent when creating an account and entering health information
- Contract Performance — Processing necessary to provide the health scoring service you requested
- Legitimate Interest — Improving our service through anonymized analytics and research
- Legal Obligation — Compliance with applicable laws and regulations
You may withdraw consent at any time by deleting your account.
Data Sharing and Disclosure
We do not sell your personal or health information.
We may share your information only in the following circumstances:
With Your Consent
- When you explicitly authorize sharing with healthcare providers
- When you choose to share your score with third parties
Service Providers
- Technical infrastructure providers (hosting, database services)
- Analytics providers (with de-identified data only)
- Email service providers for transactional communications
All service providers are bound by strict data protection agreements and contractual safeguards to ensure your data remains secure and private.
Legal Requirements
- To comply with laws, regulations, or legal processes
- To protect our rights, property, or safety
- To prevent fraud or security threats
Research
- Your data may be used in aggregated, de-identified form for research purposes
- Individual health information is never shared in research datasets
- All research follows ethical guidelines and institutional review board approval
Your Rights
You have the right to:
Access
- Request a copy of all personal and health information we hold about you
- Download your data in a portable format
Correction
- Update or correct inaccurate information
- Request amendments to your health records
Deletion
- Request deletion of your account and associated data
- Note: We may retain certain information for legal compliance
Opt-Out
- Unsubscribe from marketing communications
- Opt out of certain data collection practices
Data Portability
- Export your health score data and history
- Receive data in a structured, machine-readable format
To exercise these rights, contact us at privacy@preacthealth.com.
Data Retention
We retain your information only as long as necessary:
- Active Accounts — For as long as your account is active and to provide services
- After Deletion Request — Your data is deleted immediately from production systems; encrypted backups are retained for 90 days for disaster recovery, then permanently deleted
- Aggregated Data — De-identified, aggregated data may be retained indefinitely for research (cannot be traced back to you)
- Legal Requirements — Some data retained as required by law (accounting records: 7 years; legal claims)
You can request deletion at any time by contacting privacy@preacthealth.com or using the “Delete Account” feature in your account settings.
Children’s Privacy
Preact Health is not intended for individuals under 18 years of age. We do not knowingly collect information from children. If we discover that a child’s information has been collected, we will delete it immediately.
International Data Transfers
If you access our service from outside the United States:
- Your data may be transferred to and processed in the United States
- We ensure adequate safeguards through Standard Contractual Clauses (SCCs) approved by the European Commission
- We implement additional technical and organizational measures to protect your data
- We comply with GDPR, CCPA/CPRA, and other applicable international data protection laws
- EU/EEA residents: You have the right to obtain information about safeguards in place
GDPR Representative: For EU-related data protection inquiries, contact our EU representative at eu-privacy@preacthealth.com
Changes to This Privacy Policy
We may update this Privacy Policy periodically. We will:
- Notify you of material changes via email
- Post the updated policy with a new effective date
- Maintain an archive of previous versions
Your continued use after changes constitutes acceptance of the updated policy.
Third-Party Links
Our website may contain links to third-party sites. We are not responsible for their privacy practices. We encourage you to review their privacy policies.
Open Source
Our health scoring algorithms are open source and available for review at github.com/preacterik/preact-health-scoring. This transparency ensures:
- Scientific reproducibility
- Community validation
- Trust through openness
Contact Us
For privacy-related questions or concerns:
- Email: privacy@preacthealth.com
- Mail: Preact Health, Privacy Officer, 309 Saddlewood Drive, Canton, GA, 30114
- Data Protection Officer: dpo@preacthealth.com
For general support: - Email: support@preacthealth.com
State-Specific Rights
California Residents (CCPA/CPRA)
California residents have additional rights:
- Right to know what personal information is collected
- Right to know if personal information is sold or shared
- Right to opt-out of sale of personal information
- Right to deletion
- Right to non-discrimination for exercising privacy rights
We do not sell personal information.
European Residents (GDPR)
EU/EEA residents have comprehensive rights under GDPR:
- Right to Information — Transparent information about how we process your data
- Right of Access — Obtain confirmation and access to your personal data
- Right to Rectification — Correct inaccurate or incomplete data
- Right to Erasure (“Right to be Forgotten”) — Request deletion of your data
- Right to Restrict Processing — Limit how we process your data
- Right to Data Portability — Receive your data in a machine-readable format
- Right to Object — Object to processing based on legitimate interests
- Right to Withdraw Consent — Withdraw consent at any time without affecting prior processing
- Right to Lodge a Complaint — File complaints with your national supervisory authority
- Rights Related to Automated Decision-Making — Human review of algorithmic decisions upon request
Your data is processed within the EEA or with adequate safeguards (Standard Contractual Clauses) when transferred outside the EEA.
Dispute Resolution
We are committed to resolving privacy complaints. If you have concerns:
- Contact us at privacy@preacthealth.com
- We will respond within 30 days
- If unresolved, you may file a complaint with the appropriate regulatory authority
Last Updated: February 17, 2026
This policy is subject to change. Please review periodically for updates.