Privacy Policy

Effective Date: February 17, 2026

Introduction

At Preact Health (“we,” “our,” or “us”), we are committed to protecting your privacy and ensuring the security of your personal health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our health scoring application and website.

Information We Collect

Personal Information

When you create an account, we collect:

• Name (first and last)
• Email address
• Date of birth
• Password (encrypted and hashed)

Health Information

To calculate your health score, we collect:

• Medical history and diagnoses
• Current health conditions
• Medications
• Family health history
• Lifestyle factors (diet, exercise, smoking status)
• Preventive care history (screenings, vaccinations)

Usage Information

We automatically collect:

• Log data (IP address, browser type, device information)
• Usage patterns and interaction with the application
• Session information
• Analytics data to improve our service

How We Use Your Information

We use your information to:

1. Calculate Your Health Score — Process your health data through our proprietary algorithm
2. Provide the Service — Maintain and improve your user experience
3. Communication — Send you important updates, security alerts, and optional newsletters
4. Research — Conduct aggregated, de-identified research to improve our scoring models
5. Legal Compliance — Meet regulatory requirements and protect against fraud

Data Security

We implement industry-standard security measures:

• Encryption — All data is encrypted in transit (TLS/SSL) and at rest (AES-256)
• Access Controls — Role-based access with least-privilege principles
• Authentication — Secure password hashing using bcrypt
• Database Security — Isolated user and survey data pools with restricted permissions
• Regular Audits — Periodic security assessments and vulnerability testing
• Backup & Recovery — Automated encrypted backups stored securely
• Data Minimization — We only collect data necessary for scoring
• Audit Logs — Comprehensive logging of data access and modifications

Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on:

• Consent — You provide explicit consent when creating an account and entering health information
• Contract Performance — Processing necessary to provide the health scoring service you requested
• Legitimate Interest — Improving our service through anonymized analytics and research
• Legal Obligation — Compliance with applicable laws and regulations

You may withdraw consent at any time by deleting your account.

Data Sharing and Disclosure

We do not sell your personal or health information.

We may share your information only in the following circumstances:

With Your Consent

• When you explicitly authorize sharing with healthcare providers
• When you choose to share your score with third parties

Service Providers

• Technical infrastructure providers (hosting, database services)
• Analytics providers (with de-identified data only)
• Email service providers for transactional communications

All service providers are bound by strict data protection agreements and contractual safeguards to ensure your data remains secure and private.

Legal Requirements

• To comply with laws, regulations, or legal processes
• To protect our rights, property, or safety
• To prevent fraud or security threats

Research

• Your data may be used in aggregated, de-identified form for research purposes
• Individual health information is never shared in research datasets
• All research follows ethical guidelines and institutional review board approval

Your Rights

You have the right to:

Access

• Request a copy of all personal and health information we hold about you
• Download your data in a portable format

Correction

• Update or correct inaccurate information
• Request amendments to your health records

Deletion

• Request deletion of your account and associated data
• Note: We may retain certain information for legal compliance

Opt-Out

• Unsubscribe from marketing communications
• Opt out of certain data collection practices

Data Portability

• Export your health score data and history
• Receive data in a structured, machine-readable format

To exercise these rights, contact us at privacy@preacthealth.com.

Data Retention

We retain your information only as long as necessary:

• Active Accounts — For as long as your account is active and to provide services
• After Deletion Request — Your data is deleted immediately from production systems; encrypted backups are retained for 90 days for disaster recovery, then permanently deleted
• Aggregated Data — De-identified, aggregated data may be retained indefinitely for research (cannot be traced back to you)
• Legal Requirements — Some data retained as required by law (accounting records: 7 years; legal claims)

You can request deletion at any time by contacting privacy@preacthealth.com or using the “Delete Account” feature in your account settings.

Cookies and Tracking

We use cookies and similar technologies:

Essential Cookies

• Session management and authentication
• Security features
• Cannot be disabled without affecting functionality

Analytics Cookies

• Usage patterns and feature adoption
• Performance monitoring
• Can be disabled in your browser settings

Preferences

• Save your settings and preferences
• Improve user experience

You can control cookies through your browser settings. Note that disabling cookies may limit functionality.

Children’s Privacy

Preact Health is not intended for individuals under 18 years of age. We do not knowingly collect information from children. If we discover that a child’s information has been collected, we will delete it immediately.

International Data Transfers

If you access our service from outside the United States:

• Your data may be transferred to and processed in the United States
• We ensure adequate safeguards through Standard Contractual Clauses (SCCs) approved by the European Commission
• We implement additional technical and organizational measures to protect your data
• We comply with GDPR, CCPA/CPRA, and other applicable international data protection laws
• EU/EEA residents: You have the right to obtain information about safeguards in place

GDPR Representative: For EU-related data protection inquiries, contact our EU representative at eu-privacy@preacthealth.com

Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will:

• Notify you of material changes via email
• Post the updated policy with a new effective date
• Maintain an archive of previous versions

Your continued use after changes constitutes acceptance of the updated policy.

Third-Party Links

Our website may contain links to third-party sites. We are not responsible for their privacy practices. We encourage you to review their privacy policies.

Open Source

Our health scoring algorithms are open source and available for review at github.com/preacterik/preact-health-scoring. This transparency ensures:

• Scientific reproducibility
• Community validation
• Trust through openness

Contact Us

For privacy-related questions or concerns:

• Email: privacy@preacthealth.com
• Mail: Preact Health, Privacy Officer, 309 Saddlewood Drive, Canton, GA, 30114
• Data Protection Officer: dpo@preacthealth.com

For general support: - Email: support@preacthealth.com

State-Specific Rights

California Residents (CCPA/CPRA)

California residents have additional rights:

• Right to know what personal information is collected
• Right to know if personal information is sold or shared
• Right to opt-out of sale of personal information
• Right to deletion
• Right to non-discrimination for exercising privacy rights

We do not sell personal information.

European Residents (GDPR)

EU/EEA residents have comprehensive rights under GDPR:

• Right to Information — Transparent information about how we process your data
• Right of Access — Obtain confirmation and access to your personal data
• Right to Rectification — Correct inaccurate or incomplete data
• Right to Erasure (“Right to be Forgotten”) — Request deletion of your data
• Right to Restrict Processing — Limit how we process your data
• Right to Data Portability — Receive your data in a machine-readable format
• Right to Object — Object to processing based on legitimate interests
• Right to Withdraw Consent — Withdraw consent at any time without affecting prior processing
• Right to Lodge a Complaint — File complaints with your national supervisory authority
• Rights Related to Automated Decision-Making — Human review of algorithmic decisions upon request

Your data is processed within the EEA or with adequate safeguards (Standard Contractual Clauses) when transferred outside the EEA.

Dispute Resolution

We are committed to resolving privacy complaints. If you have concerns:

1. Contact us at privacy@preacthealth.com
2. We will respond within 30 days
3. If unresolved, you may file a complaint with the appropriate regulatory authority

---

Last Updated: February 17, 2026

This policy is subject to change. Please review periodically for updates.