Privacy Policy
Draft — requires legal review before launch.
Who we are
Helagi is operated by [COMPANY NAME], [ADDRESS], [JURISDICTION]. For privacy questions, contact [CONTACT EMAIL].
What we collect
- Account data: if you create an account, we store your email address and a salted hash of your password (never the password itself). We do not ask for your name, date of birth, or any medical information at signup.
- Session data: a random session token (logged-in users) or a random anonymous ID (guests), stored in cookies so the service works. See the Cookie Policy.
- Usage analytics (only with your consent): first-party event counts such as pages visited, buttons used, error rates, session duration, and coarse browser/OS information. Analytics never includes the content of your conversations, and is tied to a pseudonymous session ID, not your email.
Your conversations
Chat conversations are kept in your browser while you use Helagi and are not stored on our servers. To generate an answer, your conversation is transmitted to our AI provider (Anthropic) and, for medical terminology lookups, search terms may be sent to the World Health Organization’s ICD-11 API. [CONFIRM PROVIDER DATA-PROCESSING TERMS AND RETENTION WITH LEGAL.]
If Helagi ever introduces server-side storage or analysis of medical conversations, it will be handled separately and securely, and only after clear information and appropriate consent — it is not covered by normal analytics consent.
Legal basis & retention
[FILL IN: legal bases per purpose (contract for accounts, consent for analytics), retention periods (analytics counters are currently kept ~90 days; sessions expire after 30 days of inactivity), account deletion process.]
Your rights
[FILL IN: access, rectification, erasure, portability, complaint to supervisory authority, and how to exercise them via [CONTACT EMAIL].]