What we collect and how we use it.

We collect only what is needed to operate the Service:

• Account data — if you create an account: email address, optional name, and an encrypted (bcrypt) hash of your password. We never store passwords in plain text.
• Consultation content — the symptoms or image descriptions you submit, and the AI response generated for you. If you upload a photo, the image bytes are transmitted to the AI model for analysis but are not stored in our database; only the structured response is retained.
• Language preference — stored locally in your browser so the interface remembers your chosen language.
• Contact form submissions — your name, email, optional subject, and message body when you write to us.
• Anonymous diagnostic logs — non-identifying technical logs (request timestamps, status codes, error traces) used to monitor uptime and debug issues. These do not contain consultation content beyond what is needed to debug specific errors.

We do not collect government IDs, payment information, location data, or biometric identifiers.

We use the information we collect to:

• Operate the Service — process your symptom or image submission and return an AI analysis.
• Maintain your consultation history (only if you have an account).
• Communicate with you in response to contact form submissions.
• Improve the Service — investigate bugs, monitor performance, and refine prompts. We do not use individual consultation content to train AI models.
• Comply with applicable law and respond to legal requests.

To deliver the AI analysis, your symptom text or image is sent to a trusted third-party AI provider via our integration partner. We pass only the content you submit and a non-identifying session token. Please review our partners' data handling policies for AI APIs for additional information.

We use MongoDB to store account and consultation records. We use standard cloud hosting infrastructure for the application servers themselves. All transmission between your browser and our servers is encrypted with HTTPS/TLS.

You may use the Service without creating an account by clicking "Continue without account". Anonymous consultations are processed by the AI but are not linked to a persistent identity and are not retrievable from a history page. Note that anonymous use still involves transmitting your input to the AI provider for analysis.

Account data and consultation history are retained for as long as your account is active. You may delete individual consultations from the History page at any time. To delete your entire account, contact us via the Contact page; we will remove your account and associated records within thirty (30) days of the request.

Contact form submissions are retained for as long as needed to handle your request and meet legal record-keeping requirements.

Depending on your jurisdiction (e.g. GDPR in the EEA, the UK GDPR, the CCPA in California), you may have rights to access, correct, export, or delete personal information we hold about you. Contact us via the Contact page to exercise these rights. We will respond within the timeframes required by applicable law.

The Service is not intended for children under 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect information from children. If you believe a child has provided information to us, please contact us so we can delete it.

We use browser local storage to remember your selected language and (if applicable) your authentication session token. We do not use third-party advertising cookies. If we introduce non-essential analytics or advertising cookies in the future, we will update this policy and obtain consent where required.

We use industry-standard safeguards — encrypted password storage (bcrypt), HTTPS/TLS in transit, access controls on internal systems — to protect the information we hold. No system is perfectly secure; if you have reason to believe your account has been compromised, please contact us immediately.

We may update this policy from time to time. Material changes will be announced on this page with a revised "Last updated" date. Continued use of the Service after an update constitutes acceptance of the revised policy.

Questions about this Privacy Policy or your data can be sent through the Contact page.