Skip to main content
SymptomSignalSymptomSignal
Back to home

Privacy Policy

Last updated: May 6, 2026

SymptomSignal is built privacy-first. This policy explains, in plain language, what we collect, what we do with it, and what we never do.

1. What we collect when you use the symptom intake

  • What you tell us: the symptom description you type or speak. Before we store it, we automatically remove email addresses, phone numbers, links, long ID-like number sequences, and credit-card or social-security patterns.
  • A coarse region: a country or postcode prefix you provide (e.g. "US-CA"). We do not collect your precise address, GPS, or IP-derived location.
  • An optional age band: e.g. "18–39". You may choose "Prefer not to say."
  • An anonymous device identifier: a random ID stored in your browser to prevent duplicate submissions. It is not tied to your real identity.
  • The detected language of your report and our model's confidence in it.

2. What we do not collect

  • No name, no email, no phone number for symptom reports.
  • No precise location, no GPS, no street address.
  • No tracking pixels or third-party advertising cookies.
  • We do not sell or rent your data to anyone, ever.

3. Voice input

If you choose to speak your symptoms, audio is sent to our speech-to-text provider only to convert it to text and is not retained for training. Only the resulting text (after PII redaction) is stored.

4. AI processing

The redacted text of your report is sent to our AI gateway to generate clarifying questions, a safety check, and plain-language guidance. Inputs are not used to train third-party AI models.

5. Sharing with public health

Aggregate, k-anonymized signals (k ≥ 5) may be shown to authorized public-health professionals through our Workbench. Individual reports never appear on public maps. Regions with fewer than 5 reports in a window are dropped before any aggregate is published.

6. Accounts (public-health professionals only)

If you sign in as a public-health professional, we store your email and role assignment. Every action you take inside the Workbench (viewing a signal, exporting data, changing a role) is recorded in an audit log.

7. Retention & deletion

Anonymous symptom reports are retained for 24 months for trend analysis, then aggregated and the row-level records are deleted. You may request earlier deletion by contacting privacy@symptomsignal.health with your anonymous device ID (visible in Settings → Privacy).

8. Your rights (GDPR, UK GDPR, CCPA / CPRA, LGPD)

You have the right to access, correct, delete, or port your data, and to object to processing. Contact privacy@symptomsignal.health.

9. Lawful basis (GDPR)

Where GDPR applies, we rely on (a) your explicit consent for symptom reports and community contribution, and (b) public-interest tasks in the area of public health (Art. 9(2)(i) GDPR) for aggregate analysis by authorized institutions.

10. Security

Data is encrypted in transit (TLS 1.2+) and at rest. Access is least-privilege and audited.

11. Children

Adults may submit reports on behalf of a child. SymptomSignal is not intended for direct use by children under 13.

12. Contact

Questions: privacy@symptomsignal.health. Security disclosures: security@symptomsignal.health.