Privacy Policy

Scope and operator

This policy applies to Calibrate's public website, questionnaire flow, consult flow, saved drafts, authenticated account experience, generated protocol output, customer support, transactional email, security tooling, and related provider operations. Calibrate operates this service as a direct-to-consumer educational wellness product; for any privacy request, contact support@calibrate.day.

• Calibrate is designed for adults using educational wellness guidance.
• If you are under 18, do not use Calibrate or submit personal information.
• If you use Calibrate on behalf of another person or organization, you represent that you have authority to do so.

Not for emergencies

Calibrate is not for emergency or urgent medical needs. Do not use the site to seek urgent care, crisis support, diagnosis, or treatment instructions. If you may have a medical emergency, call emergency services or contact a qualified clinician.

Information we collect

We collect the information needed to operate, secure, and support the Calibrate experience.

• Account and identity data such as email address, authentication provider identifiers, session state, and login verification metadata.
• Questionnaire, consult, and protocol data such as wake and sleep timing, light access, caffeine timing, midday reset choices, evening routine inputs, environment constraints, symptom-like goals, plan choices, generated protocols, and calendar-style output.
• Technical, security, and diagnostic data such as IP-derived request metadata, browser and device information, timestamps, CSRF state, rate-limit and abuse-prevention signals, signed webhook metadata, and anti-bot challenge tokens where enabled.
• Support and communications data such as transactional email records, delivery, bounce, and complaint events, contact requests, and consent-event logs.
• Limited analytics data such as privacy-scrubbed landing-page events, product operation events, performance measurements, and error reports.

Consumer-health and HIPAA boundary

Calibrate treats questionnaire answers, consult answers, saved protocols, generated guidance, and related timing plans as sensitive consumer-health or health-adjacent data. The current website is positioned as direct-to-consumer educational wellness guidance, not as a HIPAA-covered patient portal or formal provider-care workflow.

• Calibrate does not currently ingest HealthKit, Apple Health, Health Connect, Google Fit, wearable, sleep-tracker, EHR, provider-record, insurance, pharmacy, lab, or medical-record data.
• Calibrate does not create a physician-patient relationship unless a separate formal care process is created and completed outside this current website flow.
• Any future external health-record, wearable, lab, provider, or medical-data integration requires a separate legal, security, and architecture review.
• Questionnaire and protocol data must not be sent to advertising pixels, lookalike audiences, retargeting systems, affiliate networks, product merchants, or analytics providers for ad targeting.

How we use information

We use personal information for product, security, support, and legal purposes that match a wellness-planning service.

• Provide the questionnaire and consult flows, generate guidance, save drafts and protocols, and let you access account-linked output.
• Authenticate users, send magic links or other account-related messages, and maintain service continuity.
• Protect the service against abuse, fraud, unauthorized access, and reliability incidents.
• Measure product performance, debug issues, and improve the quality of the Calibrate experience without turning sensitive questionnaire answers into ad-targeting inputs.
• Queue and send transactional email that you request or that is needed to operate the product.
• Comply with legal obligations, resolve disputes, enforce our terms, and maintain business records.

Cookies, local storage, analytics, and tracking

Calibrate uses necessary cookies and limited browser storage for security, authentication, draft ownership, CSRF protection, and non-sensitive UI state. Analytics is configured to avoid sensitive content.

• Questionnaire answers and consult answers should not be stored in browser localStorage or sessionStorage. The current implementation keeps those sensitive answers in memory or server-side draft/account storage where applicable.
• Landing-page analytics allows only scrubbed event names and safe properties; it must not include form contents, questionnaire answers, health labels, emails, tokens, or protocol details.
• PostHog browser options disable autocapture and pageview capture, keep persistence in memory, mask text and element attributes, and block replay on sensitive paths such as questionnaire, consult, calendar, auth, account, and API routes.
• Sentry is configured with PII collection off, replay sample rates set to zero, and event scrubbing before send.
• Calibrate does not currently run ad pixels, retargeting, or behavioral advertising scripts. Those must not run on health intake, admin, authenticated, questionnaire, consult, or protocol pages.

Service providers and infrastructure

Calibrate uses service providers to host, secure, authenticate, store, email, monitor, analyze, and back up the service. Provider use depends on which features are enabled.

• Vercel hosts the Next.js app and may provide Blob storage and AI Gateway services when those features are enabled.
• Neon stores application data in Postgres, including account mappings, drafts, questionnaire submissions, protocols, jobs, email metadata, affiliate ledger records, audit records, and file metadata.
• Clerk provides authentication, sessions, and user lifecycle webhooks.
• Postmark sends transactional email and returns delivery, bounce, complaint, and related email events.
• Trigger.dev queues durable background jobs such as email work, cleanup, backup checks, and future reconciliations.
• Upstash Redis may provide distributed rate limits, replay locks, and temporary abuse counters.
• PostHog may receive privacy-scoped product events. Sentry may receive scrubbed error and performance events.
• Cloudflare Turnstile, WAF, DNS, or R2 may support bot protection, edge controls, and backup storage depending on the production configuration.
• Vercel AI Gateway and model providers are disabled unless AI guidance is intentionally enabled after review.

Who we share information with

We do not sell questionnaire responses, consult answers, protocol content, or consumer-health data. We do not share those records for third-party advertising, retargeting, lookalike audiences, or ad pixels. We share information only with service providers and recipients needed to operate Calibrate.

• PostHog and Sentry must not receive raw questionnaire answers, protocol JSON, prompt content, email addresses, raw IP addresses, or other sensitive user-submitted health context.
• Affiliate redirects may use a server-generated click ID for attribution, but not questionnaire answers, protocol content, health labels, email addresses, or raw IP addresses.
• Professional advisers, auditors, insurers, or law-enforcement or regulatory recipients where disclosure is legally required or reasonably necessary to protect Calibrate or others.
• A buyer, investor, or corporate successor in connection with a merger, financing, acquisition, reorganization, or asset sale, subject to appropriate confidentiality and transfer controls.

Retention

We keep information only for as long as reasonably needed for the purposes above, then delete, de-identify, or isolate it under our operational and legal retention rules. Account deletion is designed to remove saved questionnaire and protocol records while retaining only narrower operational records where needed.

• Anonymous draft ownership uses a short-lived HttpOnly draft cookie. Draft cleanup windows currently include active draft cleanup and claimed-draft cleanup logic in the backend.
• Saved questionnaire submissions, generated protocols, protocol events, and related email job payloads tied to an authenticated account are deleted when account deletion is processed through the backend account-deletion flow.
• Retained account and authentication records are minimized where feasible, such as clearing stored email fields while preserving narrow tombstone records needed to prevent stale provider events from recreating deleted users.
• Consent logs, audit records, diagnostic records, support records, email-delivery records, affiliate/accounting records, and security records may be retained where needed for fraud prevention, legal compliance, dispute resolution, accounting, or audit integrity.
• Backups and replicated infrastructure may preserve snapshots for limited periods after deletion requests, after which those backups are rotated out or overwritten in the ordinary course.
• If you request deletion, we will process the request in line with our systems and retention obligations, but we do not promise immediate erasure from every backup, provider log, delivered email copy, or legally retained record.

International transfers and security

Calibrate and its providers may process information in the United States and other countries that may not offer the same legal protections as your home jurisdiction.

• Where required, we rely on appropriate transfer mechanisms and contractual safeguards for international processing.
• We use reasonable administrative, technical, and organizational safeguards designed to protect information, including transport security, access controls, logging, secret management, provider scoping, request validation, rate limits, webhook verification, and redaction.
• No system is perfectly secure. You should use a strong email account, protect your authentication links, and avoid sharing account access with others.

Your rights and choices

Depending on where you live, you may have rights to access, correct, delete, export, restrict, object to, appeal, or withdraw consent for certain processing. California residents may also have rights under California privacy law if Calibrate meets applicable thresholds or if sensitive personal information rules apply.

• You can contact support@calibrate.day to request access, correction, deletion, export, or another privacy-rights workflow.
• Calibrate does not sell personal information or consumer-health data. If a future feature creates a sale, share, or targeted-advertising opt-out right, Calibrate must update this policy and the Privacy Choices page before enabling it.
• Where consent is the basis for processing, you may withdraw that consent, although some product features may stop working if the processing is required to operate them.
• If you are in the EEA or UK, you may also complain to your local supervisory authority. UK users may complain to the Information Commissioner's Office.

Incident and breach notices

If Calibrate identifies unauthorized access, acquisition, disclosure, or use involving personal information or identifiable consumer-health data, Calibrate will investigate, preserve evidence, involve appropriate providers and advisers, and evaluate notification duties under applicable breach, consumer-health, and privacy laws.

Changes to this policy

We may update this policy as Calibrate evolves. When the changes are material, we will update the date above and may provide an in-product or email notice where appropriate.