Privacy Choices

How to submit a request

Email support@calibrate.day with the request type and the email address used for your Calibrate account. We may need to verify that you control the account or email before acting on account-linked data. Do not include emergency symptoms, diagnosis requests, treatment instructions, payment-card numbers, or information Calibrate does not ask for.

• Access: ask for a summary of account, questionnaire, protocol, consent, support, and operational records linked to you.
• Correction: identify the inaccurate information and the correction you are requesting.
• Deletion: ask us to delete or de-identify account-linked questionnaire and protocol data where required and feasible.
• Export: ask for a copy of account-linked questionnaire and protocol records in a reasonably portable format.
• Consent withdrawal: ask us to stop optional processing that depends on consent, where withdrawal is available.
• Appeal or review: if a request is denied or limited, ask for a second review and explain the reason.

Consumer-health data requests

Calibrate treats questionnaire answers, consult answers, saved protocols, generated guidance, and related timing plans as sensitive consumer-health or health-adjacent data. You may use the same support workflow for consumer-health access, deletion, correction, export, withdrawal, or appeal requests.

What deletion means

Deletion is not always instant across every system. Calibrate's account-deletion backend is designed to delete saved questionnaire submissions, generated protocols, protocol events, related email job payloads, and private blob objects where applicable; de-identify retained operational records where feasible; and keep only narrower records needed for security, fraud prevention, legal compliance, dispute resolution, audit integrity, backup rotation, or another permitted reason.

• Saved questionnaire drafts, submissions, generated protocols, protocol events, and queued email payloads tied to the account are deleted by the backend account-deletion flow.
• Email-message metadata, affiliate-click metadata, auth identity records, and account records are de-identified or minimized where feasible while preserving narrow operational evidence.
• Security, consent, email-delivery, abuse-prevention, and audit records may be retained where legally or operationally required.
• Backups may retain snapshots for a limited rotation period before they are overwritten in the ordinary course.
• If a provider must be notified to complete deletion, the request runbook should record that notification and outcome.

No sale or advertising opt-out posture

Calibrate does not sell questionnaire, consult, or protocol data and does not share consumer-health data for ad targeting, retargeting, lookalike audiences, behavioral advertising, or ad pixels. If that posture changes, Calibrate must update this page, the Privacy Policy, the Cookie and Analytics Notice, and the Consumer Health Privacy Notice before enabling the change.

California and other state privacy requests

California residents and residents of other states with privacy laws may use this workflow to request access, deletion, correction, portability, appeal/review, or information about sale/share status. Calibrate's current posture is no sale of personal information, no sale of consumer-health data, and no sharing of consumer-health data for advertising.

Authorized agents

If a law allows an authorized agent to act for you, Calibrate may require proof of authorization and may still require direct verification that you control the account or email address before disclosing or deleting account-linked data.

Limits

Some requests may be limited if we cannot verify identity, if the request conflicts with security or legal duties, if the data is not linked to the requester, or if retaining a narrow record is required for fraud prevention, legal compliance, audit integrity, or dispute handling.