Privacy & Security - Stack Precision

Our Promise: We will never sell your data. We will never share your data with advertisers. Your health information is yours alone.

Our Commitment to Your Privacy

Stack Precision implements comprehensive HIPAA-standard safeguards to protect your Protected Health Information (PHI). We've invested in real security infrastructure because we believe your health data deserves the same protection as medical records.

Your data deserves real protection. Not just promises - verified, auditable security practices backed by technical controls.
We will never sell your data. Not to advertisers, not to data brokers, not to anyone. This is non-negotiable.
Health data is sensitive. Your supplements, wellness metrics, genetic variants, and blood work are protected to healthcare standards.
Trust is earned through action. We invested in HIPAA compliance because your privacy is foundational to our service.

Security Safeguards

We implement the administrative, physical, and technical safeguards required by HIPAA:

Encryption in transit - TLS 1.2+ protects all data transmission between your device and our servers
Encryption at rest - AES-256 encryption for all stored data in Google Cloud
Access controls - Only you can access your health data; our team cannot read your personal information
Audit logging - Comprehensive logs of all data access and modifications, retained for 7 years per HIPAA requirements
Secure authentication - Industry-standard authentication with optional biometric protection
Session security - Automatic timeout after 15 minutes of inactivity
Data minimization - We collect only what's necessary to provide the service you requested
Right to deletion - You can delete your account and data at any time

AI Privacy: Complete Transparency

When you use our AI health assistant, we're transparent about exactly what happens with your data. Our AI is powered by Google Vertex AI (Gemini), accessed through Google's enterprise API with enhanced privacy protections.

AI Consent Required: Before using AI features, you must provide explicit consent. This consent renews monthly, ensuring you regularly confirm your preferences. You can modify or withdraw consent at any time.

What We Send to Google Vertex AI

You control exactly what context is included in each conversation:

Your chat messages for that session
Supplement information (names, dosages, schedules) - if you enable it
Journal metrics (numerical wellness scores) - if you enable it
Genetic variants - if you enable it
Blood work values - if you enable it

What We NEVER Send to AI

Your name or display name
Your email address
Your user ID or account identifier
Your device information
Your IP address
Any data that could identify you personally

Your AI conversations are anonymous. Even if data were intercepted, it could not be linked to your identity.

How Google Handles AI Data

We use Google Vertex AI's enterprise API - not consumer products. This distinction matters because enterprise API data has stronger privacy protections:

Not used for training - Your data is never used to train or improve AI models
Limited retention - Data retained up to 30 days for abuse monitoring, then automatically deleted
Enterprise security - Processing occurs in Google Cloud data centers with SOC 2 and ISO 27001 compliance
No human review - Your conversations are not reviewed by humans unless flagged for safety concerns

Read Google Vertex AI Data Governance

You're in Control

Every AI conversation gives you granular control over your data:

Data Type	Your Control
Supplements	Toggle on/off per session
Journal metrics	Toggle on/off per session
Genetic data	Toggle on/off per session
Blood work	Toggle on/off per session
AI consent	Withdraw anytime in Settings

Don't want your genetic data in an AI conversation? Just turn it off. It's that simple.

Data Retention

We retain your data only as long as necessary:

Data Type	Retention
Your health data	Until you delete your account
Deleted items	30 days (recovery window), then permanently removed
Deleted accounts	7-day grace period, then permanently removed
Security audit logs	7 years (HIPAA requirement) - records access times only, not health data content
AI data at Google	Up to 30 days, then deleted

Infrastructure Security

Your data is stored on Google Cloud Platform, a SOC 2 Type II and ISO 27001 certified infrastructure:

Database: Cloud Firestore with automatic encryption
File storage: Cloud Storage with encryption at rest
Authentication: Firebase Authentication with secure token management
Location: United States data centers
Backup: Automatic point-in-time recovery capabilities

Questions?

We believe in transparency. If you have questions about how we protect your data:

All inquiries: Contact us through our support page

For complete details, see our Privacy Policy.

HIPAA Compliant