Legal · Privacy

Health Privacy Policy

Last updated: 2026-05-11

istPositive analyses photographs of at-home pregnancy tests. Those images, and the results derived from them, are special-category health data under EU and UK law. This policy describes — in plain language — what we collect, why, how long we keep it, and the rights you have over it.

1. Who we are

istPositive (“we”, “us”) is the controller of the personal data described in this policy. For privacy questions or to exercise your rights, contact privacy@istpositive.com. Our full contact details are on the contact page and in the Impressum.

2. Data we collect

Account email — only if you choose to sign in. We use magic-link authentication; we never store a password.
Photos of your test— uploaded by you and processed to produce a reading. See § 4 for retention.
Analysis results — verdict (positive / negative / inconclusive), confidence score, and short notes generated for you.
Stripe customer ID — if you subscribe to a paid plan. We do not store card numbers; Stripe does.
Technical metadata — IP address, user-agent, coarse-grained timestamps. Used for abuse prevention and rate limiting.

3. Lawful basis (GDPR / UK GDPR)

Article 6(1)(a) — consent for processing in general. You give it by ticking the consent box before each scan and by creating an account.
Article 9(2)(a) — explicit consentfor processing health data (the photo and the verdict). The consent box on the analyser names the special-category nature of the data and the recipients (see § 5).
Article 6(1)(b) — contract for delivering paid subscriptions you have purchased.
Article 6(1)(f) — legitimate interestfor narrow security and fraud-prevention logging (IP, rate limits). You can object — see § 7.

4. Retention

Photo thumbnails — paid plans: up to 1 year, then automatic deletion. Free / anonymous reads: deleted immediately after the result is rendered.
Analysis text (verdict + notes): up to 5 years for signed-in users, to support your own history. Deleted on account erasure.
Account email: until you delete your account.
Stripe records: retained for 7 years to meet tax and accounting obligations (legal requirement, overrides erasure for the financial fields only).
Security logs: 90 days, then automatically purged.

5. Sub-processors

We use the following processors. Each is bound by a written data processing agreement and Standard Contractual Clauses where applicable.

Supabase — authentication, database, file storage. EU region (Frankfurt).
Stripe — payment processing. US / EU.
Anthropic — vision model for image interpretation. US. Your explicit consent at the time of scanning is the lawful basis for sending the photo to this processor.
Cloudflare — DDoS protection and Turnstile challenge. Edge processing only; we do not store your data with Cloudflare.

6. International transfers

Anthropic and Stripe may process data in the United States. We rely on the European Commission's Standard Contractual Clauses (Module 2/3 as appropriate) and, where relevant, the EU–US Data Privacy Framework. A copy of the relevant transfer mechanism is available on request.

7. Your rights

You have the right to:

access the personal data we hold about you;
rectify inaccurate data;
erase your data (the “right to be forgotten”) — note tax-related Stripe records remain for the statutory period;
port your data in a machine-readable format;
object to processing based on legitimate interest;
restrict processing while we resolve a dispute;
withdraw consent at any time, without affecting prior lawful processing;
lodge a complaint with your supervisory authority (e.g. your national EU DPA or the UK ICO).

8. Data export & deletion

Email privacy@istpositive.com with the subject line DATA REQUEST. We will respond within 30 days as required by GDPR Art. 12(3). Account holders can also self-serve from their account page when that feature ships.

9. Cookies & tracking

We use first-party cookies strictly necessary for authentication and for remembering your language preference. We do not load third-party analytics, advertising, or tracking pixels.

10. Children

istPositive is intended for users aged 18 and over. We do not knowingly process data from anyone under 18. See the Terms.

11. Security

Data is encrypted in transit (TLS 1.2+) and at rest. Service-role keys are stored in Supabase Vault and rotated on a fixed schedule and immediately on any suspected exposure. Magic-link sessions can be revoked from your account at any time.

12. Breach notification

If we discover a breach affecting your identifiable health data we will notify you within 60 days under the FTC Health Breach Notification Rule (where applicable) and within 72 hours of the relevant supervisory authority under GDPR Art. 33. Our internal playbook is summarised in our breach runbook (available to auditors on request).

13. Changes to this policy

Material changes are announced at least 30 days in advance by email to account holders and by a banner on this site. Continued use after the effective date constitutes acceptance of the updated policy.