Privacy Policy

Last updated: March 26, 2026

Salk (“we,” “our,” or “us”) is a family health management app. One account manages multiple health profiles — yourself, your parents, spouse, and children. This policy explains what data we collect, how we store it, and your rights.

Data we collect

Account data

Email address (via Supabase Auth), and Google or Apple sign-in tokens.

Health profiles

Name, relationship, date of birth, sex, height, weight, allergies, medications, medical conditions, surgical history, family medical history, smoking/alcohol status, and pregnancy status.

Conversations & reports

Health chat messages, diagnosis sessions (questions, answers, and assessments), medical report uploads, and AI analysis results.

Health memories

AI-extracted health facts per profile, stored in a vector database to provide personalized responses. Each profile’s memories are strictly isolated.

Usage data

LLM interaction traces (prompts, responses, timing, token counts) for debugging and quality improvement. These traces contain no personally identifiable information — only session IDs.

How we store your data

  • Database: PostgreSQL hosted on Railway (US region)
  • Authentication: Supabase Auth (hosted, US)
  • File storage: Supabase Storage for medical report uploads
  • Memory: Mem0 with pgvector (self-hosted PostgreSQL on Railway)
  • Encryption: All data encrypted at rest (Railway & Supabase default encryption) and in transit via TLS

Profile segregation: Each health profile’s data — conversations, memories, and reports — is strictly isolated. Profile A’s data is never accessible from Profile B’s context.

Data sharing

  • AI providers: Health data is sent to AI providers (Google Gemini, Cerebras, Qwen) for processing. These providers process data per their own policies, but Salk does not store data on their servers beyond the request lifecycle.
  • No advertising: Your data is never sold or shared with advertisers.
  • No third-party analytics: No tracking pixels, no Google Analytics, no Facebook SDK.
  • Error monitoring: We use Sentry for error reporting only. No health data is included in error reports.

Your rights

  • Access: View all your data directly in the app.
  • Deletion: Use “Delete account” in Settings to permanently remove all data — profiles, conversations, memories, and reports — from all systems, including the auth provider. This is irreversible.
  • Data portability: Not yet available (planned).
  • Contact: Email hello@salk.health for privacy questions.

Children

Salk is not directed at children under 13. Health profiles for children are created and managed by their parent or guardian account holder.

Data retention

  • LLM traces: Automatically deleted after 30 days.
  • All other data: Retained until you delete your account.
  • Soft-deleted profiles: Data is retained for recovery but excluded from app queries.

Changes to this policy

We may update this policy from time to time. We’ll notify you of material changes via the app or email. Continued use after changes constitutes acceptance.

Questions? Reach us at hello@salk.health.