Cyclincare

Privacy Policy

Effective May 2026

This document is available in English only for legal accuracy.

1. What we collect

When you use Cyclincare we collect:

  • Your email address (for authentication)
  • Your symptom logs (PRO-CTCAE responses, severity scores, dates, free-text notes)
  • Your medication list (drug names, doses, frequency)
  • Your selected CDK4/6 inhibitor, current dose, and treatment duration
  • Subscription status (managed by Stripe)

2. How it is stored

All data is stored on Supabase (EU region) and encrypted at rest using AES-256. Connections use TLS 1.2+. Backups are encrypted.

3. Who has access

Only you. Row-Level Security (RLS) policies enforced at the database level mean every row is scoped to your user ID — no other user, including us, can read your symptom logs or medication list through the application.

4. Third-party processors

  • Supabase — database and authentication hosting (EU)
  • Stripe — payment processing (subscription only; no health data)
  • Google OAuth — optional sign-in provider (email and name only)

No symptom or medication data is shared with advertisers, analytics providers, or any third party other than the processors listed above.

5. Data retention

You can delete your account at any time from Account → Danger zone. Deleting your account permanently removes all symptom logs, medication entries, settings, and authentication records associated with you.

6. Your GDPR rights

If you are in the EU/EEA you have the right to:

  • Access the data we hold about you
  • Rectify inaccurate data
  • Erase your data (account deletion)
  • Port your data — request a machine-readable export
  • Object to processing or restrict it

To exercise any of these rights, email us at the address below.

7. HIPAA notice

Cyclincare is not a HIPAA covered entity and does not enter into Business Associate Agreements. We handle health-related information with appropriate technical and organisational safeguards (encryption at rest and in transit, RLS, principle of least privilege), but Cyclincare is not a substitute for a clinical record system.

8. Contact

For data requests or privacy questions: cancercaretools@gmail.com

Last updated: May 2026. Built by Cancer Care Tools.