Privacy Policy
Last Updated: April 2026
1. OVERVIEW
FLORA is built with a privacy-first philosophy. We collect the minimum data necessary to deliver your report and nothing more. We do not create user accounts, we do not store your health data beyond 7 days, and we do not sell or share your information with third parties for advertising or commercial purposes.
This Privacy Policy explains what data we collect, how we use it, and how we protect it. We use plain language because privacy policies should be readable by humans, not just lawyers.
2. WHAT WE COLLECT
Here is exactly what data touches our systems when you use FLORA:
Session ID
A randomly generated token (nanoid) created when you begin a session. It contains no personal information and cannot be used to identify you. It is used solely to link your payment to your report delivery.
Your Uploaded PDF
Your gut test PDF is processed entirely in memory. It is never written to disk, never stored in a database, and is discarded immediately after text extraction. We do not retain your original PDF file in any form.
Extracted PDF Text
The text content extracted from your PDF is transmitted to Anthropic's Claude API for AI analysis. We do not store this extracted text in our database. Anthropic processes it under their own privacy policy (see Section 5).
Generated Report (JSON)
The structured report output generated by the AI is stored in our Supabase database for up to 7 days after generation, then automatically deleted. This is the only health-related data we retain, and only so you can access your report during that window.
Payment Data
All payment processing is handled by Stripe. We never see or store your credit card number, billing address, or other payment details. Stripe stores what is required to process and record the transaction under their own privacy policy.
Basic Analytics
We use Vercel Analytics for page-level traffic data (e.g., page views, general geographic region). This does not collect personally identifiable information and does not track individuals across sessions.
3. WHAT WE DON'T COLLECT
To be explicit, FLORA does not collect or store:
- Your name
- Your email address
- Your mailing or billing address
- Your IP address in our database
- Any persistent user profile or account
- Your original test PDF after processing
- The raw extracted text from your PDF
- Any data for advertising, profiling, or AI training purposes
4. HOW WE USE YOUR DATA
We use the data described above for one purpose only: to generate and deliver your gut health intelligence report.
Specifically:
- Your session ID links your payment confirmation to your report.
- Your PDF text is analyzed by AI to produce your report content.
- Your report JSON is stored temporarily so you can access it within 7 days.
We do not use your data for marketing, analytics profiling, AI model training, or any secondary purpose.
5. THIRD-PARTY SERVICES
FLORA relies on the following third-party services to operate. Each has its own privacy policy:
Anthropic (Claude AI)
Processes the extracted text from your PDF to generate your report. Anthropic's data handling practices apply to data transmitted to their API. We use their API under a commercial agreement that prohibits using customer data for training. Anthropic Privacy Policy →
Stripe
Handles all payment processing. Stripe is PCI DSS compliant. We never receive or store your card details. Stripe Privacy Policy →
Supabase
Stores your session ID, report JSON, and payment status. Data is hosted on US-based infrastructure. Report records are automatically deleted after 7 days. Supabase Privacy Policy →
Vercel
Hosts the FLORA application via CDN and serverless functions. Vercel may process request metadata as part of serving the application. Vercel Privacy Policy →
6. DATA RETENTION
Your generated report JSON is stored for 7 days after creation, then automatically and permanently deleted from our database. Your PDF is never stored — it is discarded immediately after text extraction occurs in memory. There is no long-term retention of health data on our end.
7. YOUR RIGHTS
Because we collect almost no personally identifiable information, your privacy rights are largely protected by design. Specifically:
- Right to know: We've described above exactly what we store. It's your session ID, report JSON, and payment status.
- Right to deletion: Your report data is automatically deleted after 7 days. If you'd like it deleted sooner, email us at hello@floralytic.com with your session ID.
8. HEALTH DATA
We treat health-related data with particular care. Your gut test results are sensitive health information. Here is our commitment:
- Your PDF is discarded immediately after text extraction — never stored, never retained.
- The extracted text is sent only to Anthropic for AI analysis and is not stored by us.
- We do not sell, license, rent, or share your health data with any third party for commercial purposes.
- We do not use your health data to train AI models.
- We do not use your health data for advertising or profiling.
9. CHILDREN'S PRIVACY
FLORA is not intended for users under the age of 18. We do not knowingly collect any information from children. If you believe a minor has used this Service, please contact us at hello@floralytic.com and we will take appropriate action.
10. FTC HEALTH BREACH NOTIFICATION
As a service that handles personal health information, Fhloston Digital is subject to the Federal Trade Commission's Health Breach Notification Rule (16 C.F.R. Part 318). In the unlikely event of a data breach that involves health information, we will notify affected users within the timeframes required by applicable law, including within 60 days of discovery where required.
11. CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time. When we do, we will revise the “Last Updated” date at the top of this page. We encourage you to review this page periodically. Continued use of the Service after updates constitutes acceptance of the revised policy.
12. CONTACT
If you have questions about this Privacy Policy, your data, or want to request deletion of your report, contact us at: hello@floralytic.com