Legal
Privacy Policy
Effective date: April 27, 2026 · Last updated: April 27, 2026
Short version. Your laboratory values and the text you type into SomaVue stay on your device — they are not transmitted to or stored by SomaVue's servers. The only data we store on our servers is what we need to run an account and a subscription: your email address, your subscription tier, and identifiers that link you to our payment processor, Stripe.
1. Scope and definitions
This Privacy Policy applies to information collected through SomaVue (the website, web application, and any related services) operated by {{COMPANY_NAME}} ("we", "us", "our"). It does not apply to third-party websites or services we link to. Capitalized terms not defined here have the meaning given in the Terms of Service.
2. What we collect — and don't
2.1 What stays on your device
The values you enter, lab reports you upload (including PDFs), and any notes you type are processed entirely in your browser. They are not transmitted to SomaVue's servers and are not stored in our database. Lab data may be cached temporarily in your browser's local storage so the page works smoothly across reloads — clearing your browser storage clears that cache.
2.2 What we collect when you create an account
- Email address — used to send the magic-link sign-in email and, where applicable, billing receipts and service emails.
- Authentication metadata — your sign-in timestamps and a session token, managed by our authentication provider Supabase.
2.3 What we collect when you subscribe
- Subscription tier (Free, Pro, or Clinic) and trial / billing status.
- Stripe customer and subscription identifiers — opaque IDs (e.g.
cus_…,sub_…) that allow us to look up your billing record at Stripe. - Trial and renewal dates — to control access to paid features.
We do not see, receive, or store your card number, CVC, or full billing address. That information is collected and held by Stripe under their own terms and privacy policy (stripe.com/privacy).
2.4 Server logs
Our hosting provider (Netlify) and our backend functions automatically generate technical logs that may include your IP address, browser user-agent, the request path, and timing information. These logs are used for security, debugging, and abuse prevention, and are kept only as long as needed for those purposes.
2.5 Analytics — pre-disclosure
SomaVue may add a privacy-respecting product-analytics service (such as Plausible or PostHog) in the near future to measure aggregated usage. If we do, the service will be configured for cookieless or first-party-only operation where supported, and we will collect only event names, page paths, referrer, country (from IP, not the IP itself), and screen size. We will not use analytics to identify individual users beyond an opaque session ID. This policy will be updated at that time.
2.6 Email — pre-disclosure
We may send transactional emails such as a welcome message, trial-ending reminder, billing receipts, and important service notices. We do not send marketing emails without your consent. Email is delivered through our authentication and email-service providers; we do not embed marketing tracking pixels.
3. How we use information
- To create and maintain your account.
- To deliver paid features to you and to verify your subscription tier.
- To process payments through Stripe and to provide receipts.
- To communicate with you about your account, your trial, billing, and important service notices.
- To diagnose, secure, and improve the service.
- To prevent fraud, abuse, and violations of the Terms.
- To comply with legal obligations and enforce our rights.
We do not sell your personal information. We do not use it to train machine-learning models. We do not use it for advertising.
4. Service providers
We rely on a small set of vendors to operate SomaVue. Each receives only the information needed to perform its function.
| Provider | Purpose | Data they receive |
|---|---|---|
| Supabase (Supabase, Inc.) | Authentication, profile database, magic-link email | Email address, sign-in timestamps, subscription tier, Stripe identifiers |
| Stripe (Stripe, Inc.) | Payment processing, subscription billing, customer portal | Email, name, billing address and country, card payment details, transaction history |
| Netlify (Netlify, Inc.) | Website hosting, serverless functions, CDN | HTTP request metadata (IP, user-agent, request path) |
If we add an analytics provider or transactional-email provider, we will update this table.
5. Cookies and local storage
SomaVue uses minimal browser storage:
- Authentication tokens (in cookies and/or localStorage, set by Supabase) so you stay signed in between visits.
- Application state (in localStorage) so the app can remember your most recent inputs and theme preference between reloads — this never leaves your browser.
- Stripe may set its own cookies during checkout for fraud prevention and session continuity, governed by Stripe's privacy policy.
SomaVue does not use third-party advertising cookies. You can clear cookies and local storage at any time through your browser settings; doing so will sign you out and clear cached lab inputs.
6. Sharing and disclosure
We share information only:
- With service providers listed in Section 4, under contracts that limit how they may use the data.
- To comply with law — for example, in response to a valid subpoena, court order, or government request, or to protect our rights, our users' rights, or the public.
- In a corporate transaction — if SomaVue is acquired, merged, or sells substantially all of its assets, account information may transfer to the successor, subject to this Policy.
- With your consent, in cases not described above.
We do not sell or rent your personal information.
7. Retention
We keep account information for as long as your account is active. If you cancel and delete your account, we delete or anonymize your profile within 30 days, except where retention is required by law (for example, tax records of past transactions, retained for the period required by applicable tax authorities). Stripe retains transaction records under its own retention schedule. Server logs are typically retained for no more than 90 days.
8. Security
We use industry-standard safeguards to protect your information, including TLS encryption in transit, encryption at rest by our database provider, role-based access controls, row-level security on our profiles table so a user can read only their own profile, and limited use of administrative service-role credentials. No system is perfectly secure; we cannot guarantee absolute security and you use SomaVue at your own risk.
9. International transfers
SomaVue is operated from the United States. Information you provide may be processed in the United States and in other countries where our service providers operate. By using SomaVue you acknowledge this transfer. Where required by law (for example, for users in the United Kingdom or European Economic Area), we rely on standard contractual clauses or other approved mechanisms with our service providers.
10. Your rights
Subject to applicable law, you may have the right to:
- Access the personal information we hold about you.
- Correct inaccurate information.
- Delete your account and associated information.
- Export your information in a portable format.
- Object to or restrict certain processing.
- Withdraw consent where processing is based on consent.
You can exercise most of these rights yourself: cancel your subscription from the Stripe Customer Portal in-app; delete your account by emailing support@aquariansolution.com from the address on file. We will respond within the timeframe required by applicable law.
11. California privacy rights
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the CPRA, gives you the rights listed in Section 10. The categories of personal information we collect are described in Section 2. We do not sell or share personal information for cross-context behavioral advertising. We do not knowingly collect "sensitive personal information" as defined by the CCPA; the email and billing identifiers we collect are treated with care regardless. To exercise your rights, contact support@aquariansolution.com. We will not discriminate against you for exercising your rights.
12. UK and EU residents
If you are in the United Kingdom or the European Economic Area, the legal bases on which we process your personal data are: contract (to provide the service you signed up for), legitimate interests (to operate, secure, and improve the service), consent (where you opt into specific processing such as future marketing emails), and legal obligation (for example, tax records). You have the rights described in Section 10 and the right to lodge a complaint with your local data-protection authority.
Our service providers are located in the United States. Where required, we rely on standard contractual clauses with those providers.
13. Children
SomaVue is not directed to children under 18 and we do not knowingly collect information from anyone under 18. If you believe a child under 18 has provided information to us, please contact support@aquariansolution.com and we will delete it.
14. HIPAA and health-data scope
SomaVue is offered as a direct-to-consumer educational tool. SomaVue is not a covered entity or business associate under the U.S. Health Insurance Portability and Accountability Act (HIPAA). Because lab values entered into SomaVue stay on your device and are not transmitted to our servers, SomaVue does not receive Protected Health Information (PHI) in the HIPAA sense.
If a clinician on a Clinic-tier subscription wishes to use SomaVue in a way that would involve PHI, they remain solely responsible for HIPAA compliance, including obtaining patient authorization where required and not entering PHI into any field that would transmit it off-device. SomaVue does not currently offer a Business Associate Agreement.
15. Changes
We may update this Privacy Policy. If a change is material, we will notify active subscribers by email or in-app at least 14 days before it takes effect. The "Effective date" at the top reflects the current version.
16. Contact
{{COMPANY_NAME}}
Attn: SomaVue Privacy
{{COMPANY_ADDRESS}}
Email: support@aquariansolution.com