Privacy Policy

Version:
1.1
Last updated:
7 May 2026

1. Who we are

Crescia is the data controller for the personal information described in this policy. We are based in the United Kingdom. You can reach our data protection contact at privacy@crescia.co.uk.

2. What we collect

We collect information in three buckets:

  • Account data — your email address, display name, and (for nutritionists) your professional credentials.
  • Health context — the symptoms, severities, and free-text notes you submit through intake. This is sensitive personal data under UK GDPR Article 9.
  • Usage data — product analytics (page views, feature interactions, performance metrics) collected via PostHog (EU-hosted) to help us understand how the product is used and improve it. We do not use behavioural advertising trackers.

3. How we use it

  • To run the service you've signed up for.
  • To generate the AI-organised intake summaries surfaced on your home screen and to brief nutritionists when you explicitly request a connection.
  • To safeguard your wellbeing — for example, the red-flag rules in /urgent-care.
  • To meet our legal obligations and, where you've consented, to improve the model using de-identified data.

4. Lawful basis

We rely on your explicit consent for processing health-related data, captured at sign-up via /consent. For account data we rely on contract — we need it to deliver the service. For service-improvement telemetry we rely on legitimate interests, balanced against your privacy.

5. Sharing with nutritionists

We never share your intake with a nutritionist unless you've both (a) toggled "Share with nutritionists" in /settings and (b) explicitly sent a connection request from a directory card. You can revoke either at any time; new connection requests stop immediately and existing ones can be ended in your connections list.

6. Third-party processors

We use a small number of vetted processors, each bound by a Data Processing Agreement (DPA):

  • Supabase (database, authentication, file storage) — EU region (Frankfurt). Supabase acts as a data processor under their standard DPA.
  • Anthropic (AI inference for intake summaries) — data is sent to Anthropic's API for processing and is not used for model training. Anthropic's data processing terms apply.
  • Google (AI inference, Gemini models as a secondary provider) — subject to Google Cloud data processing terms. Data is not used for model training.
  • Resend (transactional email) — used for account verification and notification emails. Email addresses only; no health data is sent.
  • Vercel (hosting and edge network) — serves the application. Transient request data only; no health data is persisted at this layer.
  • PostHog (product analytics) — EU-hosted (Frankfurt). Collects anonymised usage events (page views, feature interactions) to help us understand how the product is used and where it can improve. No health data or intake content is sent to PostHog. PostHog's EU data processing terms apply.

We do not sell your data to any third party. AI providers process your data only to generate summaries on your behalf and do not retain it for their own purposes beyond the immediate request.

7. Retention

We keep your data for as long as your account is active. When you delete your account, your intake submissions and identity rows are removed within 30 days. Anonymised aggregate data we retain longer is irreversibly disconnected from your identity before storage.

8. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request erasure ("right to be forgotten").
  • Restrict or object to processing.
  • Receive your data in a portable format.
  • Withdraw consent at any time.
  • Complain to the Information Commissioner's Office.

To exercise any of these, see /contact.

9. Security

Data is encrypted in transit (TLS) and at rest. Access to the production database is limited to a small set of named engineers and audited. Row-Level Security policies prevent one user's data from being read by another, even by an authenticated client SDK.

10. Cookies and tracking

Crescia uses essential cookies required for the service to function (authentication session, consent preferences) and a small number of analytics cookies set by PostHog (EU-hosted) to understand how the product is used. PostHog cookies track anonymous usage events such as page views and feature interactions — no health data or intake content is included. We do not use advertising cookies, cross-site tracking pixels, or behavioural advertising trackers.

You can opt out of analytics tracking at any time by enabling your browser's "Do Not Track" setting or by contacting us at privacy@crescia.co.uk.

11. Changes to this policy

Material changes will trigger a re-consent prompt at next sign-in. The version string at the top of this page advances with each material change so you always know what you've accepted.

Crescia
For educational purposes only. Not a replacement for medical advice.
© 2026 Crescia. All rights reserved.
PrivacyTermsContact