Privacy Policy

Last updated 2026-05-24

1. What we collect

Account info (name, email, hashed password, role), credential details you submit for verification (e.g. NPI), content you capture and its metadata, license and payout records, and basic usage/logs. Payment details are handled by Stripe — we never store card numbers.

2. How we use it

To operate the marketplace: verify experts, certify and host content, run licensing and payouts, provide support, secure the service, and comply with law.

3. Content & PHI

Experts must de-identify content (no PHI) and obtain consent before publishing. Don't upload identifiable patient data. Certified content is shared with buyers who license it, under the terms you set.

4. Sharing

We share data with service providers that make the product work — Stripe (payments/payouts), Neon (database), and Vercel (hosting/storage). We don't sell your personal information. Provenance credentials are public by design (they carry no personal data beyond the issuer/creator label you choose).

5. Security

Passwords are hashed (scrypt). Sessions use signed, httpOnly cookies. Media is stored with unguessable URLs and access is gated to the creator and licensees. No system is perfectly secure, but we take reasonable measures.

6. Your choices

You can view and edit your account, revoke API keys, and request deletion of your account and data. Some records may be retained where required for legal or accounting reasons.

7. Changes

We may update this policy as the product evolves; material changes will be reflected here with a new date.

8. Contact

Privacy questions? Email privacy@allaiknow.app.