Consumer Health Data Policy
Effective: June 12, 2026
1. What this policy covers
This policy describes how The Naperville Doula LLC (“HiDoula,” “we,” “us”) collects, uses, and shares consumer health data — health-related information as defined by laws such as Washington’s My Health My Data Act and similar state laws. In a birth app, almost everything is health-related by context, so we apply this policy to the whole care space, not just clinically-flavored fields. Our Privacy Policy is the broader document covering all personal data; this page is the dedicated consumer-health-data disclosure.
2. Categories of consumer health data we collect
- Account and contact information — name, email address, and (for doulas) practice details, which are health-adjacent by context in a birth app.
- Operational metadata — due dates, labor-status category, appointment times, contraction timing entries, and who is connected to whom in a care space.
- User-created care content — messages, birth plan text, notes, and contraction notes. Where supported, this content is encrypted on your device before it syncs, using keys held on your devices.
3. Where this data comes from
From you, and from the people in your care circle — the doula, family members, and support people you choose to connect with. We do not buy, scrape, or infer health data from anywhere else.
4. Why we collect it
Only to provide the service you asked for: running your care space, processing Birth Pass payments, and responding to support requests. We never use consumer health data for advertising, and we never sell it.
5. Who we share it with
Beyond the people you choose to connect with, consumer health data is processed only by the small set of infrastructure providers below, each receiving only what its role requires. Care content is prohibited from the email and payment channels.
| Provider | Purpose | Data involved |
|---|---|---|
| Supabase | Database, authentication, and storage hosting | Account data, operational metadata, and encrypted care content (encrypted on device before sync where supported) |
| Vercel | Application hosting and content delivery | Request and connection data needed to serve the app (IP address, device/browser information, logs) |
| Stripe | Payment processing for the Birth Pass | Billing name, email, and payment status. Card data goes directly to Stripe. Care content is prohibited from this channel. |
| Email delivery providers | Transactional email (sign-in links, invitations, notifications) | Email address and minimal generic message content. Care content is prohibited from email bodies and subjects. |
We may also disclose data when required by law or to protect the safety and integrity of the service — and we will tell you when the law allows us to.
6. What we never do
- We do not sell consumer health data. Ever.
- We do not use consumer health data for advertising or ad targeting.
- Consumer health data is never shared with any analytics service. No advertising trackers or session-replay tools anywhere. Analytics exists only on our public marketing pages (Google Analytics, with IP anonymization and ad personalization disabled) — it never runs inside the app or on any health-related screen.
- We do not use care content to train advertising or profiling systems.
7. Your rights
You can ask us to access, export, or delete your consumer health data, and you can withdraw consent for its collection at any time. To exercise these rights, email privacy@hidoula.app — we will verify the request and act on it without unreasonable delay. In-app export and deletion tools are available or in progress; email works today regardless. If you believe we have not handled your data properly, you may also contact your local consumer-protection or data-protection authority.
8. How we protect it
Data is encrypted in transit (TLS) and at rest, and user-created care content is additionally encrypted on your device before it syncs where supported — so the most sensitive tier is designed to be unreadable to us. Our security overview has the details. No system eliminates all risk.
9. Changes
We will notify you of material changes to this policy by email or in-app notice before they take effect, and we will not weaken how we handle previously collected consumer health data without asking first.
10. Contact
Questions or requests about consumer health data: privacy@hidoula.app. General questions: hello@hidoula.app.