Privacy Policy

Your privacy is our highest priority. We mandate data minimization by design.

1. Information We Collect

We collect the bare minimum required to provide you with the Odyssey Portfolio service:

• Account Information: Your name and email address for authentication and communication.
• App Content: The clinical reflections, entries, and narratives you choose to write.

2. The "No Patient Data" Rule

You are strictly prohibited from entering patient-identifiable data into Odyssey Portfolio. Due to this strict rule, the data stored on our servers is considered your professional intellectual property and personal reflection, not protected health information (PHI). We do not act as a HIPAA Business Associate or equivalent, as the platform is not designed to hold medical records.

3. Data Storage and Security

All data is securely stored on industry-leading infrastructure provided by Supabase and Firebase. Our servers are physically located within the European Union (EU), ensuring compliance with stringent EU data protection regulations (GDPR). Data is encrypted in transit using TLS and encrypted at rest.

4. Third-Party Sharing

We do not sell your personal data. We only share information with trusted infrastructure partners (like Stripe for payments, Firebase for authentication, and Supabase for database hosting) strictly for the purpose of operating the service.

5. Your Rights

You have the right to access, export, or delete your account and all associated data at any time via the application settings.