Privacy Policy

Version 1.0.0 — Effective date: 1 March 2024

1. Our Core Principle

Screend is a trust layer, not a health records system. We store your verification status only — never test results, diagnoses, or health records.

2. Information We Collect

We collect and store:

• Email address — for authentication and notifications
• Display name — optional, user-chosen
• Verification status — verified/expired/revoked and dates
• Prevention status — voluntary, self-reported or issuer-verified
• Payment information — processed by Stripe; we do not store card details
• Usage data — anonymized analytics (share view counts, hashed IPs)

3. Information We Never Collect

• Test results or lab reports
• Diagnoses or medical records
• HIV status or any specific STI status
• Names of tests performed

4. How We Use Your Information

• To provide and maintain the Service
• To send verification expiry reminders (if opted in)
• To process payments via Stripe
• To generate anonymized, aggregated statistics

5. Data Sharing

We only share your verification status when you create a share link or QR code. Recipients see only the information you choose to include. We never sell or share your data with third parties for marketing purposes.

6. Data Security

• All data encrypted in transit (TLS) and at rest
• Row Level Security (RLS) on all database tables
• IP addresses and user agents stored as hashes only
• API keys stored as bcrypt hashes
• Cryptographic signatures on all verifications

7. Data Retention

Account data is retained while your account is active. Upon deletion, personal data is anonymized within 24 hours. Anonymized audit logs are retained for 7 years as required by Australian law.

8. Your Rights

You have the right to:

• Access — export all your data at any time
• Rectification — update your profile and preferences
• Erasure — delete your account and anonymize your data
• Portability — download your data as JSON
• Withdraw consent — update sharing and marketing preferences

9. Data Hosting

All data is hosted in Sydney, Australia via Supabase and Vercel. Your data does not leave Australian jurisdiction.

10. Cookies

We use essential cookies only for authentication session management. We do not use tracking or advertising cookies.

11. Changes to This Policy

We will notify you of material changes via email. You will be asked to accept the updated policy on your next login.

12. Contact

For privacy enquiries, contact us at privacy@screend.app.