Privacy Policy

1. Introduction

This Privacy Policy explains how sanao.health (“we,” “us,” or “Service”) collects, uses, and protects your information when you use our health information search platform.

2. Information We Collect

Information You Provide

Google Account Information: When you sign in using Google SSO, we receive basic profile information (name, email, profile picture)
Search Queries: Health-related terms and symptoms you search for

Information We Collect Automatically

IP Address: For location-based language preferences and enhanced search results
Usage Data: How you interact with search results and features
Browser Information: Browser type, device information for service optimization

Information We Do NOT Collect

Personal Health Records: We do not store personal medical information
Payment Information: All payment processing handled by Polar.sh
Sensitive Personal Data: We do not collect sensitive personal information beyond search queries

3. How We Use Your Information

Search Results and Service Improvement

Caching Search Results: We store search results (not linked to personal identity) to avoid duplicate processing
Search History: Temporarily stored for your convenience based on subscription level:
- Pro: 7 days
- Premium: 14 days
Service Enhancement: Improve our algorithms and categorization methods

Account Management

Authentication: Google SSO for secure account access
Subscription Management: Track usage limits and subscription status
Communication: Service updates and important notices

Personalization

Language Preferences: Based on IP location
Enhanced Results: Location-relevant health information when applicable

We Do NOT Sell Your Data

We never sell, rent, or trade your personal information to third parties.

Search Engines: We query search engines with your health terms (anonymized)
Service Providers: Polar.sh for payment processing (they have their own privacy policy)
Legal Requirements: If required by law or to protect our rights

Aggregated Data

We may use anonymized, aggregated data for research and service improvement.

5. Data Storage and Security

Storage Locations

Search Results: Stored indefinitely for service efficiency (not linked to personal accounts)
User Data: Processed and stored in secure cloud infrastructure
Geographic Storage: Data may be stored in various countries where our service providers operate

Security Measures

Encryption: Data encrypted in transit and at rest
Access Controls: Limited access to personal data
Google SSO: Leverages Google’s security infrastructure
Regular Security Reviews: Ongoing security assessments

6. Your Rights and Choices

Account Control

Account Deletion: Delete your account and associated search history at any time
Data Access: Request information about data we store about you
Search History: Clear your search history through account settings

Communication Preferences

Email Communications: Opt out of non-essential communications
Service Updates: Important service notifications cannot be disabled

Browser Settings: Control cookies through browser preferences
Opt-out Options: Disable location-based features if desired

7. International Users and Data Transfers

Global Service

Worldwide Availability: Service available globally
Data Transfers: Your data may be transferred to countries with different privacy laws
Adequate Protection: We ensure appropriate safeguards for international transfers

Regional Compliance

GDPR (EU): Enhanced rights for EU users including data portability and deletion
CCPA (California): Additional privacy rights for California residents
PIPEDA (Canada): Compliance with Canadian privacy legislation

8. Children’s Privacy

Under 13

No Intentional Collection: We do not intentionally collect data from children under 13
Parental Notice: If we discover under-13 usage, we will delete the account

13-18 Years Old

Permitted Use: Minors may use the service
Parental Responsibility: We recommend parental supervision for health information searches
Educational Purpose: Service intended for educational and informational purposes

9. Data Retention

Account Data

Active Accounts: Retained while account is active
Deleted Accounts: Deleted within 30 days of account closure

Search Data

Personal Search History: Automatically deleted based on subscription level (7-14 days)
Anonymized Results: May be retained indefinitely for service improvement
Aggregated Analytics: Retained for business purposes

10. Third-Party Services

Google SSO

Authentication: Governed by Google’s Privacy Policy
Information Sharing: Minimal data shared as per Google’s standards

Polar.sh Payments

Payment Processing: Governed by Polar.sh Privacy Policy
No Payment Data Storage: We do not store payment information

Search Engines

Anonymous Queries: Health searches sent anonymously to search providers
Source Attribution: All results include links to original sources

11. Privacy Policy Updates

Change Notifications

Material Changes: Users notified via email or service announcement
Effective Date: Changes effective 30 days after posting
Continued Use: Constitutes acceptance of updated policy

12. Data Subject Rights (Legal Compliance)

For legally required privacy rights requests only (data access, deletion, or correction):

Email: support@sanao.health
Response Time: We respond within 30 days
Valid Requests Only: Limited to legal compliance requirements

Legitimate Interests

Service Provision: Necessary for providing health information search
Security: Protecting against fraud and abuse
Service Improvement: Enhancing user experience

Optional Features: Location-based enhancements (with your consent)
Communications: Marketing communications (opt-in)

Contractual Necessity

Account Services: Processing necessary for subscription services
Payment Processing: Through third-party processors

This Privacy Policy is designed to be transparent about our data practices while protecting your privacy and complying with international privacy laws.

Privacy policy