Privacy Policy

This Privacy Policy explains how Windows & Waves collects, uses, stores, and protects your information when you access or use our website and application (the “Service”).

We are committed to protecting your privacy and handling your information in a transparent and secure manner. The Service allows users to log and track personal data, including health-related information, and we take appropriate measures to safeguard such data.

This Privacy Policy describes the types of information we collect, how we use it, and the choices you have regarding your information.

We may collect the following categories of information:

Account Information:

Information you provide when creating or managing an account, such as your email address and authentication identifiers.

User-Generated Data:

Information you choose to input into the Service, including but not limited to symptoms, medication logs including dosage and timing, daily check-ins, wave logs, journal entries, symptom reports, and other self-tracked data.

Withdrawal Symptom Reports:

If you use the Withdrawal Symptoms A–Z or symptom reporting features, we may collect information related to your report, including the symptom reported, the medication or medication class connected to the report, your user account ID, the report timestamp, and the report context you select.

If optional fields are added in the future, we may also collect optional notes or optional survey-style information that you choose to provide. You should not submit information that you do not want stored in your account.

Usage and Device Information:

Information about how you access and use the Service, such as your IP address, device type, browser type, operating system, and interactions with the Service.

Payment Information:

If you purchase a subscription, payment information is processed by third-party payment providers such as Stripe. Windows & Waves does not store full payment card details.

Information submitted through Windows & Waves may include health-related information, including symptoms, medication use, dosage information, tapering or discontinuation information, withdrawal-related experiences, journal entries, and other self-tracked data.

You are responsible for deciding what information you choose to submit. Please do not submit information that you do not want stored, processed, or associated with your account.

Windows & Waves is intended for personal tracking, education, and self-reflection. It is not intended to provide medical care, diagnosis, treatment, emergency support, or clinical monitoring.

We may display aggregated report counts publicly, such as how many users reported a symptom for a medication, medication class, or withdrawal-related context.

Public report counts are intended to show user-submitted reports in an aggregated format. We do not intentionally display your name, email address, or individual account information with public symptom counts.

Aggregated report counts do not identify you directly and should not be interpreted as proof that a medication, taper, missed dose, dose reduction, or discontinuation caused a specific symptom.

We use your information for the following purposes:

• To provide, operate, and maintain the Service
• To process and analyze user-provided data in order to generate analytics, visualizations, report counts, and other features you request
• To operate symptom reporting features, including recording reports, preventing duplicate reports, displaying aggregated counts, and improving the accuracy and reliability of public report summaries
• To facilitate payments and manage subscriptions, including through third-party payment providers such as Stripe
• To communicate with you, including responding to inquiries and providing important updates about the Service
• To improve the performance, reliability, safety, and user experience of the Service
• To detect, prevent, or address fraudulent, abusive, duplicate, automated, or unauthorized activity
• To comply with legal obligations and enforce our Terms of Service

We do not sell your personal information.

We may share your information with trusted third-party service providers that help us operate, maintain, and improve the Service. These providers process information on our behalf and only as necessary to perform their functions. Such providers include:

Infrastructure and Hosting Providers, such as Vercel:

Used to host and deliver the Service.
Vercel Privacy Policy

Database and Authentication Providers, such as Supabase:

Used to store data and manage user accounts and authentication.
Supabase Privacy Policy

Payment Processors, such as Stripe:

Used to process subscription payments and billing.
Stripe Privacy Policy

These third-party providers are contractually obligated to protect your information and are not permitted to use it for their own purposes.

We may also disclose information if required to do so by law or in response to valid legal requests.

Windows & Waves does not currently use cookies or similar tracking technologies for advertising purposes.

We may use essential technologies necessary to operate, secure, and authenticate the Service.

We may also generate in-app analytics from information users submit directly to the Service, such as symptom logs, medication logs, wave logs, daily check-ins, and symptom reports.

If we introduce third-party cookies or analytics tools in the future, we will update this Privacy Policy accordingly.

We implement reasonable administrative, technical, and organizational measures to protect your information from unauthorized access, disclosure, alteration, or destruction.

These measures include the use of secure hosting infrastructure, encryption in transit, authentication systems, and access controls provided by trusted third-party providers.

Payment information is processed by third-party payment providers such as Stripe, and Windows & Waves does not store full payment card details.

However, no method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

We retain your information for as long as your account is active or as needed to provide the Service, comply with legal obligations, resolve disputes, prevent abuse, maintain security, and enforce our agreements.

If you choose to delete your account, we will delete your personal information from our active systems within a reasonable period, except where retention is required by law or for legitimate business purposes.

Users may be able to remove or update their own symptom reports where account features allow. Aggregated public counts may update after deletion or correction, but previously generated analytics, backups, logs, cached information, or de-identified summaries may not update immediately.

Please note that limited information may be retained in backups or logs for a short period before being permanently deleted.

You have control over your information and may exercise the following rights:

• Access and export your data
• Update or delete certain data directly within the Service
• Remove or update certain symptom reports where available
• Delete your account at any time

If you need assistance accessing, updating, or deleting your information, you may contact us at support@windowsandwavestracker.com.

Windows & Waves is not a covered entity under the Health Insurance Portability and Accountability Act (“HIPAA”) and is not intended to create or maintain protected health information as defined under HIPAA.

The Service is designed for personal use only and is not intended for use by healthcare providers or for clinical purposes.

If you choose to use the Service in a manner that involves regulated health information, you are solely responsible for ensuring compliance with any applicable laws or regulations.

The Service is not intended for individuals under the age of 18, and we do not knowingly collect personal information from individuals under 18. If we become aware that we have collected personal information from a user under 18, we will take steps to delete such information.

We may update this Privacy Policy from time to time. If we make material changes, we will update the effective date and may provide notice within the Service.

Your continued use of the Service after such changes become effective constitutes your acceptance of the updated Privacy Policy.

If you have any questions about this Privacy Policy or our data practices, please contact us at support@windowsandwavestracker.com.