Privacy Policy

Plain-English. The legal phrasing exists because health data deserves clear handling — not because we want to hide what we do with it.

Last updated · April 25, 2026

This policy covers Avafem, Inc. ("Avafem", "we", "our") and the website at avafem.com. It tells you what we collect, why, who we share it with, and the controls you have. If anything is unclear, privacy@avafem.com is the inbox for follow-up.

1. The data we collect

We collect three categories of data:

  • Account data. Email, life stage, skin type, timezone, alert preferences, and (if you create one) your public creator handle, display name, bio, and avatar.
  • Health-adjacent inputs you choose to share. Intake answers, daily symptom logs, cycle anchor date, skin analysis results, biometric tokens you connect (Apple Health, Oura). All optional; the marketplace works without any of it.
  • Commerce data. Orders, returns, ledger entries (Beauty Bank credits), shipping addresses, payment confirmations from our processor (we never see card numbers).

2. Things we explicitly DO NOT do

  • We do not sell your data. Ever. To anyone.
  • We do not retain photographs you submit for skin analysis. The image is processed once, the structured read is stored, the bytes are dropped from memory.
  • We do not share health-adjacent inputs with telehealth partners. Referral hand-off carries only your coarse life-stage hint and a UTM tag — never symptoms or intake answers.
  • We do not use your data to train third-party LLMs. Embeddings stay in our pgvector index.

3. How we use it

  • To run the curator: matching products to your life stage, skin type, and (if shared) symptom log.
  • To answer your chat questions: retrieving relevant passages from our clinical knowledge base.
  • To fulfil orders: passing the necessary line + address data to the merchant who actually ships.
  • To communicate: account emails, restock pre-alerts (when you have an active subscription), order updates.

4. Who we share it with

Three categories, all named:

  • Infrastructure. Vercel (hosting), Postgres (database), Redis (cache). All bound by data-processing agreements.
  • Identity + payments. Clerk (sign-in), the Violet headless commerce gateway (cart + payment).
  • AI providers. OpenAI for embeddings, Anthropic for chat + skin analysis when configured. Prompts are scoped per request and not retained for training.

We do not share with advertisers. When analytics is enabled, we use Google Analytics 4 (with IP anonymisation by default) and/or Plausible (cookieless). Both can be turned off entirely in admin settings; both honour Do-Not-Track at the page level.

5. Your controls

  • View + export: request a copy of everything we hold via privacy@avafem.com. We respond within 30 days.
  • Anonymise: flip Privacy Shield on. Curator + analytics jobs then operate on derived / aggregated traits with direct identifiers stripped.
  • Delete: email privacy@avafem.com. We tombstone your account, wipe health-adjacent fields, and retain only the financial records the IRS requires us to keep.
  • Reset intake: wipe your symptom + cycle history without deleting the account at any time from /intake.

6. Children + minors

Avafem is intended for users 13 and older. The Puberty life-stage path is gated behind parental email verification. We do not knowingly collect data from children under 13. If you believe we've received data from a child under 13, email privacy@avafem.com and we'll delete it within 7 days.

7. International users

Avafem is hosted in the United States. If you're in the EEA, UK, or Switzerland, our processing relies on Standard Contractual Clauses + Avafem's additional safeguards (encryption in transit and at rest, role-based access, anonymisation by default for analytics).

California residents: under the CCPA you have the rights to know, delete, correct, and opt-out of sale. We don't sell. Email privacy@avafem.com for the other rights.

8. Security

Encryption in transit (TLS 1.2+) and at rest (AES-256 for sensitive fields). HMAC-signed admin sessions. Rate-limited sign-in. Webhook signatures verified before any write. CSP + HSTS in production. Suspected vulnerabilities to security@avafem.com — please give us 90 days before public disclosure.

9. Changes

We'll update the "Last updated" date when this policy changes. Material changes (new data category, new third-party processor) get an email notice plus an in-product banner 30 days before they take effect.

10. Contact

Privacy questions: privacy@avafem.com. Mailing address on /contact.