Privacy Policy

We collect only what is necessary to provide and improve our services. Information is organized into three logical categories:

• Account information (Vault 1 — Identity): Your name, email address, and hashed password. This information is used solely for authentication and communication and is never combined with your health data in analytics pipelines.
• Health information (Vault 2 — Clinical): Symptoms you enter, diseases you follow, diagnoses you share, medications you mention, and Human Phenotype Ontology (HPO) terms generated from your symptom descriptions. This data is linked to your account only by an anonymous UUID — your name and email are never joined to clinical data for third-party sharing or analytics.
• Community content: Posts, replies, and stories you share in the community. Each submission records your consent tier (Tier 1 = display to members; Tier 2 = may be included in de-identified research insights). You choose your consent tier before posting.
• Usage data (Vault 3 — Analytics): Page views, search queries, and feature usage — collected in de-identified form. Individual usage data is never linked to your identity or health information for external sharing.
• Device information: Browser type and IP address, collected for security purposes and general analytics. Device information is not linked to your health data.

• Platform services: To provide diagnosis support, generate insurance appeal letters, match clinical trials, surface travel grants, and power community features.
• AI processing: Claude AI (by Anthropic) analyzes the symptoms you enter to generate diagnostic suggestions, and processes community posts (with Tier 2 consent) to extract aggregate insights. See Section 3 for full AI processing disclosures.
• De-identified analytics: Aggregate patterns (e.g., most-searched symptoms, common trial-matching criteria) are shared with pharma partners only when you have provided Tier 2 consent, and only in aggregate with a minimum group size of n≥5 to prevent re-identification.
• Communication: We send news digests, fund alerts, and trial notifications only when you opt in. You can adjust notification preferences at any time in your account settings.
• Platform improvement: Error tracking and feature usage analysis to fix bugs and improve the experience.

We never sell your personal data. We never use your data for advertising.

We use Claude AI (by Anthropic) to power the following features:

• Diagnosis Assist: Your symptoms are sent to Claude to generate a ranked list of rare diseases that may warrant further investigation.
• Insurance Appeal Letters: Denial details you provide are sent to Claude to draft a personalized appeal letter. You must review and have it approved by your healthcare provider before submitting.
• Community Insights: Community posts (Tier 2 consent only) are processed by Claude to extract anonymized entities (drug names, symptom patterns, denial types) for aggregate research insights.

Zero data retention: We have configured our Anthropic API calls with the zero-retention setting. Under this configuration, Anthropic does not log or store your prompts or responses beyond the immediate API transaction. We do not use your data to train AI models.

BAA status: We are in the process of establishing a Business Associate Agreement (BAA) with Anthropic prior to processing individually identifiable health information. Until that BAA is in place, please do not enter personally identifying health details (full name + specific diagnosis).

UniteRare was designed with a three-vault architecture to protect your health privacy by construction:

We share your data only in these limited, disclosed circumstances:

• We never sell personal data to any third party.
• De-identified research insights: Aggregate patterns from Vault 3 may be shared with pharmaceutical and academic partners, strictly with your Tier 2 consent and a minimum group size of n≥5 to prevent re-identification.
• Community content: Posts you share are visible to other UniteRare community members per your chosen consent tier.
• Infrastructure providers: Supabase (database and authentication) and Vercel (hosting) process data under data processing agreements. Neither has access to your health data in identifiable form.
• AI provider: Anthropic processes query content as described in Section 3, under zero-retention configuration. We do not share with any other AI provider.
• We do not share with advertisers.
• Law enforcement: We will disclose information only when required by valid legal process (subpoena, court order). We will notify you to the extent legally permitted.

You have the following rights regarding your personal data:

• Access: Download all of your data at any time from your account settings.
• Deletion: Delete your account and all associated data. Community posts are removed within 30 days. De-identified analytics derived from your data cannot be retroactively deleted from aggregates.
• Correction: Update your personal information in your account settings at any time.
• Consent withdrawal: Change your consent tier (Tier 1 / Tier 2) at any time without affecting your access to the platform.
• Portability: Export your data in a standard machine-readable format (JSON) on request.

California residents (CCPA): You have the right to know what personal information is collected, the right to delete it, the right to opt out of sale (we do not sell), and the right to non-discrimination for exercising these rights.

EU / UK residents (GDPR): You have the right of access, rectification, erasure, restriction of processing, data portability, and the right to object. To exercise these rights, contact privacy@uniterare.com.

Massachusetts residents (WISP): UniteRare maintains a Written Information Security Program (WISP) in compliance with M.G.L. c. 93H and 201 CMR 17.00.

To exercise any of these rights, email privacy@uniterare.com. We will respond within 30 days.

• Account data: Retained while your account is active. Deleted within 30 days of account deletion.
• Community posts: Retained while your account is active. Deleted within 30 days of account deletion.
• Diagnosis results: Session-only by default. Saved only if you explicitly choose to save a session.
• Appeal letters: Stored until you delete them from your account.
• De-identified analytics: Retained for research purposes for a maximum of 7 years, after which they are permanently deleted.

• Encryption in transit: All data is transmitted over TLS 1.3.
• Encryption at rest: All database records are encrypted using AES-256.
• Row-level security: Supabase row-level security (RLS) is enforced on all database tables, ensuring users can only access their own data.
• HIPAA-aligned controls: We implement administrative, physical, and technical safeguards consistent with HIPAA Security Rule requirements.
• Regular audits: Security audits and penetration testing are conducted on a regular basis.

No system is perfectly secure. If you discover a security vulnerability, please report it to privacy@uniterare.com.

Community participation and account creation require users to be age 13 or older. Children under 18 should use the platform with a parent or caregiver.

Children under 13 must use a parent or caregiver account. We do not knowingly collect personal data directly from children under 13. If you believe a child under 13 has created an account without parental consent, please contact us at privacy@uniterare.com and we will delete the account and associated data promptly.

We will notify you of material changes to this policy via email to your registered address. We will also update the "Last updated" date at the top of this page. Your continued use of the platform after notification constitutes acceptance of the updated policy.

For non-material changes (clarifications, formatting), we will update the page without separate email notification.

For all privacy questions, data access requests, or concerns:

• Email: privacy@uniterare.com
• Mailing address: UniteRare LLC, Westwood, MA

We will acknowledge your request within 5 business days and respond fully within 30 days.