Privacy Policy

Last updated: March 2026

TotMD ("we," "us," or "our") is committed to protecting the privacy of parents and children who use our platform. This Privacy Policy describes how we collect, use, store, and protect your information when you use TotMD at totmd.health.

1. Information We Collect

When you create an account, we collect your email address, display name, and subscription status. When you create a child profile, we collect the name, age, weight, and height you provide. When you run a symptom assessment, we store the symptom description, child context, and guidance result. We do not collect photos unless you explicitly upload them for a scan.

We also collect standard usage data: browser type, device type, session timestamps, and feature usage — all to improve the product for parents.

2. How We Use Your Information

To power the symptom assessment and guidance features
To save your cases, child profiles, and growth history
To send product updates and account notifications (you may unsubscribe at any time)
To improve TotMD features and content based on aggregate, anonymized usage patterns

We never use your child's health data for advertising. We never sell your data to third parties.

3. Data Storage and Security

Your data is stored securely using Supabase, a managed database platform with industry-standard encryption at rest and in transit. All connections use HTTPS/TLS. Access to your account data is controlled by your credentials and row-level security policies.

4. Children's Privacy (COPPA)

TotMD is designed for parents and caregivers, not for use by children directly. We do not knowingly collect personal information from children under 13. The child profile information you enter (name, age, weight, height) is stored under your parent account and is not accessible to anyone except you.

5. Data Retention

Your account data is retained while your account is active. You may delete your account at any time from your Profile settings, which will permanently remove your data within 30 days. Anonymized, aggregated usage data may be retained for product analytics.

6. Third-Party Services

TotMD uses the following third-party services: Supabase (database and authentication), Stripe (payment processing for Premium subscriptions), and OpenAI (AI-powered symptom guidance). Each provider maintains their own privacy policies and data handling standards. Payment data is handled entirely by Stripe — we never store credit card information.

7. Your Rights

You have the right to access, correct, export, or delete your personal information at any time. To exercise these rights, contact us at privacy@totmd.health. We will respond within 30 days.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notice. Continued use of TotMD after any change constitutes acceptance of the updated policy.

9. Contact

Questions about this policy? Reach us at privacy@totmd.health or through our support page at totmd.health/support.