Privacy Policy

Authenticly is operated by SamKis Labs (“Authenticly”, “we”, “us”). For the purposes of UK and EU data protection law, we are the data controller for the personal data described here. You can reach us about privacy at privacy@authenticly.co.uk.

You do not register with your real name. When you sign up you choose an alias, and that alias is the only identity shown anywhere in the app — on your dashboard, in the community, everywhere. We do not require your legal name, and you can leave the optional “real name” field on your profile blank. If you do enter it, it is stored privately and shown only to you in your own settings; it never appears elsewhere in Authenticly.

We need an email address to create your account and to sign you in, and a payment method (handled by Stripe) if you subscribe. Apart from that, the health information you record is tied to your account, not to your real-world identity.

We collect only what the product needs to function. Specifically:

• Account data. Your email address (for sign-in and account emails), your chosen alias, your HSV type if you choose to share it, and an optional real name you can add or remove at any time.
• Daily check-ins. The information you log: symptoms and symptom severity, outbreak stages across an outbreak’s lifecycle, sleep and stress levels, medications taken or suppressive-therapy status, and any free-text notes you write.
• Outbreak records. Start and end dates, stages, and related notes you enter to track an outbreak over time.
• Optional wearable / health data. If you choose to connect a wearable or enter health metrics manually, that data (e.g. sleep) is stored to enrich your own insights. This is entirely optional and off unless you enable it.
• Community content. Posts and replies you choose to write, which appear under your alias only.
• Payment data. If you subscribe, Stripe processes your card details. We never see or store your full card number — we hold only a billing reference and your subscription status.
• Minimal technical data. Standard server logs and security data needed to operate the service and protect against abuse. Our analytics are cookieless and aggregate (see below).

We use your data to provide the service you signed up for: to show your dashboard and timeline, to track your outbreaks and patterns over time, to power the private AI insights drawn from your own history, to keep your research feed relevant, and to operate the community. We use your email to send you essential account messages (sign-in confirmation, password resets, billing notices) and, only if you opt in, product updates.

Our AI insights operate on your own anonymised history to surface correlational patterns. Personal identifiers (such as your email or real name) are not sent to any AI in a way that identifies you.

We do not sell your personal data, and we never will. We do not share it with advertisers, data brokers, or third parties for their own marketing. The only parties that process your data are the infrastructure providers below, acting on our instructions to run the service.

We understand that a charge labelled “Authenticly” or anything HSV-related on a bank statement is exactly the kind of exposure people come to us to avoid. Subscriptions are billed discreetly: your card statement shows “SLABS”. Nothing on your bank record names HSV, herpes, or Authenticly. Card processing is handled by Stripe.

We keep our supply chain deliberately small. The processors that handle your data are:

• Supabase — our database and authentication provider. It stores your account and health data, protected by row-level security so that only you can read your own records.
• Stripe — our payment processor. It handles card details and subscriptions, and is the reason your statement reads “SLABS”. We never receive your full card number.
• Vercel — our hosting provider, which also supplies the cookieless, aggregate analytics described below.

Your data is encrypted in transit (HTTPS/TLS) and at rest. Access to your health records is enforced at the database level by row-level security (RLS): each row is bound to your account, so even our own application cannot read another user’s records on their behalf. We strip framework fingerprinting, enforce strict transport security, and lock down browser features the app does not use. No system is ever perfectly secure, but privacy and security are the core of how Authenticly is built, not an afterthought.

You are in control of your data. You can:

• Access and export your data. Request a copy of the data we hold about you, in a portable format, by emailing privacy@authenticly.co.uk.
• Delete your data and account. Request deletion of your data and the closure of your account by emailing privacy@authenticly.co.uk. When you delete your account, your health records are deleted from our systems.
• Correct your data. Edit your alias, HSV type, optional real name and other profile details directly in your Profile settings at any time.
• Withdraw optional data. Disconnect a wearable or stop sharing optional health metrics whenever you like.
• Cancel your subscription. Cancel anytime from the billing portal; your data remains yours.

Depending on where you live, you may have additional statutory rights (for example, under the UK GDPR, EU GDPR, or similar laws) such as the right to object to or restrict certain processing, and the right to lodge a complaint with your data protection authority. We will respond to verified requests within the timeframe required by applicable law.

We keep cookies to the bare minimum. Authenticly uses essential authentication cookies only — the cookies that keep you signed in. We do not use advertising cookies, cross-site tracking cookies, or third-party marketing trackers. Because we use no non-essential cookies, the app does not show a cookie-consent banner.

To understand how the site is used without undermining the privacy promise, we use cookieless, privacy-friendly analytics (Vercel Web Analytics). These analytics do not set cookies, do not track you across other websites, and do not build a profile of you. They record only aggregate, anonymous usage signals (such as which pages are viewed) — never the contents of your health logs.

We keep your data for as long as your account is active. If you delete your account or ask us to erase your data, we remove your health records from our systems, retaining only what we are legally required to keep (for example, limited billing records for tax and accounting purposes).

Authenticly is intended for adults. You must be 18 or older to create an account or use the service. We do not knowingly collect data from anyone under 18; if we learn that we have, we will delete it.

We may update this policy as the product evolves. When we make material changes, we will update the effective date above and, where appropriate, notify you. Continued use of Authenticly after an update means you accept the revised policy.

Questions about your privacy, or want to exercise any of the rights above? Email us at privacy@authenticly.co.uk.