N1 Precision N1 Precision

Legal

Privacy Policy

Your privacy matters. This policy explains how N1 Precision collects, uses, and protects your data.

Effective April 2026

At a Glance

  • We collect your Google account info and the health data you enter
  • Your data is used solely to power the service — never sold or shared for marketing
  • Stored in encrypted cloud infrastructure — HIPAA safeguards in progress
  • Caregivers and clinicians see only the data categories you choose to share — biography is never visible to delegated users
  • Research registry is opt-in only — de-identified via Safe Harbor, withdraw anytime
  • You can delete your account and all data anytime from Settings
  • No tracking cookies — authentication cookies only
  • AI features use Claude (and optionally Gemini and Nova for a future multi-model research feature) — no data sold, no model training, biography and raw birth date never sent
  • Caregiver accounts only — children never interact with the service

Parent questions, plain answers

You don’t need to know what HIPAA stands for to trust an app with your child’s seizure data. Here are the questions caregivers actually ask us, in plain English. The long legal version is in the sections below if you want the details.

Is my child’s information safe here?
Yes. Everything you log is stored encrypted in a cloud database that only you can access with your login. The servers are in the U.S. and use the same kind of security a hospital system would use — even though we’re a personal tracking app, not a hospital.
Can anyone see my child’s name?
No one outside of you. Seizure logs, medications, labs — none of them are stored with your name or your child’s name. Inside our database, everything is tied to a random account number, not a person. The only places a name could appear are (a) your login profile, which only you see, and (b) the biography page, where you can write your own notes. That biography text stays in our database and is never sent to anyone or anything, including the AI — unless you turn on the optional Public Profile feature in Settings, which publishes your biography to the open internet. See the next question.
What if I turn on the public profile feature?
If you enable a public profile under Settings, a page is published at a URL you choose that anyone with the link can read. Your biography text goes on that page along with any articles you’ve marked as public. Do not put anything in the biography field — names, addresses, phone numbers, photos of your kid, school details, anything — that you don’t want on a public website. Search engines can cache a public page even if you turn public mode off later. If you just want a private journal, leave public profile OFF.
My child is in a clinical trial. Will trial data leak anywhere?
No. While a clinical trial is active, absolutely none of your data from the trial period flows to any research registry, aggregate export, or data-sharing system. We recognize well-known Dravet trial drugs automatically (Zorevunersen, Soticlestat, Clemizole, etc.) and block their data immediately. After the trial ends, we ask you one simple question: would you like to contribute your trial-period data to the N1 Precision research registry to help improve future trial designs? It’s entirely your choice, and saying no keeps trial data out forever. You never have to worry about accidentally sharing something a trial sponsor said to keep confidential.
Can my doctor see this data?
Only if you deliberately share it with them. We don’t push your data anywhere. You can print reports to bring to an appointment, and you can send a secure confirmation link if you want your neurologist to verify a diagnosis in the app — but nothing leaves your account unless you make it happen.
What does the AI see when I ask it a question?
The AI sees things like “age 12, female, Dravet syndrome, 24 kg, took these medications, had these seizures on these days.” It does not see any names, your email, your address, the exact date of birth, or anything you typed into the biography field. Those are blocked in two different places in our code so they can’t accidentally slip through. The chat feature uses Anthropic’s Claude today; a future pattern-detection feature will also send the same de-identified summary to Google Gemini and Amazon Nova to get three independent opinions — you’ll get an opt-in before that ships.
Do you sell my data?
No. Ever. We don’t run ads, we don’t sell lists, and we don’t share your data with marketers or data brokers. Not now, not later.
If I delete my account, is it really gone?
Yes. Anything identifying (your login, email, profile, biography notes) is permanently deleted right away. If you want the underlying health records fully erased too, just ask us — contact info is at the bottom of this page.
Wait — is this HIPAA compliant?
The honest answer: HIPAA technically doesn’t apply to you tracking your own child’s data in a personal app. HIPAA is a rulebook for hospitals, insurance companies, and clinicians. When you type your own information into a journaling app, those rules don’t kick in. We still follow the same safeguards HIPAA would require — encryption, access controls, audit logs — because we think your data deserves that level of protection even when the law doesn’t require it.
What about genetic info — SCN1A, mutations?
We do not store genetic data of any kind. No variants, no mutation reports, no sequencing results. That kind of information belongs in a proper genetic registry under its own rules, not in a seizure-tracking app. Please don’t enter it anywhere in the app, even in the biography field.
I still have questions. Who do I ask?
Jump to the Contact section below and email us directly. We answer personally — no ticket system, no bot.
01

Information We Collect

When you sign in with Google or email, we receive your name, email address, and a unique account identifier. We do not access your Google password. All health data you enter — including seizure logs, medications, daily events, and other records — is stored in our database and associated with your account.

Sensitive Identifying Fields

Out of all the data N1 Precision stores, only two fields on your profile are potentially identifying, and both are handled with strict rules:

  • Date of birth. We store the full date because growth-percentile calculations, age-at-onset analyses, and age-band classification need day-level accuracy. The full date never leaves our server as a raw value. When data flows to AI features, only your age in whole years is sent. When data is exported (for example, to a research registry), only your birth year is included — matching the U.S. HIPAA “Safe Harbor” de-identification standard.
  • Biography / medical history field. The biography field on your profile is free text and may contain names or other identifying details that you choose to enter. For that reason, it is never transmitted outside our database under any circumstance. It is not sent to the AI, not included in exports, not shared with caregivers or clinicians through delegated access, and not used for research. It exists solely to help you keep personal notes on the biography page.

Beyond these two fields, clinical records (seizures, medications, labs, daily events, etc.) are referenced only by a random internal account identifier — never by your name, email, phone number, address, or any other direct identifier.

02

How We Use Your Data

Your data is used solely to provide the N1 Precision service. This includes displaying your dashboard, generating charts and analytics, and storing your records so you can access them across sessions. We do not sell, rent, or share your personal data with third parties for marketing purposes.

03

Data Storage & Security

Your data is stored in a cloud-hosted MongoDB database with encryption at rest and in transit. We use industry-standard practices to protect your information, including encrypted connections (HTTPS/TLS), authentication on all API endpoints, audit logging for clinical data access, and scoped access so that each user can only view and modify their own records. N1 Precision Insights is a personal health-tracking tool and is not itself a HIPAA-covered entity, but we voluntarily apply HIPAA-equivalent administrative, technical, and physical safeguards and are establishing Business Associate Agreements with our infrastructure providers in preparation for future clinical and research use cases.

04

User-Controlled Sharing

N1 Precision gives you the ability to share certain information publicly. If you enable a public biography profile under Settings, a page is published at a URL you choose (/person/<your-username>) that anyone on the internet with that link can view. Your profile is private by default, and you can turn public mode off at any time.

Heads up: when public mode is on, your entire biography free-text field becomes visible on that public page, along with any articles you have explicitly marked as public and aggregated statistics from your logged data. Do not write anything in the biography field that you want to keep private — no names, addresses, contact info, school names, insurance details, photos that identify you, or anything else you would not want a stranger, employer, or search engine to see. Search engines may cache a public page even after you turn public mode off. See the Terms of Service Public Profiles section for the full caveat.

In the default private mode, biography text stays in our database and is never shown to anyone but you. Nothing on your account is published unless you explicitly enable public mode.

05

Delegated & Caregiver Access

N1 Precision allows you to grant caregivers and clinicians access to your (or your child’s) clinical data through the Data Sharing settings. Access is scoped: you choose exactly which data categories (seizure logs, medications, daily events, lab results, etc.) each person can see. You can revoke access at any time from Settings.

  • All delegated access is logged in an audit trail — you can see who accessed which data and when.
  • Delegated users see only the clinical data categories you have shared. The biography field is never visible to delegated users under any circumstance.
  • AI-powered features require separate consent for delegated access. Anthropic (our AI provider) does not have a Business Associate Agreement (BAA) with Veda-Tegrity LLC. When a clinician or caregiver accesses data through N1 Precision Clinical or Trials, AI features are disabled for that patient’s data unless the patient (or parent) has granted explicit AI processing consent.
  • Access can be revoked at any time from Settings > Data Sharing. Revocation takes effect immediately.
06

Clinical Trial Data

Clinical trials come with strict rules about what can and cannot be shared outside the study. If your child is enrolled in a clinical trial — for example, EMPEROR (Zorevunersen / STK-001), Soticlestat, Clemizole, or any other investigational drug — N1 Precision treats the trial period as a protected window:

  • While the trial is active, none of your data from the trial period (seizure logs, medications, lab values, daily events) flows to the N1 Precision research registry, aggregated exports, or any third-party research system. Period.
  • We recognize well-known Dravet trial drugs automatically by name and flag them for you. You can also mark any medication as a trial drug manually on the medication form.
  • After the trial ends, we ask you one question: would you like to contribute your trial-period data to the N1 Precision research registry to help improve future trial designs for the Dravet community? The data would be de-identified. Your answer is entirely your choice, and saying no keeps your trial-period data out of the registry permanently.
  • This post-trial consent is separate from these Terms of Service. It is a specific, one-time, informed decision keyed to that exact trial, and the consent language you see at the moment you decide is logged for audit.

If you change your mind later, you can update your decision from Settings. The underlying rule stays the same: active trials are always protected, ended trials flow only with your explicit permission.

07

Registry Participation

N1 Precision operates an opt-in research registry for the Dravet syndrome and broader epilepsy community. Participation is entirely voluntary — you must explicitly opt in from Settings.

  • Registry data is de-identified using the U.S. HIPAA Safe Harbor methodology: birth year only (no month or day), no names, no email, no specific genetic variant identifiers.
  • Your data is referenced by an anonymous identifier only — registry researchers cannot see your identity or link records back to your account.
  • You can withdraw from the registry at any time from Settings. Withdrawal removes your data from all future exports.
  • Even in de-identified form, rare disease data carries residual re-identification risk. See the Rare-Disease Re-identification Risk section below.
08

Rare-Disease Re-identification Risk

Ultra-rare diseases like Dravet Syndrome affect a small population worldwide. Even after de-identification, data from rare-disease patients may carry residual re-identification risk when combined with external information (publications, social media, support group activity).

We mitigate this risk through multiple technical controls:

  • Genetic variant suppression — specific variant identifiers (protein notation, cDNA, rs numbers) are stripped from all exports. Only functional phenotype classifications (e.g., “SCN1A loss-of-function”) are shared.
  • Fingerprint boundary policy — raw adaptation fingerprint vectors never leave our infrastructure. Only aggregate cluster assignments cross the boundary.
  • Minimum cell sizes — cohort queries enforce minimum group sizes to prevent singling out individual patients.

Despite these measures, we cannot guarantee zero re-identification risk. This is an inherent property of rare-disease data, not a limitation unique to N1 Precision. We encourage you to consider this when deciding whether to opt in to the research registry or enable a public profile.

09

Cookies & Authentication

We use cookies and local storage strictly for authentication and session management. We do not use tracking cookies or third-party analytics services that monitor your behavior across other websites.

10

Account Deletion & Data Retention

Your data is retained as long as your account is active. You can close your account at any time from Settings > Security. Account deletion follows a two-phase process:

Phase 1 — Immediate Deletion

Account credentials, email address, biography, profile name, and all personally identifiable information are permanently deleted immediately upon account closure. This action is irreversible.

Phase 2 — Retained 6 Years

De-identified clinical records (seizure logs, medications, daily events, lab results) are soft-deleted and retained for 6 years per healthcare records retention best practices. These records are referenced only by an anonymous identifier — your identity has been removed in Phase 1. After 6 years, retained records are permanently purged.

You can request immediate full erasure of all data (including de-identified records) by contacting hello@n1precision.com . We will comply within 30 days.

If you opted in to the research registry, your registry data follows the same deletion process — withdrawal removes your data from all future exports.

11

Third-Party Services & Vendors

N1 Precision relies on the following third-party services (subprocessors) to operate. Each vendor has its own privacy policy governing how they handle data.

Vendor Purpose Data Accessed Location
Amazon Web Services (AWS) Hosting, compute, authentication (Cognito), email (SES), storage All application data us-east-1
MongoDB Atlas Database All clinical and account data AWS us-east-1
Anthropic (Claude API) AI-powered pattern analysis and chat De-identified clinical data only (no names, no raw birthDate, no biography). Consumer users only — B2B/delegated access requires explicit AI consent. US
Upstash (Redis) Caching layer Cache keys with user IDs, no clinical data stored persistently US
12

AI Processing Boundaries

N1 Precision includes optional AI-powered analysis features. AI features use Anthropic’s Claude API. A future cross-model pattern-detection feature will also send the same de-identified summary to Google’s Gemini API and Amazon Bedrock’s Nova model in parallel. We will give you a clearly labeled opt-in before that feature ships.

BAA Status

Anthropic does not have a Business Associate Agreement (BAA) with Veda-Tegrity LLC. This means Anthropic is not bound by HIPAA obligations when processing data sent through the Claude API. We mitigate this by sending only de-identified data (see below) and by gating delegated access separately.

Consumer (Insights) Users

When you initiate an AI request, a de-identified summary is sent to Anthropic. The summary includes your age in whole years (never the full birth date), gender, diagnoses, current body weight, aggregated seizure statistics, medication names and dosages, and structured clinical notes — identified only by an anonymous internal account identifier, never by name, email, phone, or address.

The biography / medical history field is NEVER sent to any AI provider. Your full date of birth is also never sent; only your age in years. These exclusions are enforced at two layers: the code that builds the AI context never adds them, and a server-side sanitizer strips them again before anything is transmitted, as a second line of defense.

Delegated / B2B (Clinical & Trials) Users

When a caregiver or clinician accesses a patient’s data through N1 Precision Clinical or Trials, AI features require the patient’s explicit aiProcessingConsent. Without consent, AI features are completely disabled for that patient’s data. This consent is separate from the general Data Sharing grant and can be revoked at any time from Settings.

Data Retention by AI Providers

Anthropic’s data retention policy states that prompts submitted through the API are not used for model training and are deleted after processing. AI features are entirely opt-in — no data is sent to any AI provider unless you explicitly request an analysis.

All AI-generated outputs are informational only and do not constitute medical advice, diagnosis, or treatment recommendations. You should always consult your healthcare provider before making decisions based on AI-generated summaries.

13

Children's Privacy

N1 Precision is designed for use by adults (18+) only — specifically caregivers and patients who manage their own health tracking. Children do not create accounts or interact with the service directly. When a parent or guardian uses N1 Precision to track health data on behalf of a minor, the parent or guardian is the "user" and retains full control over all data entered.

We do not knowingly collect personal information directly from children under 13. If we learn that a child under 13 has created an account without parental consent, we will promptly delete that account and all associated data.

For questions regarding children's data or to exercise COPPA rights, please contact us through the information provided in the Contact section below.

14

Data Subject Rights & Minor's Data Transition

The data subject (the individual whose health data is tracked) has the right to assume control of their data upon reaching the age of majority (18). To request an account ownership transition, contact us through the application to initiate the verification and transfer process.

Parents and guardians can export all data at any time via Settings > Export. Data is available in JSON and Excel formats. You may also request complete deletion of all data at any time through the account deletion feature in Settings.

Until a transition is completed, the parent or guardian who created the account retains full control over all data and account settings.

15

Changes to This Policy

We may update this privacy policy from time to time. Any changes will be reflected on this page. Continued use of the application after changes are posted constitutes acceptance of the updated policy.

16

Contact

If you have questions about this privacy policy, children’s data, COPPA compliance, or wish to request data deletion or account transition, please contact us:

  • Privacy Officer: John Greer — hello@n1precision.com
  • Compliance Officer: Judith Greer
  • Legal entity: Veda-Tegrity LLC (Delaware)

We answer personally — no ticket system, no bot.

Review our terms of use

View Terms of Service