poem.health — Operated by One World One Health LLC
Effective Date: April 3, 2026
1. Overview
One World One Health LLC ("Company," "we," "us," or "our") operates the poem.health website and application (the "Service"). We are committed to protecting your privacy and providing transparency about how we collect, use, and share your information.
This Privacy Policy explains our data practices for both our free tier and premium subscription ($9.99/month) services. Please read this policy carefully. By accessing or using poem.health, you consent to the practices described here.
Important: poem.health is a health education and navigation tool, not a healthcare provider. We are not a HIPAA-covered entity. While our Service may help you navigate health information, conversations you have with our AI may contain health-related topics but are not classified as Protected Health Information (PHI) under HIPAA.
Do not share highly sensitive personal health information with our Service, including Social Security numbers, insurance policy numbers, or other confidential medical records.
2. Information We Collect
2.1 Information You Provide Directly
Account Information: Email address and hashed password (bcrypt encryption) when you create an account.
Payment Information: Billing address and payment method (credit/debit card) when you subscribe to our premium tier. Payment processing is handled entirely by Stripe, our PCI DSS-compliant payment processor. We never see, store, or have access to your full credit card numbers.
2.2 Information Collected Automatically
Conversation History (Premium Users Only): For premium subscribers, we store your conversation history, including your messages and AI-generated responses about health topics, in our Vercel Postgres database. Free tier conversations are stored locally on your device only and are not transmitted to our servers.
Device & Browser Information: Device type, operating system, browser type and version, IP address, and pages visited.
Performance Metrics: Page load times, web vitals, and other performance data through Vercel Analytics.
2.3 Information from Third Parties
Meta Pixel (Facebook Pixel): Meta Pixel (ID: 219389339672008) collects browsing behavior, IP address, device information, pages visited, and custom events (such as conversation start events and conversation depth) for Facebook advertising purposes. This data is sent to Meta/Facebook for targeted advertising and analytics.
Google Analytics: Collects anonymous page views, session duration, device/browser information, and geographic region.
2.4 Rate Limiting Data
Your IP address is held temporarily in-memory for rate limiting purposes (10 requests/minute for free users, 20 requests/minute for premium users). This data is not persisted to disk and is automatically discarded.
2.5 Local Storage & Cookies
Browser Storage: Free tier conversation history is stored in your browser's localStorage. We do not access or transmit this data to our servers.
JWT Tokens: Session authentication tokens (NextAuth.js) are stored in your browser for authentication purposes.
Cookies: We use cookies for essential functionality (session management), analytics (Google Analytics, Vercel), and advertising (Meta Pixel). See Section 12 for details.
Data Type
Collection Method
Storage Location
Retained By
Email, Password
User-provided
Vercel Postgres
poem.health
Conversation History (Premium)
Automatic (premium users)
Vercel Postgres
poem.health
Conversation History (Free)
Automatic (client-side)
Browser localStorage
User only (not sent to our servers)
Payment Info
User-provided
Stripe (PCI DSS compliant)
Stripe only
Meta Pixel Data
Automatic tracking
Meta/Facebook
Meta/Facebook
Google Analytics
Automatic tracking
Google
Google
3. How We Use Your Information
We use the information we collect for the following purposes:
Service Delivery: Creating and maintaining your account, processing payments, storing conversation history (premium users), and providing customer support.
AI Improvement: Using conversations and interactions to improve the accuracy, quality, and relevance of our AI responses. Conversations are not shared with third parties beyond what is explicitly described in this policy.
Analytics & Optimization: Understanding how users interact with poem.health to improve user experience, performance, and features.
Marketing & Advertising: Displaying targeted advertisements through Meta Pixel and conducting marketing campaigns (subject to your consent and opt-out rights).
Legal Compliance: Complying with applicable laws, regulations, and legal processes.
Fraud Prevention: Detecting, preventing, and addressing fraud, abuse, and security incidents.
4. How We Share Your Information
We do not sell your personal information. However, we share information with third parties as follows:
4.1 Service Providers
Vercel: Hosting platform and database provider. Processes account information and premium user conversation history.
Stripe: Payment processor. Handles all payment card information (we never see full card numbers).
Anthropic (Claude API): Conversation and messaging content are sent to Anthropic's servers for AI processing. Anthropic's privacy policy governs how your conversation data is handled by them.
4.2 Analytics & Advertising
Google Analytics: We share anonymous usage data with Google for analytics purposes.
Meta/Facebook (Meta Pixel): We share browsing behavior, device information, IP address, pages visited, and custom events with Meta/Facebook for advertising and audience analytics purposes.
4.3 Legal Requirements
We may disclose information when required by law, such as in response to a court order, subpoena, or other legal process, or when we believe in good faith that disclosure is necessary to protect the rights, property, or safety of poem.health, our users, or the public.
4.4 Business Transfers
If One World One Health LLC is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will provide notice of such changes and any choices you may have regarding your data.
Important: When your conversations are sent to Anthropic (Claude API) for AI processing, Anthropic may use that data in accordance with their privacy policy, including for improving their services. Review Anthropic's privacy practices for details.
5. Data Retention
Account Information: Email address and hashed password are retained for as long as your account is active. We delete account data within 30 days of account termination or your request for deletion.
Conversation History (Premium): Premium users' conversation history is retained in our database until you delete individual conversations, delete your account, or request deletion. Deleted conversations are removed within 30 days.
Conversation History (Free): Free tier conversations are stored only in your browser's localStorage and are not retained on our servers. We do not access or retain this data.
Payment Information: Stripe retains payment information in accordance with their retention policies. We do not retain full card numbers.
Analytics Data: Google Analytics and Vercel Analytics data is retained according to their respective policies (typically 26 months for Google Analytics by default).
Rate Limiting Data: IP addresses for rate limiting are held in memory only and discarded immediately.
Cookies: See Section 12 for cookie retention policies.
0
6. Your Rights & Choices
6.1 General Rights (All Users)
You have the right to:
Access Your Data: Request a copy of the personal information we hold about you.
Correct Your Data: Request corrections to inaccurate or incomplete information.
Delete Your Data: Request deletion of your account and associated data (see our data retention policy above for timelines).
Data Portability: Request your data in a portable format (email address, account information, and if applicable, conversation history).
Opt-Out of Marketing: Unsubscribe from marketing emails by clicking the unsubscribe link in any email or contacting us.
Opt-Out of Analytics: You can opt out of Google Analytics by installing the Google Analytics opt-out browser extension.
Opt-Out of Advertising Tracking: You can opt out of Meta Pixel tracking through your Meta account settings or by adjusting your browser privacy settings.
6.2 Cookie & Tracking Choices
You can control cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when a cookie is being sent. However, blocking essential cookies may impair functionality of the Service.
6.3 How to Exercise Your Rights
To exercise any of these rights, please contact us at the email address listed in Section 14. We will respond to your request within 30 days (or as required by applicable law).
7. GDPR (European Users)
If you are located in the European Union, European Economic Area, or United Kingdom, the General Data Protection Regulation (GDPR) applies to our processing of your personal data.
7.1 Legal Basis for Processing
We process your personal information on the following legal bases:
Consent: We process data based on your explicit consent for marketing, advertising (Meta Pixel), and non-essential analytics.
Contract Performance: We process data necessary to provide the Service, fulfill your account requests, and process payments.
Legitimate Interest: We process data for fraud prevention, security, and improving the Service.
7.2 Your GDPR Rights
You have the following rights under GDPR:
Right of Access: Obtain a copy of your personal data.
Right to Rectification: Correct inaccurate or incomplete data.
Right to Erasure ("Right to Be Forgotten"): Request deletion of your data, subject to legal obligations.
Right to Restrict Processing: Limit how we process your data.
0
Right to Data Portability: Receive your data in a structured, commonly used format.
Right to Object: Object to marketing, advertising, and certain processing activities.
Right to Lodge a Complaint: File a complaint with your local data protection authority.
7.3 Data Transfers
Our servers and service providers (Vercel, Stripe, Google, Meta) may be located outside the EU/EEA, primarily in the United States. We rely on appropriate data transfer mechanisms, including Standard Contractual Clauses (SCCs) and adequacy decisions, to protect your data in accordance with GDPR requirements. By using poem.health, you consent to the transfer of your data to countries outside the EU/EEA.
7.4 Data Protection Officer
As a small organization, we are not required to appoint a Data Protection Officer (DPO). For GDPR-related inquiries, contact our privacy team at privacy@poem.health.
8. CCPA (California Residents)
If you are a California resident, the California Consumer Privacy Act (CCPA) grants you specific rights regarding your personal information.
8.1 Categories of Personal Information We Collect
We collect the following categories of personal information:
Identifiers (email address, IP address)
Commercial information (payment and billing information)
Geolocation data (geographic region based on IP address)
Professional/employment information (if shared in conversations)
Health information (if shared in conversations)
3
8.2 Your CCPA Rights
You have the following rights under CCPA:
Right to Know: Request what personal information we have collected and how we use it.
Right to Delete: Request deletion of personal information we have collected from you (with limited exceptions for legal compliance and service delivery).
Right to Opt-Out of Sale: Opt out of the "sale" of personal information. Note: We do NOT sell personal information to third parties.
Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights by denying services, charging different prices, or providing different quality of service.
8.3 How to Exercise Your Rights
To exercise CCPA rights, submit a verifiable consumer request by emailing privacy@poem.health. We will respond within 45 days (extendable by 45 days for complex requests). You may authorize an agent to submit requests on your behalf with proper authorization documentation.
8.4 Do Not Sell My Personal Information
poem.health does not sell personal information as defined by CCPA. However, if you wish to opt out of targeted advertising or any data sharing, contact privacy@poem.health.
9. Data Security
We implement industry-standard security measures to protect your personal information, including:
Encryption: Passwords are hashed using bcrypt. Data in transit is protected using HTTPS/TLS encryption.
Access Controls: Access to personal data is restricted to authorized personnel only.
Third-Party Security: Our service providers (Vercel, Stripe) implement their own security measures. Stripe is PCI DSS Level 1 compliant for payment card handling.
While we strive to protect your information, no system is completely secure. We cannot guarantee absolute security of your personal information. You are responsible for maintaining the confidentiality of your account credentials.
10. Children Under 18
poem.health is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will delete that information and terminate the child's account. If you believe we have collected information from a child under 18, please contact us immediately at privacy@poem.health.
11. Third-Party Services & Links
poem.health may contain links to third-party websites and services, including:
Anthropic (Claude API)
Vercel (hosting)
Stripe (payments)
Google (analytics)
Meta/Facebook (advertising)
We are not responsible for the privacy practices of third-party services. Please review their privacy policies directly. We encourage you to read the privacy policies of any third-party service before providing your information.
poem.health uses cookies and similar tracking technologies to enhance your experience and understand how you use the Service.
12.1 Types of Cookies
Cookie Type
Purpose
Essential?
Provider
Session Cookies (NextAuth.js)
Authentication and account management
Yes
poem.health
Google Analytics
Anonymous usage analytics
No
Google
Vercel Analytics
Performance metrics and web vitals
No
Vercel
Meta Pixel
Advertising and behavioral tracking
No
Meta/Facebook
12.2 Cookie Consent
poem.health implements a cookie consent banner. When you first visit, non-essential cookies require your consent before activation. You can always update your cookie preferences in your account settings or by clearing cookies from your browser.
12.3 Opting Out
You can control cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when a cookie is being sent. However, refusing essential cookies may limit the functionality of the Service.
13. California Do Not Track (DNT) Signal
Some browsers include a "Do Not Track" (DNT) feature. We honor valid DNT signals sent by your browser by disabling Meta Pixel and Vercel Analytics tracking when we detect a DNT signal. However, some third-party services may not honor DNT signals. For more information about DNT, visit allaboutdnt.com.
14. Contact Us
If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about our privacy practices, please contact us:
One World One Health LLC
Privacy Contact: privacy@poem.health
Mailing Address:
One World One Health LLC
3000 Village Run Rd #103-176
Wexford, PA 15090
We will respond to your inquiry within 30 days (or as required by applicable law). If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority or relevant regulatory agency.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by updating the "Effective Date" at the top of this policy and posting the updated policy on poem.health. Your continued use of the Service after changes indicates your acceptance of the updated Privacy Policy.
This Privacy Policy was last updated on April 3, 2026.