Privacy
SymTimeline Privacy Statement
Effective July 18, 2026 · contribution policy version 1.0
SymTimeline is a free, independent personal health-observation application. It is not a healthcare provider, insurer, medical device, or HIPAA-compliant service.
Every optional contribution is disabled by default. Choosing not to participate does not limit access to SymTimeline or any core feature.
Core service and administrator boundary
SymTimeline stores the account information and health observations a user chooses to enter so it can provide timelines, exports, and reports. Standard application administrators can manage account identity, verification, access status, sessions, and security audit history. The normal administrator dashboard cannot browse observations, notes, reports, photos, or contributed health datasets. Infrastructure operators controlling the server, database, backups, or encryption keys may have technical access needed to operate and recover the service.
Five independent choices
- Custom symptoms: an opted-in new definition may submit only a normalized name, general category, generic icon, and broadly useful aliases for review. Identity and health information are excluded.
- Custom activities: an opted-in new definition may submit the same limited generic fields. Identity, difficulty, duration, recovery, after-effects, notes, and observations are excluded.
- Product usage: an allow-listed screen, workflow result, duration, device class, browser family, app version, or accessibility preference may be recorded with a daily rotating identifier. Health payloads, free text, account IDs, email, full IP addresses, and exact location are excluded.
- Report improvement: minimized, de-identified observation datapoints may be selected for an approved report-improvement purpose after separate confirmation.
- Analysis improvement: minimized, de-identified observation datapoints may be selected for approved non-causal analysis testing after separate confirmation. This does not authorize diagnosis or medical advice.
The two health-data choices default to future observations only. Existing observations are not eligible unless the user explicitly selects existing and future observations.
De-identification and minimization
Removing a user ID alone is not considered sufficient. Purpose-specific datasets exclude account and session IDs, email, names, full IP addresses, exact postal code and location, precise timestamps, files, photos, provider questions, notes, appointment descriptions, and user-entered free text. Dates become relative study days and subjects receive a new dataset-specific identifier. These measures are designed to reduce re-identification risk; SymTimeline does not claim that data is completely anonymous or impossible to reidentify.
Revocation
Turning off definition sharing stops new submissions and withdraws pending candidates. An already approved generic definition may remain without a connection to the account. Turning off health-data contribution prevents future selection immediately. Information already incorporated into a de-identified aggregate result may not be removable after the account link has been discarded.
Prohibited uses
Optional consent does not authorize selling contributed information, advertising, insurer or employer disclosure, publication of individual timelines, re-identification, training unrelated commercial systems, diagnosis, medical advice, or treatment recommendations.
Consent history and retention
Actual changes are recorded with previous/new value, policy version, source, and time. Preferences and history remain for the life of the account. Raw optional usage events are retained for 30 days. Pending/rejected/merged/archived definition candidates are retained for at most 90 days. Approved generic definitions may remain until archived. Protected backups may temporarily retain deleted live records under the backup schedule.
Security limits and questions
No internet service can guarantee absolute security. Avoid unnecessary identifying information in notes and decide whether this independent application is appropriate for the information you store. Privacy questions or requests can be sent to admin@symtimeline.com.