Andrometrics

Privacy Policy

Andrometrics

Last updated: [SET ON PUBLISH]

1. Who we are

Andrometrics ("Andrometrics", "we", "us", "our") is a personal biomarker-tracking tool for men on Testosterone Replacement Therapy. You can reach us about anything in this policy at [CONTACT EMAIL].

The organisation responsible for your data (the "data controller") is [LEGAL ENTITY NAME], [REGISTERED ADDRESS / JURISDICTION].

Andrometrics is an informational wellness tool. It is not a medical device, and nothing in the product is medical advice. See our Medical Disclaimer for detail.

2. What this policy covers

This policy explains what personal information we collect, why we collect it, how we use and store it, who we share it with, and the rights you have over it. It applies to your use of the Andrometrics web app and account.

3. The information we collect

We only collect what we need to run the service.

Account information

  • First name (required)
  • Email address (required)
  • Last name (optional)

Profile and health inputs you enter

  • Date of birth
  • Weight
  • Height
  • Body fat percentage (optional)
  • Your current TRT protocol details
  • Blood pressure readings you log over time

Blood-test data you upload

  • The blood-test PDF files you choose to upload
  • The biomarker values, units, and reference ranges extracted from those PDFs
  • Any personal information contained in those PDFs (for example, your name, date of birth, or other identifiers printed on the lab report)

Information created automatically

Basic account and security data needed to keep you signed in and keep your account safe.

We use only cookies and similar storage that are strictly necessary to operate the service (for example, to keep you signed in). We do not use advertising or third-party analytics tracking.

We do not ask for, and you should not upload, more sensitive identifiers than necessary (for example, government ID numbers). If a lab PDF contains identifiers you would rather not store, you can remove that file at any time (see Your rights).

4. Why we use your information, and our lawful basis

What we use it forLawful basis (UK/EU GDPR)
Creating and running your accountPerformance of our contract with you
Extracting and displaying your biomarkers, trends, ranges, and flagsPerformance of our contract with you
Processing your uploaded PDFs through Anthropic's AI to read the valuesYour explicit consent, recorded before your first upload (see §5)
Storing your health and profile data so you can track it over timeYour explicit consent, and performance of our contract
Taking payment for your subscriptionPerformance of our contract; legal obligation (tax/accounting)
Sending you essential service emails (sign-in, password reset, billing)Performance of our contract
Keeping the service secure and preventing abuseOur legitimate interests

Health data is a special category of personal data under GDPR. We process it on the basis of your explicit consent, which you give before your first upload and can withdraw at any time.

5. AI processing of your blood-test PDFs

When you upload a blood-test PDF, the file is sent to Anthropic (the company behind the Claude AI models) to read the document and extract the biomarker values, units, and reference ranges so they can be shown in your dashboard.

This processing is carried out under Anthropic's commercial API terms, which means:

  • Your uploaded files and the data extracted from them are not used to train Anthropic's AI models.
  • Anthropic retains this data only for a short period (currently up to 7 days) before deletion, except where it must be kept to comply with law or to detect misuse.

This processing only happens because you have uploaded a file and given consent. We record that consent — the version you agreed to and the date — before any PDF is processed. If this policy or our Medical Disclaimer materially changes, we will ask you to agree again. The extracted data and the original PDF are then stored in your account so you can track changes over time.

6. How your information is stored and kept secure

Your data is stored in Supabase, our hosting, database, and file-storage provider. Access to your own data is restricted to your account through row-level security, so other users cannot see it.

Your data is hosted in [SUPABASE REGION — e.g. EU / US].

We take reasonable technical and organisational measures to protect your information. No online service can be guaranteed perfectly secure, but we work to keep your data safe and to limit who can access it.

7. Who we share your information with

We do not sell your personal information, and we do not share it for advertising.

We share it only with the service providers we need to run Andrometrics, and only for that purpose:

  • Anthropic — to read your uploaded PDFs and extract biomarker values (see §5).
  • Supabase — hosting, database, authentication, and file storage.
  • Stripe — to process subscription payments. We do not store your full card details ourselves.
  • Resend — to send essential account and billing emails.

These providers act on our instructions and are bound to protect your data. We may also disclose information if required by law, or to protect the rights, safety, or property of Andrometrics or others.

8. International data transfers

Some of our providers (including Anthropic) process data in the United States, and depending on our hosting region your information may be stored outside your own country. Where personal data is transferred internationally, we rely on appropriate safeguards (such as the relevant standard contractual clauses or equivalent mechanisms recognised under UK/EU GDPR).

9. How long we keep your information

We keep your information for as long as your account is active. If you delete your account, we delete your personal data and uploaded files, except where we are required to keep limited records (for example, payment and tax records) for a period set by law.

You can delete individual uploads at any time from the upload page.

10. Your rights

Depending on where you live, you have some or all of the following rights:

  • Access — get a copy of the personal data we hold about you.
  • Export — receive your data in a portable format.
  • Correction — fix data that is wrong or incomplete.
  • Deletion — delete your account and your data.
  • Withdraw consent — withdraw the consent you gave for AI processing of your uploads, at any time. This stops future processing; it does not undo processing already carried out lawfully.
  • Object or restrict — object to or restrict certain processing.
  • Complain — lodge a complaint with your local data-protection authority (in the UK, the Information Commissioner's Office; in the EU, your national authority).

To exercise any of these, contact us at [CONTACT EMAIL]. Account deletion and data export are also available from your account settings.

11. Cookies and similar technologies

We use cookies and similar storage that are strictly necessary to operate the service — for example, to keep you signed in. We do not use non-essential or advertising cookies.

12. Children

Andrometrics is intended for adults and is not directed at anyone under 18. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

13. Changes to this policy

We may update this policy from time to time. If we make material changes, we will update the date at the top and, where appropriate, notify you or ask you to agree again before your next upload.

14. Contact

Questions about this policy or your data: [CONTACT EMAIL].

Data controller: [LEGAL ENTITY NAME], [REGISTERED ADDRESS / JURISDICTION].