Legal Document

Privacy Policy

Oracle is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your information.

Last Updated: March 3, 2026Version 3.1Effective: April 7, 2026

IMPORTANT: For Consumer Tier Users

The health information you provide to Oracle is your Personal Health Record (PHR), NOT Protected Health Information (PHI) under HIPAA, because Oracle is not a healthcare provider or covered entity when you use the Consumer Tier. HIPAA regulations only apply to Professional Tier users operating under a Business Associate Agreement.

1. Introduction

Welcome to Oracle ("we," "us," or "our"). This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our executive function wellness application and related services (collectively, the "Service").

By using Oracle, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, name, password (hashed), and profile preferences
  • Voice Dump Content: Audio recordings and their transcriptions when you use the Voice Dump feature
  • Assessment Responses: Your responses to executive function assessments and self-evaluations
  • Task and Goal Data: Tasks, goals, and planning information you enter
  • Mood and Wellness Data: Emotional check-ins, energy levels, and wellness indicators you report
  • Payment Information: Billing details processed securely through Stripe (we do not store full credit card numbers)

2.2 Information Collected Automatically

  • Usage Data: Features used, session duration, interaction patterns
  • Device Information: Device type, operating system, browser type
  • Log Data: IP address, access times, pages viewed
  • Cookies: See our Cookies section below

2.3 Information from AI Processing

  • Pattern Insights: Executive function patterns identified by our AI from your usage
  • Recommendations: Personalized suggestions generated based on your data
  • Theme Analysis: Themes and topics extracted from Voice Dump transcriptions

3. Health Information Classification

Personal Health Record (PHR) vs Protected Health Information (PHI)

Consumer Tier Users: The wellness information you provide to Oracle is classified as a Personal Health Record (PHR)—health information that you create, manage, and control. This is NOT Protected Health Information (PHI) under HIPAA because Oracle, in this context, is not a healthcare provider or covered entity.

Professional Tier Users: When Oracle is used through a healthcare provider or organization operating under a Business Associate Agreement (BAA), the information may be classified as PHI and is handled accordingly under HIPAA regulations.

Regardless of classification, we treat all health-related information with the highest level of care and security. We apply HIPAA-level security standards to all user data, even when not legally required to do so.

4. How We Use Your Information

4.1 To Provide the Service

  • Process and transcribe Voice Dumps
  • Generate personalized executive function insights and recommendations
  • Track your progress across executive function domains
  • Provide AI-powered pattern recognition and suggestions
  • Enable Professional Portal sharing (if you choose to use it)

4.2 To Improve Our Service

  • Analyze aggregated, de-identified usage patterns
  • Develop new features and improve existing ones
  • Conduct research with your explicit opt-in consent only

Research Data Protection

If you choose to participate in Oracle's research program, you will be presented with a separate consent screen explaining how your data will be used. All research data is fully de-identified before use—this means your name, email, voice recordings, and any other personally identifiable information are permanently removed and cannot be linked back to you. Your de-identified data helps improve Oracle for everyone while protecting your privacy. Research participation is completely optional and can be withdrawn at any time through your Privacy Settings without affecting your use of Oracle.

4.3 To Communicate With You

  • Send service-related notifications
  • Respond to your support requests
  • Provide updates about the Service (with opt-out available)

What We Do NOT Do

  • We do NOT sell your personal information
  • We do NOT share your data for third-party marketing
  • We do NOT use your data for targeted advertising
  • We do NOT share with insurance companies
  • We do NOT provide data to employers
  • We do NOT train AI models on your personal data without explicit consent, and when you do consent, your data is fully de-identified—stripped of all personally identifiable information—before any model training occurs

5. Data Security

We implement industry-leading security measures to protect your information:

AES-256 Encryption

All data encrypted at rest and in transit

SOC-2 Compliant Infrastructure

Enterprise-grade security controls

HIPAA Security Standards

Applied to all user data

Automatic Voice Deletion

Audio files deleted within 7 days

Important: No system is 100% secure. While we implement extensive security measures, we cannot guarantee absolute security, and you use Oracle at your own risk. We encourage you to use strong, unique passwords and protect your account credentials.

6. Your Privacy Rights

Your Rights Summary

Access: View all data we have about you
Export: Download your data in portable format
Correct: Update inaccurate information
Delete: Remove your account and data

Contact: privacy@eforacle.com

California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to say no to the sale of personal information (we do not sell your data)
  • Right to equal service and price (no discrimination for exercising privacy rights)

European Residents (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

  • Right to access, rectify, and erase your data
  • Right to data portability
  • Right to restrict or object to processing
  • Right to withdraw consent at any time
  • Right to lodge a complaint with a supervisory authority

7. Data Sharing and Disclosure

Service Providers

We work with trusted third-party service providers who process data on our behalf:

  • Supabase: Database hosting and authentication
  • Anthropic (Claude): AI processing for insights and recommendations
  • Stripe: Payment processing
  • Vercel: Website hosting

All service providers are contractually bound to protect your data and use it only for the purposes we specify.

Professional Portal Sharing

If you use the Professional Portal feature, you can choose to share specific reports and insights with healthcare providers, therapists, or coaches. This sharing is always:

  • Initiated and controlled by you
  • Limited to the specific information you select
  • Revocable at any time

Legal Requirements

We may disclose your information if required by law, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

8. HIPAA Compliance (Professional Tier)

When Does HIPAA Apply?

HIPAA regulations apply when Oracle is used by or on behalf of a covered entity (healthcare providers, health plans, healthcare clearinghouses) or their business associates. This typically applies to Professional Tier users who have executed a Business Associate Agreement (BAA) with Oracle.

Business Associate Agreements

Healthcare organizations using Oracle under HIPAA must execute a BAA before processing PHI. Our BAA outlines our obligations as a business associate including:

  • Use and disclosure limitations
  • Security safeguards implementation
  • Breach notification procedures
  • Audit and compliance requirements

For BAA inquiries, contact: hipaa@eforacle.com

9. Cookies and Tracking

Types of Cookies We Use

  • Essential Cookies: Required for basic functionality (authentication, security). These cannot be disabled as they are necessary for Oracle to function.
  • Functional Cookies: Remember your preferences and settings to enhance your experience.
  • Analytics Cookies: Help us understand how users interact with the Service to improve Oracle.

Cookie Consent

When you first visit Oracle, you will be presented with a cookie consent banner allowing you to accept or decline non-essential cookies. Essential cookies are always active as they are required for Oracle to function properly.

Managing Your Cookie Preferences

You can change your cookie preferences at any time by:

  • Using the cookie settings option in your account preferences
  • Clearing your browser cookies and selecting new preferences on your next visit
  • Adjusting your browser settings to block or delete cookies

Note that disabling functional or analytics cookies may affect certain features of the Service. We do not use advertising cookies or sell cookie data to third parties.

For detailed information about specific cookies we use and their purposes, please see our Cookie Policy.

10. Data Retention

  • Voice Audio Files: Automatically deleted within 7 days of processing
  • Transcriptions and Insights: Retained while your account is active
  • Account Data: Retained until you request deletion
  • After Account Deletion: All personal data deleted within 30 days, except where retention is required by law
  • Anonymized/Aggregated Data: May be retained indefinitely for research and service improvement

11. Children's Privacy

Oracle is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@eforacle.com.

Users aged 13-17 may use Oracle with parental or guardian consent. Parents/guardians can request access to, changes to, or deletion of their child's information.

12. International Users

Oracle is operated from the United States. If you access the Service from outside the U.S., please be aware that your information may be transferred to, stored, and processed in the U.S. where our servers are located and our central database is operated.

European Economic Area (EEA) Users

For transfers of personal data from the European Economic Area to the United States, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection of your data in compliance with GDPR requirements. These contractual safeguards ensure that your data receives the same level of protection when processed in the U.S. as it would in the EEA.

You may request a copy of the Standard Contractual Clauses by contacting us at privacy@eforacle.com.

By using the Service, you acknowledge that your information will be transferred to and processed in the United States, subject to the safeguards described above.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date at the top of this policy
  • Sending an email notification for material changes (if you have an account)
  • Displaying a notice within the app for significant updates

You are advised to review this Privacy Policy periodically for any changes. Your continued use of the Service after changes are posted constitutes acceptance of those changes.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

privacy@eforacle.com

Executive Function Oracle LLC

Delaware, United States

For HIPAA-related inquiries or Business Associate Agreement requests: hipaa@eforacle.com