← BACK TO TESTD

Privacy Policy

Last updated: April 2026

1. Who We Are

TESTD ("we," "us," or "our") is a personal safety and sexual health transparency platform operated by TESTD, Inc. We can be reached at privacy@testd.app.

This Privacy Policy explains how we collect, use, store, and share your information when you use testd.app and any related services (collectively, the "Service").

2. Information We Collect

Account Information

When you create an account, we collect your email address and a password (stored in hashed form). We do not collect your legal name unless you choose to add it to your profile.

Health Status Data

You may voluntarily upload STI test results or self-report a health status. This is entirely optional. Uploaded documents and status data are stored securely in our database and are only visible to you unless you explicitly choose to share them via a Share Link.

Check-In Data

When you use the Safety Check-In feature, we collect the timer duration, start time, expiry time, and the names and contact details (email or phone) of your trusted contacts. This data is used solely to send safety alerts on your behalf if a timer expires.

Proximity / BLE Data

If you enable the Nearby Broadcasting feature, your device broadcasts an anonymous, rotating identifier via Bluetooth Low Energy (BLE). We do not transmit your name, email, user ID, or any personally identifiable information via BLE. The signal contains only an anonymized health status indicator. You can disable broadcasting at any time in Settings.

Usage Data

We collect standard server logs including IP addresses, browser type, pages visited, and timestamps. This data is used for security, debugging, and improving the Service.

3. How We Use Your Information

We use your information to:

  • Provide and maintain the Service
  • Send safety alerts to your trusted contacts when a check-in timer expires
  • Display your health status to recipients of Share Links you generate
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

We do not use your health data for advertising, profiling, or any purpose beyond providing the features you explicitly use.

4. How We Share Your Information

We do not sell your personal information. We do not share it with third parties except in these limited cases:

  • Trusted Contacts: If your check-in timer expires, we send an alert to the contacts you designated. They receive your name (as you entered it) and a notification that your timer expired.
  • Share Link Recipients: When you generate a Share Link, anyone with that link can view your health status and any fields you chose to include.
  • Service Providers: We use Supabase for database and authentication, Vercel for hosting, and Resend for transactional email. These providers process data on our behalf under their own privacy and security policies.
  • Legal Requirements: We may disclose information if required by law or to protect the rights, safety, or property of TESTD or others.

5. Data Storage and Security

Your data is stored on Supabase infrastructure with encryption at rest and in transit (TLS). We use Row Level Security (RLS) policies to ensure users can only access their own data. Health documents are stored in access-controlled storage buckets.

No system is completely secure. While we take reasonable precautions, we cannot guarantee absolute security of your data.

6. Your Rights and Choices

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your account and all associated data via Settings → Danger Zone
  • Revoke any Share Links you have generated
  • Disable BLE broadcasting at any time in Settings
  • Remove trusted contacts at any time

To exercise any of these rights, contact us at privacy@testd.app.

7. Sensitive Health Information

We recognize that sexual health information is deeply personal and sensitive. We are committed to treating it with the highest level of discretion. We will never use your health data to make decisions that adversely affect you, share it without your explicit action, or retain it after you delete your account.

TESTD is not a HIPAA-covered entity as defined by the U.S. Department of Health and Human Services. We are not a healthcare provider, health plan, or healthcare clearinghouse. However, we voluntarily apply strong privacy protections to all health-related data on our platform.

8. Minors

TESTD is intended for users 18 years of age and older. We do not knowingly collect personal information from minors. If you believe a minor has created an account, please contact us at privacy@testd.app and we will delete the account.

9. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or via a notice in the app. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

10. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy, contact us at:

TESTD, Inc.
privacy@testd.app
testd.app