← Back to Profile

Privacy Policy

Last updated: April 29, 2026

1. Patient Privacy (PHI)

ANTR has a strict zero-tolerance policy for Protected Health Information (PHI). Users must de-identify all cases before uploading. Any content containing faces, MRNs, names, dates of birth, exact dates of service, institutional identifiers, or any other 18 HIPAA Safe Harbor identifiers will be removed and the uploader may be suspended. We run automated PHI detection (text and image) on all uploads, but final responsibility for de-identification rests with the uploading clinician.

2. Data We Collect

We collect only what we need to operate the service:

  • Account data: email, optional display name, optional professional role and specialty.
  • User-generated content: cases (text + images + video), comments, chat messages, quiz answers.
  • Engagement data: views, likes, saves, dwell time, quiz scores — used to improve feed ranking and AI prompt quality.
  • Diagnostic data: crash reports and performance metrics, with no personally-identifying request bodies.

3. Third-Party Processors

We work with the following sub-processors. Each receives only the minimum data needed for its function:

  • Supabase (database, authentication, file storage) — receives all user data we collect and stores it under our control.
  • Cloudinary (media hosting and transformation) — receives uploaded images and video. EXIF metadata is stripped on upload.
  • OpenAI and Google AI (large-language-model providers) — receive case text and your chat messages to generate explainers, quizzes, and chat responses. Do not paste real patient data into chat.
  • Resend (transactional email) — receives your email address to deliver account-related messages.
  • PostHog (product analytics) — receives engagement events tied to your user ID. We do not enable session replay.
  • Sentry (error tracking) — receives crash reports without request bodies and with PII suppression enabled.
  • Vercel (hosting) — runs the application and sees standard request metadata (IP, user agent).

4. How We Use Your Data

We use your data exclusively for:

  • Operating the service (showing you cases, saving your work, sending account email).
  • Generating AI explainers, quizzes, and chat responses.
  • Improving feed ranking and AI prompt quality based on aggregated engagement signals.
  • Verifying professional credentials.
  • Detecting abuse, PHI violations, and Terms violations.

We do not sell your personal data. We do not use your content to train third-party models beyond what each LLM provider's standard API terms permit.

5. Account Deletion

You may delete your account at any time from Settings → Delete Account. Deletion permanently removes your profile, uploaded cases, comments, likes, saved collections, and chat history. Fully de-identified, aggregated analytics may be retained for product metrics.

6. Children

ANTR is not intended for users under 17. We do not knowingly collect data from anyone under 17. If you believe we have, contact us immediately and we will delete the account.

7. Contact

Questions about this policy: hello@antr.app.