Below is the short version of our privacy practices — written for actual people, not lawyers. A link to the full policy is at the bottom.
Minimum data at signup.
Email and a handle. That's it. No passwords to store — we use one-time codes and social login.
Health data stays in Healla.
Your ERFA ID doesn't store health information. Anything you contribute to Healla about your conditions stays inside Healla and is never surfaced across other apps.
No ads. No data sales. No packaged-food-brand sponsorships.
We don't sell or share your data with advertisers. We don't take advertising from the food brands, pharmaceutical companies, or seed oil manufacturers we exist to route around.
Built on trusted infrastructure.
Our auth layer is built on Supabase, an established and audited platform. Your credentials are handled with industry-standard security.
Your right to leave.
Export your data anytime. Delete your account and we delete your data — except what we're legally required to keep.
We'll never sell your information.
Not to food brands, not to pharma, not to anyone. This is baked into our legal structure as a Public Benefit Corporation.
Last updated: April 2026