NaturaDoc AINaturaDoc AI
    ← Back to home

    Privacy Policy

    Last updated: 29 April 2026

    This Privacy Policy explains how NaturaDoc AI collects, uses, stores and protects your personal and health-related information when you use our website and services. We are committed to processing your data lawfully, transparently and securely, in accordance with the EU General Data Protection Regulation (GDPR) and the Israeli Protection of Privacy Law, 5741-1981.

    1. Who we are

    NaturaDoc AI is an informational digital service operated by Iris Berezovski, a private entrepreneur registered in the State of Israel ("we", "us", "our"). For any privacy-related question you may contact us at privacy@naturadoc.health or info@naturadoc.health.

    2. Information we collect

    We collect only the information that is strictly necessary to deliver our service: (a) your email address; (b) answers to the health questionnaire (symptoms, lifestyle, sleep, stress, habits, chronic conditions, current medications and supplements); (c) blood test results that you upload as a PDF, image or text; (d) basic demographic data such as biological sex, age and blood type; (e) payment metadata processed through our payment provider Cardcom — we never see or store your full card number or CVV; (f) technical data such as language preference, device type and anonymous analytics events.

    3. How we use your data

    Your data is used exclusively to: generate a personalised AI-based health report and nutrition plan; deliver the report to your email address; if you opt in, send daily wellness messages via our Telegram bot; restore your report on a different device; provide customer support; and continuously improve the quality and safety of the service. We do not use your data for behavioural advertising.

    4. Storage and security

    All data is stored in our managed backend (Supabase), encrypted in transit using TLS 1.3 and at rest using AES-256. Database servers are located in the European Union. Access to production data is strictly limited to authorised personnel and protected by multi-factor authentication. We perform regular security reviews and apply the principle of least privilege.

    5. Sharing with third parties

    To provide AI analysis, anonymised excerpts of your questionnaire and blood markers are sent to large-language-model providers (such as Google (Gemini)) under contractual data-processing agreements that prohibit any reuse of your data for model training. Email delivery is performed by Resend. Payments are processed by Cardcom (PCI-DSS Level 1). We never sell, rent or trade your personal data and we never share it with advertising or marketing networks.

    6. Your rights

    Subject to applicable law, you have the right to access, correct, export and delete your personal data, to restrict or object to processing, and to withdraw consent at any time. To exercise any of these rights, please email privacy@naturadoc.health from the address associated with your account. We will respond within 30 days. You also have the right to lodge a complaint with your local data-protection authority.

    7. Cookies and analytics

    We use a minimal set of strictly necessary cookies to operate the website (e.g. language preference, session) and privacy-friendly analytics to understand aggregate usage. You can disable non-essential cookies in your browser settings without losing access to the service.

    8. GDPR — lawful basis

    For users in the European Economic Area, our lawful basis for processing is your explicit consent (Article 9(2)(a) GDPR for health data) and the performance of the contract you enter into when requesting a report (Article 6(1)(b) GDPR). You may withdraw consent at any time without affecting the lawfulness of prior processing.

    9. Israeli Protection of Privacy Law

    We process personal data in accordance with the Israeli Protection of Privacy Law, 5741-1981 and its regulations, including the Protection of Privacy Regulations (Data Security), 5777-2017.

    10. Medical data

    Blood test files and extracted markers are treated as sensitive medical information. They are encrypted at rest, are never publicly accessible, and may be deleted at any moment by writing to privacy@naturadoc.health. Soft-deletion is performed immediately; cryptographic erasure of backups completes within 30 days.

    11. Children

    The service is intended exclusively for adults aged 18 or above. We do not knowingly collect data from minors. If you believe a minor has provided us with personal data, please contact us so we can delete it.

    12. Changes to this policy

    We may update this Privacy Policy from time to time. Material changes will be notified by email at least 30 days before they take effect.

    13. Contact

    For any privacy question, request or complaint, please contact: privacy@naturadoc.health (privacy matters) or info@naturadoc.health (general enquiries).