iOnco

Privacy Policy

Last updated: March 12, 2026

We take your health data seriously

iOnco handles sensitive health information including cancer type, treatment history, and personal health outcomes. We are committed to protecting your privacy and will never sell your data to third parties. This policy explains exactly how we handle your information.

1. Information We Collect

We collect information you provide directly to us, including:

  • Name and email address — when you create an account or subscribe to our newsletter.
  • Cancer type and health information — only if you voluntarily share this when submitting a protocol or using the AI assistant.
  • Usage data — pages visited, features used, AI chat interactions (content excluded from analytics), and session duration.
  • Device and browser information — IP address, browser type, and operating system for security and performance purposes.

2. How We Use Your Information

We use the information we collect to:

  • Personalise your experience on the platform based on cancer type and treatment interests.
  • Power the AI chat assistant to provide contextually relevant information.
  • Match you with relevant practitioners in our directory.
  • Send transactional emails (account confirmation, password reset, subscription receipts).
  • Send the newsletter if you have opted in — you can unsubscribe at any time.
  • Your data is never sold to advertisers, pharmaceutical companies, or any third party.

3. Data Storage & Security

Your data is stored securely in Supabase, which provides encrypted PostgreSQL databases with row-level security. All data is transmitted over SSL/TLS. Passwords are never stored in plaintext — we use bcrypt hashing via Supabase Auth. We conduct regular security reviews and limit data access to authorised team members only. In the event of a data breach, we will notify affected users within 72 hours as required by applicable law.

4. Third-Party Services

We use the following third-party data processors to operate the platform:

Stripe

Payment processing for premium subscriptions. Stripe stores your card details under PCI-DSS compliance — we never see raw card numbers.

Supabase

Database, authentication, and file storage. Data is stored in encrypted PostgreSQL on AWS infrastructure.

Anthropic

AI chat functionality powered by Claude. Conversation content is sent to Anthropic's API. Anthropic's privacy policy applies to processed data.

5. Your Rights

You have the following rights regarding your data:

  • Delete your account — request full deletion of your account and associated data at any time.
  • Export your data — request a copy of all data we hold about you in a machine-readable format.
  • Opt out of emails — unsubscribe from marketing emails via the link in any email, or contact us directly.
  • Correct inaccurate data — update your profile information at any time from your account settings.

To exercise any of these rights, email us at privacy@ionco.co.

6. Children's Privacy

iOnco is not intended for users under the age of 18. We do not knowingly collect personal information from minors. If we become aware that a user under 18 has created an account, we will immediately delete their data. If you believe a minor has provided us with personal information, please contact us at privacy@ionco.co.

7. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will notify registered users by email and update the “Last updated” date at the top of this page. Your continued use of iOnco after changes are posted constitutes your acceptance of the revised policy.

8. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our privacy team at:

iOnco — Privacy Team

privacy@ionco.co