Legal

Privacy Policy

Effective date: May 1, 2026  ·  Last updated: May 1, 2026

Ocula ("we," "us," or "our") is committed to being transparent about how we collect, use, and protect your information. This Privacy Policy explains our practices for the Ocula platform and related services (the "Service"). By using the Service, you agree to the collection and use of information as described here.

1. Information We Collect

Information you provide directly

When you create an account or use the Service, you may provide:

  • Account information — your name, email address, and password (or Google OAuth token).
  • Health and symptom data — daily check-in responses, Clinical Activity Score (CAS) assessments, GO-QOL questionnaire responses, and other self-reported symptom information.
  • Medication and appointment records — medications you track and appointment details you log.
  • Lab documents — PDF lab reports or images you upload for parsing and visualization.
  • Onboarding information — details about your diagnosis and care team that you provide during initial setup.

Information collected automatically

When you use the Service, we and our service providers may automatically collect:

  • Usage data — pages visited, features used, and actions taken within the Service.
  • Device and browser information — browser type, operating system, and IP address.
  • Log data — server logs associated with your use of the Service.

2. How We Use Your Information

We use the information we collect to:

  • Create and maintain your account and provide the Service to you.
  • Display your health history, charts, and reports within the Service.
  • Parse and analyze lab documents you upload to generate visualizations.
  • Improve and develop new features for the Service.
  • Respond to your support requests and communications.
  • Ensure the security and integrity of the Service.
  • Comply with applicable legal obligations.

We do not use your health data to serve you advertisements, and we do not sell your personal information to third parties.

3. How We Share Your Information

We share your information only in the following limited circumstances:

Service providers

We rely on trusted third-party providers to operate the Service. These providers access your information only to perform services on our behalf and are bound by confidentiality obligations:

  • Supabase — provides our database and authentication infrastructure. Your account data and health data are stored on Supabase's servers. See the Supabase Privacy Policy.
  • Google — if you choose to sign in with Google, your authentication is handled through Google OAuth. See the Google Privacy Policy.

Legal requirements

We may disclose your information if required to do so by law, legal process, or governmental authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Ocula, our users, or others.

Business transfers

If Ocula is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice on the Service before your information becomes subject to a different privacy policy.

4. Data Storage and Security

Your data is stored on Supabase's infrastructure, which uses encryption at rest and in transit (TLS). We implement reasonable administrative, technical, and physical safeguards designed to protect your information from unauthorized access, loss, or misuse.

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security. If you become aware of any security vulnerability, please contact us promptly at ariqmukul@gmail.com.

5. Data Retention

We retain your account and health data for as long as your account is active or as needed to provide the Service. You may request deletion of your account and associated data at any time by contacting us. We will fulfill deletion requests within a reasonable time, except where we are required to retain certain information by law.

6. Your Rights and Choices

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate or incomplete information.
  • Delete your account and associated data.
  • Export your data in a portable format (available via the Report feature).
  • Withdraw consent where processing is based on consent.

To exercise any of these rights, contact us at ariqmukul@gmail.com. We will respond within 30 days.

7. Health Information

The health data you enter into Ocula is sensitive. We handle it with care and do not share it with advertisers, data brokers, or any third parties not listed in this policy. Ocula is not a HIPAA-covered entity, and the Service should not be used as a substitute for care provided by a licensed healthcare professional.

8. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us and we will take steps to delete it promptly.

9. International Users

The Service is operated from the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your country.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email. Your continued use of the Service after any changes constitutes your acceptance of the revised policy.

11. Contact

If you have questions or concerns about this Privacy Policy or our data practices, please reach out to us at ariqmukul@gmail.com.