Privacy Policy

Effective Date: 25/05/2025

Healing by Detox ("we," "our," "us") is committed to protecting your personal information and privacy. This Privacy Policy explains how Healing by Detox (the "Site"), owned and operated by Kas, collects, uses, discloses, and secures your information. The Site is hosted on Firebase (Google's cloud platform) and uses Firebase Authentication (Google Login) for account access. It also includes an AI-powered chatbot (provided by OpenAI). This Policy applies to all users of the Site, including those in the United States and internationally (including the EU/EEA, UK, and California). By accessing or using the Site, you consent to the practices described herein. If you do not agree, please do not use the Site.

Data Controller and Contact Information

  • Data Controller: Kas (Email: contact@healingbydetox.com)
  • Location: Based in the USA (data processed in the United States and, where applicable, by third-party processors in the United States).
  • Questions or Concerns: You may contact Kasun Perera at kasunperera@gmail.com for any privacy-related inquiries or to exercise your data rights. We will respond in accordance with applicable law (e.g. within 30 days for GDPR requests).

Information We Collect

We collect and process various types of information as described below:

  • Personal Information You Provide: When you sign in via Google Login (Firebase Authentication), we receive your email address, display name, and profile photo URL from Google. We use this information to create and manage your account and to personalize your experience. (We do not collect your Google password or any data not explicitly provided by Google for authentication.)
  • AI Chatbot Data: When you interact with the Site's AI chatbot, the text of your queries and the chatbot's responses are processed by OpenAI's servers. We (and OpenAI) temporarily store chat transcripts to maintain conversation continuity and improve service. Chat logs are retained for up to 30 days, after which they are deleted from OpenAI's systems. This allows us to provide ongoing context and troubleshooting, but we do not use chat content for training or any purpose beyond improving the Service.
  • Automatically Collected Data: We automatically collect certain technical and usage data when you visit the Site. This includes your IP address, browser type and version, operating system, device identifiers, and pages visited. We use standard web technologies (e.g. cookies, server logs, and similar tracking tools) for these purposes. For example, we use cookies to maintain your login session and may use analytics tools (such as Firebase Analytics) to understand how users engage with the Site. These tools can capture anonymized data such as your country based on IP, browser settings, and usage patterns. You can disable cookies through your browser settings, but some Site features may require cookies to function properly.

Firebase Authentication and other Firebase services process the information needed to provide the Site features. For instance, Firebase Authentication uses your email, user agent, and IP address to securely authenticate you and manage your account. According to Firebase's privacy documentation, Firebase Authentication logs IP addresses for a short period (a few weeks) and retains other account data until the associated user is deleted.

We do not collect any sensitive personal data (e.g. health data, racial/ethnic data, or medical information) unless voluntarily provided in your chat interactions. We do not process payment information, since the Site does not offer paid services. We do not collect financial or credit card data at all.

Use of Your Information

We use the information we collect for the following legitimate purposes:

  • Account Management and Authentication:To create and secure your user account, enable login via Google/Firebase, and maintain your user profile (email, name, photo). We use Firebase Authentication data to verify your identity and manage access.
  • Providing the Chatbot Service: To process your chatbot queries and generate responses using OpenAI's API. Your input and the chatbot's output are used solely to provide this interactive feature.
  • Improving the Site:To analyze usage patterns and improve the Site's functionality and content. (For example, we may analyze aggregated data on which pages or features are most popular, and we use this to enhance the user experience.)
  • Security and Abuse Prevention: To detect and prevent fraud, unauthorized access, and other malicious activity. For instance, we use IP and user-agent information to protect user accounts (per Firebase's security functions) and to guard the Site from attacks.
  • Legal Compliance and Protection of Rights: To comply with applicable laws and regulations, enforce our Terms of Use, and protect the rights, property, or safety of Healing by Detox, our users, or others.

We will never use your personal information for purposes not disclosed in this Policy without notifying you. We do not use your information for any third-party marketing, and we do not sell or rent your personal data to others under any circumstances.

Legal Basis for Processing (U.S. and International)

  • United States:There is no single U.S. federal data protection law like the GDPR. However, we comply with applicable U.S. and state privacy laws (including California's CCPA/CPRA where applicable). In the U.S., we rely on reasonable grounds such as: (a) Contractual Necessity– processing your data is necessary to provide the services you request (e.g. creating an account, using the chatbot); (b) Consent – by using Google Login and engaging with the chatbot, you consent to the described processing; and (c) Legitimate Interests– for example, securing the site, improving our services, and complying with legal obligations.
  • European Union / United Kingdom: If you are in the EU/EEA or UK, the GDPR (or UK GDPR) applies. Under these laws, we rely on one or more of the following legal bases: (a) Performance of a Contract:Providing the Site's services (account access, chatbot interaction) requires processing your personal data. (b) Consent: For any processing that requires explicit consent (for instance, if we were to use your chat data beyond service provision), we will obtain your consent. (c) Legitimate Interests: We have a legitimate interest in improving and securing the Site. We only process personal data for these purposes after considering and balancing your privacy rights. (d) Legal Obligation: If required by law (e.g. responding to a valid legal request), we will process data to comply with legal obligations.

For EU/UK users, you have the rights granted by the GDPR, including the rights to access your data and obtain information about its use, to rectify or erase your personal data, to restrict or object to processing, and to data portability. (See the "Your Rights" section below.)

Data Retention

We retain personal data only as long as necessary to fulfill the purposes outlined above, or as required by law. Specific retention periods include:

  • Account Information: We retain your profile data (email, name, photo) for as long as your account exists. If you delete your account, we will erase your personal data from our systems. According to Firebase policy, authentication data is removed within approximately 180 days after deletion of your account.
  • Chat History: AI chatbot logs (your messages and the bot's responses) are retained for 30 days.After 30 days, chat transcripts are permanently deleted from OpenAI's systems. If you manually delete chats, they are scheduled for deletion immediately.
  • Automatically Collected Data: Technical logs (IP addresses, cookies, usage logs) are stored only as long as needed for security or analytics. For example, Firebase may log your IP address for a few weeks to monitor service performance.
  • Legal Obligations:If any data must be retained for legal, tax, or regulatory reasons, we will retain it only as long as required by law and then delete it.

After the retention period expires, we will either permanently delete or irreversibly anonymize your data so that it can no longer identify you. We do not keep personal data longer than necessary.

Cookies and Tracking Technologies

We use cookies and similar technologies to improve your experience:

  • Essential Cookies: We use cookies to keep you logged in, remember your preferences, and maintain session security.
  • Analytics: We use services like Firebase Analytics to understand how visitors use the Site (pages visited, time on page, etc.). These analytics tools use cookies or identifiers (such as Firebase Installation IDs) to collect anonymous usage data. This helps us improve the Site's content and performance.
  • Managing Cookies: You can control or disable cookies through your browser settings. If you disable cookies, some Site features (like staying logged in) may not work properly.

We do not use tracking pixels or advertising cookies for third-party marketing. We do not permit third-party advertisers or social media plugins on the Site.

Disclosure of Information

We do not sell, rent, or trade your personal information. We share data only in the following limited cases:

  • Service Providers: We may share your data with trusted third-party service providers who assist us in operating the Site. Currently, this includes:
    • Firebase/Google: We use Firebase to host our Site and manage user authentication. Firebase (a Google product) processes your account information and technical data on our behalf. Firebase's data servers (including authentication servers) are located in the United States. Google's Privacy Policy (including Firebase) governs their handling of your data, but they act only on our instructions.
    • OpenAI: The AI chatbot is powered by OpenAI's API. When you use the chatbot, your inputs are sent to OpenAI's servers, which also be in the United States. OpenAI processes the chat data in accordance with its privacy terms, and our instructions. We and OpenAI retain chat content for up to 30 days to provide the service. OpenAI does not use your API data to train its models (per OpenAI's data policies).
  • Legal Requirements:We may disclose personal information if required to do so by law, or if we believe in good faith that such disclosure is necessary to protect our rights or comply with a legal process.
  • With Your Consent: If you ask us to share your data or consent to other uses not covered in this Policy, we will only do so with your explicit permission.

We do not share any personal data with advertisers, social networks, or other third parties for their own marketing use. If any future third-party integration is added, we will update this Policy accordingly.

Security of Your Data

We implement reasonable administrative, technical, and physical safeguards to protect your personal information from unauthorized access, disclosure, alteration, or destruction. For example:

  • We use encryption (HTTPS/TLS) to secure data in transit between your browser and our servers.
  • Your data (emails, chat logs, etc.) is stored on Firebase's secure servers with access controls.
  • Access to your personal data within our organization is limited to authorized personnel who need it to perform their duties.
  • We regularly review our security measures and update them as needed.

However, no system is completely secure. We cannot guarantee the absolute security of your data. You can help protect yourself by using strong passwords (for your Google account) and by not sharing your login credentials. If you suspect any security breach, please contact us immediately.

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right of Access: You can request confirmation of whether we process your personal data, and access the data we hold about you (e.g. your profile data and stored chats).
  • Right to Correction: You can request that we correct or update any inaccurate personal information we have about you (for example, if your email or profile name changes).
  • Right to Erasure ("Right to be Forgotten"): You can request that we delete your personal data. This includes deleting your user account and associated data. We will comply unless we have a lawful basis to retain certain information (e.g. for legal compliance). Note that chat histories are automatically deleted after 30 days, so you may wish to download any chat transcripts you need before that time.
  • Right to Restrict Processing: You can request that we temporarily suspend (restrict) processing of your data in certain circumstances (for example, while we verify its accuracy).
  • Right to Data Portability: You can request a copy of your personal data in a structured, commonly used, machine-readable format (e.g. JSON). This might include your profile information and chat history. We will provide it if feasible and technically possible.
  • Right to Object: You can object to our processing of your data on grounds related to your particular situation. We will cease processing unless we have compelling legitimate grounds that override your interests.
  • Right to Withdraw Consent: Where we rely on consent for processing, you may withdraw consent at any time (e.g. if you no longer wish us to store your chat history). Withdrawal of consent will not affect the legality of prior processing.
  • Right to Lodge a Complaint: If you are in the EU/EEA/UK and feel we have violated your data protection rights, you have the right to file a complaint with an EU/UK data protection authority.

California Privacy Rights (CCPA/CPRA): If you are a California resident, you have additional rights under the CCPA/CPRA. These include the right to request:

  • Disclosure: What categories and specific pieces of personal data we have collected about you, and how we use and share it.
  • Deletion: Deletion of your personal information, subject to certain exceptions.
  • Opt-Out of Sale: Although we do not sell personal information, California residents have the right to opt out of any future sale of their data.
  • Non-Discrimination: We will not discriminate against you for exercising any of these rights.

To exercise any of the above rights or for any privacy-related question, please contact us at kasunperera@gmail.com. We may require proof of identity to fulfill your request and will respond within the time frame required by applicable law (generally 30-45 days).

International Users

If you are using the Site from outside the USA, please be aware that your information will be transferred to, stored, and processed in the United States (where our servers and service providers are located). U.S. data protection laws may offer less protection than those in your country. For EU/UK users, we have implemented safeguards under GDPR (such as standard contractual clauses) to protect your data during transfer. By using the Site, you consent to any such transfer of information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. If we make material changes, we will update the Effective Date at the top and provide a notice on the Site (for example, via a banner or email notice). We encourage you to review this Policy periodically. Your continued use of the Site after any changes indicates acceptance of the new terms.

Severability

If any provision of this Privacy Policy is held to be invalid or unenforceable by a court of law, that provision will be removed or limited to the minimum necessary, and the remaining provisions will continue in full force and effect.

Contact Information

Data Controller: Kas

Email: contact@healingbydetox.com

For any privacy inquiries, requests, or concerns, please contact us at the above email address. We are committed to addressing your questions and upholding the privacy principles outlined in this Policy.

By Creating an account on Healing by detox, the Client acknowledges that

  1. he/she has received a copy of this letter agreement
  2. he/she has had an opportunity to discuss the contents with Light AI and, if desired, to have it reviewed by an attorney and
  3. the client understands, accepts and agrees to abide by the terms hereof.