Privacy Policy

Privacy Policy

Last Updated: February 22, 2026

1. Introduction

SIMILIA LTD (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and application at https://www.similia.io/.

We are the data controller for the processing of personal information described in this policy. If you have any questions about this Privacy Policy or our practices, please contact us at info@similia.io.

2. Information We Collect

Personal Information: We collect information that identifies, relates to, or could reasonably be linked with you, including:

• Email address
• Account credentials
• Display name (if provided)

Usage Data: We automatically collect information about your interactions with our application, including:

• Log and usage data (IP address, browser type, referring/exit pages)
• Device information (device type, operating system)
• Cases and repertorizations data
• Feature usage and interaction data

Device Fingerprint Data: We collect device-specific information including browser type, screen resolution, hardware specifications (such as CPU cores and device memory), timezone, and other technical identifiers. This data is used to detect unauthorized account sharing and improve security.

Voice and Audio Data: When you use our Live Audio feature, your voice recordings are transmitted to and processed by our speech-to-text service provider (Deepgram) to transcribe your spoken symptoms into text. Audio data is processed in real-time and is not retained by the service provider. We have a signed Business Associate Agreement (BAA) with Deepgram ensuring HIPAA-compliant processing with zero data retention.

AI-Processed Content: When you use our AI-powered features (such as notes analysis, image analysis, visual symptom extraction, or semantic search), your content is transmitted to and processed by third-party artificial intelligence services, including OpenAI and Google. We have signed Business Associate Agreements (BAAs) with OpenAI and Deepgram, ensuring HIPAA-compliant processing with zero data retention. This processing is necessary to provide these features.

3. Legal Basis for Processing

We process your personal data under the following legal bases:

• Consent: For certain data-processing activities, we rely on your explicit consent.
• Contractual Necessity: To perform our contractual obligations to you, including providing our services.
• Legitimate Interests: To pursue our legitimate business interests, such as improving our services and ensuring security.
• Legal Obligation: To comply with applicable laws and regulations.

4. How We Use Your Information

We use your information for the following purposes:

• To provide and maintain our services
• To personalize your experience
• To communicate with you about your account or our services
• To improve our application
• To protect against fraudulent or illegal activity
• To process payments and manage subscriptions
• To send marketing communications (with your consent)
• To provide customer support

5. Cookies and Similar Technologies

We use cookies and similar tracking technologies to track activity on our application and hold certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

We use the following cookies and tracking technologies:

• Session Cookies: We use a session cookie (__session) for authentication purposes, which expires after 14 days.
• Mixpanel: For server-side analytics and feature usage tracking to help us debug issues and improve our service. Mixpanel is processed entirely server-side (no client-side cookies or localStorage), uses pseudonymized user identifiers, and data is stored in the European Union. Tracking is only active for users who have accepted our GDPR consent. No health data or patient information is ever sent to Mixpanel.
• Google Tag Manager: For managing and deploying marketing and analytics tags.
• Sentry: For error tracking and application monitoring.
• Vercel Analytics: For performance monitoring and analytics.
• Rewardful: For affiliate and referral tracking, using a referral cookie to track referral sources.

Some of these services may record user sessions, including mouse movements, clicks, and scrolling behavior, to help us understand user experience and improve our application.

6. Data Sharing and Disclosure

We may share your information with the following categories of service providers:

Analytics and Monitoring Providers:

• Mixpanel (server-side feature usage analytics, EU-hosted)
• Google Tag Manager (tag management)
• Sentry (error tracking and monitoring)
• Vercel Analytics (performance monitoring)

AI and Machine Learning Service Providers:

• OpenAI (notes analysis, image analysis, symptom extraction — BAA signed, zero data retention)
• Google Generative AI (semantic search and embeddings)
• Deepgram (voice-to-text transcription — BAA signed, zero data retention)
• Pinecone (vector database for semantic search)

Payment Processors:

• Stripe (subscription and payment processing)

Communication and Marketing Services:

• Brevo/Sendinblue (email marketing and transactional emails)
• EmailJS (transactional emails for case sharing)
• Crisp (customer support chat)

Infrastructure and Hosting:

• Firebase (authentication and database)
• Vercel (hosting and serverless functions)
• Upstash Redis (caching)

Other Services:

• Rewardful (affiliate and referral tracking)
• Featurebase (product feedback collection)

Legal Authorities: When required by law or to protect our rights.

7. Data Retention

We will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our policies.

Your data is immediately deleted after you delete your account.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include industry-standard security measures such as:

• Data encryption
• Secure authentication procedures
• Regular security assessments

9. International Data Transfers

Your personal data may be processed outside of your jurisdiction due to our use of cloud services and third-party providers. These providers may store or process your data in the European Union, United States, or other regions where they maintain facilities.

Specifically, your data may be transferred to the United States for processing by:

• OpenAI (AI processing)
• Stripe (payment processing)
• Deepgram (voice transcription)
• Pinecone (vector search)

When transferring data internationally, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission, adequacy decisions, or other legally valid mechanisms to protect your data in compliance with GDPR requirements.

10. Your Rights

Under the GDPR and similar data-protection regulations, you have the following rights:

• Right to Access: Request a copy of your personal data.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data.
• Right to Restrict Processing: Request limitation of processing of your data.
• Right to Data Portability: Request transfer of your data in a structured format.
• Right to Object: Object to processing based on legitimate interests.
• Right to Withdraw Consent: Withdraw consent at any time.

To exercise these rights, please contact us at info@similia.io. You can also access, download, or delete your data directly through the Settings page in your user profile.

11. Children's Privacy

Our application is not intended for use by children under the age of 16. We do not knowingly collect personally identifiable information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

12. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last Updated” date. Please review this Privacy Policy periodically for any changes.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

SIMILIA LTD
71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
info@similia.io

14. Data Protection Authority

If you are located in the European Economic Area and believe we are unlawfully processing your personal information, you have the right to complain to your local data-protection supervisory authority.