Privacy

When you create a page: the author name, relationship, patient name, and short description you typed. Optionally an email address you gave us so we can send you the admin link as a backup.

When you subscribe: your email address and which page you subscribed to. That's it.

When you post an update: the body text and any photo you attach.

We don't set tracking cookies. We don't use third-party analytics. We don't fingerprint your browser. There is no advertising on this site, ever.

Server access logs (IP, user-agent, request path) are kept for 14 days for security and abuse prevention, then deleted.

Anyone with the public link to a page can read the updates posted there. Pages aren't indexed by search engines (we set noindex) but they're not secret either — treat the public link the same way you'd treat sharing a Google Doc.

Only people who have your admin link can post or edit. We can't recover a lost admin link — if you lose it, the page becomes read-only for new updates until you create a new page.

Notifications are sent through Amazon SES from [email protected]. We send: a welcome email when you subscribe, and an email each time the author posts a new update. Every email has a one-click unsubscribe link.

Photos you upload are stored on a server we run. They're served from the public page, so anyone with the page link can view them. Be thoughtful about what you share — once a photo is on the public page and people have visited, it may be cached on their devices.

Click Close the page in the admin to stop new posts and emails. To delete the page entirely (including past updates and subscribers), email [email protected] from the email tied to the page or include the admin link in your message. We'll delete it within 7 days.

The server runs in Oracle Cloud Infrastructure (us-east region, Ashburn VA). Cloudflare sits in front for HTTPS and DDoS protection.

Questions: [email protected].