Trust & Safety — How PANDAS Tracker Protects Your Family

Security Controls

Family data is protected with AES-256 encryption at rest, TLS 1.3 encryption in transit, Firebase Security Rules enforcing family-only data access, and least-privilege access controls. SPM Health Tech has a Business Associate Agreement (BAA) with Google Cloud (Firebase).

Privacy Controls

Caregivers control what is logged, who can view it, and how long it is retained. We do not sell data, do not share with advertisers, and minimize collection to only what is needed for the family's tracking goals. No advertising SDKs are present in the app.

Child Safety

The platform is designed for use by adult caregivers on behalf of minors. Child-facing surfaces follow age-appropriate design principles, with no advertising, no behavioral profiling of children, and no social features that expose children's data. COPPA-aligned: accounts managed by adults, not children.

Data Retention & Deletion

Families can export and delete their data at any time. Data is permanently removed from our systems within 30 days of account deletion. Before deleting, families can export their complete health history as PDF or DOCX clinical reports.

Frequently Asked Questions

Is PANDAS Tracker HIPAA compliant?

PANDAS Tracker follows HIPAA-aligned security practices with AES-256 encryption at rest, TLS 1.3 in transit, Firebase Security Rules for access control, audit logging, and a BAA with Google Cloud (Firebase).

Does PANDAS Tracker sell family health data?

No. PANDAS Tracker never sells, licenses, or shares your family's health data with any third party — no data brokers, no pharmaceutical companies, no advertisers.

How long does PANDAS Tracker retain my child's health data?

Data is retained while your account is active. You can delete your account and all associated data at any time. Data is permanently removed within 30 days of deletion.