Privacy Policy

Last updated: March 17, 2026

1. Introduction

Rapha ("we," "us," or "our") operates getrapha.com and provides AI-generated personalized nutrition plans. This Privacy Policy explains how we collect, use, and protect your information when you use our service.

By using Rapha, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Account Information

When you create an account, we collect your email address and a hashed password. We do not store plaintext passwords.

Health Profile Data

To generate personalized meal plans, we collect health information you voluntarily provide, including:

  • Age, biological sex, height, and weight
  • Medical diagnoses and health goals
  • Laboratory values (such as HbA1c, cholesterol, eGFR)
  • Current medications
  • Dietary restrictions and food preferences
  • Grocery budget preferences

This information is sensitive. We store it securely and use it only to generate your meal plans.

Generated Plans

We store the meal plans generated for you, including the plan content and a snapshot of the health profile used to generate it.

Payment Information

Payment information is processed by Stripe. We do not store credit card numbers or full payment details. We store only your Stripe customer ID and subscription status.

Usage Data

We may collect standard server logs including IP addresses, browser type, and pages visited for security and service improvement purposes.

3. How We Use Your Information

  • To generate personalized AI-powered meal plans
  • To provide, maintain, and improve our service
  • To process payments and manage your subscription
  • To send transactional emails (account verification, receipts)
  • To respond to support requests

We do not sell your personal information or health data to third parties.

4. How We Share Your Information

We share your data only with the following service providers who help us operate Rapha:

  • Supabase — Database and authentication provider. Your account and health data is stored in Supabase's infrastructure.
  • Anthropic — AI provider. Your health profile data (diagnoses, labs, medications, preferences) is sent to Anthropic's Claude API to generate your meal plan. Anthropic's data handling is governed by their privacy policy.
  • Stripe — Payment processor. Handles all payment transactions. Governed by Stripe's privacy policy.
  • Vercel — Hosting provider. Hosts the Rapha web application.

5. Data Security

We take the security of your health data seriously. We use the following measures to protect your information:

  • All data is transmitted over HTTPS/TLS
  • Database access is protected by Row Level Security (RLS) — you can only access your own data
  • Authentication is handled by Supabase Auth with bcrypt password hashing
  • API keys and secrets are never exposed to the browser

6. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Export your data

To exercise these rights, email us at privacy@getrapha.com.

7. Data Retention

We retain your account and health data for as long as your account is active. If you request account deletion, we will delete your personal data within 30 days, except where required by law.

8. Children's Privacy

Rapha is not intended for children under 13. We do not knowingly collect personal information from children under 13.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the site. Continued use of Rapha after changes constitutes acceptance of the updated policy.

10. Contact

If you have questions about this Privacy Policy, please contact us at privacy@getrapha.com.