1. Overview
This Privacy Policy explains how SymptomSense ("we", "us", "our"), operated from Amsterdam, Netherlands, collects, uses, and protects information when you visit symptomsense.co ("the Site").
We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and the Dutch Implementation Act (UAVG). By using our Site, you agree to the practices described in this policy.
2. Who we are
Data controller: SymptomSense
Website: https://symptomsense.co
Location: Amsterdam, Netherlands
Contact: privacy@symptomsense.co
3. Data we collect
3.1 Data you provide directly
When you use the contact form, we collect:
- Your name and email address
- Your country of residence (optional)
- The subject and content of your message
We do not require you to create an account or log in to use the symptom checker, conditions library, emergency numbers widget, or doctor finder.
3.2 Symptom checker data
When you use the symptom checker, you may enter health-related information including age, sex, symptoms, and pre-existing conditions. This data is sent directly to Groq's API (Llama 3 AI model) to generate results and is not stored by SymptomSense. We do not log, save, or associate symptom checker inputs with any individual user.
3.3 Automatically collected data
When you visit the Site, we automatically collect:
| Data type | Purpose | Collected by |
|---|---|---|
| IP address (anonymised) | Analytics, security | Google Analytics 4 |
| Browser type and version | Analytics | Google Analytics 4 |
| Pages visited, time on site | Analytics | Google Analytics 4 |
| Device type (mobile/desktop) | Analytics | Google Analytics 4 |
| Referring website | Analytics | Google Analytics 4 |
| Ad impressions and clicks | Advertising | Google AdSense |
4. How we use your data
We use collected data for the following purposes:
- To respond to your messages — contact form submissions are processed via EmailJS and delivered to our team inbox
- To understand how our site is used — Google Analytics 4 helps us improve content and user experience
- To display relevant advertising — Google AdSense shows contextual ads to support free access to the site
- To power the AI symptom checker — symptom data is transmitted to Groq's API to generate health guidance; this data is not retained
- To ensure site security — detecting and preventing abuse or malicious traffic
We do not:
- Sell your personal data to any third party
- Use your data for automated decision-making or profiling
- Share your health data with insurers, employers, or government bodies
- Send marketing emails without your explicit consent
5. Cookies & tracking
We use the following types of cookies:
| Cookie | Type | Purpose | Duration |
|---|---|---|---|
| _ga, _ga_* | Analytics | Google Analytics visitor tracking | 2 years |
| __gads, __gpi | Advertising | Google AdSense ad personalisation | 13 months |
| cookieyes-consent | Functional | Stores your cookie consent preferences | 1 year |
You can manage cookie preferences at any time using the cookie settings link in the footer. Rejecting analytics and advertising cookies will not affect your ability to use the symptom checker or any other feature.
6. Third-party services
We use the following third-party services, each with their own privacy policy:
- Google Analytics 4 — traffic analytics. Google Privacy Policy
- Google AdSense — advertising. Google Privacy Policy
- Groq / Llama 3 — AI symptom analysis. Groq Privacy Policy
- EmailJS — contact form delivery. EmailJS Privacy Policy
- OpenStreetMap / Nominatim / Overpass API — Find a Doctor map data. OSM Privacy Policy
- Vercel — website hosting. Vercel Privacy Policy
These services may process data outside the European Economic Area (EEA). Where this occurs, appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.
7. Your rights under GDPR
As a resident of the EU/EEA, you have the following rights regarding your personal data:
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — request correction of inaccurate data
- Right to erasure — request deletion of your data ("right to be forgotten")
- Right to restrict processing — request that we limit how we use your data
- Right to data portability — receive your data in a structured, machine-readable format
- Right to object — object to processing based on legitimate interests or for direct marketing
- Right to withdraw consent — withdraw consent at any time where processing is based on consent
To exercise any of these rights, contact us at privacy@symptomsense.co. We will respond within 30 days. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.
8. Data retention
We retain data for the minimum period necessary:
- Contact form messages — retained in our email inbox for up to 24 months, then deleted
- Analytics data — Google Analytics retains data for 14 months by default
- Symptom checker inputs — not retained; processed in real-time and discarded
- Cookie consent records — retained for 1 year
9. Children's privacy
SymptomSense is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal information, please contact us at privacy@symptomsense.co and we will delete it promptly.
The symptom checker may be used on behalf of a child by a parent or guardian, but children should not use it independently without adult supervision.
10. Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- HTTPS encryption on all pages (enforced by Vercel)
- No storage of sensitive health data on our servers
- API keys stored as environment variables, never exposed in client-side code
- Regular review of third-party service security practices
No method of transmission over the internet is 100% secure. We cannot guarantee absolute security but commit to notifying affected users in the event of a data breach within 72 hours of becoming aware of it, as required by GDPR Article 33.
11. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of the Site after changes constitutes acceptance of the updated policy.
12. Contact us
For any privacy-related questions, data requests, or concerns:
- Email: privacy@symptomsense.co
- General: hello@symptomsense.co
- Contact form: symptomsense.co/contact
This policy was written for symptomsense.co and reflects our actual data practices. It is not a template — it describes the real services we use. Last reviewed: June 2026.