PII Protection

Personally Identifiable Information (PII) is any data that can identify you directly or indirectly. Arkoura collects:

Direct identifiers: full name, email, phone number, date of birth, profile photo.

Health data: conditions, allergies, medications, emergency contacts, journal entries, uploaded documents.

Technical identifiers: Firebase user ID (internal only, never exposed publicly).

Encryption at rest: AES-256 encryption for all data stored in Firestore and Google Cloud Storage.

Encryption in transit: TLS 1.3 for all data transmitted between your device and our servers.

Access controls: Firebase Authentication ensures every data read/write is validated against your authenticated user ID via Firestore security rules — no other user can access your data.

Photo storage: profile photos are stored in a private GCS bucket and accessed only via signed URLs that expire after 1 hour.

Document storage: uploaded health documents follow the same signed URL pattern — only you can generate access URLs for your files.

Document de-identification: when you or a family administrator uploads a health document for AI analysis, all PII in that document is automatically removed using Google Cloud Data Loss Prevention (DLP) before the content is sent to our AI system. Fields such as your name, date of birth, address, phone number, and medical record numbers are detected and replaced with generic labels — the AI analyzes the clinical content without ever seeing your personal identifiers.

Your QR code contains a URL with a 12-character cryptographic hash token. This token is:

Generated once at account creation using a cryptographically secure random number generator (CSPRNG).

Completely decoupled from your internal user ID — scanning your QR code never exposes your Firebase UID or any PII.

Non-sequential and non-guessable — approximately 62^12 possible values.

The only link between your QR code and your profile is a server-side lookup table inaccessible to the public.

We collect only what is necessary to provide the Arkoura service. Health data is entirely optional and user-controlled — you choose what to enter and what to share on your emergency profile.

Before any health data is used for research or platform improvement, it is fully anonymized: all direct and indirect identifiers are removed. Anonymized data cannot be traced back to any individual. You may opt out of anonymized research use by contacting privacy@arkoura.com.

Arkoura does not sell your PII to third parties. Limited data is shared with:

Twilio (SMS notifications): phone numbers for delivery only.

Resend (email delivery): email addresses for delivery only.

Google Cloud (hosting/storage): encrypted data storage.

Anthropic (AI processing): de-identified journal content for AI responses — PII is removed by Google Cloud DLP before content reaches Anthropic. Anthropic does not store or use your data for model training under our data processing agreement.