Your health story is not our product.
For This One is not a healthcare provider and does not need medical records or detailed diagnoses. A short prayer occasion may nevertheless reveal health information. We use that information only to provide the private service requested, protect people and the Service, comply with law, and fulfill a product the organizer chooses. We do not sell consumer health data.
1. Scope
This Consumer Health Data Privacy Policy provides disclosures required by consumer health privacy laws, including Washington’s My Health My Data Act and similar state laws. It applies to “consumer health data,” meaning personal information that identifies or can reasonably be linked to a consumer and identifies the consumer’s past, present, or future physical or mental health status, healthcare, treatment, condition, diagnosis, disability, medication, reproductive or sexual health, or related inferences.
This notice supplements, and is separate from, our general Privacy Policy. It does not cover information exempt from an applicable consumer health privacy law.
2. Consumer health data we may collect
- A short prayer occasion or context that an organizer chooses to provide, such as surgery, illness, recovery, grief, mental-health difficulty, pregnancy, or caregiving.
- Written, voice, or photo contributions that a participant voluntarily submits and that may mention a person’s health or care.
- Recipient-approved practical-support instructions that may imply mobility, dietary, visitation, treatment, or caregiving needs.
- Communications, reports, takedown requests, and support requests that contain health-related information.
- Limited inferences inherent in operating the requested Moment—for example, treating “recovery after surgery” as a health-related occasion so it can be displayed to invited participants. We do not create advertising or eligibility profiles from it.
Do not provide medical records, clinical test results, detailed diagnoses, prescription information, insurance information, precise location at a care facility, or information the recipient did not authorize.
3. Sources
We may collect consumer health data directly from an organizer, participant, recipient, purchaser, or person contacting support. An organizer may provide information about the recipient; participants may refer to the recipient in voluntary contributions. A fulfillment or customer-service provider may return only the limited status or support information needed to complete a requested transaction.
4. Why we collect and use it
We collect and use consumer health data only as reasonably necessary to:
- Create and display the short, recipient-authorized context of a private Moment.
- Deliver approved blessings, recordings, photos, support instructions, and recipient experiences.
- Create an organizer-requested personalized artifact from approved content and permissions.
- Authenticate users, secure links, moderate content, prevent abuse, investigate safety or privacy reports, and process takedowns.
- Provide support, fulfill legal obligations, and establish or defend legal claims.
We do not use consumer health data for targeted advertising, data brokerage, unrelated profiling, or decisions about insurance, employment, credit, housing, education, healthcare, or other eligibility.
5. When and why we share it
We may share the minimum necessary consumer health data with:
- People authorized within a Moment: invited participants, the organizer, and the recipient, according to role, settings, approvals, and the private links they receive.
- Processors necessary to provide the Service: cloud hosting, database, private-storage, email or SMS delivery, security, moderation, customer-support, and media-processing providers.
- Artifact or fulfillment processors: only when an organizer requests a personalized digital or physical product and only to the extent required to produce or deliver it.
- Professional advisers and authorities: when necessary for confidential advice, compliance with valid legal process, prevention of fraud or abuse, or protection of rights and safety.
- A successor: as part of a merger, acquisition, financing, reorganization, or sale, subject to continued legal protection and notice where required.
Depending on enabled features, processor categories may include AWS or another private cloud-storage provider; Vercel or another application host; Supabase or another database provider; Resend for email; AWS SNS for requested SMS; Stripe for payments; and Prodigi, Lulu, or Goody for an organizer-requested physical artifact. These processors may receive consumer health data only when necessary for their specific service.
6. Sale
We do not sell consumer health data. If that practice ever changes, we will first provide the separate notice and obtain the valid authorization required by applicable law. We will not condition the core Service on authorization to sell consumer health data.
7. Your rights
Subject to applicable law, you may:
- Confirm whether we collect, share, or sell consumer health data concerning you.
- Access that consumer health data, including a list of third parties or affiliates with whom it was shared where required.
- Withdraw consent to future collection or sharing.
- Request deletion from our active systems and notification to processors or other required recipients.
- Appeal our refusal to act on a request.
Email support@afooga.com with the subject “Consumer Health Data Request.” Identify whether you are the recipient, organizer, participant, parent or guardian, or authorized agent. Do not include medical details, blessing text, media, or a full private link in your email. We will provide a secure verification method if more information is needed.
If we deny a request, you may appeal by replying with the subject “Privacy Appeal.” We will respond within the period required by applicable law and explain any further complaint options. You may also contact your state attorney general or another competent privacy regulator.
8. Withdrawal and deletion
Participants may delete their own contributions through available controls. Recipients may hide a Moment immediately and request takedown. Organizers may delete a Moment. A verified deletion request will be applied to active systems and communicated to processors as required. Encrypted backups may retain residual data for a limited period before automatic overwrite, unless law requires faster deletion.
Withdrawing consent does not affect processing already lawfully completed and may not retrieve an artifact already downloaded, printed, shipped, or received by another authorized person.
9. Changes and contact
We will update the effective date when this notice changes and obtain new consent when required. Questions and requests may be sent to support@afooga.com.
Last updated July 11, 2026. Return to the general Privacy Policy or read the Terms of Service.