1. Who We Are

Stories of Endo Inc. is a 501(c)(3) nonprofit organization dedicated to supporting women with endometriosis and adenomyosis. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website, member portal, and services.

2. Information We Collect

Information you provide directly:

• Account information (name, email address, password)
• Medical profile information (diagnoses, medications, allergies, surgical history, emergency contacts)
• Your personal story submitted through Rosa or the Wall of Roses
• Payment information (processed by Stripe — we never store card numbers)
• Appointment and health tracking data you enter into the portal

Information collected automatically:

• Basic usage data (pages visited, features used) to improve the portal
• Device type and browser for technical compatibility

3. How We Use Your Information

• To provide and maintain your Endo Rose Membership and portal access
• To generate your NFC medical card and share your profile with healthcare providers (only when you present your card)
• To display your story on the Wall of Roses (only if you choose to publish it)
• To send important account and membership communications
• To improve our services and tools
• We do not sell your information to any third party, ever
• We do not use your health data for advertising purposes

4. Health Information & HIPAA

We take the protection of your health information extremely seriously. Your medical profile data is stored securely in AWS DynamoDB with encryption at rest and in transit. Access to your health data is controlled by your account credentials.

Your NFC medical card displays your health information only when physically tapped by a device — you control when and where your card is used. We do not share your health information with any party without your explicit consent.

5. Data Storage & Security

• Your data is stored on Amazon Web Services (AWS) infrastructure in the United States
• All data is encrypted in transit (HTTPS/TLS) and at rest
• Authentication is managed through Amazon Cognito with industry-standard security
• Payment processing is handled entirely by Stripe, which is PCI DSS compliant
• We perform regular security reviews of our infrastructure

6. Your Story & The Wall of Roses

Your story is yours. You choose whether to publish it to the Wall of Roses. If you publish your story:

• It will be visible to the public on the Wall of Roses
• Other users may donate to your personal fundraiser through Stripe
• You may unpublish or request deletion of your story at any time
• We will never publish your story without your explicit action to do so

7. Third-Party Services

We use the following third-party services to operate our platform:

• Stripe — payment processing. Subject to Stripe's Privacy Policy.
• Amazon Web Services (AWS) — cloud infrastructure and data storage
• Amazon Cognito — secure user authentication
• Anthropic Claude AI — powers Rosa, our AI story guide. Story data processed for generation is not stored by Anthropic for training purposes under our enterprise agreement.

8. Your Rights

• Access: You may request a copy of all data we hold about you
• Correction: You may update your information at any time through your profile
• Deletion: You may request complete deletion of your account and all associated data
• Portability: You may request your data in a portable format
• Opt-out: You may opt out of non-essential communications at any time

To exercise any of these rights, contact us at hello@storiesofendo.org

9. Children's Privacy

Our Services are intended for adults (18+). We do not knowingly collect information from children under 18. If you believe a child has provided us with personal information, please contact us immediately and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy as our services evolve. We will notify members of material changes via email at least 30 days before they take effect. Continued use of our Services constitutes acceptance.