Privacy
How your data is handled
A plain summary of what Project Red stores, how it is secured, and what it is never used for.
Last updated March 2026.
What this app is
Project Red is a personal health dashboard built for one person — me. It is not a product, not a service, and not available to the public. It exists solely to track and visualise my own health data in one place.
What data is stored
This app stores blood test results imported from UVA Health lab reports, and wearable data exported from Whoop. All data is stored in a private Supabase database that is accessible only to me. No account system exists — there is no login, no user table, and no concept of multiple users.
How data is secured
All data is stored in Supabase with Row Level Security (RLS) enabled on every table. The database is not publicly readable. API keys and service credentials are stored as environment variables and are never exposed in the frontend or in the GitHub repository.
Third-party sharing
No data is shared with any third party. This app does not use advertising, analytics SDKs, tracking pixels, or any external data collection service. Vercel is used solely as a hosting provider and has no access to the health data stored in the database.
Whoop data
Whoop data is exported manually from the Whoop app as CSV files and imported into this dashboard. The integration is one-way and offline — there is no live API connection to Whoop. The data is used exclusively for personal health tracking and is never transmitted to any third party.
Data retention
Data is retained indefinitely for my own longitudinal health tracking. I can delete any record at any time directly through the database. There is no automated deletion or expiry.
This is a single-user personal health tool. No data is ever sold, shared, or used for any purpose other than personal health tracking.