Privacy Policy
Last updated: April 1, 2026
Ananta Tech & Health S.A. (“Ananta”, “we”, or “the Company”), with registered address in San José, Costa Rica, operates the AnantaMed platform. This Privacy Policy explains how we collect, use, store, and protect information when you use our services, in accordance with Law No. 8968 on the Protection of Persons Regarding the Processing of Their Personal Data of the Republic of Costa Rica and other applicable regulations.
1. Who We Are and Roles in Data Processing
Ananta acts as a data processor. We are responsible for the platform’s technical infrastructure, but we are not the data controllers for patient data.
The nutritionists and clinic administrators who subscribe to our service are the data controllersof their patients’ personal data. They define what data is collected, for what purpose, and for how long, in accordance with the applicable laws in their jurisdiction and their own privacy policy toward their patients.
By using AnantaMed to manage third-party data (patients), the nutritionist or administrator agrees to assume this responsibility.
2. Information We Collect
2.1 Account Data (nutritionists and administrators)
- Full name, email address, and password (encrypted)
- Clinic or practice name and country
- Payment reference (order number) — we do not store card data
- Brand logo and colors (if applicable per plan)
2.2 Patient Data (entered by the professional)
The platform allows professionals to enter their patients’ data, including name, email, date of birth, anthropometric measurements, clinical history (anamnesis), food plans, exercise routines, and lab results. This data is entered and controlled exclusively by the professional, not by Ananta.
2.3 Technical Usage Data
- Server logs with IP address, user agent, and timestamp
- Session data stored in signed HTTPOnly cookies
- Anonymized usage analytics (page views, feature usage) via Vercel Analytics and Microsoft Clarity
3. How We Use Information
- Provide and maintain the AnantaMed platform
- Manage your account and subscription
- Process payments through Tilopay (external processor)
- Send service-related communications (plan changes, expirations)
- Detect and prevent fraudulent or abusive activity
- Comply with legal obligations
We do not use patient data for advertising, market analysis, or any purpose other than providing the contracted service.
4. Service Providers (Sub-processors)
To operate the platform, we work exclusively with the following providers, with whom we maintain data processing agreements:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database and authentication | USA |
| Vercel | Application hosting | USA |
| Tilopay | Payment processing | Costa Rica |
| Google (Gemini AI) | Artificial intelligence features | USA |
| Vercel Analytics | Anonymized usage analytics | USA |
| Microsoft Clarity | Session recordings and heatmaps (login page only) | USA |
We do not share data with any other third parties, nor do we sell personal information under any circumstances.
5. Data Retention
- Account and clinic data is retained for 5 years from the last activity or account closure, whichever comes first.
- When a clinic is deleted, all associated data (users, patients, templates, metrics) is automatically and permanently deleted.
- Billing records are retained in accordance with applicable tax deadlines in Costa Rica.
6. Security
We implement technical and organizational measures to protect your information, including: encryption in transit (TLS), HMAC-SHA256 signed session cookies, role-based access control, login attempt limiting, and audit logging of critical events. However, no system is 100% secure; in the event of a security breach affecting your data, we will notify you in accordance with applicable regulations.
7. Data Subject Rights
In accordance with Costa Rica Law 8968, you have the right to:
- Access: know what personal data we process about you
- Rectification: correct inaccurate data
- Erasure: request deletion of your data
- Objection: object to certain processing activities
To exercise these rights, send your request to info@anantatec.com. We will respond within a maximum of 10 business days.
Note: if you are a patient of a clinic using AnantaMed, requests for deletion or correction of your data must be directed to the healthcare professional who manages it, as they are the data controller.
8. Cookies
We use technical cookies necessary for the operation of the platform (session authentication). We also use anonymized analytics tools (Vercel Analytics and Microsoft Clarity) to understand usage patterns and improve the service. These tools do not use cookies for cross-site tracking or advertising. Clarity may use a first-party cookie to identify returning visitors within our site; no personal data is collected. We do not use advertising cookies.
9. Minors
AnantaMed is a professional platform intended for nutritionists and clinic administrators over 18 years of age. If a professional treats minor patients, it is their responsibility to obtain informed consent from the parent or legal guardian before registering such data on the platform, in accordance with applicable legislation.
10. Changes to This Policy
We may update this Privacy Policy periodically. We will notify material changes via a notice on the platform or by email with at least 15 days' notice. Continued use of the service after the effective date implies acceptance of the changes.