Privacy Policy

HealthClarity ("we," "us," or "our") is committed to protecting your health information and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your Protected Health Information (PHI) when you use our medical document translation mobile application (the "App"). We are committed to HIPAA compliance and maintaining the highest standards of healthcare data protection.

1Information We Collect

We collect only the minimum necessary information required to provide you with medical document translation services and maintain your account securely:

Protected Health Information (PHI)

• Medical Documents: Photos or uploads of medical documents you choose to scan and translate
• Document Text: Extracted text content from your medical documents for translation purposes
• Medical Terminology: Specific medical terms and phrases identified for translation
• Translation History: Record of documents you've translated for your personal reference

Account Information

• Email Address: Used for account creation, login, and important security notifications
• Password: Securely encrypted and stored for account authentication
• Account Preferences: Language settings, notification preferences, and accessibility options
• Security Settings: Two-factor authentication settings and device authorization

Usage Data (De-identified)

• App Usage Patterns: How you navigate the app to improve user experience (no PHI included)
• Translation Statistics: Aggregated, anonymized data about translation accuracy and usage
• Feature Usage: Which app features are used most to optimize performance
• Error Reports: Technical issues and crash reports to improve app stability

Device Information

• Device Type: iPhone model and iOS version for app compatibility and security
• App Version: Which version of HealthClarity you're using for support purposes
• Security Identifiers: Unique device identifiers for security and authentication
• Biometric Data: Face ID or Touch ID authentication data (stored locally on your device only)

2How We Use Your Information

We use your information solely to provide medical document translation services and maintain the security of your health data:

Provide Medical Document Translation Services

• AI Translation: Process medical documents using AI to translate complex terminology into plain English
• Document Storage: Securely store your translated documents for future reference
• Progress Tracking: Track your document translation history and usage
• Accessibility Features: Provide text-to-speech and visual accessibility options

Maintain Account Security and Compliance

• Authentication: Verify your identity when accessing your health information
• Audit Logs: Maintain HIPAA-required access logs for compliance and security
• Breach Detection: Monitor for unauthorized access attempts or security threats
• Data Integrity: Ensure your health information remains accurate and unaltered

Improve App Performance (Using De-identified Data Only)

• Translation Accuracy: Improve AI translation quality using anonymized, aggregated data
• Performance Optimization: Enhance app speed and reliability
• Feature Development: Develop new features based on user needs (no PHI used)
• Security Enhancements: Strengthen security measures and threat detection

Legal and Regulatory Compliance

• HIPAA Compliance: Maintain required documentation and access controls
• Security Incident Response: Respond to potential security breaches as required by law
• Regulatory Reporting: Comply with healthcare data protection regulations
• Legal Obligations: Respond to valid legal requests for information when required

3Data Security

End-to-End Encryption

• AES-256 Encryption: All PHI encrypted using military-grade AES-256 encryption standards
• Encryption at Rest: All stored documents and data encrypted when saved
• Encryption in Transit: All data transmission protected with TLS 1.3 encryption
• Key Management: Encryption keys managed through secure, HIPAA-compliant key management systems

HIPAA Compliance Measures

• Administrative Safeguards: Comprehensive policies, procedures, and staff training programs
• Physical Safeguards: Secure data centers with biometric access controls and 24/7 monitoring
• Technical Safeguards: Access controls, audit logs, and automatic session timeouts
• Business Associate Agreements: All third-party services bound by HIPAA-compliant agreements

Secure Cloud Storage

• HIPAA-Compliant Hosting: Data stored in HIPAA-compliant cloud infrastructure
• Geographic Restrictions: All data stored within the United States
• Redundant Backups: Multiple encrypted backups to prevent data loss
• Access Controls: Role-based access controls limiting who can view your data

Regular Security Audits

• Third-Party Security Audits: Annual penetration testing and security assessments
• Compliance Audits: Regular HIPAA compliance reviews and certifications
• Vulnerability Scanning: Continuous monitoring for security vulnerabilities
• Incident Response Testing: Regular drills and testing of security incident procedures

4Information Sharing

We do not sell, rent, or share your Protected Health Information with third parties for marketing purposes. Information sharing is strictly limited to the following circumstances:

No Sharing for Marketing Purposes

• Strict Prohibition: We never share PHI with advertisers, marketers, or data brokers
• No Third-Party Analytics: No PHI is shared with analytics services or tracking companies
• No Social Media Integration: PHI is never shared with social media platforms
• No Commercial Use: Your health information is never used for commercial purposes

Authorized Sharing (With Your Consent)

• Healthcare Providers: Share documents with your doctors or healthcare team if you choose
• Family Members: Share translation results with designated family members or caregivers
• Export Functions: Export your data for personal use or transfer to other health apps
• Emergency Contacts: Share critical information with emergency contacts in medical emergencies

Required Legal Disclosures

• Public Health Reporting: When required by law for public health and safety
• Law Enforcement: Only when required by valid court orders or subpoenas
• Regulatory Compliance: To health authorities for compliance investigations
• Medical Emergencies: To emergency responders when necessary to protect life

Service Providers (HIPAA-Compliant)

• Cloud Hosting: HIPAA-compliant hosting providers bound by Business Associate Agreements
• Payment Processing: Apple processes subscription payments (no PHI shared)
• Technical Support: Support staff with signed confidentiality agreements and HIPAA training
• Security Services: Cybersecurity firms for threat detection and incident response

5Your Rights

Under HIPAA and privacy laws, you have significant rights regarding your Protected Health Information:

Access Your PHI

• Complete Access: View all your stored medical documents and translations anytime
• Access Logs: Review who has accessed your information and when
• Account Activity: See all account activity and login history
• Data Download: Export all your information in a portable format

Correct Your Information

• Document Correction: Request corrections to inaccurate document translations
• Account Updates: Update your account information and preferences
• Translation Feedback: Report translation errors for correction
• Contact Information: Update email and contact preferences anytime

Restrict Use and Disclosure

• Sharing Controls: Control who can access your information
• Feature Restrictions: Disable specific app features that use your data
• Communication Preferences: Control how and when we contact you
• Data Processing Limits: Restrict certain types of data processing

Request Accounting of Disclosures

• Disclosure History: Get a detailed report of when your information was shared
• Access Logs: Review who accessed your information and for what purpose
• Breach Notifications: Immediate notification of any security incidents
• Compliance Reports: Regular reports on how your data is being protected

6Cookies and Tracking

HealthClarity uses minimal tracking technologies and does not use cookies or tracking for advertising purposes:

No Advertising Tracking

• No Ad Cookies: We do not use cookies for advertising or marketing purposes
• No Cross-Site Tracking: No tracking across other websites or apps
• No Behavioral Profiling: No creation of behavioral profiles for advertising
• No Third-Party Trackers: No third-party advertising trackers or analytics

Essential App Functionality

• Authentication Tokens: Secure tokens to keep you logged in safely
• Session Management: Session cookies for app functionality and security
• Preference Storage: Local storage of your app preferences and settings
• Security Monitoring: Basic security monitoring to detect unauthorized access

7International Users

HealthClarity is designed primarily for users in the United States and complies with US healthcare privacy laws:

• US-Based Service: All data processing and storage occurs within the United States
• HIPAA Compliance: Designed to meet US healthcare privacy standards
• International Access: International users may use the app but data remains in US
• Local Laws: International users should ensure compliance with local privacy laws

8Children's Privacy

HealthClarity takes special care to protect the privacy of minors:

• Age Requirement: App designed for users 13 and older
• Parental Consent: Users under 18 should have parental consent
• Family Accounts: Parents can manage children's health information
• Educational Use: Support for educational use with appropriate privacy protections

9Data Retention

We retain your health information only as long as necessary to provide services and comply with legal requirements:

Active Accounts

• Service Duration: Information retained while you actively use the service
• Medical Records: Documents retained as long as you want them available
• Translation History: Maintained for your ongoing reference and medical needs
• Account Data: Basic account information retained while account is active

Account Deletion

• Immediate Deletion: Personal information deleted within 30 days of account deletion
• Secure Destruction: All data securely wiped from systems and backups
• Legal Retention: Some information may be retained if required by law
• Audit Logs: De-identified audit logs may be retained for security purposes

10Contact Information

For any questions about this Privacy Policy, your rights, or our privacy practices, please contact us:

• Privacy Officer: Contact through the app's support section for privacy-related inquiries
• HIPAA Compliance: Report privacy concerns or potential breaches immediately
• Data Requests: Submit requests for data access, correction, or deletion
• Security Issues: Report security concerns or suspicious activity

This Privacy Policy was last updated in August 2024 and is effective immediately. Your privacy and the security of your health information are our highest priorities. We are committed to maintaining the trust you place in us with your sensitive medical information.