1. Data Collection Overview
We believe in complete transparency about how we handle your health information.
2. Detailed Data Handling
| Data Type | Collection | Sharing | Purpose | Required |
|---|---|---|---|---|
| Health Information Vitals, medical history, conditions |
✅ Collected | ❌ Not Shared | App functionality, Medical records | Required |
| Personal Information Name, email, user ID |
✅ Collected | ❌ Not Shared | Account management, App functionality | Required |
| App Interactions AI prompts |
✅ Collected | ✅ Anonymized data shared with DeepSeek API | App functionality (AI health assistant) | Optional |
| Financial Information Payment data (if applicable) |
✅ Collected | ✅ Shared with Stripe | App functionality, Payment processing | Optional |
| Device Information Crash logs, diagnostics |
✅ Collected | ❌ Not Shared | Analytics, App functionality | Required |
3. Third-Party Data Sharing
We work with trusted partners to provide specific services:
📡🗄️ Fly.io (Primary Infrastructure)
Data Shared: Encrypted health data, user accounts, medical records
Purpose: Secure application hosting and managed PostgreSQL database services
Privacy: End-to-end encrypted storage and processing
📡 Heroku (Backup Infrastructure)
Purpose: Secure application hosting for redundancy
Data Shared: Encrypted health data, user accounts, medical records (used only during failover)
Privacy: End-to-end encrypted storage and processing
🗄️ MongoDB (Backup Database)
Data Shared: Encrypted health data, user accounts, medical records (backup only)
Purpose: Redundant database storage for continuity and disaster recovery
Privacy: End-to-end encrypted storage and processing
📁 AWS S3 (File Storage)
Data Shared: Medical documents, images, PDFs, and other file attachments
Purpose: Secure and scalable object storage for healthcare files
Privacy: Encrypted file storage with strict access controls
📚 WordPress (Epistatearch Journal)
Data Shared: Anonymized research preprints, case reports, clinical studies
Purpose: Academic publishing and knowledge dissemination
Privacy: All patient identifiers removed. Published content undergoes rigorous de-identification following research ethics standards.
🤖 DeepSeek (External API)
Data Shared: Anonymized chat content (ephemeral processing only)
Purpose: Lightweight AI-powered insights and conversational assistance
Privacy: All identifiable information is removed before transmission. Data is processed in real time and is not stored by DeepSeek.
💳 Stripe
Data Shared: Payment information (if applicable)
Purpose: Secure payment processing
Privacy: PCI DSS compliant payment handling
🛡️ Google reCAPTCHA
Data Shared: Interaction data (ephemeral)
Purpose: Fraud prevention and security
Privacy: Real-time verification only
4. Data Processing Details
Ephemeral Processing (Temporary)
- AI Chat Conversations: Processed in real-time with DeepSeek API, not stored by third parties
- reCAPTCHA Verification: Temporary security checks
Persistent Storage
- Health Records: Securely stored in our encrypted database
- User Accounts: Stored for ongoing service provision
- Medical History: Retained for continuity of care
5. Purpose-Based Data Collection
🏥 App Functionality (Required)
Health data, personal information, and app interactions are essential for core medical functionality and cannot be disabled.
📊 Analytics (Required)
Crash reports and usage diagnostics help us maintain app performance and reliability.
🔐 Fraud Prevention (Required)
Security verification through reCAPTCHA protects against automated attacks.
👤 Account Management (Required)
User profiles and authentication data enable personalized healthcare experiences.
6. Data Security & Encryption
All data is protected with enterprise-grade security measures:
- End-to-end encryption for all data transmission (TLS 1.3)
- Encryption at rest for stored health records (AES-256)
- Regular security audits and penetration testing
- Access controls with role-based permissions
- Secure key management and rotation
7. Your Rights & Controls
You have comprehensive control over your data:
- Access: View all your health data within the app
- Correction: Update inaccurate medical information
- Deletion: Permanently delete your account and all data
- Export: Download your health records in standard formats
- Consent Management: Control data sharing preferences
Account Deletion: You can permanently delete your account and all associated data by visiting our account deletion page or through the app settings.
8. Cookie Policy
What Are Cookies?
Cookies are small text files stored on your device when you visit our website. They help us provide, protect, and improve our services.
| Cookie Type | Purpose | Duration | Essential |
|---|---|---|---|
| Authentication Cookies | Keep you logged in securely during your session | Session / 30 days | ✅ Required |
| Security Cookies | Protect against cross-site request forgery and other attacks | Session | ✅ Required |
| Preference Cookies | Remember your settings and display preferences | 1 year | ❌ Optional |
| Analytics Cookies | Help us understand how you use our services | 2 years | ❌ Optional |
Managing Cookies
You can manage your cookie preferences at any time by clicking the cookie icon (🍪) in the bottom right corner of the screen or through the cookie settings in our privacy policy.
You can also manage cookies through your browser settings:
- Chrome: Settings → Privacy and security → Cookies and other site data
- Firefox: Options → Privacy & Security → Cookies and Site Data
- Safari: Preferences → Privacy → Cookies and website data
- Edge: Settings → Cookies and site permissions → Cookies and site data