Privacy Policy - HealthyBuddy.AI

HealthyBuddy.AI ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services.

Comprehensive Privacy Compliance: HealthyBuddy.AI complies with the Health Insurance Portability and Accountability Act (HIPAA), the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and all applicable US state privacy laws including those in Virginia, Colorado, Connecticut, Utah, Montana, Oregon, Texas, Delaware, Iowa, Indiana, Tennessee, Florida, New Hampshire, New Jersey, Kentucky, Maryland, Minnesota, Nebraska, and Rhode Island. Your health information is protected with the highest security standards and in compliance with all applicable federal and state privacy regulations.

1. Information We Collect

1.1 Personal Information

We collect personal information that you voluntarily provide, including:

Name, email address, and contact information
Account credentials
Demographic information (age, gender, location)
Professional credentials (for healthcare providers)

1.2 Protected Health Information (PHI)

As a healthcare application under HIPAA, we collect and process Protected Health Information:

Medical history and health records
Daily health activities (food, fitness, symptoms)
Quantitative health data (blood pressure, blood sugar, pulse, lab results, imaging)
Data from integrated health apps (Apple Health, etc.)

1.3 Technical Information

IP address, browser type, device information
Usage data and analytics
Cookies and similar tracking technologies

2. How We Use Your Information

We use collected information to:

Provide and maintain our healthcare services
Facilitate communication between you and your healthcare providers
Analyze and improve our services
Send you updates, notifications, and marketing communications (with consent)
Comply with legal obligations
Protect against fraud and unauthorized access

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your data based on:

Consent: You have given explicit consent for processing your data
Contract: Processing is necessary to perform our services
Legal Obligation: We must process data to comply with legal requirements
Legitimate Interests: Processing is necessary for our legitimate business interests

4. Your Privacy Rights

4.1 GDPR Rights (EEA Residents)

Right to Access: Request copies of your personal data
Right to Rectification: Request correction of inaccurate data
Right to Erasure: Request deletion of your data ("right to be forgotten")
Right to Restrict Processing: Request limitation on how we use your data
Right to Data Portability: Receive your data in a portable format
Right to Object: Object to processing of your data
Right to Withdraw Consent: Withdraw consent at any time

4.2 HIPAA Rights (All US Residents)

Right to access your Protected Health Information
Right to request amendments to your health records
Right to an accounting of disclosures
Right to request restrictions on use and disclosure
Right to receive confidential communications
Right to a paper copy of this privacy notice

4.3 California Privacy Rights (CCPA/CPRA)

California residents have the following rights under CCPA and CPRA:

Right to Know: Know what personal information is collected, used, shared, or sold
Right to Delete: Request deletion of your personal information
Right to Correct: Request correction of inaccurate personal information
Right to Opt-Out: Opt-out of the sale or sharing of personal information (we do not sell or share personal information)
Right to Non-Discrimination: Not be discriminated against for exercising your rights

4.4 Exercising Your Rights

To exercise any of these rights, please contact us. We will respond to your request within the timeframes required by applicable law (typically 30-45 days). You will not be discriminated against for exercising your privacy rights.

5. Data Sharing and Disclosure

We may share your information with:

Healthcare Providers: With your explicit consent, we share relevant health data with your designated providers
Service Providers: Third-party vendors who assist in operating our platform (under strict confidentiality agreements)
Legal Requirements: When required by law or to protect rights and safety

We do not sell your personal information to third parties.

6. Data Security

We implement industry-standard security measures including:

End-to-end encryption for data transmission
Encrypted data storage
Regular security audits and penetration testing
Access controls and authentication
HIPAA-compliant infrastructure

7. Data Retention

We retain your personal information for as long as necessary to provide services and comply with legal obligations. Health data is retained according to HIPAA requirements (typically 6 years from last service date).

8. International Data Transfers

For EEA residents, when we transfer data outside the EEA, we ensure adequate safeguards are in place through:

Standard Contractual Clauses approved by the European Commission
Adequacy decisions
Other legally approved mechanisms

9. Cookies and Tracking Technologies

We use cookies and similar technologies. For detailed information, see our Cookie Policy.

10. Children's Privacy

Our services are not intended for individuals under 18. We do not knowingly collect data from children without parental consent.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or prominent notice on our platform.

12. Contact Us

For privacy-related questions or to exercise your rights, please contact us.

13. Supervisory Authority

EEA residents have the right to lodge a complaint with their local data protection supervisory authority.