Privacy Policy
Effective Date: February 12, 2026
1. Overview
This Privacy Policy explains how HealthFramework collects, uses, discloses, and safeguards information when you use our website and platform.
2. Information We Collect
We collect information needed to provide and secure the service, including:
- Patient-authorized health information from connected systems, such as demographics, medications, conditions, allergies, and observations.
- Account and authentication information, such as email address and login-related data.
- Technical and operational metadata, such as device/browser details, IP address, logs, and security telemetry.
- Communications you send to us, including support inquiries.
3. How We Use Information
We use information to operate, secure, and improve HealthFramework, including to:
- Connect and display patient-authorized health data.
- Provide structured summaries and AI-assisted educational explanations.
- Authenticate users, maintain uptime, and detect misuse or security incidents.
- Respond to support requests and legal obligations.
We do not sell personal information or use personal information for cross-context behavioral advertising.
4. AI Processing
HealthFramework uses AI systems to generate educational outputs from authorized data.
Where protected health information is processed by AI providers, processing occurs under contractual safeguards, including executed Business Associate Agreements or comparable healthcare data-protection terms, as applicable.
AI outputs are informational only and are not medical advice.
5. Security and HIPAA-Alignment
We implement administrative, technical, and organizational safeguards intended to align with HIPAA best practices and applicable contractual healthcare security requirements.
Safeguards include encryption in transit, access controls, secure token handling, monitoring, and infrastructure-level protections. No method of transmission or storage is fully risk-free.
6. How We Share Information
We may share information with:
- Service providers that support hosting, security, analytics, and AI processing under contractual confidentiality and security obligations.
- Healthcare systems when required to complete authorized interoperability workflows.
- Regulators, law enforcement, or other parties when required by law or to protect rights, safety, and security.
- A successor entity in connection with a merger, acquisition, financing, or asset transaction, subject to applicable safeguards.
7. Data Retention
We retain information only as needed for service delivery, security, legal compliance, and legitimate business operations.
You may request account deletion by contacting us. We will process deletion requests within a commercially reasonable period, subject to legal, regulatory, security, and backup retention requirements.
8. Your Choices and Rights
You may:
- Revoke third-party health data access through the originating healthcare system.
- Request deletion of your account and associated data.
- Contact us to ask privacy-related questions.
9. Eligibility
HealthFramework is intended for adults age 18 and older, or the age of majority in your jurisdiction. If you believe someone under this age threshold has provided personal information, contact us so we can take appropriate action.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Updates are effective when posted, and the Effective Date will be revised.
11. Contact
HealthFramework, Inc.