Privacy Policy

1. Overview

This Privacy Policy explains how HealthFramework, Inc. ("HealthFramework," "we," "us," or "our") collects, uses, stores, and shares information when you use the HealthFramework website and HealthFramework Monitor.

HealthFramework Monitor is a patient-facing health context platform. It helps you add, organize, and review health context that you choose to provide or authorize, including health details, records, measurements, meals, activity logs, and other information that may help you understand your own health history over time.

HealthFramework Monitor may be offered in limited-access, private beta, or pre-release environments before general availability.

You control what you add to HealthFramework Monitor and what you authorize HealthFramework Monitor to access. Selected HealthFramework Monitor context may be shared with authorized AI reasoning experiences or third-party AI applications only when you explicitly allow that sharing.

HealthFramework Monitor is for educational and informational purposes only. It is not medical advice, diagnosis, treatment, emergency guidance, or a replacement for a licensed clinician. Do not use HealthFramework Monitor for emergencies. If you may be experiencing a medical emergency, contact emergency services or a qualified healthcare professional immediately.

This Privacy Policy does not apply to third-party websites, provider portals, electronic health record systems, or third-party AI applications that have their own privacy policies and terms.

2. Information Collected

We collect information that you provide, authorize, upload, or generate when using HealthFramework Monitor, as well as information needed to operate and secure the service.

Account, settings, and contact information

We may collect information such as your name, email address, login-related information, account settings, consent choices, support requests, and communications with us.

Health details and user-entered context

You may choose to add health details and context, including health profile information, diet context, family history, allergies or intolerances, personal health history, medications and supplements, mental health context, symptoms, concerns, goals, or related notes.

Measurements, meals, and activity logs

You may choose to add measurements and timestamped logs, including blood pressure, blood glucose, weight, heart rate or pulse, body temperature, oxygen saturation, meals, snacks, drinks, workouts, walks, runs, recovery notes, training context, or similar information.

Uploaded clinical documents

You may upload clinical PDFs or other clinical text, such as lab reports, imaging or radiology reports, pathology reports, visit summaries, discharge notes, medication records, immunization records, genetic reports, or other health-related documents.

Patient-authorized EHR records

If you connect a supported provider portal, HealthFramework Monitor may collect records returned by that provider after you authorize access. These records may include demographics or patient information, allergies, conditions or problems, medications, lab results, diagnostic reports, visits or encounters, procedures, immunizations, specimens, vital signs or observations, and source PDFs attached to labs or DiagnosticReports when returned by the provider.

AI-assisted feature inputs and outputs

When you choose to use AI-assisted features, such as AI-read clinical PDF summaries or AI-assisted meal, activity, or training features, we may process the information you submit for that feature and the resulting summary, estimate, or output that is generated. You choose what to save in HealthFramework Monitor when the feature supports review or editing.

Technical, operational, and security information

We may collect technical and operational information needed to run, protect, debug, and improve the service, such as device and browser information, IP address, usage events, access logs, error logs, performance data, security telemetry, and analytics needed to operate the service. We do not use this information for marketing or advertising.

3. How Information Is Used

We use information to provide, operate, secure, and improve HealthFramework Monitor. This includes using information to:

HealthFramework does not sell user data. HealthFramework does not use HealthFramework Monitor data for marketing or advertising. HealthFramework does not use HealthFramework Monitor data to gain insights about a user's family or to profile family members.

4. EHR Data

HealthFramework Monitor may allow you to connect a supported provider portal or EHR account. EHR import is read-only and user-authorized. You choose whether to connect a provider, and access occurs only after you complete the provider or authorization flow.

After you approve access, HealthFramework Monitor asks the provider for supported records and imports the data returned by that provider. HealthFramework Monitor imports and categorizes returned records by record type, source date, source, and related provenance. HealthFramework Monitor does not use AI to interpret EHR data during import.

EHR categories may include:

HealthFramework Monitor does not write back to your provider's EHR, change your provider records, message your provider, or replace the provider's source records. The records available for import depend on your provider, the connection method, and the scope of access you authorize.

Authorization tokens, source-system credentials, or connection data are used only as needed to support the authorized connection and import workflow. HealthFramework Monitor does not send source-system tokens, storage keys, raw FHIR bundles, medical record numbers, account numbers, or full identifiers to downstream AI context by default.

Revoking provider access through the provider portal or connection flow may stop future imports, but it does not automatically delete records already imported into HealthFramework Monitor. You can use deletion controls in HealthFramework Monitor to delete stored HealthFramework Monitor data.

5. Uploaded PDFs and AI-Read Summaries

You may choose to upload clinical PDFs or other clinical text to HealthFramework Monitor. Raw PDFs remain source documents while they are stored in HealthFramework Monitor.

During HealthFramework Monitor ingestion, uploaded clinical PDFs may be AI-read to create concise clinical summaries associated with the source record. These summaries are intended to help organize and review source documents. They may be incomplete or inaccurate, and you should verify important information against the original source document or with a qualified healthcare professional.

Saved summaries are not sent to downstream AI context by default. HealthFramework Monitor does not send raw PDFs or raw OCR text to downstream AI context by default. Selected summaries or related HealthFramework Monitor context may be shared with authorized AI reasoning experiences or third-party AI applications only when you explicitly allow that sharing.

When AI processing is used for uploaded PDFs or other AI-assisted features, HealthFramework may use service providers or subprocessors that operate under contractual confidentiality, privacy, and security obligations appropriate for sensitive personal health information.

6. Optional AI Context Sharing

HealthFramework Monitor may allow you to share selected HealthFramework Monitor context with authorized AI reasoning experiences or third-party AI applications. This sharing is optional and occurs only when you explicitly allow it.

When AI context sharing is enabled, an authorized AI experience may request selected HealthFramework Monitor context to help respond to your questions or perform the task you requested. The shared context may include selected summaries, user-entered health details, logs, measurements, record metadata, or other HealthFramework Monitor context relevant to the request and permitted by your settings.

HealthFramework Monitor does not send raw FHIR bundles, raw PDFs, raw OCR text, source-system tokens, storage keys, medical record numbers, account numbers, or full identifiers to downstream AI context by default.

You can revoke AI context sharing in HealthFramework Monitor settings. Revocation stops future sharing from HealthFramework Monitor, but it may not delete information already shared with an authorized third-party AI application before revocation. Third-party AI applications may process information according to their own privacy policies, terms, and settings.

7. How Information Is Shared

HealthFramework shares information only as described in this Privacy Policy, with your authorization, or as needed to operate, secure, and support the service.

With your direction or authorization

We may share information when you direct us to do so, such as when you authorize an EHR import or explicitly allow selected HealthFramework Monitor context to be shared with an authorized AI reasoning experience or third-party AI application.

With service providers and subprocessors

We may use service providers and subprocessors for hosting, security, storage, infrastructure, operational support, customer support, service analytics needed to operate HealthFramework Monitor, and AI processing when you choose AI-assisted features or authorize AI context sharing. These service providers and subprocessors are required to operate under contractual confidentiality, privacy, and security obligations appropriate for sensitive personal health information.

With provider portals or interoperability services

When you authorize an EHR connection, information may be exchanged with provider portals, EHR systems, or interoperability services as needed to authenticate the connection, request records, receive returned records, and maintain the read-only import workflow.

For legal, safety, or security reasons

We may disclose information if we believe it is reasonably necessary to comply with applicable law, legal process, or governmental requests; protect the rights, privacy, safety, or security of users, HealthFramework, or others; enforce our terms; investigate misuse; or respond to security incidents.

In a business transaction

If HealthFramework is involved in a merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or similar transaction, information may be disclosed or transferred as part of that transaction, subject to appropriate confidentiality and privacy safeguards.

HealthFramework does not sell user data. HealthFramework does not use or share user data for marketing or advertising. HealthFramework does not use user data to gain insights about a user's family.

8. Retention and Deletion

We retain information for as long as needed to provide HealthFramework Monitor, maintain your account, operate and secure the service, comply with legal obligations, resolve disputes, enforce agreements, and support legitimate operational needs.

You can delete all stored HealthFramework Monitor data using deletion controls in HealthFramework Monitor. Deletion removes active stored HealthFramework Monitor data from the service. Limited backup, security, legal, or operational records may be retained for a reasonable period where required or permitted by law or needed for security, fraud prevention, audit, debugging, dispute resolution, or business continuity.

Deletion from HealthFramework Monitor does not delete records from your provider's EHR, source systems, or third-party AI applications with which you previously chose to share information. To delete or manage information held by a provider, source system, or third-party application, you should use that organization's controls or contact that organization directly.

9. User Choices and Rights

You have choices about how HealthFramework Monitor collects and uses your information.

You may choose whether to:

You may also be able to revoke EHR access through your provider portal, connection flow, or account settings. Revoking EHR access may stop future imports but does not automatically delete records already imported into HealthFramework Monitor.

Depending on where you live, you may have rights to request access to, correction of, deletion of, portability of, or restriction of certain personal information. You may also have the right to object to certain processing or to appeal a decision about a privacy request. To exercise rights that may apply, contact us using the information below. We may need to verify your identity before completing a request.

10. Security

HealthFramework uses privacy, security, confidentiality, and contractual safeguards appropriate for sensitive personal health information. These safeguards may include administrative, technical, and organizational measures designed to protect information against unauthorized access, use, disclosure, alteration, and loss.

We also use security and operational measures to support authentication, access control, monitoring, incident detection, service reliability, and secure handling of sensitive data. However, no method of transmission, storage, or processing is completely secure. You are responsible for maintaining the confidentiality of your login credentials and for using secure devices and networks when accessing HealthFramework Monitor.

11. Children and Eligibility

HealthFramework Monitor is intended for adults who are at least 18 years old or the age of majority in their jurisdiction. HealthFramework Monitor is not intended for children. If you believe a child or other unauthorized person has provided personal information to HealthFramework, please contact us so we can take appropriate action.

You should use HealthFramework Monitor only for yourself unless you have the legal authority and appropriate consent to manage information for another person.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we update it, we will revise the Effective Date above. Changes are effective when posted unless a different effective date is stated. If we make material changes, we will take reasonable steps to notify users as appropriate.

13. Contact

If you have questions, requests, or concerns about this Privacy Policy or HealthFramework's privacy practices, contact us at:

HealthFramework, Inc.
Email: privacy@hlthframework.com
Website: https://hlthframework.com