HealthPhi Privacy Policy

Thank you for using HealthPhi. We care deeply about your privacy and want to explain, in clear language, what information we collect, how we use it, how we keep it safe, and the choices you have.

This Privacy Policy applies to the HealthPhi mobile app, website, and related services (“HealthPhi,” “we,” “us,” or “our”). By using HealthPhi, you agree to the terms described below.

1. What HealthPhi Is

HealthPhi helps you bring your health, fitness, nutrition, and mindfulness information together in one place so you can better understand your well-being. This includes data from:

    • Apple Health / HealthKit
    • Electronic Health Records (EHR)
    • FHIR-compatible providers
    • Fitness, nutrition, or wellness apps
    • Information you enter manually
    • AI-generated insights based on your data

HealthPhi does not provide medical care. We do not diagnose, treat, or provide professional medical advice.

2. Information We Collect

We collect two kinds of information:

A. Information You Provide

This includes:

    • Data you type into the app (nutrition, fitness entries, surveys, goals)
    • Notes or journal entries
    • Responses to well-being questions
    • Your email and profile information
    • Subscription and payment status (Apple handles billing)

B. Information You Allow Us to Access

You choose what to share. With your permission, we may access:

Health Data from Apps or Devices

Examples include:

    • Steps, exercise minutes, VO2 Max
    • Heart rate and vital signs
    • Nutrition logs, calories, macro/micronutrients
    • Sleep information
    • Workouts
    • HealthKit / Apple Health data
    • FHIR and EHR data (lab results, medications, diagnoses, encounters)

Important: HealthKit Notice (Required by Apple)

    • HealthPhi never uses HealthKit data for advertising or marketing.
    • HealthKit data is used only to provide health insights, summaries, trends, and related features in the app.
    • Health data is not shared with third parties without your permission.
    • HealthPhi does not sell HealthKit data.

C. Information from Electronic Health Records (FHIR + EHR Sources)

If you connect your health provider(s), we may receive:

    • Lab results
    • Immunizations
    • Diagnoses
    • Medications
    • Vital signs
    • Radiology and clinical documents
    • Encounters and visit summaries

This information is protected under federal laws such as HIPAA/HITECH and is handled with the strictest security.

FHIR-Specific Disclaimer

FHIR data comes from third-party health systems. HealthPhi does not control and is not responsible for the accuracy or completeness of information received from external FHIR or EHR systems.

3. How We Use Your Information

We use your data to provide and improve HealthPhi. This includes:

    • Showing your health, fitness, and nutrition metrics
    • Generating personalized insights and trends
    • Helping you understand patterns that affect your well-being
    • Sending optional notifications and reminders
    • Improving app performance
    • Fixing bugs and preventing misuse

AI Insights and Machine Learning

We use de-identified and aggregated data to:

    • Train statistical models
    • Improve the accuracy of insights
    • Personalize your experience
    • Develop new health features
    • Support wellness research
    • Identify health trends

What “de-identified” means

We remove personal identifiers such as your name, email, phone number, address, and any other information that can identify you.

AI Disclaimer

AI-powered insights are not medical advice.
They should not be used to diagnose, treat, or make medical decisions.

Always contact a qualified health professional if you have concerns about your health.

4. How We Protect Your Information

We take security very seriously.  Some of the protections we use include:

    • Encryption at rest (AES-256)
    • Encryption in transit (SSL/TLS)
    • Password-less and biometric log-in
    • AWS secure infrastructure
    • HIPAA/HITECH aligned controls
    • Audit logs
    • Role-based access
    • Key-based encryption systems

No system can be 100% secure, but we use industry-standard safeguards to protect your data.

5. What Happens If There Is a Data Breach

If a breach occurs:

    1. We stop the unauthorized activity
    2. We investigate what happened
    3. We work with law enforcement as needed
    4. We notify government regulators (if required)
    5. We notify major credit bureaus (if required)
    6. We notify you at the email and mailing address on file

Our notice will explain:

    • What happened
    • What information was affected
    • What steps we are taking
    • What you can do
    • Any other important details

6. When We Share Your Information

We do not sell your data.
We do not share your data with advertisers.
We do not share your data with third parties.

We may share data only in these situations:

A. With Your Consent

If you choose to connect a provider, device, or service.

B. With Service Providers

Only for things like:

    • Secure cloud storage (AWS)
    • App analytics
    • Error reporting
    • Customer support

All vendors must protect your information and follow our instructions.

C. For Legal Reasons

We may share information if required to:

    • Follow the law
    • Respond to a court order
    • Protect someone from harm
    • Protect HealthPhi’s rights or security

D. For Emergencies

If we believe someone is in immediate danger, we may share limited information with emergency responders.

E. Business Transfers

If HealthPhi is merged, acquired, or restructured, your data may transfer to a new owner. You will be notified if this happens.

7. Your Rights and Choices

You can:

    • See the data we have for you
    • Disconnect connected apps or providers
    • Change permissions at any time
    • Delete health data you entered
    • Stop using the app whenever you want
    • Cancel your subscription via the App Store
    • Request account deletion

To delete your account, email privacy@healthphi.info.

8. Data Retention

We keep your information only as long as needed to:

    • Provide the app
    • Maintain your subscription
    • Follow legal requirements
    • Resolve disputes
    • Improve HealthPhi

You can delete your account at any time.

9. Children’s Privacy

HealthPhi is for users 18 years or older.  We do not knowingly collect data from minors.

10. CCPA Notice (California Users)

If you live in California, you have the right to:

    • Know what personal information we collect
    • Ask us to delete personal information
    • Opt out of data sharing (we do not sell your data)
    • Not be discriminated against for exercising your rights

To exercise these rights, contact: privacy@healthphi.info.

11. Limited GDPR Notice (EU/EEA Users)

HealthPhi is designed for use in the United States.
If you use the app while outside the U.S., you have limited rights under GDPR, including:

    • Access to your data
    • Correction of inaccurate information
    • Deletion of your account
    • Data portability
    • The right to object to processing

Data is processed in the United States, which may have different privacy protections.
By using HealthPhi, you consent to this transfer.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.  If we make significant changes, we will notify you in the app or by email.

13. Contact Us

If you have questions about this Privacy Policy or your data:

Email: privacy@healthphi.info


General questions: questions@healthphi.info