SafePHR.com — Privacy Policy (Including HIPAA & GDPR Considerations)

Last updated: December 1, 2025

SafePHR.com ("we", "us", "our") is a personal health record (PHR) application designed for individual users to privately store, track, and manage their personal health information. This Privacy Policy explains how we collect, use, store, and protect your data, including compliance with HIPAA-aligned practices and GDPR where applicable.

1. Information We Collect

SafePHR.com collects data that you voluntarily provide when using the application:

1.1 Personal Identification Data

• Full name
• Email address
• Profile details

1.2 Health & Medical Data (User-Entered)

• Vital signs (blood pressure, heart rate, oxygen saturation, temperature, weight, height, peak flow)
• Lab values (blood sugar, cholesterol, liver enzymes)
• Treatments (medications, therapy, dialysis, chemotherapy, vaccinations)
• Medical records (diagnoses, allergies, doctor visits, hospitalizations)
• Lifestyle & wellness logs (meals, mood, sleep)
• Emergency information and contacts
• Care provider details

1.3 Technical Data

• Device information
• Browser type
• IP address
• Usage logs

We do not collect or store financial information, payment card numbers, or social security numbers.

2. How We Use Your Information

Your information is used for the following purposes:

• To operate and provide the SafePHR.com service
• To sync, store, and back up your PHR data securely
• To improve app features, user experience, and performance
• To provide customer support
• To fulfill legal obligations when required

We never sell or share your personal or health data with advertisers or unrelated third parties.

3. HIPAA Considerations

SafePHR.com may store health information, but we are not a HIPAA Covered Entity nor a Business Associate. Because the app is for personal use, all data you enter is protected under the HIPAA Personal Use Exemption.

Even though HIPAA compliance is not legally required, we voluntarily implement industry-standard safeguards:

• Encryption in transit and at rest
• Strict access control and authentication
• Limited internal access to systems
• Secure data infrastructure

4. GDPR Considerations (For EU/EEA Users)

If you are located in the EU/EEA, your rights under GDPR include:

• Right to Access – Request a copy of your data
• Right to Correction – Update inaccurate information
• Right to Erasure – Delete your account and all data
• Right to Restrict Processing – Limit how your data is used
• Right to Data Portability – Export your records
• Right to Withdraw Consent – Stop using the service at any time

Legal basis for processing: your consent, given when using the app.

5. Data Storage & Security

We protect user data using industry-grade security measures:

• Data encryption (AES or equivalent)
• TLS-secured communication
• Secure servers and restricted access

However, no system is 100% secure. Users are responsible for keeping their login credentials confidential.

6. Data Retention & Deletion

• We retain data as long as your account remains active.
• When you delete your account, all personal and health data is permanently removed from our systems.
• Some anonymized technical logs may be retained for system security.

7. Third-Party Services

SafePHR.com may use third-party hosting or analytics tools. These providers are required to follow strict confidentiality and data protection standards.

We do not grant third parties access to your health information for marketing or advertising.

8. Children’s Privacy

SafePHR.com is not intended for children under 18. We do not knowingly collect data from minors.

9. Changes to This Policy

We may update this Privacy Policy at any time. Continued use of the platform after changes indicates your acceptance of the updated terms.

10. Contact Us

If you have questions or requests regarding this Privacy Policy, GDPR rights, or data management, contact us at:

Email: cs@safephr.com