Privacy Policy

1. Who We Are

MyHealthBuddy.AI ("we", "us", "our") is a digital health platform operated by MyHealthBuddy Technologies Pvt. Ltd., registered in India. Our mobile application ("App") and associated services allow users to monitor vital signs, analyse symptoms, consult with healthcare professionals, and manage their health records.

We act as a data controller (and, where applicable, a HIPAA Business Associate) for the personal and health data described in this policy.

2. Information We Collect

2.1 Information You Provide

• Account data: Full name, date of birth, gender, email address, phone number, and password (stored as a salted hash).
• Health profile: Known conditions, allergies, current medications, blood type, height, weight, and family medical history — provided voluntarily to improve AI recommendations.
• Symptom reports: Free-text and structured symptom entries you submit for AI analysis.
• Medical images: Photos of wounds, skin conditions, medications, prescriptions, or lab reports that you upload for Vision AI analysis.
• Insurance documents: Policy documents you upload for the Insurance Q&A feature.
• Doctor consultation content: Messages, voice recordings, and video from telemedicine consultations conducted through the App.

2.2 Information Collected Automatically

• Biometric vitals: Heart rate, heart rate variability (HRV), SpO₂ (estimated), respiratory rate, and stress index derived from camera-based remote photoplethysmography (rPPG) scans.
• Device data: Device model, operating system version, unique device identifiers, app version, and crash logs.
• Usage data: Features accessed, screens viewed, and time-stamped interactions within the App.
• Location data: Approximate GPS location (when permission is granted) to surface nearby healthcare facilities.

2.3 Information from Third Parties

• Apple HealthKit / Google Health Connect: Historical health data you choose to sync (steps, heart rate, sleep, etc.), with your explicit permission.
• Healthcare providers: Clinical notes or records shared by a doctor during a consultation.

3. How We Use Your Information

We use your information for the following purposes, relying on the legal bases indicated:

• Providing the service (Contract): Generating personalised AI health insights, running the symptom checker, powering the vitals monitor, Vision AI, and insurance Q&A features.
• Facilitating doctor consultations (Contract): Sharing your vitals, symptom history, and relevant health data with the doctor you consult, so they can provide informed care.
• Safety alerts (Vital Interest): Sending emergency notifications when vitals fall outside safe thresholds (e.g., critically low SpO₂).
• Service improvement (Legitimate Interest): Analysing aggregated, de-identified usage patterns to improve AI model accuracy, app performance, and user experience. Individual health records are never used for this purpose.
• Legal compliance (Legal Obligation): Maintaining FHIR-format audit logs of every AI agent action as required by applicable health data regulations.
• Communications (Consent): Sending appointment reminders, health tips, or product updates — only if you have opted in.

We never use your health data for advertising, profiling for third-party marketing, or any purpose not listed above.

4. How We Share Your Information

We do not sell your personal data. We share it only in the following limited circumstances:

4.1 Service Providers (Processors)

We share data with carefully vetted third-party processors who operate under strict data processing agreements and, where required, HIPAA Business Associate Agreements (BAAs):

• Anthropic: Powers our Claude AI agents. Symptom descriptions and anonymised health context may be sent to the Claude API for analysis. Anthropic does not use API inputs to train its models.
• shen.ai: Processes camera frames for rPPG vital sign extraction. Data is processed transiently and not stored by shen.ai after the scan.
• Twilio: Provides secure video and messaging infrastructure for telemedicine consultations.
• Zocdoc: Facilitates doctor booking; appointment requests include your name, contact details, and selected symptoms.
• Amazon Web Services (AWS): Hosts our infrastructure and stores medical images and encrypted health records in AWS S3 with server-side AES-256 encryption.
• Pinecone: Powers our Medical RAG database for clinical knowledge retrieval; queries contain anonymised symptom vectors only.

4.2 Healthcare Professionals

When you initiate a telemedicine consultation, your health profile, recent vitals, and relevant symptom history are shared with the doctor you select. You control what is shared via your privacy settings.

4.3 Legal Requirements

We may disclose your information if required by law, court order, or government authority, or where necessary to protect the vital interests of you or another person (e.g., imminent risk of harm).

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, which will be bound by this Privacy Policy and applicable health data laws.

5. Data Retention

• Active accounts: Health records and vitals data are retained for the duration of your account and for 7 years after account closure, as required by applicable medical records regulations.
• Doctor consultation recordings: Retained for 3 years unless you request earlier deletion (subject to a doctor's right to retain clinical notes).
• Medical images: Retained until you delete them or close your account, subject to the 7-year minimum.
• FHIR audit logs: Retained for 6 years as mandated by HIPAA.
• Deleted accounts: All personal data is purged within 30 days of an account deletion request, except where retention is legally required.

6. Security

We implement industry-leading security measures appropriate for health data:

• All Protected Health Information (PHI) encrypted at rest with AES-256.
• All data in transit protected by TLS 1.3.
• App access protected by biometric authentication (Face ID / fingerprint).
• Every AI agent action logged as a FHIR R4 AuditEvent with tamper-evident audit trails.
• Annual third-party penetration testing and quarterly vulnerability scans.
• Role-based access controls ensuring only authorised personnel can access PHI.
• Breach notification procedures compliant with HIPAA (within 60 days) and India's DPDP Act.

Despite these measures, no system is completely secure. If you believe your account has been compromised, contact us immediately at security@myhealthbuddy.ai.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

For all users

• Access: Request a copy of all personal data we hold about you.
• Correction: Correct inaccurate or incomplete data.
• Deletion: Request deletion of your account and associated data (subject to legal retention requirements).
• Data portability: Receive your health records in a standard format (HL7 FHIR R4).
• Opt-out of marketing: Withdraw consent for marketing communications at any time via app settings or by emailing privacy@myhealthbuddy.ai.

India (DPDP Act, 2023)

• Right to know what data is processed and for what purpose.
• Right to correction and erasure.
• Right to nominate a nominee to exercise your rights in case of death or incapacity.
• Right to lodge a complaint with the Data Protection Board of India.

HIPAA (US users)

• Right to access your Designated Record Set.
• Right to request amendment of PHI.
• Right to an accounting of disclosures.
• Right to request restrictions on certain uses and disclosures.

To exercise any of these rights, submit a request through the App under Settings → Privacy → Data Requests, or email privacy@myhealthbuddy.ai. We will respond within 30 days.

8. Children's Privacy

MyHealthBuddy.AI is not directed at children under the age of 13 (or 18 in jurisdictions requiring parental consent for health data processing). We do not knowingly collect personal data from children. If you believe a child has provided us with data without parental consent, please contact us at privacy@myhealthbuddy.ai and we will delete it promptly.

Users between 13 and 17 may use the App with verifiable parental or guardian consent obtained during registration.

9. International Data Transfers

Our servers are primarily hosted on AWS infrastructure in the Asia-Pacific (ap-south-1, Mumbai) region. Some data may be processed by third-party service providers in the United States (Anthropic, Twilio, Pinecone) or other jurisdictions.

For transfers outside India, we rely on contractual safeguards including Standard Contractual Clauses and, where applicable, HIPAA Business Associate Agreements. We ensure that any recipient country provides an adequate level of protection for health data consistent with Indian and applicable international standards.

10. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, technology, or applicable law. When we make material changes, we will:

• Post the updated policy with a new "Last updated" date on this page.
• Send an in-app notification and, for significant changes affecting your rights, an email to your registered address.
• For changes that require fresh consent (e.g., new uses of health data), request your explicit agreement before the change takes effect.

Continued use of the App after the effective date of a change constitutes acceptance of the updated policy, except where consent is required.

11. Contact Us

If you have questions, concerns, or requests relating to this Privacy Policy, please contact our Data Protection Officer: