Privacy Policy

1. Introduction

SelfMD.ai ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our healthcare platform and services.

As a healthcare technology platform, we are subject to the Health Insurance Portability and Accountability Act (HIPAA) and other federal and state privacy laws. This policy describes our practices regarding both Protected Health Information (PHI) and other personal information.

2. Information We Collect

2.1 Protected Health Information (PHI)

We collect PHI that you provide to us, including but not limited to:

• Medical history, symptoms, and health conditions
• Medications, allergies, and treatment information
• Healthcare provider communications and consultations
• Medical records and documents you upload
• Biometric data and health measurements
• Insurance information and healthcare identifiers

2.2 Personal Information

• Name, email address, phone number, and mailing address
• Date of birth and demographic information
• Account credentials and authentication information
• Payment and billing information
• Device information and IP addresses
• Usage data and interaction logs

2.3 Technical Information

• Browser type, operating system, and device identifiers
• Log files, cookies, and similar tracking technologies
• Geolocation data (with your consent)
• App usage analytics and performance metrics

3. How We Use Your Information

3.1 Treatment, Payment, and Healthcare Operations (TPO)

Under HIPAA, we may use and disclose your PHI without your authorization for:

• Treatment: Providing healthcare services, care coordination, and consultations
• Payment: Processing payments, insurance claims, and billing activities
• Healthcare Operations: Quality improvement, care management, and business operations

3.2 Other Uses

• Platform functionality and service delivery
• Communication regarding your care and account
• Security monitoring and fraud prevention
• Legal compliance and regulatory requirements
• Research and analytics (de-identified data only)

4. Information Sharing and Disclosure

4.1 Authorized Disclosures

We may share your PHI with your written authorization for:

• Healthcare providers involved in your care
• Family members or caregivers you designate
• Insurance companies for coverage decisions
• Third-party services you explicitly consent to

4.2 Required Disclosures

We may disclose PHI without authorization when required by law:

• Public health authorities for disease reporting
• Law enforcement for specific legal purposes
• Court orders and legal proceedings
• Health oversight activities and audits
• Emergency situations to prevent serious harm

4.3 Business Associates

We may share PHI with business associates who perform services on our behalf. All business associates sign HIPAA-compliant agreements to protect your information.

5. Data Security and Protection

5.1 Security Measures

• End-to-end encryption for data transmission and storage
• Multi-factor authentication and access controls
• Regular security audits and vulnerability assessments
• Employee training and background checks
• Incident response and breach notification procedures
• Physical and technical safeguards for data centers

5.2 Data Retention

We retain your PHI for as long as necessary to provide services and comply with legal requirements. Medical records are typically retained for 6-10 years after your last interaction, or longer as required by law.

6. Your Rights Under HIPAA

As a patient, you have the following rights regarding your PHI:

6.1 Right to Access

You have the right to inspect and obtain copies of your PHI. Requests must be submitted in writing and we will respond within 30 days.

6.2 Right to Amendment

You may request amendments to your PHI if you believe it is inaccurate or incomplete.

6.3 Right to Accounting

You may request an accounting of disclosures of your PHI made by us for purposes other than TPO.

6.4 Right to Restrict

You may request restrictions on how we use or disclose your PHI, though we are not required to agree to all restrictions.

6.5 Right to Confidential Communications

You may request that we communicate with you about your PHI in a specific manner or location.

6.6 Right to Notification of Breach

You have the right to be notified if there is a breach of your unsecured PHI.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience and improve our services. You can control cookie settings through your browser preferences.

• Essential cookies for platform functionality
• Analytics cookies for usage insights (anonymized)
• Security cookies for fraud prevention
• Preference cookies for personalization

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We implement appropriate safeguards to protect your information during international transfers.

9. Children's Privacy

Our services are not intended for children under 13. We do not knowingly collect PHI from children under 13 without parental consent. For minors 13-18, we follow applicable state laws regarding consent and access rights.

10. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Material changes will be posted on our website and, when required, we will notify you directly. The effective date at the top of this policy indicates when it was last revised.

11. Contact Information

For questions about this Privacy Policy or to exercise your rights, contact us:

12. Complaints

If you believe your privacy rights have been violated, you may file a complaint with us using the contact information above, or with the U.S. Department of Health and Human Services Office for Civil Rights. We will not retaliate against you for filing a complaint.