Privacy Policy

At Healthting, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our healthcare management platform. Please read this policy carefully to understand our practices regarding your personal data.

By using Healthting, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

1. Information We Collect

1.1 Personal Information

We collect personal information that you voluntarily provide to us when you:

• Register for an account: Username, email address, password, role (patient, doctor, or Red Cross organization)
• Complete your profile: Name, date of birth, gender, phone number, address, zip code, profile picture, banner picture
• For Healthcare Providers: Medical license number, specialty, qualifications, certifications, professional bio
• Contact us: Name, email address, phone number, message content

1.2 Health Information (Protected Health Information - PHI)

Health information we collect includes:

• Medical history, including past illnesses, surgeries, and conditions
• Current medications and allergies
• Blood type and vital signs
• Immunization records
• Family medical history
• Lifestyle information (smoking, alcohol use, exercise)
• Mental health information
• Appointment details and visit notes
• Prescriptions and treatment plans
• Medical documents and images
• AI consultation conversations and symptom reports

1.3 Usage Information

We automatically collect certain information when you use our Service:

• Log Data: IP address, browser type, device information, operating system
• Usage Data: Pages visited, features used, time spent on platform, click patterns
• Location Data: Geographic location (with your permission) to help you find nearby healthcare providers
• Cookies and Tracking: Session cookies, preference cookies, analytics cookies

1.4 Communication Data

We store communications between users, including:

• Chat messages between patients and healthcare providers
• AI consultation conversations
• Appointment requests and responses
• Notifications and alerts
• Comments on posts and community content

1.5 Payment Information

Payment information is processed by third-party payment processors. We do not store complete credit card information on our servers. We may retain transaction records, billing addresses, and payment method types.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 To Provide and Maintain Our Service

• Create and manage your account
• Facilitate appointments between patients and healthcare providers
• Enable secure messaging and communication
• Process prescriptions and medical records
• Provide AI-powered health consultations
• Display doctor profiles and availability
• Manage follow relationships between patients and doctors

2.2 To Improve Our Service

• Analyze usage patterns to enhance user experience
• Develop new features and functionality
• Troubleshoot technical issues
• Improve AI consultation accuracy
• Optimize platform performance

2.3 To Communicate With You

• Send appointment reminders and confirmations
• Notify you of new messages, follow requests, and platform activities
• Send email verification and password reset links
• Provide customer support
• Send important updates about our Service
• Respond to your inquiries and requests

2.4 For Safety and Security

• Verify user identities and credentials
• Detect and prevent fraud, abuse, and security threats
• Enforce our Terms of Service
• Protect the rights and safety of our users
• Comply with legal obligations

2.5 For Legal Compliance

• Comply with HIPAA and other healthcare regulations
• Respond to legal requests and court orders
• Maintain medical records as required by law
• Report adverse events or public health concerns

3. How We Share Your Information

3.1 With Healthcare Providers

When you book an appointment or follow a healthcare provider, we share relevant information (name, contact information, medical history) with that provider to facilitate your care.

3.2 With Your Consent

We will share your information when you explicitly authorize us to do so, such as when you grant a healthcare provider access to your medical history.

3.3 With Service Providers

We may share information with third-party service providers who perform services on our behalf:

• Cloud hosting providers (database storage)
• Email service providers
• Payment processors
• AI/ML service providers (OpenAI for AI consultations)
• Analytics providers
• Customer support tools

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

3.4 For Legal Reasons

We may disclose your information if required to do so by law or in response to:

• Valid legal requests from law enforcement or government authorities
• Court orders or subpoenas
• Legal processes or investigations
• Protection of our rights, property, or safety
• Emergency situations involving imminent harm

3.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change and your choices regarding your information.

3.6 Aggregated and Anonymized Data

We may share aggregated, anonymized data that does not identify you personally for research, analytics, or marketing purposes.

4. Data Security

We implement appropriate technical and organizational security measures to protect your information:

4.1 Technical Safeguards

• Encryption: Data is encrypted in transit (TLS/SSL) and at rest
• Access Controls: Role-based access controls and authentication
• Secure Storage: Databases hosted on secure cloud infrastructure
• Password Security: Passwords are hashed using industry-standard algorithms
• Session Management: Secure session cookies with HttpOnly flags
• Input Validation: Protection against SQL injection and XSS attacks
• Rate Limiting: Protection against brute force attacks
• Anti-Spam: ALTCHA challenge-response system

4.2 Organizational Safeguards

• Limited employee access to personal information
• Confidentiality agreements with employees and contractors
• Regular security training
• Security incident response procedures
• Regular security audits and assessments

4.3 Your Responsibility

You also play a role in protecting your information:

• Keep your password secure and confidential
• Do not share your account with others
• Log out after using shared devices
• Report suspicious activity immediately
• Use strong, unique passwords

5. Your Privacy Rights and Choices

5.1 Access and Update

You can access and update your personal information through your account settings. You have the right to request a copy of the personal information we hold about you.

5.2 Delete Your Account

You may request deletion of your account at any time. Note that we may retain certain information as required by law or for legitimate business purposes (e.g., medical records retention requirements).

5.3 Opt-Out of Communications

You can opt out of:

• Marketing emails (via unsubscribe link in emails)
• Push notifications (via device settings)
• SMS messages (via reply STOP or account settings)

Note: You cannot opt out of essential service communications (appointment reminders, security alerts, legal notices).

5.4 Data Portability

You have the right to request a copy of your data in a portable format.

5.5 Restrict Processing

You may request that we restrict the processing of your personal information in certain circumstances.

5.6 Object to Processing

You have the right to object to certain types of processing, such as direct marketing.

5.7 Correct Inaccurate Data

You can correct inaccurate personal information through your account settings or by contacting us.

5.8 California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

• Right to know what personal information is collected, used, and shared
• Right to delete personal information
• Right to opt-out of sale of personal information (we do not sell your information)
• Right to non-discrimination for exercising your privacy rights

5.9 European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR), including the right to access, rectification, erasure, restriction of processing, data portability, and objection.

6. Data Retention

We retain your information for as long as necessary to provide our Service and comply with legal obligations:

• Account Data: Retained while your account is active and for a reasonable period after deletion
• Medical Records: Retained in accordance with applicable healthcare laws (typically 7-10 years)
• Transaction Records: Retained for tax and accounting purposes (typically 7 years)
• Chat Messages: Retained while accounts are active or as required for medical records
• AI Conversations: Retained to improve AI services, unless you request deletion
• Anonymized Data: May be retained indefinitely for research and analytics

7. Cookies and Tracking Technologies

7.1 Types of Cookies We Use

• Essential Cookies: Required for basic platform functionality (authentication, session management)
• Preference Cookies: Remember your settings and preferences (language, timezone)
• Analytics Cookies: Help us understand how you use the platform
• Security Cookies: Detect and prevent security threats

7.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may affect platform functionality.

8. Third-Party Services

Our Service uses third-party services that may collect information:

• OpenAI: For AI-powered medical consultations
• Email Providers: For sending notifications and communications
• Cloud Hosting: For data storage and processing
• Payment Processors: For handling payments

These third parties have their own privacy policies. We encourage you to review their policies.

9. Children's Privacy

Our Service is not intended for individuals under the age of 18 (or the age of majority in their jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected information from a child without parental consent, we will take steps to delete such information.

Parents or guardians may create accounts and manage healthcare information for their minor children with appropriate consent and verification.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on our platform
• Updating the "Last Updated" date
• Sending you an email notification (for significant changes)
• Displaying a prominent notice on the platform

Your continued use of the Service after changes become effective constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

13. Filing a Complaint

If you believe your privacy rights have been violated, you have the right to file a complaint with us or with your local data protection authority. We encourage you to contact us first so we can address your concerns.