At Healix, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our aftercare communication platform.
Healthcare Data: Healix processes health-related information to facilitate communication between patients and healthcare providers. We are committed to protecting this sensitive data in compliance with applicable healthcare privacy regulations, including GDPR.
1. Information We Collect
Information You Provide
- Account Information: Name, email address, password, and role (patient or doctor)
- Profile Information: Date of birth, phone number, medical specialty (for doctors)
- Communications: Messages exchanged between patients and healthcare providers
- Health Information: Patient context notes, treatment information, and conversation summaries
Information Collected Automatically
- Usage Data: Pages visited, features used, time spent on platform
- Device Information: Browser type, operating system, device type
- Log Data: IP address, access times, error logs
2. How We Use Your Information
We use the information we collect to:
- Provide and maintain the Healix platform
- Facilitate communication between patients and healthcare providers
- Generate AI-assisted response suggestions for healthcare providers
- Categorize messages by urgency to help prioritize care
- Create conversation summaries for patient context
- Send notifications about messages and platform updates
- Improve our services and develop new features
- Ensure security and prevent fraud
- Comply with legal obligations
3. AI Processing
Healix uses artificial intelligence to enhance the communication experience:
| AI Feature | Purpose | Your Control |
|---|---|---|
| Message Categorization | Prioritize messages by urgency | Can be disabled by doctors |
| Response Suggestions | Help doctors respond efficiently | Doctor approval required |
| Conversation Summaries | Maintain patient context | Doctor approval required |
AI Transparency: AI-assisted responses are always reviewed and approved by your healthcare provider before being sent. Patients are informed when responses have been AI-assisted.
4. How We Share Your Information
We do not sell your personal information. We may share your information with:
- Healthcare Providers: Patients' information is shared with their designated doctors for care purposes
- Service Providers: Third parties who help us operate the platform (hosting, analytics)
- Legal Requirements: When required by law, court order, or government request
- Business Transfers: In connection with a merger, acquisition, or sale of assets
5. Data Security
We implement appropriate technical and organizational measures to protect your information:
- Encryption in transit (TLS/SSL) and at rest
- Access controls and authentication requirements
- Regular security audits and penetration testing
- Employee training on data protection
- Incident response procedures
6. Data Retention
We retain your information for as long as necessary to provide our services and comply with legal obligations:
- Account Data: Retained while your account is active
- Medical Communications: Retained according to applicable medical record retention requirements (typically 7-10 years)
- Usage Data: Retained for up to 2 years
7. Your Rights (GDPR)
If you are in the European Economic Area (EEA), you have the following rights:
- Access: Request a copy of your personal data
- Rectification: Request correction of inaccurate data
- Erasure: Request deletion of your data (subject to legal retention requirements)
- Restriction: Request limitation of processing
- Portability: Receive your data in a structured, machine-readable format
- Objection: Object to processing based on legitimate interests
- Withdraw Consent: Where processing is based on consent
To exercise these rights, contact us at privacy@healix.health.
8. Cookies and Tracking
We use essential cookies to:
- Keep you logged in
- Remember your preferences
- Ensure security (CSRF protection)
We do not use third-party advertising cookies. Analytics cookies are used only to improve our service and can be disabled in your browser settings.
9. Children's Privacy
Healix is not intended for children under 16. We do not knowingly collect personal information from children under 16. If you believe we have collected such information, please contact us immediately.
10. International Data Transfers
Your data is processed and stored in the European Union. If we transfer data outside the EEA, we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses).
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the new policy on this page
- Updating the "Last updated" date
- Sending an email notification for significant changes
12. Contact Us
If you have questions about this Privacy Policy or our data practices, contact us:
- Email: privacy@healix.health
- Data Protection Officer: dpo@healix.health
You also have the right to lodge a complaint with your local data protection authority.