Health Data Privacy

1. Overview

This Health Data Privacy Notice supplements our general Privacy Policy and provides additional detail about how heymedy collects, processes, stores, and protects your health-related information. We recognize that health data is among the most sensitive categories of personal information, and we treat it with the highest level of care.

This notice applies to all users and additionally serves as the Consumer Health Data Privacy Policy required under Washington State's My Health My Data Act (MHMDA) for Washington residents.

2. Types of Health Data We Collect

Through your use of the App, we may collect and process the following categories of consumer health data. Categories 2.1 through 2.3 are collected only when you voluntarily provide them. Category 2.4 (audit metadata) is collected automatically when you access health-data features.

2.1 Profile Health Information

• Date of birth and biological sex
• Blood type
• Known medical conditions and diagnoses
• Current and past medications (including dosages)
• Known allergies
• Surgical history
• Family health history

2.2 Conversational Health Data

• Symptoms you describe in conversations
• Health questions you ask
• Lab results and test values you manually share
• Health-related notes and observations

2.3 Derived Health Data

• AI-generated health insights based on your data
• Urgency assessments for reported symptoms
• Extracted health information from conversations (e.g., newly mentioned medications or symptoms)
• Conversation summaries

2.4 Access and Audit Metadata

When you use health-data features, our systems automatically log access metadata for security and compliance auditing purposes. This includes:

• Timestamp of the request
• Your user identifier
• HTTP method and endpoint path accessed
• Response status code
• Your IP address

Under broad state definitions (including Washington MHMDA), metadata that identifies a consumer accessing health services may itself constitute consumer health data. We retain audit logs for up to 90 days for security and compliance purposes.

2.5 Data We Do NOT Collect

• We do not collect precise geolocation data or data related to your visits to healthcare facilities.
• We do not collect biometric data (fingerprints, face geometry, etc.).
• We do not collect genetic or genomic data.
• We do not receive health data from healthcare providers, hospitals, insurance companies, or EHR systems. All profile, conversational, and derived health data is user-submitted; access and audit metadata is collected automatically as disclosed in Section 2.4.

3. Purpose of Collection and Use

We collect each category of health data for the following specific purposes. We do not use your health data for any purpose not listed here without obtaining your separate, affirmative consent.

4. How We Process Your Health Data

4.1 AI Processing

Your conversations, health profile, and any files or images you upload are processed by AI language models to generate personalized responses. Specifically:

• Your health profile provides context for AI responses so they can be relevant to your situation.
• Documents and images you share through the chat (such as lab reports or medical documents) are sent to Anthropic for processing alongside your conversation, so the AI can interpret and respond to their contents.
• A message analysis system evaluates conversations for urgency, relevant keywords, and extractable health data.
• When extractable health data is detected (e.g., you mention a new medication), the system may automatically log it in your health records. You are notified when this occurs via an in-app system message.
• Conversation summaries are generated periodically to maintain context across sessions while managing data volume.

4.2 Emergency Keyword Detection

The App includes a keyword-based emergency detection system:

• A rule-based system scans your messages for keywords and patterns associated with urgent or emergency conditions.
• When a match is detected, the App displays a static safety banner directing you to call emergency services.
• This system uses pattern matching only — no AI model is involved in the detection.

Important: This system is not a clinical decision support tool or medical device. It is a simple assistive feature that may miss urgent conditions or generate false alerts. Always seek professional medical care for emergencies.

4.3 Vector Embeddings

We generate mathematical representations (embeddings) of your health data to enable semantic search. This helps the AI find relevant parts of your health history when responding to questions. Embeddings are stored securely and cannot be reverse-engineered to reconstruct the original text.

4.4 Lab Results — User-Submitted Only

Lab results in heymedy are entered or uploaded manually by you. We do not integrate with laboratory information systems, hospital EHR systems (e.g., Epic, Cerner), patient portals, or any other healthcare provider system. This means your lab data flows from you to us — not from a healthcare provider — and our processing of this data does not create a business associate relationship under HIPAA.

5. Third-Party Service Providers Receiving Health Data

The following third-party services may receive or process your health data. We do not sell health data to any third party. We do not share health data for advertising or marketing purposes.

• Anthropic (Claude) — AI Processing: Receives conversation text and health profile context to generate AI responses. Anthropic is contractually prohibited from using your data to train models or for any purpose other than generating responses. Data processed in the United States.
• OpenAI — Embedding Generation: Receives text derived from your conversations (such as search queries and AI-generated summaries) to generate mathematical embeddings for semantic search. OpenAI does not store this data or use it for training under our API terms. Data processed in the United States.
• Railway — Managed Cloud Hosting: Hosts the backend application and managed database infrastructure used to store health data. Health data remains encrypted at rest and Railway acts only as our infrastructure provider. Contact: privacy@railway.app.
• Resend — Email Delivery: Receives your email address (which may constitute consumer health data under broad state definitions, as it is linked to a health-data account) to deliver authentication codes. Resend does not receive health records or conversation content. Data processed in the United States.

No other third parties receive your consumer health data. Additional service providers that process only non-health data (such as Apple Sign In) are addressed in our general Privacy Policy.

6. Data Storage and Security

• Encryption at rest: Health data stored in our databases is encrypted.
• Encryption in transit: All communications between the App, our servers, and third-party services use TLS encryption.
• Access controls: Strict access controls ensure only authorized systems can access health data.
• Authentication: Your account is protected by JWT-based authentication with short-lived access tokens (15 minutes) and secure refresh token rotation.
• Data isolation: Each user's health data is logically isolated and accessible only through authenticated requests.
• No geofencing: We do not use geofencing technology around healthcare facilities or any other locations.

7. Data Retention and Archival

Active data: Your health profile and recent conversations are maintained in active storage for immediate access. Health profile records (conditions, medications, etc.) are retained until you delete them or delete your account.

Archived data: Older conversation messages may be archived through our summarization process. Archived messages are retained in the database (marked as archived) and are included in data exports, but are not actively used in conversation context.

Derived data: AI-generated insights are retained until you acknowledge or dismiss them, or until account deletion.

Account deletion: When you request account deletion, health data in active systems — including active data, archived data, embeddings, AI-generated insights, conversation history, and profile caches — is permanently deleted within 30 days. Limited encrypted backups and security logs may persist during retention cycles and are then automatically purged no later than 6 months after the authenticated deletion request.

8. Your Rights Over Health Data

You maintain full control over your health data. We provide the following rights to all users:

8.1 Right to Access

You may access your health data through the App at any time, including uploaded documents. You may also request an export of your health profile, conversations, and records in machine-readable JSON format via the in-app data export feature. The export includes metadata for uploaded files (filename, type, size, and a relative URL path to retrieve each file); the file contents themselves can be accessed individually through the App. Transient operational logs (such as audit logs retained for security monitoring) are not included in automated exports but are available upon specific request to privacy@heymedy.com.

8.2 Right to Delete

You may delete individual health records (medications, conditions, allergies, surgeries, family history, lab results, notes) through the App at any time. You may also request complete deletion of your account and all associated health data. We will process deletion requests within 30 days.

8.3 Right to Withdraw Consent

You may withdraw your consent to future collection and processing of health data at any time through the in-app withdrawal control or by emailing privacy@heymedy.com. Withdrawal stops future health-data collection and AI health processing. Existing health data in active systems is deleted within 30 days, and encrypted backups are purged on retention cycles and no later than 6 months after the authenticated request.

8.4 How to Exercise Your Rights

You may exercise your rights through the App directly (settings, data export, and account deletion features) or by contacting us at privacy@heymedy.com. We will respond to all requests within 30 days. We will not discriminate against you for exercising any of these rights.

8.5 Right to Appeal a Refusal

If we decline to act on your consumer health data request, you may appeal by emailing privacy@heymedy.com with the subject line "Privacy Appeal" within 30 days of our decision. We will review the appeal and respond in writing within 45 days. If we deny your appeal, we will also direct you to the Washington Attorney General complaint mechanism here: https://www.atg.wa.gov/file-complaint.

9. Washington My Health My Data Act (MHMDA) Disclosures

For residents of Washington State, the following additional disclosures are provided pursuant to RCW 19.373:

9.1 Categories of Consumer Health Data Collected

We collect all categories of consumer health data described in Section 2 above, including: health conditions, medications, allergies, surgical history, family health history, lab results, symptoms, and related information you voluntarily provide, as well as access and audit metadata (Section 2.4) that is collected automatically when you use health-data features.

9.2 Purpose of Collection

Each category of health data is collected for the specific purposes described in Section 3 above. We collect health data solely to provide the Service — personalized AI health assistance, health record management, urgency checks, and health insights.

9.3 Categories of Third Parties and Specific Affiliates

The specific third parties that receive consumer health data are listed in Section 5 above: Anthropic (AI processing), OpenAI (embedding generation), Railway (managed cloud hosting), and Resend (email delivery of authentication codes; receives your email address, which is linked to a health-data account). We do not share health data with affiliates, data brokers, advertisers, or any other third parties.

9.4 How to Exercise MHMDA Rights

Washington residents may exercise their rights to access, delete, and withdraw consent as described in Section 8. To submit a request, use the in-app features or email privacy@heymedy.com. We will respond within 30 days. We do not require you to create an account solely for the purpose of submitting a rights request. If we decline to act on a request, you may appeal through the process in Section 8.5.

9.5 Consent

We obtain your affirmative consent before collecting consumer health data. During setup, you must explicitly consent to health data collection and AI processing before health-data features are enabled. These consent decisions are recorded on our servers with timestamps. Each piece of health data you share (profile, conversational, and derived data) is provided through an affirmative action (typing and submitting information). Access and audit metadata (Section 2.4) is collected automatically when you use health-data features; this collection is disclosed above and covered by the same consent.

9.6 Geofencing

We do not use geofencing technology to identify or track consumers near mental health facilities, reproductive health facilities, substance use disorder treatment facilities, or any other healthcare facility.

10. What We Do NOT Do

• We do not sell your health data to anyone, ever.
• We do not share your health data with advertisers, data brokers, or marketing companies.
• We do not use your health data to train AI models.
• We do not share your health data with insurance companies or employers.
• We do not use your health data for profiling, scoring, or automated decision-making that produces legal or similarly significant effects.
• We do not collect or use geolocation data to infer health-related information.
• We do not receive health data from covered entities under HIPAA (doctors, hospitals, insurers, labs).

11. HIPAA Notice

heymedy is a consumer health application and is not a covered entity or business associate under the Health Insurance Portability and Accountability Act (HIPAA). We do not receive protected health information (PHI) from covered entities. All health data in the App is provided directly by you as a consumer, not transmitted from healthcare providers, health plans, or healthcare clearinghouses.

While we are not legally required to comply with HIPAA, we voluntarily implement many security practices aligned with HIPAA security standards because we believe your health data deserves the strongest protection possible.

12. FTC Health Breach Notification

As a non-HIPAA entity that handles health data, we are subject to the FTC Health Breach Notification Rule (16 CFR Part 318). In the event of a breach of security involving your health data:

• We will notify affected users as soon as practicable and without unreasonable delay. Where Washington's data breach law applies, notice will be made no later than 30 days after discovery.
• We will notify the FTC within the federal deadlines required by the Health Breach Notification Rule, including within 10 business days for breaches affecting 500 or more individuals.
• We will notify the Washington Attorney General or other regulators when required by applicable state law.
• For breaches affecting 500 or more residents of a state, we will notify prominent media outlets when required by federal law.
• Notifications will include: a description of the breach, types of health data involved, remedial actions taken, and steps you can take to protect yourself.

13. Changes to This Notice

We may update this Health Data Privacy Notice from time to time. Material changes will be communicated through the App and on our website. The "Last updated" date at the top of this page reflects the most recent revision. If we make material changes to how we collect, use, or share your health data, we will obtain your consent before applying the changes to data previously collected.

14. Contact Us

For questions or concerns about how we handle your health data, please contact our privacy team:

privacy@heymedy.com