Privacy Policy

Last updated: January 29, 2025

HIPAA Compliant

Healthcare data protection

End-to-End Encryption

Data security in transit & at rest

Transparent Controls

Full visibility & control

Your Choice

Consent-based sharing

1. Introduction

At Vital Guardian™, we take your privacy seriously. This Privacy Policy explains how we collect, use, protect, and share your personal and health information when you use our kidney health monitoring platform. We are committed to protecting your health information in compliance with HIPAA, GDPR, and other applicable privacy laws.

2. Information We Collect

Personal Information

  • Name, email address, phone number, and date of birth
  • Account credentials and authentication information
  • Emergency contacts and family member information (with consent)
  • Insurance information for integration purposes

Health Information

  • Kidney function markers (eGFR, uACR) from laboratory results
  • Vital signs: blood pressure, heart rate, weight
  • Medication information and adherence data
  • Symptoms, side effects, and health observations
  • Healthcare provider information and care plans

Device and Activity Data

  • Wearable device data (steps, sleep, heart rate from Fitbit, Garmin)
  • Smart device measurements (water intake, glucose readings)
  • App usage patterns and interaction data
  • Device connectivity and synchronization logs

3. How We Use Your Information

🎯 Primary Uses

We use your information primarily to provide kidney wellness tracking services, generate AI-powered wellness insights, and facilitate care coordination with your healthcare team.

Service Delivery

  • Generate personalized kidney wellness insights based on evidence-based guidelines
  • Provide health insights, trends, and wellness guidance
  • Facilitate communication between patients, families, and care teams
  • Send medication reminders and health alerts

Platform Improvement

  • Improve AI algorithms and wellness insight accuracy (using anonymized data)
  • Enhance user experience and platform functionality
  • Conduct research to advance kidney wellness support (with explicit consent)

4. Information Sharing and Disclosure

🔒 Your Control

We only share your health information with your explicit consent or as required by law. You have full control over who can access your data and for what purposes.

With Your Consent

  • Healthcare Providers: Share data with your doctors, nurses, and care team
  • Family Members: Designated emergency contacts and caregivers
  • Insurance Providers: For wellness program integration and benefits
  • Research Studies: Anonymized data for kidney health research (optional)

Service Providers

We may share information with trusted service providers who help us operate our platform:

  • Cloud infrastructure providers (with HIPAA Business Associate Agreements)
  • Authentication and security services
  • Analytics providers (using anonymized data only)

Legal Requirements

We may disclose information when required by law, such as in response to legal process, to protect safety, or to comply with healthcare regulations.

5. Data Security and Protection

Technical Safeguards

  • • AES-256 encryption at rest
  • • TLS 1.3 encryption in transit
  • • Multi-factor authentication
  • • Regular security audits

Administrative Safeguards

  • • Role-based access controls
  • • Employee training programs
  • • Incident response procedures
  • • Regular compliance reviews

HIPAA Compliance

Vital Guardian™ is designed to be HIPAA compliant. We implement appropriate technical, administrative, and physical safeguards to protect your Protected Health Information (PHI) in accordance with HIPAA Security and Privacy Rules.

6. Your Privacy Rights

🎛️ Your Controls

You have comprehensive rights to control your personal and health information. Access these controls through your account settings or by contacting our privacy team.

Access and Control

  • View all collected data
  • Download your information
  • Correct inaccurate data
  • Delete your account and data

Sharing Controls

  • Manage family access permissions
  • Control healthcare provider sharing
  • Opt-out of research participation
  • Revoke consent at any time

7. Data Retention and Deletion

We retain your information only as long as necessary to provide our services and comply with legal obligations:

  • Active Account Data: Retained while your account is active
  • Health Records: Retained according to healthcare record requirements (typically 6-10 years)
  • Research Data: Anonymized data may be retained for research purposes (with consent)
  • Account Deletion: Most data deleted within 30 days of account closure

8. International Data Transfers

Your data is primarily stored and processed in the United States. If you are accessing our service from outside the US, your information may be transferred to, stored, and processed in the US where our servers are located and our central database is operated.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For material changes, we will provide at least 30 days advance notice.

10. Contact Us

If you have questions about this Privacy Policy or your personal information, please contact us:

Privacy Team

Email: privacy@vitalguardian.ai
Phone: [Privacy Hotline]
Response time: Within 48 hours

HIPAA Privacy Officer

Email: hipaa@vitalguardian.ai
Address: [HIPAA Officer Address]
For HIPAA-related privacy concerns