Privacy Policy

Healthmaxx Privacy Policy

1. Who We Are

Healthmaxx (“App”, “we”, “our”, or “us”) is a mobile application that helps you store, track, and share your health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use Healthmaxx or interact with us in any other way.

2. Scope

This Policy applies to data processed through the Healthmaxx mobile app, our website, customer‑support channels, and any related services. It does not apply to third‑party products or services that we do not own or control.

3. What We Collect

CategoryExamplesPurposeAccount DataName, email, password, phone numberCreate and secure your accountHealth Data (“Special Category Data”)Lab results, medication lists, allergies, physician notes, vitals, imagesProvide core health‑management features (e.g., dashboards, reminders, sharing with providers)Device & Usage DataIP address, device IDs, crash logs, app interactions, cookiesImprove performance, prevent fraud, analyticsPayment Data (if you purchase premium features)Cardholder name, last 4 digits, billing ZIP/postal codeProcess transactions, detect fraudCommunicationsSupport tickets, survey responses, in‑app messagesCustomer service, product feedback

HIPAA Notice: Healthmaxx is not a “covered entity” or “business associate” under U.S. HIPAA. However, we treat your health data with the heightened protections HIPAA requires and can execute a Business Associate Agreement (BAA) with qualified enterprise customers upon request.

4. How We Use Your Data

Deliver, personalize, and maintain the App
Sync data with connected devices or partner services at your request
Send transactional notices (e.g., password resets, feature updates)
Provide customer support and troubleshoot issues
Research and develop new features and machine‑learning models (using aggregated, de‑identified data wherever possible)
Comply with legal obligations (e.g., tax, accounting, law‑enforcement requests)
Detect, prevent, and respond to security incidents or fraudulent activity
Market optional premium features or new products (with opt‑out)

5. Legal Bases (GDPR/UK GDPR)

We rely on one or more of the following bases:

Consent (Art. 6(1)(a)) — for processing special‑category health data or sending marketing emails.
Contract (Art. 6(1)(b)) — to provide the services you request.
Legal Obligation (Art. 6(1)(c)) — where required by applicable law.
Legitimate Interests (Art. 6(1)(f)) — to improve the App, secure our services, and prevent fraud, balanced against your privacy rights.

6. Sharing & Disclosure

We do not sell or rent your personal data. We share information only:

RecipientReasonService ProvidersCloud hosting, analytics, payment processors, encrypted backup vendors (bound by confidentiality and data‑protection agreements)Healthcare ProfessionalsWhen you explicitly share records with a physician or caregiverLegal / Regulatory AuthoritiesIf required to comply with subpoenas, court orders, or similar legal processesCorporate TransactionsIn connection with a merger, acquisition, or asset sale (with notice to you)With Your ConsentAny other sharing you initiate inside the App

7. Data Retention

We keep personal data only as long as needed to fulfill the purposes above, unless a longer retention period is required by law or you request deletion (see § 9).

8. Security

End‑to‑end encryption for health records in transit and at rest
Zero‑knowledge architecture for stored health data (we cannot read it)
Multi‑factor authentication (optional)
Regular penetration tests and third‑party security audits

No system is 100 % secure, but we follow industry best practices (ISO 27001, NIST 800‑53) to minimize risks.

9. Your Rights & Choices

Global Rights

Access or download a copy of your data
Correct inaccurate information
Delete your account and associated data (irreversible)
Object to or restrict certain processing
Withdraw consent at any time (does not affect prior lawful processing)

California Residents (CCPA/CPRA) — You have additional rights to know, delete, and correct personal data, and to opt out of “sharing” for cross‑context behavioral advertising. We do not “sell” personal data as defined by CCPA.

EU/UK Residents — You may lodge a complaint with your local Data Protection Authority.

To exercise any of the above, email privacy@healthmaxx.com or use in‑app settings. We will respond within 30 days (or 45 days for CCPA requests).

10. International Transfers

We store data on servers located in the United States. Where EU/UK data is transferred outside the EEA/UK, we rely on approved transfer mechanisms such as the EU Standard Contractual Clauses (SCCs) or the UK IDTA.

11. Children’s Privacy

Healthmaxx is not directed to children under 13 and we do not knowingly collect data from them. If we learn that we have personal data for a child under 13, we will delete it promptly.

12. Third‑Party Links & SDKs

The App may contain links or integrations (e.g., Apple HealthKit, Google Fit). Your interactions with those services are governed by their own privacy policies. We are not responsible for third‑party practices.

13. Changes to This Policy

We may update this Policy to reflect changes in law or our practices. When we do, we will revise the “Last updated” date and notify you by app alert, email, or other prominent means. Material changes take effect 30 days after notice (or sooner if required by law).

‍

14. Facial and Body Image Data

We may collect facial and body image data when you upload or capture a photo within the app. These images are analyzed using machine learning models to generate health scores, identify visible skin or body health indicators, and create a personalized health improvement plan. We do not collect biometric identifiers, nor do we use facial recognition or facial authentication technologies.

‍

15. Use of Face and Body Data

Collected image data is used exclusively for health-related analysis and generating personalized recommendations. The data is not used for user identification, marketing, or shared with third parties.

‍

16. Storage and Retention

Images are processed securely and deleted immediately after use unless you choose to store them for progress tracking. Stored images are encrypted and retained for up to 12 months or until you request deletion.

‍

17. Your Choices

You may opt out of image storage at any time via the app settings, and you may request permanent deletion of your data.

‍

18. Contact Us

If you have questions or concerns, please reach out:

Email: privacy@healthmaxx.com
Mail: Healthmaxx Privacy Team, 123 Market Street, Suite 400, San Francisco, CA 94103, USA
Data Protection Officer (EU/UK): dpo@healthmaxx.com

‍

Privacy

Effective date: Sep 1, 2020

Privacy Policy

1. Who We Are

2. Scope

3. What We Collect

4. How We Use Your Data

5. Legal Bases (GDPR/UK GDPR)

6. Sharing & Disclosure

7. Data Retention

8. Security

9. Your Rights & Choices

10. International Transfers

11. Children’s Privacy

12. Third‑Party Links & SDKs

13. Changes to This Policy

14. Facial and Body Image Data

15. Use of Face and Body Data

16. Storage and Retention

17. Your Choices

18. Contact Us