Privacy Policy

Last updated: February 2, 2026

1. Introduction

Patient Pulse Tracker ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application and related services (collectively, the "Service").

Please read this Privacy Policy carefully. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

2. HIPAA Compliance & Protected Health Information

Patient Pulse Tracker is designed to comply with the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations. We recognize that the data processed through our Service may constitute Protected Health Information (PHI).

2.1 Business Associate Agreement

For healthcare providers and covered entities subject to HIPAA, we execute a Business Associate Agreement (BAA) that governs the handling of PHI. Our BAA ensures:

• PHI is used only for permitted purposes under HIPAA
• Appropriate safeguards are implemented to prevent unauthorized disclosure
• Breach notification procedures comply with HIPAA requirements
• PHI is returned or destroyed upon termination of the agreement

To request a BAA, please contact compliance@patientpulsetracker.com.

2.2 HIPAA Safeguards

We implement administrative, physical, and technical safeguards as required by the HIPAA Security Rule:

• Administrative: Workforce training, access management, incident response procedures
• Physical: Secure data center facilities, device and media controls
• Technical: Encryption (AES-256 at rest, TLS 1.3 in transit), access controls, audit logging

3. Information We Collect

3.1 Personal Information

We may collect personal information that you voluntarily provide when using our Service, including:

• Name and contact information (email address, phone number)
• Date of birth
• Account credentials
• Health and wellness survey responses
• Mood tracking data and personal notes
• Voice journal recordings (if enabled)
• Wearable device data (if connected)
• Clinical notes and assessments

3.2 Automatically Collected Information

When you access the Service, we may automatically collect certain information, including:

• Device information (browser type, operating system)
• IP address and general location
• Usage data and interaction patterns
• Cookies and similar tracking technologies

4. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our Service
• Process and manage your account
• Facilitate communication between patients and practitioners
• Send administrative notifications and service updates
• Generate wellness reports and analytics for authorized practitioners
• Respond to your inquiries and provide customer support
• Ensure the security and integrity of our Service
• Comply with legal obligations

5. Information Sharing and Disclosure

We may share your information in the following circumstances:

• With Healthcare Practitioners: Your survey responses and wellness data may be shared with practitioners you are assigned to for the purpose of providing care.
• Service Providers: We may share information with third-party vendors who perform services on our behalf (e.g., email delivery, hosting). All service providers are contractually obligated to protect your data.
• Legal Requirements: We may disclose information if required by law or in response to valid legal requests.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred.

We do not sell your personal information to third parties.

5.1 Sub-Processors

Our primary sub-processor is Microsoft Azure, which provides database hosting, serverless functions, and static web hosting. Azure maintains SOC 2 Type II certification and signs Business Associate Agreements for HIPAA-covered data.

5.2 Mobile and SMS Data Protection

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

6. GDPR Rights (European Economic Area)

If you are located in the European Economic Area (EEA), you have specific rights under the General Data Protection Regulation (GDPR):

• Right to Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate personal data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restriction: Request restriction of processing of your personal data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

6.1 Legal Basis for Processing

We process your personal data under the following legal bases:

• Contract Performance: To provide the Service you requested
• Legitimate Interests: To improve our Service and ensure security
• Legal Obligations: To comply with applicable laws and regulations
• Consent: For optional features such as marketing communications

6.2 Data Protection Officer

For GDPR-related inquiries, contact our Data Protection Officer at dpo@patientpulsetracker.com.

7. CCPA Rights (California Residents)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of the categories and specific pieces of personal information we collect
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of the sale of personal information (note: we do not sell personal information)
• Right to Non-Discrimination: Exercise your rights without receiving discriminatory treatment

7.1 Categories of Information Collected

In the preceding 12 months, we have collected the following categories of personal information:

• Identifiers (name, email, phone number)
• Protected characteristics (date of birth)
• Medical information (survey responses, wellness data)
• Internet activity (usage data, device information)
• Inferences (wellness trends, risk assessments)

7.2 Submitting CCPA Requests

To exercise your CCPA rights, contact us at privacy@patientpulsetracker.com or call our toll-free number. We will verify your identity before processing requests.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• AES-256 encryption of data at rest
• TLS 1.3 encryption of data in transit
• Secure authentication mechanisms including multi-factor authentication
• Regular security assessments and penetration testing
• Role-based access controls and audit logging
• Incident response and breach notification procedures

However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

9. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Healthcare data may be retained for periods required by medical record retention laws (typically 7-10 years). When your information is no longer needed, we will securely delete or anonymize it.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. For transfers from the EEA to countries not deemed adequate by the European Commission, we use Standard Contractual Clauses (SCCs) approved by the European Commission to ensure appropriate safeguards.

11. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyze usage patterns, and deliver personalized content. You can control cookie preferences through your browser settings, though disabling cookies may affect the functionality of the Service.

12. Children's Privacy

Our Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions or concerns about this Privacy Policy or our privacy practices, please contact us at:

See also: Terms of Service