Privacy Policy

Overview

Recovery Tracker ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our post-surgical recovery tracking application.

Information We Collect

Health Information

• Surgical procedure details
• Daily health assessments (pain levels, symptoms, vital signs)
• Medication and treatment information
• Recovery progress photos (optional)
• Communication with your healthcare provider

Personal Information

• Name and contact information
• Phone number for authentication and notifications
• Email address (for administrative communications)

Usage Information

• Device information and IP address
• App usage patterns and analytics
• Chat interactions with our AI assistant

How We Use Your Information

• To provide post-surgical recovery tracking and monitoring
• To enable communication between you and your healthcare provider
• To send recovery reminders and important notifications via SMS
• To provide personalized recovery guidance and support
• To improve our services and user experience
• To comply with legal and regulatory requirements

HIPAA Compliance

Recovery Tracker is designed to comply with the Health Insurance Portability and Accountability Act (HIPAA). We implement appropriate safeguards to protect your Protected Health Information (PHI):

• Encrypted data transmission and storage
• Secure authentication and access controls
• Audit logging of all PHI access
• Business Associate Agreements with third-party service providers
• Regular security assessments and updates

Information Sharing

We share your information only with:

• Your Healthcare Provider: Your surgical team and clinic staff
• Service Providers: Firebase (Google Cloud), Twilio for SMS (under HIPAA BAA)
• Legal Requirements: When required by law or to protect rights and safety

We do NOT sell your personal information or share it with third parties for marketing purposes.

Data Security

We implement industry-standard security measures including:

• TLS/SSL encryption for data in transit
• Encryption at rest for stored data
• Multi-factor authentication
• Regular security audits and penetration testing
• Employee training on data privacy and security

Your Rights

You have the right to:

• Access your personal and health information
• Request corrections to inaccurate data
• Request deletion of your data (subject to legal retention requirements)
• Opt-out of non-essential communications
• Receive an accounting of disclosures
• File a complaint with the U.S. Department of Health and Human Services

Data Retention

We retain your health information for as long as necessary to provide services and comply with legal obligations. Medical records are typically retained for 7 years from the date of last treatment, in accordance with state and federal requirements.

Third-Party Services

Our application uses the following third-party services:

• Firebase (Google Cloud): Authentication, database, and hosting (HIPAA BAA in place)
• Twilio: SMS notifications and alerts (HIPAA BAA in place)
• Stripe: Payment processing (no health information shared)

Children's Privacy

Our service is not directed to individuals under 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of the service after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact:

Notice of Privacy Practices

For a complete description of how your health information may be used and disclosed, and how you can access this information, please request a copy of our Notice of Privacy Practices from your healthcare provider or contact us directly.