Privacy Policy

Last updated: February 28, 2026

1. Introduction

HealthyCompute ("we," "us," or "our") operates the HealthyCompute platform at healthycompute.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information—including protected health information (PHI)—when you use our Service.

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

  • Account information: Name, email address, and password when you create an account.
  • Health documents: Lab results, imaging reports, prescriptions, and other health records you upload.
  • Connected health portals: Data retrieved from Epic MyChart and other health record systems you authorize us to access on your behalf.
  • Payment information: Billing details processed securely through Stripe. We do not store full credit card numbers on our servers.

2.2 Information Collected Automatically

  • Device & usage data: Browser type, operating system, IP address, pages visited, and usage patterns.
  • Cookies: Session cookies for authentication and preferences. We do not use advertising or third-party tracking cookies.

2.3 Health & Wearable Data

When you connect wearable devices or health services (Apple HealthKit, Garmin, Fitbit, Google Fit, Strava, or Libre/FreeStyle CGM), we receive health metrics such as heart rate, step counts, blood pressure readings, glucose levels, and activity data. We only access data you explicitly authorize.

3. How We Use Your Information

  • Provide and maintain the Service, including AI-powered health categorization, research reports, and personalized podcasts.
  • Normalize and aggregate your health data using standardized clinical coding systems (FHIR R4, LOINC, SNOMED CT).
  • Generate personalized health insights using artificial intelligence.
  • Process payments and manage your subscription.
  • Communicate with you about your account, updates, and support requests.
  • Improve the Service through anonymized, aggregated analytics.

4. How We Protect Your Data

  • Encryption in transit: All data is transmitted over HTTPS/TLS.
  • Encryption at rest: Health data is encrypted using AES-256 at rest in our database.
  • Access controls: Row-level security ensures users can only access their own data.
  • Credential encryption: OAuth tokens for connected services are encrypted with Fernet symmetric encryption before storage.
  • Infrastructure: Hosted on SOC 2 compliant infrastructure with regular security audits.

5. Data Sharing & Disclosure

We do not sell your personal or health information. We may share data only in these limited circumstances:

  • Service providers: Third-party processors that help us operate the Service (e.g., OpenAI for AI analysis, Stripe for payments). These providers are contractually obligated to protect your data.
  • Legal requirements: If required by law, subpoena, or court order.
  • With your consent: When you explicitly authorize us to share specific data.

6. HIPAA Compliance

HealthyCompute is designed with HIPAA compliance in mind. We implement administrative, physical, and technical safeguards to protect protected health information (PHI). We are actively working toward executing Business Associate Agreements (BAAs) with all applicable service providers.

7. Your Rights

You have the right to:

  • Access: View all personal and health data we hold about you.
  • Export: Download your data in a portable format at any time.
  • Correct: Request correction of inaccurate information.
  • Delete: Request deletion of your account and all associated data.
  • Revoke access: Disconnect any integrated health service at any time.

To exercise any of these rights, contact us at privacy@healthycompute.com.

8. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will remove all personal and health data within 30 days, except where retention is required by law. Anonymized, aggregated data that cannot identify you may be retained for service improvement.

9. Third-Party Services

Our Service integrates with the following third-party services, each governed by their own privacy policies:

  • Epic MyChart (electronic health records)
  • Google (authentication via Google Sign-In)
  • OpenAI (AI-powered health analysis)
  • Stripe (payment processing)
  • Apple HealthKit, Garmin, Fitbit, Google Fit, Strava (wearable data)

10. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from minors. If we learn that we have collected data from a child under 18, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Email: privacy@healthycompute.com