Privacy Policy

1. Introduction

Welcome to Webshark MyHealth ("we," "our," or "us"). We are committed to protecting your privacy and handling your personal information, especially sensitive health data, with the highest level of security and transparency.

This Privacy Policy explains how we collect, use, process, and protect your information when you use our mobile application and web platform that provides AI-powered analysis of medical reports and health insights.

2. Information We Collect

2.1 Personal Information

• Account Information: Name, email address, phone number, age, gender
• Profile Data: Height, weight, basic health conditions, medical history
• Authentication Data: Login credentials, profile photos
• Contact Information: For customer support and communication

2.2 Health Information (Sensitive Data)

• Medical Reports: Lab reports, X-rays, prescriptions, health checkup documents
• Health Metrics: Blood pressure, heart rate, blood sugar, cholesterol levels
• AI Analysis Results: Our system's interpretation and insights from your medical data
• Health Tracking Data: Medication reminders, health trends, symptoms

2.3 Technical Information

• Device Data: Device type, operating system, app version
• Usage Analytics: App usage patterns, feature interactions (anonymized)
• Log Data: IP address, access times, error logs
• Location Data: General location for healthcare provider suggestions (with consent)

3. How We Use Your Information

3.1 Primary Purposes

• AI Analysis: Process your medical reports to provide educational health insights
• Health Tracking: Monitor health trends and provide personalized recommendations
• Report Management: Organize and store your medical documents securely
• Educational Content: Provide relevant health information and tips

3.2 Service Improvement

• App Enhancement: Improve AI accuracy and user experience
• Feature Development: Develop new health tracking and analysis features
• Quality Assurance: Ensure accurate and helpful health insights

3.3 Communication

• Health Reminders: Medication alerts, appointment notifications
• Educational Updates: Health tips, app updates, new features
• Customer Support: Respond to your queries and provide assistance

4. AI Processing and Third-Party Services

4.1 AI Analysis Providers

We use leading AI services to analyze your medical reports and provide health insights:

• Claude AI (Anthropic): Primary AI service for medical report analysis
• OpenAI GPT-4: Backup AI service for report interpretation
• OCR Services: Convert images and scanned documents to text

4.2 Data Processing Safeguards

• Health data is anonymized before AI processing when possible
• AI providers are bound by strict data processing agreements
• No personal identifiers are shared with AI services unless absolutely necessary
• All AI processing occurs through encrypted, secure channels

5. Data Sharing and Disclosure

5.1 We DO NOT Sell Your Data

We never sell, trade, or rent your personal health information to third parties for commercial purposes.

5.2 Limited Sharing Scenarios

• With Your Consent: Share reports with doctors or healthcare providers you choose
• Service Providers: Trusted partners who help us operate the app (with strict confidentiality)
• Legal Requirements: When required by law or to protect safety
• Emergency Situations: To prevent serious harm to health or safety

5.3 Healthcare Provider Integration

If you choose to share your reports with doctors or hospitals through our platform, this sharing is:

• Controlled entirely by you
• Requires explicit consent for each sharing instance
• Can be revoked at any time
• Limited to specific reports you select

6. Data Security and Protection

6.1 Technical Safeguards

• Encryption: AES-256 encryption for data at rest, SSL/TLS for data in transit
• Secure Storage: Health data stored in secure, HIPAA-compliant cloud infrastructure
• Access Controls: Role-based access with multi-factor authentication
• Regular Audits: Security assessments and vulnerability testing

6.2 Organizational Safeguards

• Privacy Training: All employees trained on data protection
• Limited Access: Only authorized personnel can access health data
• Audit Logging: All data access is logged and monitored
• Incident Response: Rapid response plan for any security incidents

7. Your Rights and Data Controls

7.1 Access and Portability

• View Your Data: Access all personal information we hold about you
• Download Reports: Export your medical reports and AI analyses
• Data Portability: Transfer your data to other healthcare platforms

7.2 Correction and Deletion

• Update Information: Correct any inaccurate personal data
• Delete Account: Permanently delete your account and all associated data
• Selective Deletion: Remove specific reports or health data

7.3 Privacy Controls

• Consent Management: Control who can access your health reports
• Sharing Permissions: Revoke doctor or hospital access at any time
• Communication Preferences: Opt-out of non-essential notifications
• Data Processing: Limit how your data is used for AI training

8. Data Retention and Deletion

8.1 Retention Periods

• Active Accounts: Health data retained while your account is active
• Inactive Accounts: Data deleted after 3 years of inactivity
• Deleted Accounts: All data permanently deleted within 30 days
• Legal Requirements: Some data may be retained longer if required by law

8.2 Secure Deletion

When data is deleted, we ensure:

• Complete removal from all systems and backups
• Secure deletion methods that prevent data recovery
• Notification to third-party services to delete associated data

9. Children's Privacy

Webshark MyHealth is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If we discover that a child under 18 has provided us with personal information, we will delete such information immediately.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

10. International Data Transfers

Your health data is primarily stored and processed in India. However, some of our AI processing services may involve data transfer to:

• United States (for AI analysis by OpenAI and Anthropic)
• European Union (for certain cloud services)

When data is transferred internationally, we ensure:

• Adequate data protection standards in the receiving country
• Contractual safeguards with service providers
• Compliance with applicable data protection laws

11. Indian Data Protection Compliance

11.1 Digital Personal Data Protection Act, 2023

We comply with India's Digital Personal Data Protection Act, 2023, including:

• Lawful Processing: Processing health data only with explicit consent
• Purpose Limitation: Using data only for specified health-related purposes
• Data Minimization: Collecting only necessary health information
• Transparency: Clear communication about data processing activities

11.2 Sensitive Personal Data

We recognize that health information is considered "Sensitive Personal Data" under Indian law and handle it with enhanced protection measures:

• Explicit consent before collecting any health data
• Enhanced security measures for health information
• Strict limitations on sharing health data
• Regular security audits and assessments

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. When we make changes:

• Notification: We will notify you via email or app notification
• Effective Date: Changes take effect 30 days after notification
• Continued Use: Using the app after the effective date constitutes acceptance
• Withdrawal: You can delete your account if you disagree with changes

14. Medical Disclaimer