PhysicalExam LogoSupport
Privacy Policy

Last Updated: Loading...

1. Our Unwavering Commitment to Your Privacy

Welcome to PhysicalExam Corp. Your privacy is the foundation of our service. We understand that health information is one of the most personal and sensitive types of data you can share. This Privacy Policy is not just a legal document; it is our pledge to you.

We have engineered our systems and this policy with three core principles:

  • You Control Your Data: You decide what information you provide, how it is used, and you have the right to change your mind.
  • Unyielding Security: We employ state-of-the-art security measures to protect your information at every stage.
  • Absolute Transparency: We will be straightforward about how we use your data and will never engage in hidden practices.

Please read this policy thoroughly. By creating an account and using our services, you acknowledge you understand and agree to these terms. If you do not agree, you must not use our application.

2. What We Will NEVER Do With Your Information

Let us be unequivocally clear about what we will not do. We will NEVER:

  • Sell, rent, lease, or trade your Personal Data or Health Information to any third party for marketing, advertising, or any other purpose. Period.
  • Share your data with your employer, insurance company, or any public-facing entity without your explicit, separate, and affirmative consent for each specific instance of sharing.
  • Use your data for research purposes without first de-identifying it (removing all links to you personally) and, where feasible, obtaining your separate opt-in consent.

3. The Information We Collect

To provide you with our services, we must collect certain information. We limit our collection to what is strictly necessary.

  • Personal Data: This is information that identifies you as an individual. It includes your name, email address, date of birth, and other demographic information you voluntarily provide during registration.
  • Protected Health Information (PHI): As defined by the Health Insurance Portability and Accountability Act (HIPAA), this is the core health data you entrust to us. This may include your medical history, symptoms, diagnoses, medications, treatment plans, lab results, and FHIR (Fast Healthcare Interoperability Resources) data that you upload or create within the application. We treat all PHI with the highest level of security and in accordance with HIPAA regulations.
  • Security Data: To protect your account, we securely store credential information, such as your password (in a hashed, unreadable format) and settings for multi-factor authentication (MFA).
  • Derivative Data: This is technical information our servers automatically collect for operational purposes. It includes your IP address, browser type, operating system, and access times. This data is used for security logging, debugging, and improving application performance and is not linked to your Personal Data for profiling purposes.

4. How We Use Your Information

We use the information we collect solely to provide and improve the service for you. Specifically:

  • To Operate Your Account: To create and manage your secure account, authenticate you, and provide the core functionalities of the application.
  • To Provide Services: To process your health information as you direct, such as tracking your symptoms, managing your medication reminders, or visualizing your health data.
  • To Communicate With You: To respond to your customer support requests, send you critical security alerts, and email you essential notifications regarding your account.
  • To Improve Our Application: To analyze anonymized and aggregated usage trends to identify bugs, improve features, and enhance the user experience. This analysis is performed on data that can no longer be tied back to you.

5. Disclosure of Your Information

We will only disclose your information in the following limited and transparent circumstances:

  • With Your Explicit Consent: If you choose to share your data with a specific doctor, family member, or other third-party application, we will only do so after you provide explicit, affirmative consent through our platform for that specific disclosure.
  • To Our Service Providers: We may share information with trusted third-party vendors who perform services for us (e.g., cloud hosting an AWS or Google Cloud Platform). These vendors are contractually bound by strict confidentiality and security agreements (including HIPAA Business Associate Agreements) and are prohibited from using your data for any purpose other than providing services to PhysicalExam Corp.
  • To Comply with the Law: If we receive a legally binding request, such as a subpoena or court order, we are required by law to disclose information. We will scrutinize all such requests to ensure they are valid and will attempt to notify you before responding, unless legally prohibited from doing so.
  • In Case of Business Transfer: If PhysicalExam Corp is involved in a merger, acquisition, or sale of all or a portion of our assets, your information will be transferred as a company asset. We will notify you of any such change in ownership and ensure the acquiring entity is contractually bound to honor the commitments made in this Privacy Policy.

6. Security of Your Information: A Shared Responsibility

Protecting your data is a partnership. We have implemented robust measures to protect our systems, but the security of your account also depends on you.

Our Safeguards:

  • Encryption: All data, both at rest in our databases and in transit between your device and our servers, is protected using strong, industry-standard encryption (e.g., AES-256 and TLS).
  • Access Control: We enforce strict internal access controls. Only authorized PhysicalExam Corp employees with a legitimate business need can access user data, and all such access is logged and audited.
  • Best Practices: We adhere to HIPAA Security Rule standards and follow best practices for secure software development, regular security audits, and vulnerability scanning.
  • Data Segregation: Your Personal Data and Health Information are logically and/or physically segregated from other data types to minimize risk.

Your Role in Security:

The security of your account starts with you. To prevent unauthorized access, you MUST:

  • Use a Strong, Unique Password: Do not reuse a password you have used on any other website or service.
  • Enable Multi-Factor Authentication (MFA): We strongly urge you to enable MFA on your account. This provides a critical second layer of defense against unauthorized login attempts.
  • Be Vigilant: Be suspicious of phishing emails or messages asking for your login credentials. We will never ask you for your password.
  • Secure Your Devices: Ensure the computer or mobile device you use to access our application is protected with a passcode or biometric lock.

Limitation of Liability & Incident Response:

While PhysicalExam Corp takes every reasonable and commercially viable precaution to secure your data, no method of transmission over the Internet or method of electronic storage is 100% infallible. We cannot guarantee absolute security against all threats.

In the event of a cybercrime or data breach, PhysicalExam Corp is not liable for losses resulting from (a) your failure to adhere to the security practices outlined above (e.g., password reuse), or (b) sophisticated, targeted criminal acts that circumvent our extensive security measures.

However, in the event we discover a breach of our own systems, we are committed to a swift and transparent response. We will promptly investigate the incident, take all necessary steps to contain the threat and mitigate harm, and notify affected users and relevant regulatory authorities in accordance with applicable laws (including HIPAA).

7. Your Data Rights & Choices

You have the right to:

  • Access & Review: You can review the Personal Data and Health Information you have provided to us at any time within the application.
  • Correct & Update: You can correct or update your information directly in your account settings.
  • Data Deletion: You may delete your account at any time. Upon your request, we will permanently and irrevocably delete your Personal Data and Health Information from our production systems. Please note that residual data may remain in our secure backup archives for a limited period before being erased.
  • Opt-Out of Communications: You may opt-out of receiving non-essential emails from us by following the unsubscribe link in those emails. We will still send you critical security and account-related notifications.

8. Data Retention

We will retain your information only for as long as your account is active or as needed to provide you with our services. We will delete your data upon your request, as outlined in Section 7, or if your account remains inactive for an extended period as defined by our internal data retention policy.

9. Policy for Children

Our services are not intended for or directed to individuals under the age of 18. We do not knowingly collect information from children. If we become aware that we have inadvertently collected data from a child under 18, we will take immediate steps to delete that information.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last Updated" date. For any material changes that significantly alter how we use or share your data, we will provide a more prominent notice (such as an in-app notification or a direct email) and may require your affirmative consent before the changes take effect.

11. Contact Us

If you have any questions, comments, or concerns about this Privacy Policy or our practices, please do not hesitate to contact our Privacy Officer: admin@physicalexam.com