Privacy Policy

This page is a placeholder. The full Heartly privacy policy — including our HIPAA Business Associate Agreement summary, breach-notification commitments, and PHI handling practices — will live here.

What we collect

Heartly collects Protected Health Information (PHI) on behalf of our customer facilities under a signed BAA. We do not sell, share, or monetize PHI under any circumstances.

How we protect it

PHI is encrypted at rest (AES-256, managed by Convex) and in transit (TLS 1.2+). Access is gated by per-facility role-based controls and every PHI read is audit-logged.

Your rights

Patients and authorized representatives may request copies of records, ask for corrections, or request deletion subject to regulatory retention requirements (6 years for HIPAA audit logs). Email [email protected] to initiate any of these requests.

Last updated: placeholder — pending legal review.