Privacy Policy
Our Privacy Commitment
As a tool designed to help protect sensitive health information, HIPAA.app is built with privacy as its foundation. We operate with a "zero storage" approach to your queries and search results, ensuring that your privacy checks don't create additional exposure risks.
Table of Contents
Information We Collect
Information You Provide
When you use HIPAA.app, you may enter search queries that include names, medical record numbers, or other identifiers to check for potential PHI exposure. These queries are processed in real-time and are never stored on our servers.
Technical Information
We collect limited technical information necessary for the operation of our service:
- IP address (anonymized and used only for rate limiting and abuse prevention)
- Browser type and version
- Time and date of access
- General geographic location (country/region level only)
Cookies and Similar Technologies
HIPAA.app uses only essential cookies necessary for the functioning of the service. We do not use any tracking, advertising, or analytics cookies. The essential cookies we use are:
- Session cookies for maintaining your session state
- Security cookies for preventing cross-site request forgery
How We Use Information
The limited information we collect is used solely for:
- Providing and improving the HIPAA.app service
- Protecting the security of our service through rate limiting and abuse prevention
- Troubleshooting technical issues
- Complying with legal obligations
We do not use your information for marketing, advertising, or any purpose unrelated to the direct operation of HIPAA.app.
Information Sharing
We do not share, sell, rent, or trade any information with third parties except in the following limited circumstances:
- When required by law or to comply with a legal process
- To protect the rights, property, or safety of HIPAA.app, our users, or the public
- In connection with a merger, acquisition, or sale of assets, with appropriate confidentiality agreements in place
Service Providers
We use the Google Custom Search API to process search queries. Google does not receive any personally identifiable information from HIPAA.app, and all queries are transmitted securely. Our agreement with Google prohibits them from storing or using the search queries for any purpose other than providing the search service.
Data Security
We implement a variety of security measures to maintain the safety of the limited information we process:
- All connections to HIPAA.app use TLS encryption (HTTPS)
- Server-side security measures include firewalls, intrusion detection, and regular security updates
- Regular security assessments and penetration testing
- Strict access controls limit who can access our systems
- Anti-abuse measures to prevent misuse of our service
Your Rights
As we do not store personal information, most traditional data subject rights do not apply. However, we respect your privacy rights and provide the following:
- Transparency about our data practices through this Privacy Policy
- Security measures to protect any transient data while in use
- The ability to use our service without creating an account
Children's Privacy
HIPAA.app is designed for use by healthcare professionals and organizations. Our service is not directed at children under the age of 18, and we do not knowingly collect information from children. If you believe we may have collected information from a child, please contact us immediately.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will post the revised policy on this page with an updated "Last Updated" date. We encourage you to review this policy periodically to stay informed about our privacy practices.
For significant changes that materially alter your privacy rights, we will provide more prominent notice as appropriate, such as through a banner on our website.
Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:
Email: privacy@hipaa.app
Address: HIPAA.app Privacy Office
123 Healthcare Plaza, Suite 400
Anytown, CA 94000
We will respond to your inquiry within 30 days.