Privacy Policy · HIPAA compliance

VitaSign (“we”, “us”, “our”) operates a secure telemedicine platform connecting healthcare providers with patients. This Privacy Policy explains our practices regarding the collection, use, and protection of your information when you use our mobile app, web services, or APIs.

We are committed to full transparency: we never sell your health information. All data is processed under strict HIPAA and GDPR safeguards. By using VitaSign, you acknowledge the practices described in this policy.

To provide telemedicine and practice management, we collect the following categories of information (with your explicit consent where required):

• Telemedicine & treatment: Facilitate video consultations, share records with your provider, issue e‑prescriptions.
• Care coordination: Notifications for appointments, lab results, follow‑ups (with your permission).
• Billing & payments: Process insurance claims and payments via secure gateway.
• Platform security & integrity: Detect fraud, enforce terms, maintain audit logs.
• Research (de‑identified): With separate consent, we may use aggregated data to improve medical outcomes.
• Compliance: Fulfill legal obligations (e.g., mandatory reporting).

All data resides in ISO 27001 certified data centers within the European Union (for EU users) or United States (for North American users). Retention periods follow medical record laws: generally 7 years after last encounter, after which secure deletion occurs. You may request earlier deletion (subject to legal holds).

We share information only where essential for your care or legally required:

• Your provider / clinic: Records are shared with your physician and their team through the platform.
• Sub‑processors: Secure hosting (AWS/Azure), email notifications, crash analytics (all sign BAAs).
• Legal & safety: To comply with subpoenas, prevent harm, or public health requirements.
• Business transfer: In case of merger/acquisition, data would remain under similar privacy commitments.

We never sell or rent your health data for advertising or marketing.

Depending on jurisdiction, you may have the following rights regarding your data:

• Access & portability: Obtain a copy of your records in machine‑readable format.
• Rectification: Request correction of inaccurate information.
• Deletion (“right to be forgotten”): Ask us to erase your data, subject to legal retention.
• Restrict / object: Limit processing for certain purposes (e.g., direct marketing).
• Withdraw consent: At any time, without affecting prior processing.

To exercise your rights, contact us at the email below. We respond within 30 days.

• End‑to‑end encryption for all video calls (WebRTC with DTLS/SRTP).
• Multi‑factor authentication available for all accounts.
• Regular penetration tests and SOC2 Type II audits.
• Mock location prevention and session timeouts in mobile apps.
• Shorebird OTA updates delivered with cryptographic signing.

VitaSign is intended for use by licensed healthcare professionals and adult patients (18+). Where pediatric care is provided, a parent or legal guardian must consent and manage the account. We do not knowingly collect data from unaccompanied minors. If you believe we have inadvertently done so, please notify us immediately.

We may update this Privacy Policy to reflect legal, technical, or operational changes. Material updates will be announced via in‑app notice or email at least 30 days in advance. The “Last updated” date at the top always reflects the effective date.

For privacy inquiries, data subject requests, or concerns about your information: