VitalNexa Wellness Platform — Your health data, protected by design
The data controller responsible for your personal data is:
For all privacy-related inquiries, data subject requests, or complaints, please contact our Privacy Officer at privacy@vitalnexa.health.
VitalNexa is built on three core privacy principles:
| Category | Data Collected | Purpose |
|---|---|---|
| Account Information | Email address, full name, hashed password | Authentication, account management |
| Health Records | Uploaded files (.txt, .pdf) | Health data extraction and analysis |
| Lab/Bloodwork Results | Biomarker names, values, units, test dates, fasting status | Trend tracking and wellness insights |
| Chat Conversations | Messages between you and the VitalNexa AI assistant | Personalized wellness guidance |
| Health Summaries | AI-generated summaries of your health status | Continuity of care across sessions |
| Audit Logs | IP address, user agent, API actions, timestamps | HIPAA-required security monitoring |
What we do NOT collect: We do not collect location data, device fingerprints, advertising identifiers, social media profiles, browsing history, cookies for tracking, or any data from third parties without your explicit consent.
We do not sell, rent, or trade your personal information or health data to any third party, for any purpose, ever.
Under GDPR and similar data protection regulations, we process your personal data based on the following legal grounds:
| Legal Basis | Processing Activities |
|---|---|
| Consent (Article 6(1)(a) / Article 9(2)(a)) | Given at registration. Explicit consent for processing health data. You may withdraw consent at any time via account settings or by contacting us. |
| Legitimate Interest (Article 6(1)(f)) | Service improvement, security monitoring, fraud prevention, and maintaining the integrity of our platform. |
| Contract (Article 6(1)(b)) | Providing the service you signed up for — including account management, lab result analysis, AI wellness chat, and trend tracking. |
| Legal Obligation (Article 6(1)(c)) | Maintaining audit logs and breach notification as required by HIPAA, HITECH, and other applicable regulations. |
VitalNexa employs multiple layers of security, each addressing different threat vectors:
All sensitive data fields (chat messages, health record text, health summaries) are encrypted using AES-256-GCM with per-field unique salt and nonce values. This means even if the database were compromised, encrypted fields are computationally infeasible to decrypt without the encryption key.
| Measure | Implementation | Standard |
|---|---|---|
| Field-level encryption | AES-256-GCM, unique salt + 96-bit nonce per field | NIST SP 800-38D |
| Key rotation | Versioned keys (v1, v2...) with admin rotation endpoint | NIST SP 800-57 |
| Password hashing | bcrypt with automatic salting, cost factor 12 | OWASP recommendation |
| Key derivation | PBKDF2-HMAC-SHA256, 600,000 iterations | NIST SP 800-132 |
PostgreSQL Row-Level Security (RLS) policies enforce that each user can only access their own data. This is enforced at the database level, not the application level, preventing any application-layer bug from leaking data between users.
Every API request is logged with user ID, action, IP address, user agent, and timestamp. Audit logs are immutable and retained for the legally required period.
VitalNexa uses Anthropic's Claude AI for wellness chat. Before any data is sent to the AI:
| PII Type | Detection Method | Replacement |
|---|---|---|
| User's full name | Exact match + individual name parts | [NAME_REDACTED] |
| Email addresses | Regex pattern matching | [EMAIL_REDACTED] |
| Phone numbers | Multiple format patterns | [PHONE_REDACTED] |
| Social Security Numbers | XXX-XX-XXXX pattern | [SSN_REDACTED] |
| Street addresses | Number + street type pattern | [ADDRESS_REDACTED] |
| Dates of birth | DOB/birthday context matching | [DOB_REDACTED] |
| Medical record numbers | MRN/Patient ID patterns | [MRN_REDACTED] |
| Insurance/policy numbers | Policy/Member/Group ID patterns | [ID_REDACTED] |
Anthropic's data use policy prohibits using API inputs for model training. Your conversations are not used to train AI models.
VitalNexa is designed to comply with the Health Insurance Portability and Accountability Act (HIPAA), including the Privacy Rule (45 CFR Part 164, Subparts A and E) and the Security Rule (45 CFR Part 164, Subparts A and C).
| Requirement | Implementation | Status |
|---|---|---|
| Security Management Process | Risk analysis, security policies, audit logging | Implemented |
| Workforce Security | Role-based access, principle of least privilege | Implemented |
| Information Access Management | Row-Level Security, JWT authentication | Implemented |
| Security Awareness Training | Developer security training program | Implemented |
| Security Incident Procedures | Incident response plan with severity classification | Implemented |
| Contingency Plan | Database backups, disaster recovery procedures | Implemented |
| Requirement | Implementation | Status |
|---|---|---|
| Access Control | Unique user IDs, JWT tokens, email verification | Implemented |
| Audit Controls | Complete API request logging with user, action, IP, timestamp | Implemented |
| Integrity Controls | AES-256-GCM authenticated encryption (tamper detection) | Implemented |
| Transmission Security | TLS/HTTPS for all data in transit | Implemented |
| Encryption at Rest | AES-256-GCM field-level encryption with key rotation | Implemented |
| Requirement | Implementation | Status |
|---|---|---|
| Facility Access Controls | Cloud infrastructure with provider-managed physical security | Implemented |
| Workstation Security | Containerized deployment, no direct database access | Implemented |
| Device and Media Controls | Encrypted volumes, secure file storage | Implemented |
In the event of a breach of unsecured protected health information, VitalNexa will notify affected individuals within 60 days, the HHS Secretary as required, and prominent media outlets if the breach affects more than 500 individuals in a state or jurisdiction.
VitalNexa complies with the Health Information Technology for Economic and Clinical Health (HITECH) Act, which strengthens HIPAA enforcement:
VitalNexa's architecture is designed to meet the AICPA's SOC 2 Trust Service Criteria. While we have not yet undergone a formal SOC 2 Type II audit, our controls are aligned with these standards:
| Trust Service Criterion | Our Controls | Status |
|---|---|---|
| Security (Common Criteria) | JWT authentication, bcrypt passwords, AES-256-GCM encryption, RLS isolation, account lockout, CORS restrictions, audit logging | Aligned |
| Availability | Docker containerization, health check endpoints, database connection pooling, graceful error handling | Aligned |
| Processing Integrity | Input validation (Pydantic schemas), UUID parameter validation, authenticated encryption (GCM tamper detection), database constraints | Aligned |
| Confidentiality | Field-level encryption, PII scrubbing before AI calls, Row-Level Security, encrypted file storage, key rotation capability | Aligned |
| Privacy | Data minimization, user consent for collection, right to delete, transparent data use policy, no third-party data sales | Aligned |
We plan to pursue formal SOC 2 Type II certification as we scale to production.
California residents have the right to:
For users in the European Economic Area, we process health data under the legal basis of explicit consent (Article 9(2)(a)). Users have rights to access, rectification, erasure, data portability, and the right to withdraw consent at any time.
As a health-related technology provider, we comply with the FTC's Health Breach Notification Rule, which requires notification to consumers, the FTC, and in some cases the media, following a breach of unsecured health information.
VitalNexa supports health data interoperability through FHIR-based import connectors, allowing users to bring their health records from Epic, Cerner, Quest Diagnostics, Labcorp, and other certified health IT systems.
| Data Type | Retention Period | Deletion Method |
|---|---|---|
| Account information | While account is active + 30 days after deletion | Permanent erasure from database |
| Health records & lab results | While account is active | File deletion + database record removal |
| Chat conversations | Until user deletes them, or account deletion | Encrypted records permanently deleted |
| Health summaries | Until account deletion | Permanent erasure from database |
| Audit logs | 6 years (HIPAA requirement) | Automatic purge after retention period |
When you delete your account, all personal data, health records, lab results, chat history, and health summaries are permanently and irreversibly deleted within 30 days. Audit logs are retained for the legally required period with user identity anonymized.
If you are located in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):
| Right | Description | How to Exercise |
|---|---|---|
| Right to Access | Obtain a copy of all personal data we hold about you | Use the data export feature in Settings, or contact us |
| Right to Rectification | Correct inaccurate or incomplete personal data | Edit directly in the app (profile, biometrics) |
| Right to Erasure | Request deletion of your personal data | Delete your account in Settings |
| Right to Restrict Processing | Limit how we process your data | Contact us at privacy@vitalnexa.health |
| Right to Data Portability | Receive your data in a structured, machine-readable format (JSON) | Use the JSON export feature in Settings |
| Right to Object | Object to processing based on legitimate interest | Contact us at privacy@vitalnexa.health |
| Right to Withdraw Consent | Withdraw your consent at any time without affecting the lawfulness of prior processing | Contact us or delete your account |
You also have the right to lodge a complaint with your local Data Protection Authority (DPA). We will respond to all data subject requests within 30 days.
Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have the following rights:
To exercise your California privacy rights, contact us at privacy@vitalnexa.health with subject line "CCPA Request".
To exercise any of these rights, contact us at privacy@vitalnexa.health. We will respond within 30 days.
VitalNexa stores and processes data on servers located in the United States and the European Union. If you are located outside the US, your data may be transferred to and processed in the US.
For transfers of personal data from the EU/EEA to the US, we rely on the following transfer mechanisms:
We ensure that any third-party service providers who process data on our behalf provide equivalent safeguards through Business Associate Agreements and data processing agreements.
VitalNexa uses essential cookies only. Specifically:
| Cookie | Purpose | Type | Duration |
|---|---|---|---|
access_token | Session authentication (HttpOnly, Secure) | Essential | 60 minutes |
cookie_consent | Records your cookie consent preference | Essential | Persistent (localStorage) |
VitalNexa is not intended for users under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected personal data from a child under 16, we will take steps to delete that information as quickly as possible. If you believe a child under 16 has provided us with personal data, please contact us at privacy@vitalnexa.health.
| Contact | Details |
|---|---|
| Privacy Officer | privacy@vitalnexa.health |
| General Support | support@vitalnexa.health |
| Data Protection Requests | privacy@vitalnexa.health (subject: "Data Request") |
| Security Concerns | security@vitalnexa.health |
We may update this Privacy Policy from time to time. When we make material changes, we will:
Continued use of VitalNexa after the effective date of changes constitutes acceptance of the updated policy. If you disagree with any changes, you may delete your account at any time.