Privacy Policy
Effective Date: July 6, 2025
1. Introduction
Wavelength Care ("we," "us," or "our") is committed to protecting your privacy and the confidentiality of your health information. This Privacy Policy explains how we collect, use, protect, and handle your information when you use our mobile application ("App").
Your privacy is our priority. We understand that you are entrusting us with sensitive health information, and we take this responsibility seriously.
2. Information We Collect
Health Information You Provide
When you use Wavelength Care, you may choose to enter:
- Personal health records and journal entries
- Information about medical appointments and healthcare providers
- Disease diagnoses and health conditions
- Treatment plans and medication information
- Other health-related personal information
Technical Information
We may automatically collect certain technical information:
- App usage analytics (through Google Analytics, combined with Posthog analytics)
- General location data (state/region level only) to understand our user base
- Device performance data to improve app functionality
- Authentication cookies necessary for app security
Information We Do NOT Collect
We do not collect:
- Your real name or personal identifying information
- Precise location data
- Contact information beyond what you voluntarily provide
- Social media information
- Financial information
- Any information that could directly identify you
3. How We Use Your Information
Your Health Data
- Personal Use Only: Your health information is used solely to provide the journaling service to you
- No Sharing: We never share, sell, distribute, or view your personal health information
- Anonymous Storage: All health data is stored anonymously and cannot be linked to your identity
Analytics Data
We use Google Analytics and Posthog to:
- Understand how users navigate through the app
- Identify which features are most valuable to users
- Determine where our users are located (general geographic regions)
- Improve our app design and user experience
- Make informed decisions about future features
Important: The data collected by Google Analytics and Posthog is aggregated and anonymized. We cannot identify individual users through this data.
4. Data Security and Encryption
Encryption Standards
- AES-256 Encryption: All user data is encrypted using industry-standard AES-256 encryption
- Data in Transit: All data transmission is encrypted using secure protocols
- Data at Rest: All stored data is encrypted on our servers
Technical Infrastructure
- Secure Storage: We use Firebase, Firestore, and MongoDB with enterprise-grade security
- Access Controls: Strict access controls limit who can access data systems
- Regular Security Audits: We regularly review and update our security measures
Authentication
- Secure Login: Authentication cookies are used solely for secure app access
- Session Management: We implement secure session management practices
- No Tracking: We do not use tracking technologies beyond necessary authentication
5. HIPAA Compliance
Wavelength Care is committed to HIPAA (Health Insurance Portability and Accountability Act) compliance:
Protected Health Information (PHI)
- We treat all health information as PHI and apply appropriate safeguards
- Administrative, physical, and technical safeguards are in place
- Access to PHI is limited to authorized personnel only
Business Associate Agreements
- Our technology providers (Firebase, Google Analytics, Posthog) operate under appropriate data protection agreements
- We ensure all third-party services meet HIPAA requirements for handling health data
Breach Notification
- We have procedures in place to detect and respond to potential data breaches
- We will notify affected users within 60 days of discovering any breach of unsecured PHI
- We will also notify the Department of Health and Human Services as required by law
6. Data Sharing and Disclosure
We Do Not Share Your Personal Health Information
- We never sell, rent, or trade your personal health information
- We do not share your health data with advertisers, marketers, or other third parties
- Your health information remains private and confidential
Limited Exceptions
We may disclose information only in these limited circumstances:
- Legal Requirements: If required by law or court order
- Health and Safety: To prevent serious harm to you or others
- Business Transfers: If our company is acquired, with continued privacy protections
- With Your Consent: If you explicitly authorize disclosure
Aggregated Data
We may share aggregated, anonymized data that cannot identify individual users:
- General usage statistics
- Demographic information (age ranges, general locations)
- Feature usage patterns
7. Your Privacy Rights
Access and Control
You have the right to:
- Access all your personal health information in the app
- Correct or update your information at any time
- Delete your account and all associated data
- Export your data in a portable format
Data Deletion
- Account Deletion: You can delete your account at any time through the app settings
- Complete Removal: We will permanently delete all your data within 30 days of account deletion
- Secure Deletion: All data is securely wiped from our systems and cannot be recovered
Opting Out
- Location Data: You can disable location sharing in your device settings
8. Third-Party Services
Google Analytics & Posthog
- Purpose: We use Google Analytics and Posthog to understand app usage patterns
- Data Collection: Google Analytics and Posthog collect anonymized usage data
- Privacy: Google Analytics data is subject to Google's privacy policy, while Posthog data is subject to Posthog's privacy policy
- Opt-Out: You can opt out of Google Analytics and Posthog in your app settings
Firebase and Cloud Services
- Data Storage: We use Firebase and Firestore for secure data storage
- MongoDB: We use MongoDB for database management
- Security: All services are configured with maximum security settings
- Compliance: All services meet HIPAA requirements for health data
9. Cookies and Tracking
Authentication Cookies
- Purpose: We use cookies only for secure user authentication
- Duration: Cookies expire when you log out or after a period of inactivity
- Control: You can clear cookies through your device settings
No Tracking Technologies
- We do not use tracking pixels, web beacons, or similar technologies
- We do not track you across other websites or apps
- We do not build advertising profiles
10. Children's Privacy
Wavelength Care is not intended for use by anyone under 18 years of age. We do not knowingly collect personal information from individuals under the age of 18. If we discover that we have collected information from a child under 18, we will delete it immediately.
11. Geographic Limitations
- US Only: Wavelength Care is available only to users in the United States
- State Laws: We comply with applicable state privacy laws
- No International Transfers: Your data is stored and processed within the United States
12. Changes to This Privacy Policy
We reserve the right to update this Privacy Policy from time to time. When we make changes:
- We will notify you through the app
- We will post the updated policy with a new effective date
- Material changes will be highlighted and explained
- Your continued use of the app constitutes acceptance of the updated policy
13. Data Retention
Active Accounts
- We retain your health information for as long as your account is active
- You can delete specific entries or your entire account at any time
Deleted Accounts
- We permanently delete all user data within 30 days of account deletion
- Some anonymized analytics data may be retained for service improvement
- Legal compliance may require the retention of certain records
14. Contact Us
For questions about this Privacy Policy or our privacy practices, please contact us:
Privacy Contact:
Lauren, CEO
Wavelength Care
Email: lauren@wavelengthcare.com
15. Complaints and Concerns
If you have concerns about our privacy practices:
- Contact us directly at lauren@wavelengthcare.com
- We will investigate and respond within 30 days
- You may also file a complaint with the Department of Health and Human Services if you believe your privacy rights have been violated
16. Legal Basis for Processing
We process your information based on:
- Consent: You voluntarily provide health information for journaling purposes
- Legitimate Interests: We use analytics to improve our service
- Legal Compliance: We may process data to comply with applicable laws
17. Your California Privacy Rights
If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know what personal information we collect
- Right to delete your personal information
- Right to opt out of the sale of personal information (we do not sell personal information)
- Right to non-discrimination for exercising your privacy rights
18. Effective Date and Updates
This Privacy Policy is effective as of July 6, 2025 and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on this page.
Last Updated: July 6, 2025
By using Wavelength Care, you acknowledge that you have read and understood this Privacy Policy and agree to the collection and use of information in accordance with this policy.