Data Policy

Data Policy

Last updated: March 1, 2026

Overview

At Clarity DTX, we take the protection of your personal health data seriously. This Data Policy explains how we collect, store, process, and protect the information you provide when using our condition-specific health tracking applications.

What Data We Collect

Data Type Examples Purpose
Account Information Email address, name, password (hashed) Account creation and authentication
Health Tracking Data Symptoms, medications, measurements, notes Core app functionality
Device Information Device model, OS version, app version Technical support and compatibility
Usage Analytics Feature usage patterns, session length Product improvement
Crash Reports Error logs, stack traces Bug fixing and stability

How We Store Your Data

Your health data is stored using industry-standard security practices:

  • Encryption at rest: All personal and health data is encrypted using AES-256 encryption
  • Encryption in transit: All data transfers use TLS 1.2 or higher
  • Secure infrastructure: Our servers are hosted in SOC 2 compliant data centers
  • Access controls: Strict role-based access controls limit who can access user data
  • Regular audits: We conduct regular security audits and vulnerability assessments

Data Processing and Sharing

We process your data solely to provide our services. We do not sell your personal health data to third parties. Data may be shared in limited circumstances:

  • Service providers: Trusted partners who help us operate our services (e.g., cloud hosting, analytics), bound by strict data processing agreements
  • Your care team: Only when you explicitly choose to share reports or data with healthcare providers through our export features
  • Legal requirements: When required by law, court order, or government regulation
  • Aggregated data: De-identified, aggregated data may be used for research and product improvement. This data cannot be traced back to individual users.

Your Rights (GDPR and Global Privacy)

Regardless of where you are located, we provide the following rights:

  • Right to access: Request a copy of all data we hold about you
  • Right to rectification: Correct inaccurate data in your account
  • Right to erasure: Request deletion of your account and associated data
  • Right to portability: Export your data in a standard, machine-readable format
  • Right to restrict processing: Limit how we process your data
  • Right to object: Object to specific data processing activities
  • Right to withdraw consent: Withdraw previously given consent at any time

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

Data Retention

We retain your data for as long as your account is active. After account deletion:

  • Personal health data is permanently deleted within 30 days
  • Backup copies are purged within 90 days
  • De-identified analytics data may be retained indefinitely
  • Legal hold data is retained as required by applicable law

Data Deletion Requests

You can delete your data through the following methods:

  • In-app: Navigate to Settings and select “Delete Account”
  • Email: Send a deletion request to [email protected]
  • Contact form: Submit a request through our contact page

Upon receiving a deletion request, we will verify your identity and process the request within 30 days. You will receive confirmation once deletion is complete.

Health Data Compliance

We design our applications with health data regulations in mind:

  • HIPAA awareness: While our consumer apps are not covered entities under HIPAA, we follow HIPAA best practices for data security
  • GDPR compliance: We comply with the EU General Data Protection Regulation for users in the European Economic Area
  • PIPEDA compliance: We comply with Canadian privacy legislation
  • CCPA compliance: California residents have additional rights under the California Consumer Privacy Act

Cookies and Tracking

Our website uses essential cookies for functionality. Our mobile apps use analytics tools to understand usage patterns. You can opt out of analytics tracking within app settings. We do not use advertising trackers or sell data to advertising networks.

Children’s Privacy

Our services are not directed to children under 18. We do not knowingly collect personal information from children. If we discover that a child under 18 has provided us with personal information, we will delete it promptly.

Changes to This Policy

We may update this Data Policy periodically. Material changes will be communicated through in-app notifications or email at least 30 days before they take effect. The “Last updated” date at the top of this page reflects the most recent revision.

Contact Us

For questions about this Data Policy or to exercise your data rights:

Email: [email protected]
Website: claritydtx.com/contact