Legal draft
HealthWatch Privacy Policy
Draft placeholder for PHI handling, minimization, and deletion rights.
What HealthWatch stores
HealthWatch may store account identity, chat history, uploaded lab results, structured health profile data, biometrics, and operator-approved export artifacts needed to deliver the service.
Sensitive free text is subject to minimization controls before it is reused in secondary prompts, exports, public sharing surfaces, or downstream research tools.
How data is used
Stored data is used to answer user questions, render dashboards, generate clinician-facing summaries, and operate privacy and safety controls such as PHI sanitizers and trust-boundary audits.
- HealthWatch should not sell user health data.
- User-authored health data should remain inside documented product boundaries.
- Deletion and export rights must be finalized in the reviewed policy language.
Cookies and telemetry
Essential cookies keep you signed in, remember onboarding completion, and store your medical-disclaimer acknowledgment. They are required for the service and are not gated behind a marketing consent banner.
Analytics telemetry is optional. With your consent, HealthWatch may initialize Sentry in the browser for error and performance monitoring. Session replay is fully masked (text, media, and inputs) and default PII shipment is disabled.
You can accept analytics, choose essential cookies only, or reopen Cookie preferences from the site footer at any time. Your choice is stored in a first-party cookie; signed-in users also get an auditable consent record.
- Essential cookies: authentication, safety gates, and service continuity.
- Analytics cookies/telemetry: Sentry error and performance monitoring (opt-in).
- Rejecting analytics does not block sign-in or core product use.
Open legal items
Version 2026-05-20.draft1 leaves jurisdiction, retention windows, subprocessors, and international transfer language explicitly open until counsel review is complete.