Privacy Policy

1. Introduction

Welcome to HealTalk. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mental health consultation platform.

2. Information We Collect

2.1 Personal Information

• Account Information: Name, email address, phone number, date of birth, profile photo
• Authentication: Password (encrypted), OAuth credentials (Google)
• Payment Information: Billing address, payment method (processed securely via Stripe)

2.2 Health Information (PHI)

• Mental health screening assessment responses
• Messages exchanged with psychologists
• Appointment notes and progress tracking
• AI chatbot interactions
• Session recordings (only with explicit consent)

2.3 Professional Information (Psychologists)

• Credentials and license numbers
• Professional certifications and experience
• Specializations and hospital affiliations

2.4 Automatically Collected Information

• Device information (browser type, operating system)
• IP address and approximate location
• Usage data (pages visited, features used)
• Video call quality metrics

3. How We Use Your Information

• Facilitate video consultations between patients and psychologists
• Process appointments and payments
• Enable secure messaging and communication
• Provide AI-powered mental health screening
• Send appointment reminders and notifications
• Improve platform security and user experience
• Comply with legal obligations

4. How We Share Your Information

With Service Providers (BAA-compliant):

• Video Infrastructure: Agora.io (video calls)
• Payment Processing: Stripe (secure payments)
• Email Delivery: Resend (notifications)
• Cloud Storage: UploadThing (file uploads)
• AI Services: Google Gemini (chatbot, anonymized)
• Error Monitoring: Sentry (no PHI)

All service providers sign Business Associate Agreements (BAAs) to ensure HIPAA compliance.

5. Data Security

• Encryption: TLS 1.3 in transit, AES-256 at rest
• Access Controls: Role-based access with MFA
• Video Security: End-to-end encrypted calls
• Backups: Automated daily backups with disaster recovery
• Monitoring: 24/7 security monitoring and intrusion detection

6. Your Privacy Rights

HIPAA Rights (U.S. Users)

• Access and obtain a copy of your health information
• Request corrections to your health information
• Request restrictions on use of your information
• Receive an accounting of disclosures
• File a complaint if rights are violated

GDPR Rights (EU Users)

• Access: Request a copy of your data
• Rectification: Correct inaccurate data
• Erasure: Request deletion ("right to be forgotten")
• Portability: Receive data in machine-readable format
• Objection: Object to processing

7. Data Retention

We retain your information for as long as necessary to provide services and comply with legal obligations (typically 7 years for medical records). When you delete your account, we will delete or anonymize your personal information within 90 days, except where retention is required by law.

8. Cookies and Tracking

• Essential Cookies: Authentication, session management
• Analytics Cookies: Understand platform usage
• Preference Cookies: Remember your settings

9. Contact Us