- We use most secure cloud services available for user access control and health record storage.
- Identity access management is used to limit what each user account (or our employees) can access.
- All communications between App and Cloud are done on secure https protocol using state-of-art libraries (software programs that securely exchange user data with cloud server) provided by our cloud provider. These libraries are used worldwide by thousands of customers of our cloud provider.
- At-rest data in App and Cloud are always encrypted.
- Health records and request history are further encrypted with user-unique password for additional security.
- Name and Date of Birth are stored in encrypted form on servers.
- Our service providers (cloud, email and electronic fax) has shown similar level of commitments and signed agreements stating same.
- Your information is not analyzed, sold or shared with anyone except for facilitating your personal usage and your decision to controllably share health results to others. When you use our chat services, you control how much information is shared.
- Your personal information (such as name, date of birth, phone number, email, etc.) is only used for the intended purpose of SafeMatch App. We will not store these beyond 1 year from the date of your account closure.
- After we receive your original medical records (received from either email, fax, in-App camera or mail) from you or your health care provider, we separate health information from personal identifiers and then upload them to your account. We do not keep original copies beyond 7 days. (NOTE: Original copies are not de-identified i.e. they contain both health information and User information at same place)
- We do not necessarily store your de-identified uploaded health records beyond 1 yr from the date you share them with us. This is mainly to retrieve your past health information easily in case your account files are accidentally deleted. (NOTE: Sharing feature of SafeMatch App usually shares summary only from past 1 year history of health records).
- Only you decide who gets to see a limited summary of your health record. The summary access is further limited to 1 hr after first view and self-delete completely after 7 days.
- Health record sharing can either be done anonymously or with your partial personal identifiers. The partial personal identifiers that are shared, if you chose to, are limited to only First name (NOT complete Full Name) and Birth Month (NOT complete Date of Birth).
- When possible, we disable the screenshot of your shared information.
- You are always in full control over history of shared results. You can delete them at anytime from your account.
- Besides our cloud, email and electronic fax providers, we do not work with any third-parties who could have access to your information. We will never use or sell your information for any marketing and research purpose.
- We do not keep detail logs of your requests beyond 7 days (7 days is set mainly for troubleshooting issues). This limit us from meeting all record keeping guidelines in HIPAA as listed in 45 CFR Part 164.524. We meet other guidelines listed for Privacy and Security. Being fully compliant would have required us to track closely who you share your results with and maintain a record of same for at least 6 year. We designed this platform primarily to break barriers in sexual health discussion and give the level of anonymity that users expect. As we grow, we will perform annual HIPAA audit by independent companies and demonstrate our commitment to safeguard your health information.
NOTE: We are not a Business Associate of any Covered Entity (click here for definitions)
While we follow best industry practices to keep your information secure, we expect similar things at your end as well. For more details, please check our Terms of Service
- Never share your username and password together with another person.
- Do not write your password on paper or save in a computer.
- Username alone may be shared for our sharing feature. However, do not write it on your social media profiles.
- Only remember a device that only belongs to you.
- Never share SMS or Email verification codes with anyone.
- If you device is lost, report us immediately so we can temporarily block your account.
- Always logout at end of each session.