Security and Privacy

A short video on how we manage and protect user information on SafeMatch App

Security:

SafeMatch App

  1. We use most secure cloud services available for user access control and health record storage.
  2. Identity access management is used to limit what each user account (or our employees) can access.
  3. All communications between App and Cloud are done on secure https protocol using state-of-art libraries (software programs that securely exchange user data with cloud server) provided by our cloud provider. These libraries are used worldwide by thousands of customers of our cloud provider.
  4. At-rest data in App and Cloud are always encrypted.
  5. Health records and request history are further encrypted with user-unique password for additional security.
  6. Name and Date of Birth are stored in encrypted form on servers.
  7. Our service providers (cloud, email and electronic fax) has shown similar level of commitments and signed agreements stating same.

SafeMatch Talk App

  1. Professional (health professional or school instructor) identity is verified by SafeMatch before they can start anonymous chat with their community members.
  2. As the chat is mostly anonymous and identity of anonymous users are not necessarily known, shared credentials may be used among all anonymous users.
  3. App may store user chat data locally on device without encryption.
  4. All communication between devices and our servers is done on https protocol. At-rest data in Cloud is always encrypted and its access is precisely controlled by Identity Access Management Services. Anonymous users and Professionals can only see the chat information that belongs to their unique ID.

Privacy:

SafeMatch App

  1. Your information is not analyzed, sold or shared with anyone except for facilitating your personal usage and your decision to controllably share health results to others. When you use our chat services, you control how much information is shared.
  2. Your personal information (such as name, date of birth, phone number, email, etc.) is only used for the intended purpose of SafeMatch App. We will not store these beyond 1 year from the date of your account closure.
  3. After we receive your original medical records (received from either email, fax, in-App camera or mail) from you or your health care provider, we separate health information from personal identifiers and then upload them to your account. We do not keep original copies beyond 7 days. (NOTE: Original copies are not de-identified i.e. they contain both health information and User information at same place)
  4. We do not necessarily store your de-identified uploaded health records beyond 1 yr from the date you share them with us. This is mainly to retrieve your past health information easily in case your account files are accidentally deleted. (NOTE: Sharing feature of SafeMatch App usually shares summary only from past 1 year history of health records).
  5. Only you decide who gets to see a limited summary of your health record. The summary access is further limited to 1 hr after first view and self-delete completely after 7 days. 
  6. Health record sharing can either be done anonymously or with your partial personal identifiers. The partial personal identifiers that are shared, if you chose to, are limited to only First name (NOT complete Full Name) and Birth Month (NOT complete Date of Birth).
  7. When possible, we disable the screenshot of your shared information.
  8. You are always in full control over history of shared results. You can delete them at anytime from your account. 
  9. Besides our cloud, email and electronic fax providers, we do not work with any third-parties who could have access to your information. We will never use or sell your information for any marketing and research purpose.
  10. We do not keep detail logs of your requests beyond 7 days (7 days is set mainly for troubleshooting issues). This limit us from meeting all record keeping guidelines in HIPAA as listed in 45 CFR Part 164.524. We meet other guidelines listed for Privacy and Security. Being fully compliant would have required us to track closely who you share your results with and maintain a record of same for at least 6 year. We designed this platform primarily to break barriers in sexual health discussion and give the level of anonymity that users expect. As we grow, we will perform annual HIPAA audit by independent companies and demonstrate our commitment to safeguard your health information.
    NOTE: We are not a Business Associate of any Covered Entity (click here for definitions)

SafeMatch Talk App

  1. Professional decides the time period of each posted message. After that period, message is removed from the server.
  2. SafeMatch may store a copy of messages for no more than a year to monitor and prevent abuse of our platform.
  3. User information is not sold or used for any other purpose except to facilitate discussions between Professional and their community members.

For more details, please check our Privacy Policy.


Shared responsibility:

SafeMatch App

While we follow best industry practices to keep your information secure, we expect similar things at your end as well. 

  1. Never share your username and password together with another person.
  2. Do not write your password on paper or save in a computer.
  3. Username alone may be shared for our sharing feature. However, do not write it on your social media profiles.
  4. Only remember a device that only belongs to you.
  5. Never share SMS or Email verification codes with anyone.
  6. If you device is lost, report us immediately so we can temporarily block your account.
  7. Always logout at end of each session.

SafeMatch Talk App

  1. Professional should never share their username and password with others.
  2. Professional can improve security of their account with multi-factor authentication.
  3. Professional should only add known users to their Group.
  4. Professional is responsible for monitoring the messages in Group chat. Professional can always use the App in moderated access mode to control which messages are made public and which are not. Professional also has an option to stop chat discussion immediately.
  5. Professional can delete messages or users who do not meet their guidelines. Professional is responsible for setting the guidelines for the Group including adhering to their Organization and local regulations.
  6. Anonymous users should verify the Professional (including that they work at Organization listed) before starting chat with them. Currently, SafeMatch does not track when Professional may leave their Organization.
  7. Anonymous users should only chat with Professionals who they trust and whose identity is known publicly. 
  8. Anonymous users should not add themselves to the Professionals Group unless appropriate verification is made at their end. Preferably, the QR code should be scanned inside the Organization building.
  9. Anonymous users should avoid sharing their Device ID and use QR Code to add themselves to Professional’s App.
  10. Professional may allow anonymous user to chat with other anonymous use in the same Group. All users must behave respectfully and follow the chat guidelines shared by Professional. Users must not make abusive remarks to other Users. 
  11. While Professionals have control over setting rules, discussions and adding or removing users to their Group, SafeMatch may reach out to Professionals (or their Organization) when a potential abuse or incident is reported to us.

For more details, please check our Terms of Service.

Last updated on March 1, 2020

OR

Apple App Store
Google Play Store