Privacy Policy

1. Overview and Scope

CureWise is an AI-powered medical advocacy platform that helps patients navigate their healthcare journey through personalized insights, treatment recommendations, and clinical trial matching. This Privacy Policy describes how we collect, use, protect, and share your personal information and Protected Health Information (PHI) when you use our services.

2. Types of Information We Collect

Personal Information

• Name, email address, phone number
• Account credentials and authentication information
• Communication preferences and settings
• Payment and billing information

Protected Health Information (PHI)

• Medical records, test results, and diagnostic reports
• Treatment history, medications, and allergies
• Medical images and diagnostic imaging
• Healthcare provider information and referrals
• Insurance information and coverage details
• Family medical history and genetic information

Technical and Usage Data

• Device information, IP address, and browser type
• Platform usage patterns and feature interactions
• Search queries and AI interaction history
• Performance and error logs

3. How We Use Your Information

AI-Powered Medical Analysis

We use your medical information to provide AI-powered analysis and insights, including:

• Analyzing medical records to identify treatment patterns and opportunities
• Matching your condition with relevant clinical trials and research studies
• Providing personalized treatment recommendations and second opinions
• Generating plain-language summaries of complex medical information

Healthcare Coordination

• Facilitating communication with your healthcare providers
• Coordinating care between multiple specialists and facilities
• Preparing for medical appointments and consultations
• Tracking treatment progress and outcomes

4. HIPAA Compliance and Healthcare Privacy

CureWise operates as a HIPAA-covered entity and/or business associate. We maintain appropriate administrative, physical, and technical safeguards to protect your PHI in accordance with HIPAA requirements. Your health information will only be used and disclosed as permitted by HIPAA and as described in this Privacy Policy.

Your HIPAA Rights

• Right to access your PHI and request copies
• Right to request amendments to your health information
• Right to request restrictions on use and disclosure
• Right to request confidential communications
• Right to receive an accounting of disclosures
• Right to file a complaint with us or the Department of Health and Human Services

5. Information Sharing and Disclosure

Healthcare Providers

With your explicit consent, we may share your medical information with your healthcare providers to facilitate coordinated care and treatment planning.

Clinical Trial Organizations

We may share de-identified or aggregated health information with clinical trial organizations and research institutions to help match you with relevant studies, always with your explicit consent.

Emergency Situations

In medical emergencies, we may disclose your health information to emergency responders or healthcare providers as necessary to protect your health and safety.

Legal Requirements

We may disclose your information when required by law, court order, or to comply with legal processes, including public health reporting requirements.

6. AI and Machine Learning

Our AI systems analyze your medical information to provide personalized insights and recommendations. We use the following approaches to protect your privacy:

• Data Minimization: We only use the minimum necessary health information for AI analysis
• De-identification: Personal identifiers are removed when possible for AI training and improvement
• Secure Processing: All AI processing occurs in secure, HIPAA-compliant environments
• Human Oversight: AI recommendations are reviewed by qualified healthcare professionals
• Transparency: We provide explanations for AI-generated insights and recommendations

7. Data Security and Protection

We implement comprehensive security measures to protect your health information:

• End-to-end encryption for data transmission and storage
• Multi-factor authentication and access controls
• Regular security audits and penetration testing
• Employee training on healthcare privacy and security
• Incident response and breach notification procedures
• Secure cloud infrastructure with healthcare-grade certifications

8. Data Retention and Deletion

We retain your health information for as long as necessary to provide our services and as required by applicable laws. You may request deletion of your data at any time, subject to the following exceptions:

• Information required for ongoing medical care coordination
• Data needed to comply with legal or regulatory requirements
• De-identified information used for research and AI improvement
• Information necessary for safety monitoring and adverse event reporting

9. Your Privacy Rights

In addition to your HIPAA rights, you have the following privacy rights:

• Access: Request copies of your personal and health information
• Correction: Request corrections to inaccurate information
• Deletion: Request deletion of your information (subject to legal requirements)
• Portability: Request transfer of your data to another service
• Opt-out: Opt out of certain uses of your information
• Consent Withdrawal: Withdraw consent for specific data uses

10. International Data Transfers

If you are located outside the United States, your health information may be transferred to and processed in the United States, where our servers are located. We ensure appropriate safeguards are in place for international transfers of health data.

11. Children's Privacy

Our services are not intended for children under 18 years of age. We do not knowingly collect health information from children without appropriate parental consent and healthcare provider authorization.

12. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or applicable laws. We will notify you of material changes by email and by posting a notice on our platform. Your continued use of our services after such changes constitutes acceptance of the updated policy.

13. Contact Information

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us: