Privacy Policy
Last updated: March 23, 2026
1. Information We Collect
We collect the following categories of information:
- Account Information: Name, email address, phone number (optional)
- Health Data: Weight, calories, macronutrients, heart rate, blood sugar, exercise, medications, appointments
- CGM Data: Continuous glucose monitor readings (if connected)
- Usage Data: Login timestamps, IP addresses, and audit trail for HIPAA compliance
2. How We Protect Your Data
We implement industry-leading security measures:
- Encryption at Rest: All personal and health data is encrypted using AES-256-CBC
- Encryption in Transit: All connections are secured with TLS/SSL (HTTPS)
- Password Security: Passwords are hashed using bcrypt with cost factor 12
- Two-Factor Authentication: Optional 2FA via email or SMS
- Session Security: HTTP-only cookies, strict same-site policy, 30-minute timeout
- Rate Limiting: Protection against brute-force attacks
- Audit Logging: All data access and modifications are logged per HIPAA requirements
3. How We Use Your Information
Your data is used exclusively to:
- Provide the health tracking features you use
- Send verification emails, 2FA codes, and appointment reminders
- Maintain HIPAA-required audit trails
- Improve Service reliability and security
We do not sell, share, or monetize your personal health information.
4. Data Sharing
We only share your data in these circumstances:
- With Your Providers: Only when you explicitly invite a healthcare provider through the Provider Portal
- Legal Requirements: When required by law, court order, or to protect public safety
5. Your Rights
You have the right to:
- Access your health data at any time
- Export your data in CSV format
- Request correction of inaccurate data
- Delete your account and all associated data
- Revoke provider access at any time
6. Data Retention
Your data is retained for as long as your account is active. Audit logs are retained for a minimum of 6 years per HIPAA requirements. Upon account deletion, all personal and health data is permanently removed.
7. Children's Privacy
VQ Healthy is not intended for use by individuals under 18. We do not knowingly collect information from children.
8. Contact
For privacy inquiries: email4johnson@gmail.com
All your data is HIPAA compliant and encrypted.