Privacy Policy

Last updated: May 5, 2026 · Effective date: May 5, 2026

1. Who we are

Health Visit App ("we," "us," or "our") is a web application operated by Miami App Studio ("the Company"), based in Miami, Florida, USA. This Privacy Policy describes how we handle information when you use our website at healthvisitapp.com and our application services (collectively, the "Service").

2. Information we collect

Information you give us

• Account information: name, email address, password (managed via Clerk authentication), and optionally a profile photo.
• Health information you choose to enter: visit details, symptoms, medications, allergies, doctor names and contact info, lab results, uploaded medical documents and photos, family member profiles you create.
• Visit recordings: if you use the Live Visit Recorder, the audio you record and any transcripts generated from it.
• Subscription and billing information: processed by our payment provider Stripe. We do not see or store your full credit card number.
• Communications: emails, support requests, and feedback you send us.

Information collected automatically

• Device and usage data: browser type, operating system, IP address, pages viewed, features used, timestamps, error logs.
• Cookies and similar technologies: see Section 10 for details.

3. How we use your information

We use your information to:

• Provide and operate the Service (create your account, save your visits, generate AI briefs, send reminders).
• Process payments and manage subscriptions through Stripe.
• Send transactional messages (account verification, payment receipts, reminders you opt into).
• Improve the product (analytics on which features are used, in aggregate and de-identified where possible).
• Respond to support requests.
• Detect and prevent fraud, abuse, and security incidents.
• Comply with legal obligations.

We do not sell your personal information. We do not use your health information for advertising. We do not share your data with data brokers.

4. Health information & HIPAA

If a healthcare provider, employer health plan, or other HIPAA Covered Entity wishes to use Health Visit App on behalf of their patients or members, we are willing to enter into a Business Associate Agreement (BAA) on a case-by-case basis. Contact [email protected].

Even though HIPAA does not directly apply to most consumer use, we treat your health information with HIPAA-aware safeguards: encryption in transit (TLS) and at rest, role-based access controls, audit logging, and the principle of least privilege among our staff and contractors.

5. AI processing & third parties

Several features rely on AI to generate summaries, questions, and checklists. These features send relevant data to OpenAI, L.P. via the Replit AI Integrations Proxy. Specifically:

• Visit Prep Interview, Question Builder, Appointment Brief, Visit Summary, After-Visit Checklist, Health Summary: the visit and symptom information needed to generate the output is sent to OpenAI's API.
• Live Visit Recorder transcripts: the audio is processed by your browser's Web Speech API; the resulting text transcript may be sent to OpenAI to generate a cleaned summary.

Per OpenAI's API data usage policy, data submitted via the API is not used to train their models and is retained by OpenAI for up to 30 days for abuse monitoring before deletion. See OpenAI API data usage policy.

Other service providers we use

• Clerk — user authentication and identity management
• Stripe — payment processing and subscription billing
• Replit — application hosting, database (PostgreSQL), and object storage
• Cloudflare — DNS, content delivery, and DDoS protection
• OpenAI — AI-generated summaries and questions (see above)
• Email delivery providers — for transactional emails and notifications

Each provider has its own privacy policy. We choose providers that contractually commit to safeguarding your data.

6. When we share information

We share information only in these limited circumstances:

• With your consent — for example, when you invite a family member to share visits via Family caregiver sharing.
• Service providers — listed in Section 5, only to the extent needed to operate the Service.
• Legal requirements — if required by valid legal process (subpoena, court order). We will notify you unless legally prohibited.
• Safety — to protect the rights, property, or safety of our users or the public.
• Business transfers — if we are involved in a merger, acquisition, or asset sale, your information may transfer as part of that transaction. You will be notified before the transfer takes effect.

7. How we protect your data

We use industry-standard safeguards including:

• TLS 1.2+ encryption for all data in transit
• Encryption at rest for stored data and uploaded files
• Authentication with hashed/salted credentials (handled by Clerk)
• Access controls limiting employee access on a need-to-know basis
• Regular security reviews of our infrastructure and dependencies

No system is 100% secure. If a breach affecting your information occurs, we will notify you and the appropriate authorities as required by law.

8. Data retention

• While your account is active: we keep the information you've entered for as long as your account exists, so it's available the next time you log in.
• After you delete your account: we delete your personal data within 30 days, except where we must retain it for legal, tax, fraud-prevention, or backup-rotation purposes (typically up to 90 days for backups).
• Anonymous analytics: we may retain aggregated, de-identified usage data indefinitely.
• Stripe billing records: retained by Stripe per their policies and applicable tax law (typically 7 years).

9. Your rights & choices

You can at any time:

• Access the information in your account by logging in.
• Update or correct your information directly in the app.
• Export your visits, medications, and documents to PDF (Premium and Family plans).
• Delete individual items, or your entire account from Settings → Account → Delete Account.
• Opt out of non-essential email by clicking unsubscribe in any marketing email.
• Cancel a paid subscription via the Stripe Customer Portal at any time.

California residents (CCPA/CPRA)

You have the right to know what personal information we collect, request deletion, correct inaccurate information, opt out of "sale" or "sharing" of personal information (we do not sell or share for cross-context behavioral advertising), and not receive discriminatory treatment for exercising these rights. To submit a request, email [email protected].

EEA, UK, and other GDPR-covered users

You have the right to access, rectify, erase, restrict, port, and object to processing of your personal data. The legal bases for our processing are: performance of contract (to provide the Service), legitimate interests (product improvement, security), consent (for optional features), and legal obligation (tax records, etc.). Submit GDPR requests to [email protected]. You may also lodge a complaint with your local supervisory authority.

10. Cookies & tracking

We use a small number of cookies and similar technologies:

• Essential cookies — needed for login sessions and security (set by Clerk and our app).
• Functional cookies — remember preferences like your color theme.
• Analytics — privacy-respecting usage analytics. We do not use third-party advertising trackers.

You can disable cookies in your browser settings, but parts of the Service may not function properly.

11. Children's privacy

The Service is not intended for children under 13, and we do not knowingly collect personal information from children under 13. Family plan profiles for minor children are entered and managed by the parent or legal guardian who holds the account. The parent is responsible for the information entered about their children. If you believe we have inadvertently collected information from a child under 13, contact us and we will delete it promptly.

12. International users

The Service is operated from the United States. If you access the Service from outside the U.S., your information will be transferred to and processed in the United States and other countries where our service providers operate. By using the Service, you consent to that transfer. We use standard contractual safeguards where required.

13. Changes to this policy

We may update this Privacy Policy as the Service evolves. When we make material changes, we'll notify you by email and/or via a notice in the app at least 14 days before the changes take effect. The "Last updated" date at the top of this page tells you when it last changed.

14. Contact us

Questions, concerns, or requests about this Privacy Policy:

• Email: [email protected]
• Mail: Miami App Studio, Miami, FL, USA
• Subject line: "Privacy — Health Visit App"

We'll do our best to respond within 30 days.