PatientSupport247.com understands how important the privacy of personal information is to our users. This Privacy Policy explains what information we collect, how we use and protect it, and the choices you have regarding your personal information.
Scope of This Privacy Policy
This Privacy Policy applies to the PatientSupport247.com website, including any mobile-optimized versions and related services (collectively referred to as the "Services"). By using our Services, you agree to the terms of this Privacy Policy and our Terms of Use.
End-to-End Encrypted Backup: Registered members have the option to securely back up their conversations and medical history to our servers using end-to-end encryption. All data is encrypted on your device using your password before transmission, and we store only the encrypted data.
Zero-Knowledge Architecture: We cannot decrypt, view, or access your medical information or conversations. Only you can decrypt this data using your password on your own device. Even T2MED staff cannot view your protected health information.
Password-Based Encryption: Your password is never transmitted to or stored on our servers in plain text. It is hashed using bcrypt encryption and exists on your device to encrypt/decrypt your data locally.
Family Member Profiles: Registered members can create separate encrypted profiles for family members, each with its own protected medical history and conversation history.
Local Browser Storage (For All Users)
Chat Interactions: When you use our chat interface, your conversations are stored in your local browser storage. For guest users, this data remains exclusively local. For registered members, conversations can be optionally backed up in encrypted form to our servers.
Session Data: Session data is stored locally in your browser using technologies such as localStorage and sessionStorage. This includes your current conversation and temporary session information.
Saved Information: When you use the "Download to File" feature, the data is downloaded directly to your device.
Account Information (For Registered Members)
Registration Data: When you create an account, we collect your email address and full name for account management and communication purposes.
Authentication: Your password is hashed using industry-standard bcrypt encryption before storage. We never store your plain-text password.
Subscription Information: If you subscribe to a paid plan, we collect necessary billing information through our payment processor. We do not directly store credit card information on our servers.
AI Service Processing
Anonymous Transmission: When you submit questions or information in the chat interface, this content is transmitted to our AI service provider (Anthropic Claude) for response generation. These transmissions do not include your identity or account information.
No Training Use: We have configured our AI implementation to ensure your conversations are not used to train the AI model. Your data is processed only to generate your responses and is not retained by the AI service provider for training purposes.
Temporary Processing: The AI service processes your queries in real-time but does not store or retain your conversation content after generating responses.
Photo and File Uploads: When you upload photos or files (such as images of symptoms, lab results, or medical documents), these files are transmitted anonymously to our AI service provider solely for analysis. The AI's analysis appears in the text response within your conversation. Uploaded files are not saved, stored, or retained on our servers or by the AI service provider after the analysis is complete. Your uploaded files are permanently discarded immediately following the generation of the AI response.
Automatically Collected Information
Standard Web Logs: Like most websites, our server automatically collects basic access logs including IP addresses and browser information. These logs do not contain the content of your conversations and are used only for maintaining website functionality and security.
Cookies: We use minimal cookies necessary for the functioning of the website. These cookies do not track your activities across other websites.
How We Use Your Information
We use the information we collect for the following purposes:
Service Delivery: Facilitating your direct interaction with the AI service to provide medical information and support
Account Management: Creating and maintaining your account, authenticating your identity, and managing your subscription
Encrypted Backup: Storing your encrypted conversations and medical history securely on our servers (registered members only)
Communication: Sending you account-related notifications, service updates, and responding to your inquiries
Technical Operations: Ensuring the technical functioning and security of our website
Service Improvement: Improving our Services based on aggregated, anonymous usage patterns that do not include conversation content
Legal Compliance: Complying with legal obligations and protecting our rights
What We Do NOT Do With Your Information:
We do not read or access your encrypted conversations or medical history
We do not share your conversations with third parties
We do not use your conversations to train AI models
We do not sell your personal information
We do not use your information for targeted advertising
AI-Powered Services
Our Services use Anthropic's Claude AI assistant to provide medical information and responses to your queries. Here's how your data is handled:
Anonymous Processing
Your conversations with the AI are transmitted without any personally identifiable information
The AI service provider (Anthropic) does not receive your name, email, account information, or any identifying details
Each conversation is processed independently without linking to your identity
No Training Use
We have configured our implementation to explicitly request that your conversations are NOT used to train or improve AI models
Your medical information and queries remain private and are not incorporated into AI training data
Anthropic has committed to not using data from our implementation for model training purposes
Encrypted Storage
If you're a registered member, your conversations are encrypted on your device before being stored on our servers
The AI service provider does not store your conversations after generating responses
We store only encrypted versions that cannot be read without your password
Information Sharing and Disclosure
We are committed to protecting your privacy and limit information sharing as follows:
What We Do NOT Share
We do not and will never sell your personal information
We do not share your encrypted conversations or medical history with anyone
We cannot and do not disclose your protected health information to third parties
We do not provide your data to advertisers or marketing companies
Limited Service Providers
We share minimal information only with essential service providers who help us operate our Services:
AI Service Provider (Anthropic): Your conversation content is transmitted anonymously (without your identity) to generate responses. Anthropic does not store or use your data for training.
Payment Processor: If you subscribe to a paid plan, billing information is processed by our payment processor. We do not store credit card information.
Hosting Provider: Our encrypted database and website are hosted by AWS. They process only encrypted data that they cannot decrypt.
Legal Requirements
We may disclose information if required by law or in response to valid legal process, but:
We can only provide encrypted data, which is not readable without your password
We will notify you of any such requests unless prohibited by law
We will challenge overly broad or inappropriate requests
Data Security
We take data security seriously and implement multiple layers of protection:
Encryption at Rest
End-to-End Encryption: All conversations and medical history are encrypted on your device using AES-256 encryption before transmission to our servers
Zero-Knowledge Architecture: We store only encrypted data. We do not have access to encryption keys or the ability to decrypt your information
Password Protection: Your password is hashed using bcrypt with a cost factor of 12, making it computationally infeasible to reverse
Encryption in Transit
All data transmitted between your device and our servers uses HTTPS/TLS encryption
Account access requires authentication via hashed password
Sessions expire after 30 days of inactivity for security
Multi-layered database security with restricted access
Your Responsibilities
Strong Passwords: Use a strong, unique password. Your password is the only way to decrypt your data.
Password Security: Never share your password. We will never ask for your password via email or phone.
Secure Devices: Use trusted, secure devices to access your account
Downloaded Files: If you download your chat history, you are responsible for securing that file
Logout: Always logout when using shared or public computers
Important Limitations
If you lose your password, we cannot recover your encrypted conversations or medical history
No internet transmission is 100% secure; we cannot guarantee absolute security
Local browser storage security depends on your device's security
Data Management and Retention
For Registered Members
Account Data: Stored until you delete your account or request deletion
Encrypted Conversations: Stored securely on our servers until you delete them or close your account
Local Browser Data: Stored in your browser; can be cleared at any time
Account Deletion: You can delete your account at any time, which permanently removes all your encrypted data from our servers
For Guest Users
Local Storage Only: All conversations stored exclusively in your browser
Clearing Data: Clearing browser data removes all conversation history
No Server Storage: We do not store guest conversations on our servers
Data Portability
Use the "Download to File" feature to export your conversations at any time
Downloaded files are in readable text format
You maintain control over your exported data
Your Privacy Choices and Controls
Account Management
Create an Account: Register to enable encrypted backup of your conversations
Use as Guest: Use the service without registration; data stays local only
Delete Account: Permanently delete your account and all encrypted data from our servers
Conversation Management
Delete Individual Conversations: Remove specific conversations from your encrypted backup
Clear Local Storage: Clear your browser's storage to remove local conversation history
Download Conversations: Export your conversations before clearing data
Privacy Modes
Private/Incognito Browsing: Use your browser's private mode to prevent local storage of conversations
Guest Mode: Use the service without creating an account; no server-side storage
Registered Mode: Create an account for encrypted backup across devices
Communication Preferences
You can opt out of promotional emails at any time
You cannot opt out of essential service communications related to your account
California Privacy Rights
This section provides additional information for California residents about our privacy practices and your rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).
Categories of Personal Information Collected
In the last 12 months, we have collected the following categories of personal information as defined by California law:
Identifiers: Email address, full name, and account ID (registered members only)
Internet or Other Electronic Network Activity Information: IP addresses, browser type, operating system information, and access logs
Commercial Information: Subscription type and billing history (registered members with paid plans only)
We collect but cannot access the following due to encryption:
Health Information: Your conversations and medical history are encrypted end-to-end. While stored on our servers, we cannot decrypt or access this information.
We do not collect:
Protected classification characteristics (e.g., race, religion, sexual orientation)
Biometric information
Precise geolocation data
Audio, electronic, visual, thermal, olfactory, or similar information (beyond text chat)
Professional or employment-related information
Education information
Inferences drawn about your preferences or characteristics
How We Use and Share Information
We use the limited information we collect as described in the "How We Use Your Information" section above. We do not sell or share personal information with third parties for their direct marketing purposes.
Your Rights Under California Law
California residents have the following rights:
Right to Know: You have the right to request information about the personal information we have collected about you and its sources, purposes, and categories of third parties with whom we share it.
Right to Delete: You have the right to request deletion of personal information we have collected from you, subject to certain exceptions.
Right to Correct: You have the right to request correction of inaccurate personal information.
Right to Opt-Out: You have the right to opt-out of the sale or sharing of your personal information. However, we do not sell or share your personal information as defined by California law.
Right to Limit Use of Sensitive Personal Information: You have the right to limit the use of sensitive personal information. However, we do not collect sensitive personal information as defined by California law.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
When you submit a request, we may require additional information to verify your identity before processing your request. California law permits you to make a verifiable consumer request up to twice every 12 months.
Response Timing and Format
We aim to respond to verifiable consumer requests within 45 days. If we require more time, we will inform you in writing. We will deliver our written response by mail or electronically, at your option.
Authorized Agent
You may designate an authorized agent to make a request on your behalf. When you use an authorized agent, we may require that you provide the authorized agent with written permission to do so and verify your own identity directly with us.
Do Not Track
Some browsers have a "Do Not Track" feature that lets you tell websites that you do not want to have your online activities tracked. Our system does not respond to Do Not Track signals at this time.
Children's Privacy
Our Services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe we may have unintentionally processed information about a child, please contact us.
International Users
Our Services are hosted and operated in the United States. The AI service may also process data in the United States. By using our Services, you consent to the processing of information in the United States, which may have different data protection rules than those in your country.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.
Contact Us
If you have questions about this Privacy Policy or our privacy practices, please contact us at: