Thriva.

    HIPAA Compliance

    While we are a wellness app, we adopt medical-grade security standards for your peace of mind.

    Last updated: April 2024

    1. Our Commitment to Health Data Privacy

    While Thriva operates as a wellness platform and is not currently classified as a "covered entity" under the Health Insurance Portability and Accountability Act (HIPAA), we take health data privacy with the utmost seriousness.

    We have voluntarily adopted HIPAA-aligned data protection practices because we believe your sensitive menopause health data deserves the same level of care and protection as your medical records.

    2. What This Means for You

    We treat your symptom logs, HRT records, and physical tracking data with stringent protections inspired by HIPAA requirements. This means your data is handled with a focus on:

    • Confidentiality: Ensuring only you and authorized systems can access your data.
    • Integrity: Protecting your health data from unauthorized alteration.
    • Availability: Ensuring you have access to your data when you need it.

    3. Data Protection Measures

    To uphold these standards, we implement the following technical safeguards:

    • Encryption: AES-256 encryption for data at rest and TLS 1.3 for data in transit.
    • Access Controls: Granular permission systems and multi-factor authentication for our internal operations.
    • Audit Logs: Detailed logging of system access and data processing activities.
    • Breach Notification: Established procedures to notify you and relevant authorities in the unlikely event of a data breach.

    4. AI & Your Health Data

    When your data is processed to generate AI-powered insights, it is transmitted securely and analyzed specifically for your personal benefit.

    • Your individual data is not used to train or refine general AI models.
    • Data transmitted for AI processing is encrypted and is not permanently stored by our AI infrastructure providers.

    5. Your Rights Over Your Health Data

    In alignment with HIPAA principles, we recognize your rights to:

    • Access and receive a copy of your full health data history.
    • Correct any inaccurate or incomplete information in your logs.
    • Delete your entire account and all associated health records permanently.
    • Export your symptom history for discussion with your healthcare provider.

    6. Third-Party Services & Business Associates

    We carefully vet all third-party partners (such as hosting and payment providers) to ensure they meet our high standards for security and data protection. We enter into data protection agreements with any provider that handles your information on our behalf.

    7. Contact

    For questions regarding our health data security practices, please contact our compliance team at privacy@thriva.space.