Privacy Policy

1. Introduction

Welcome to eplep, a comprehensive epilepsy management platform designed to help patients track seizures, manage medications, and collaborate with healthcare providers. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our mobile application and related services.

By using eplep, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not use our services.

2. Information We Collect

2.1 Health Information

As a health management platform, we collect various types of health-related information:

• Seizure Data: Date, time, duration, type, triggers, symptoms, and recovery information
• Medication Information: Names, dosages, schedules, adherence tracking, and side effects
• Appointment Records: Healthcare provider visits, lab appointments, and follow-up schedules
• Medical History: Relevant health conditions, allergies, and emergency contact information
• Media Files: Photos or videos you choose to upload related to your health condition
• Mood and Wellness Data: Mood tracking, sleep patterns, and general wellness indicators

2.2 Personal Information

• Account Information: Name, email address, date of birth, and profile information
• Contact Information: Phone number, address, and emergency contacts
• Healthcare Provider Information: Hospital affiliation, doctor assignments, and care team details

2.3 Technical Information

• Device Information: Device type, operating system, app version, and unique identifiers
• Usage Data: App usage patterns, feature utilization, and performance analytics
• Location Data: With your explicit consent, for emergency services and location-based features

3. How We Use Your Information

3.1 Primary Purposes

• Health Management: Provide seizure tracking, medication management, and appointment scheduling services
• Healthcare Collaboration: Facilitate communication and data sharing with your healthcare providers
• Analytics and Insights: Generate personalized health reports and identify patterns in your condition
• Reminders and Notifications: Send medication reminders, appointment alerts, and health check-ins

3.2 Service Improvement

• Enhance app functionality and user experience
• Develop new features based on user needs and feedback
• Ensure app security and prevent unauthorized access
• Provide customer support and technical assistance

3.3 Communication

• Send important service updates and security notifications
• Provide educational content related to epilepsy management
• Respond to your inquiries and support requests

4. Information Sharing and Disclosure

4.1 Healthcare Providers

We share your health information with your designated healthcare providers only with your explicit consent. This includes:

• Doctors, neurologists, and specialists you authorize
• Hospital systems and clinics you're affiliated with
• Pharmacists for medication management
• Emergency medical services when necessary

4.2 Service Providers

We may share information with trusted third-party service providers who assist in operating our platform:

• Cloud hosting and data storage providers (AWS, Google Cloud)
• Analytics and app performance monitoring services
• Customer support and communication platforms
• Payment processing services (for premium features)

4.3 Legal Requirements

We may disclose your information when required by law or to:

• Comply with legal processes, court orders, or government requests
• Protect the rights, property, or safety of eplep, our users, or others
• Investigate potential violations of our Terms of Service
• Respond to emergency medical situations

5. Data Security

5.1 Security Measures

We implement comprehensive security measures to protect your information:

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access controls and multi-factor authentication
• Regular Audits: Continuous security monitoring and vulnerability assessments
• Data Centers: SOC 2 certified, HIPAA-compliant cloud infrastructure
• Staff Training: Regular security training for all team members

5.2 Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

• Active Accounts: Data retained while your account is active
• Inactive Accounts: Data deleted after 3 years of inactivity
• Legal Requirements: Some data may be retained longer to comply with healthcare regulations
• User Request: You can request data deletion at any time

6. HIPAA Compliance

eplep is designed to comply with the Health Insurance Portability and Accountability Act (HIPAA) and other applicable healthcare privacy regulations.

6.1 Protected Health Information (PHI)

We treat all health information as Protected Health Information (PHI) and implement appropriate safeguards:

• Administrative safeguards: Security officers, training, and access management
• Physical safeguards: Secure facilities and workstation controls
• Technical safeguards: Encryption, access controls, and audit logs

6.2 Business Associate Agreements

All third-party service providers who may have access to PHI sign Business Associate Agreements (BAAs) ensuring HIPAA compliance throughout our service chain.

6.3 Minimum Necessary Standard

We follow the minimum necessary standard, using and disclosing only the minimum amount of PHI necessary to accomplish the intended purpose.

7. Your Rights and Choices

7.1 Access and Control

You have the following rights regarding your information:

• Access: View and download all your personal and health data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and associated data
• Export: Download your data in a portable format
• Restrict Processing: Limit how your data is used

7.2 Communication Preferences

• Control notification settings and frequency
• Opt out of non-essential communications
• Choose preferred communication channels

7.3 Healthcare Provider Access

• Authorize or revoke healthcare provider access
• Control what information is shared
• View audit logs of data access

8. International Users

eplep is available globally, and we comply with applicable privacy regulations in different jurisdictions:

8.1 GDPR Compliance (EU/UK)

• Lawful basis for processing health data
• Right to data portability and erasure
• Data Protection Officer contact information
• Cross-border data transfer safeguards

8.2 Other Jurisdictions

We adapt our practices to comply with local privacy laws including Canada's PIPEDA, Australia's Privacy Act, and other applicable regulations.

9. Children's Privacy

eplep is designed for users 13 years and older. We do not knowingly collect personal information from children under 13 without verified parental consent.

9.1 Parental Controls

For users under 18, we provide additional parental controls and oversight features:

• Parental access to health data and reports
• Enhanced privacy protections
• Simplified privacy settings
• Educational resources for families

10. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. We will:

• Notify you of material changes via email or in-app notification
• Provide 30 days notice before implementing significant changes
• Update the "Last Updated" date at the top of this policy
• Maintain previous versions for your reference

Your continued use of eplep after changes take effect constitutes acceptance of the updated policy.

11. Contact Us