1. Introduction

Duniya Health ("we," "our," "us") is committed to protecting your privacy and ensuring the security of your personal health information (PHI). This Privacy Policy outlines how we collect, use, store, and protect your data in compliance with the Health Insurance Portability and Accountability Act (HIPAA), the Personal Health Information Protection Act (PHIPA) in Ontario, and other applicable privacy laws in the United States, Canada, and the European Union.

2. Information We Collect

We collect and process the following personal and health information:

Full Name
Date of Birth
Contact Information (Phone Number, Email Address)
Cancer Diagnosis and Treatment Details
Medication Usage and Prescriptions
Appointment Schedules and Healthcare Provider Information
Dietary and Nutritional Preferences

Collection Methods

We obtain information through user input directly within our platform. All data is self-reported and voluntarily provided by the user.

Purpose of Data Collection

We collect this information to:

Provide personalized health insights
Enable automated tracking of medications, appointments, side effects, and nutrition
Support users through AI-driven healthcare management

3. Data Sharing & Third Parties

We uphold the highest standards of privacy and security, ensuring:

No data is sold to third parties under any circumstances.
De-identified data is shared exclusively with accredited research institutions to contribute to cancer research advancements.
Amazon Web Services (AWS) serves as our secure cloud provider, operating under a Business Associate Agreement (BAA) for HIPAA compliance.

4. User Consent & Rights

Users retain full control over their data through:

Explicit consent, required during account registration.
The ability to withdraw consent at any time by contacting privacy@duniya.app.
The right to access, review, and correct their personal data.
No data portability options are currently available.

5. Data Security & Retention

We implement industry-leading security measures, including:

End-to-end encryption (both at rest and in transit)
Multi-Factor Authentication (MFA) to prevent unauthorized access
Role-Based Access Control (RBAC) ensuring restricted data access
Routine security audits in alignment with HIPAA, PHIPA, SOC 2, and ISO 27001 standards

Data Retention Policy

User data is stored securely and retained:

Until account closure, upon user request
If a user is inactive for at least 12 months, data may be deleted

6. Compliance with HIPAA & PHIPA

Duniya Health adheres to:

HIPAA Privacy Rule, granting users full control over their PHI
HIPAA Security Rule, with robust security measures in place
HIPAA Breach Notification Rule, ensuring prompt reporting of data breaches
PHIPA requirements, including localized storage for Ontario-based users

7. Cookies & Tracking

To enhance the user experience, we utilize Google Analytics and HotJar while ensuring compliance by:

Never collecting PHI through tracking technologies
Enabling IP Anonymization where applicable
Providing cookie consent options for user control
Restricting analytics data access to authorized personnel only

8. Special Considerations

Age Restriction: Our services are available only to individuals 18 years and older.

Regional Data Storage Compliance:

Canada users: Data is stored within Canada.
U.S. users: Data is stored within the United States.
EU users: Data is stored within the European Union.

9. Contact & Complaints

For privacy-related inquiries, users may contact our Privacy Team at privacy@duniya.app.

10. Compliance Audits & Certifications

To maintain the highest security and compliance standards, we conduct regular audits and adhere to:

HIPAA
PHIPA
SOC 2
ISO 27001

11. Breach Notification Policy

In the unlikely event of a data breach affecting PHI, we will:

Conduct a full risk assessment to determine the extent of exposure.
Notify impacted users without undue delay, per HIPAA and PHIPA regulations.
Report incidents to regulatory authorities as required by law.
Implement corrective measures to prevent future security breaches.

12. Policy Updates & Notifications

We reserve the right to amend this Privacy Policy. Users will be notified of any significant changes via:

Email notifications
In-app alerts

Continued use of our services following an update signifies acceptance of the revised policy.