HIPAA Notice

Last updated: February 6, 2026

1. What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) is a United States federal law enacted in 1996 that establishes national standards for protecting sensitive patient health information.

HIPAA applies to “covered entities” — healthcare providers, health plans, and healthcare clearinghouses — as well as their “business associates” who handle protected health information (PHI) on their behalf.

2. Does HIPAA Apply to Heartitly?

Heartitly is a personal health tracking application designed for individual consumers. We are not a covered entity or business associate under HIPAA.

Heartitly does not:

  • Provide healthcare services or medical treatment
  • Process health insurance claims
  • Act as a healthcare clearinghouse
  • Access, store, or transmit Protected Health Information (PHI) on behalf of a covered entity

Therefore, HIPAA regulations do not directly apply to Heartitly. The data you enter into the App is your personal health data that you manage yourself — it is not PHI governed by HIPAA unless a covered entity is involved.

3. How We Protect Your Health Data

Even though HIPAA does not apply to us, we take your health data privacy seriously and implement strong protections that align with HIPAA security principles:

  • Encryption in transit: All data transmitted between your device and our servers uses TLS (Transport Layer Security) encryption
  • Encryption at rest: Data stored on our servers is encrypted by our infrastructure provider (Supabase)
  • Access controls: Only you (and family members you explicitly authorize) can view your health data
  • Data minimization:We only collect the data necessary to provide the App's features
  • User control: You can export, edit, or delete your data at any time, including permanent account deletion
  • No data selling: We never sell, rent, or share your health data with third parties
  • No advertising: We do not use your health data for advertising or marketing purposes

For full details on our data practices, see our Privacy Policy.

4. If You Are a Healthcare Provider

If you are a healthcare provider and a patient shares their Heartitly PDF reports with you during a consultation, that data becomes part of the patient's medical record and is subject to your own HIPAA obligations.

Heartitly's role is limited to enabling the patient to generate and share those reports. We do not transmit data directly to healthcare providers, and we have no access to or responsibility for data once it enters your clinical systems.

5. Contact Us

If you have questions about this HIPAA Notice or our data protection practices, please contact us at: