Hlistix

1. Introduction

Hlistix ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our clinical research platform ("Service").

2. Information We Collect

2.1 Information You Provide

Account Information: Name, email address, password
Professional Information: License number, certification documents (for practitioners)
Payment Information: Processed securely by Paddle; we don't store full card details
Patient Data: If you use patient management features (stored encrypted)
Communications: Messages you send to us

2.2 Information Collected Automatically

Usage Data: Pages visited, features used, search queries
Device Information: Browser type, operating system, IP address
Cookies: Session cookies for authentication, analytics cookies (with consent)

3. How We Use Your Information

We use collected information to:

Provide and maintain the Service
Process payments and subscriptions
Verify practitioner credentials
Send service-related communications
Improve and personalize the Service
Detect and prevent fraud or abuse
Comply with legal obligations

4. HIPAA Compliance

For healthcare practitioners who store patient information on our platform:

We implement administrative, physical, and technical safeguards as required by HIPAA
Patient data is encrypted at rest and in transit
Access is restricted to authorized users only
We maintain audit logs of data access
Business Associate Agreements (BAA) are available for qualifying accounts

Important: You are responsible for ensuring your use of the Service complies with HIPAA and other applicable healthcare privacy regulations.

5. Data Sharing

We may share your information with:

Service Providers: Payment processors (Paddle), cloud hosting (Google Cloud), email services
Legal Requirements: When required by law or to protect our rights
Business Transfers: In connection with a merger or acquisition

We do NOT sell your personal information to third parties.

6. Data Security

We implement industry-standard security measures including:

256-bit TLS encryption for data in transit
AES-256 encryption for data at rest
Regular security audits and penetration testing
Employee access controls and training
Secure cloud infrastructure (Google Cloud Platform)

7. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. After account deletion:

Personal data is deleted within 30 days
Backup copies are purged within 90 days
Anonymized usage data may be retained for analytics
Legal records may be retained as required by law

8. Your Rights

Depending on your location, you may have the right to:

Access: Request a copy of your personal data
Correction: Request correction of inaccurate data
Deletion: Request deletion of your data
Portability: Receive your data in a portable format
Restriction: Request restriction of processing
Objection: Object to certain processing activities

To exercise these rights, contact us at privacy@hlistix.com.

9. Cookies

We use cookies for:

Essential: Authentication, security, session management
Analytics: Understanding usage patterns (with consent)

You can control cookies through your browser settings. Disabling essential cookies may affect Service functionality.

10. International Transfers

Your data may be processed in the United States where our servers are located. We implement appropriate safeguards for international data transfers as required by applicable law.

11. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification. Continued use after changes constitutes acceptance.

13. Contact Us

For privacy-related questions or concerns:

Email: privacy@hlistix.com
Address: Hlistix Inc., [Address]