Privacy Policy

Last updated: February 3, 2026

1. Introduction

This Privacy Policy describes how Ifat Shterenberg, a sole proprietor registered in Israel ("Hlistix", "we", "our", or "us"), collects, uses, discloses, and protects information processed through the Hlistix software-as-a-service platform (the "Service").

The Service is designed to support educational, research, documentation, and administrative workflows for healthcare practitioners.

The Service is not a medical device, does not provide medical advice, and is not intended for diagnosis, treatment, or clinical decision-making.

2. Information We Collect

2.1 Information You Provide

Account and Professional Information

  • Full name
  • Email address
  • Password
  • Professional license number
  • Certification or credential documentation
  • Clinic or organizational affiliation

Payment Information

  • Payments are processed by third-party payment providers (e.g., Paddle or similar)
  • We do not store full credit card or banking details

Patient-Related Information (Uploaded by Practitioners)

At the sole discretion and responsibility of practitioners, the Service may process patient-related information only for documentation, administrative transfer to EHR systems, educational, or research purposes. This information may include:

Identifying Information

  • Patient name
  • Government-issued identification number
  • Email address (for filing and EHR transfer purposes only)

Clinical and Background Information

  • Age
  • Gender
  • Ethnic origin
  • Medical condition(s)
  • Intake and anamnesis data
  • Treatment documentation
  • Practitioner notes and post-treatment recommendations
Important: Hlistix does not determine what patient data is uploaded, does not validate such data, and does not control how practitioners use the information.

Communications

  • Messages, inquiries, or support requests sent to us
2.2 Information Collected Automatically
  • Usage data (features used, system interactions)
  • Technical data (browser type, operating system, IP address)
  • Cookies and similar technologies (see Section 9)

3. How We Use Information

We use information to:

  • Operate and maintain the Service
  • Authenticate users
  • Process subscriptions and payments
  • Verify practitioner credentials
  • Enable secure documentation and EHR export workflows
  • Communicate service-related updates
  • Improve performance and functionality
  • Detect misuse, fraud, or security incidents
  • Comply with legal obligations

4. Healthcare Data and Regulatory Context

The Service may process patient-related data uploaded by practitioners.

  • Data is encrypted in transit and at rest
  • Access is restricted to authorized users
  • Audit logs are maintained
Practitioner Responsibility

Practitioners are solely responsible for:

  • Determining whether uploaded data constitutes Protected Health Information (PHI)
  • Obtaining patient consent and legal authorization
  • Ensuring compliance with applicable privacy laws, Israeli privacy law, U.S. state laws, and professional regulations

Hlistix acts solely as a technology service provider and does not provide healthcare services.

5. Data Sharing

We may share information with:

  • Service providers (cloud hosting, payment processors, email services) solely for Service operation
  • Legal authorities when required by law
  • Successors in the event of a business transfer

We do not sell personal information and do not share personal information for targeted advertising.

6. Data Security

Security measures include:

  • TLS encryption for data in transit
  • AES-256 encryption for data at rest
  • Role-based access controls
  • Audit logging
  • Secure cloud infrastructure

7. Data Retention

Data is retained while accounts remain active. Upon account deletion:

  • Personal and patient-related data is deleted within 30 days
  • Encrypted backups are purged within 90 days
  • Aggregated and de-identified usage data may be retained for analytics and research
  • Data required for legal compliance may be retained as required by law

8. Your Rights

Depending on your jurisdiction, you may have rights to:

  • Access
  • Correction
  • Deletion
  • Data portability
  • Restriction or objection to processing

Requests may be sent to: Ifat@hlistix.com

9. Cookies

We use:

  • Essential cookies (authentication, security)
  • Analytics cookies (where legally permitted or with consent)

10. International Data Transfers

Data may be processed outside Israel, including in the United States, using appropriate contractual and technical safeguards.

11. Children's Privacy

The Service is intended for professionals and is not directed to individuals under 18 years of age.

12. Updates to This Policy

Material changes will be communicated via email or in-app notice.

13. Contact Information

For privacy-related questions or concerns:

Operator: Ifat Shterenberg — Sole Proprietor (Israel)
Email: Ifat@hlistix.com
Address: Tel Aviv, Israel

Related Policies

Back to Home