Privacy Policy

1. Commitment to Privacy

At Dialysis One, we recognize that medical data is among the most sensitive information an individual can possess. Our platform is engineered with a "Privacy First" architecture, ensuring that your renal health journey remains under your absolute control. This policy outlines our rigorous standards for data collection, processing, and protection.

2. Health Information (PHI) & HIPAA Alignment

Dialysis One collects Protected Health Information (PHI) to provide tailored renal care insights. This includes:

• Biometric Data: Weight, blood pressure, and heart rate synced via Apple HealthKit.
• Clinical Logs: Fluid intake, dietary nutrient breakdown (Potassium, Phosphorus, Sodium, Protein), and medication adherence.
• Laboratory Results: GFR, Creatinine, and BUN levels manually entered or synced.

While Dialysis One is a consumer application, we align our internal data handling practices with the technical safeguards required by the Health Insurance Portability and Accountability Act (HIPAA) to ensure clinical-grade security.

3. Data Processing & The Secure Enclave

We leverage Apple's Secure Enclave and On-Device Processing whenever technically feasible.

• Local Encryption: Your daily logs are encrypted on-device using AES-256 bit encryption.
• End-to-End Transmission: When syncing data to our secure clinical cloud, data is encrypted in transit using TLS 1.3 and at rest using industry-standard cryptographic protocols.
• Zero Access: Dialysis One employees cannot access your identifiable medical logs without your explicit, time-limited cryptographic authorization.

4. Third-Party Integrations (HealthKit)

With your explicit permission, Dialysis One reads from and writes to the Apple Health App (HealthKit). This data is used solely to provide a holistic view of your renal health.

Crucially: Data obtained through HealthKit is never used for marketing, advertising, or sold to data brokers.

5. Data Sharing with Clinicians

Sharing features are Opt-In Only. If you use the "Clinical Sync" feature to connect with your nephrology team, you are authorizing the transmission of specific health metrics to their dashboard. You retain the right to revoke this access instantly at any time, which will immediately terminate the clinician's view of your future data.

6. Your Rights & Data Portability

Under GDPR and CCPA frameworks, you have the right to: (a) Request a copy of all data we hold about you in a machine-readable format. (b) Request the permanent deletion of your account and all associated PHI ("Right to be Forgotten"). (c) Correct any inaccuracies in your health records.