Effective Date: January 21, 2026
Last Updated: January 21, 2026
Welcome to My Post Op Pal (the "App"). We are committed to protecting your privacy, especially when it concerns your health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services.
This App is a Clinical Decision Support (CDS) tool. It facilitates communication between you and your healthcare provider. All medical guidance provided through the App is reviewed and approved by your clinician before being sent to you.
We collect information that identifies, relates to, or could reasonably be linked to you ("Personal Information").
As a healthcare-focused app, we collect information that is subject to the Health Insurance Portability and Accountability Act (HIPAA), including:
Medical Images: Photos of post-operative surgical sites you upload for analysis.
Symptoms and Communications: Text-based questions or descriptions of your healing progress.
Clinical Feedback: Responses and guidance provided by your healthcare provider.
Account Data: Name, email address, phone number, and password.
Device Identifiers: Push notification tokens to alert you of clinician responses.
Log files, device type, and app version to ensure technical stability and HIPAA-compliant audit logging.
We use the information we collect for the following purposes:
Facilitating Care: To transmit your photos and symptoms to your healthcare provider.
AI-Assisted Triage: We use advanced models (such as MedGemma) to analyze your data and assist your doctor in identifying "normal" vs. "abnormal" healing patterns.
Response Drafting: To help your doctor draft responses for their review and approval.
Audit Logging: To maintain a legally required record of who accessed your medical information and when.
Improvements: We may use de-identified data (information where your identity has been removed) to improve our AI analysis algorithms.
We do not sell your Personal Information. We share information only as follows:
With Your Healthcare Provider: Your data is shared directly with the surgical team you are linked to.
Service Providers: We use trusted third parties (like Google Cloud Platform) who have signed Business Associate Agreements (BAAs) with us to store and process your data securely.
Legal Requirements: If required by law, subpoena, or to protect the safety of our users.
We implement industry-standard security measures to protect your PHI:
Encryption: Data is encrypted using AES-256 at rest and TLS 1.2+ in transit.
HIPAA Compliance: Our infrastructure is configured to meet all HIPAA administrative, physical, and technical safeguard requirements.
Storage Location: All data is stored on secure servers located in the United States.
We retain your information only for as long as necessary to fulfill the purposes outlined in this policy and to comply with legal obligations.
Medical Records: Because the App facilitates clinical care, the data you submit becomes part of your medical record. We are required by state and federal laws to retain these records for a minimum period (typically 7 years, though this varies by jurisdiction).
Account Information: We retain your account information while your account is active. If you request account deletion, we will deactivate your account and remove your personal identifiers from our active marketing and notification databases.
Retention Conflict: Please note that while we will honor requests to delete your App account, we may be legally prohibited from deleting the medical data (images and messages) that has already been shared with your clinician and incorporated into your medical history.
Depending on your location and clinical relationship, you may have the right to:
Access: Request a copy of the medical records and personal data stored within the App.
Correction: Request that we correct inaccurate personal information.
Deletion: Request the deletion of your account. As noted above, this is subject to medical record retention requirements.
Withdraw Consent: Withdraw consent for the use of your de-identified data in AI model refinement.
Camera & Photo Library: We request access only to allow you to upload images for your clinician.
Notifications: We request access to notify you when your clinician has sent you a message or a check-in is due.
In-App Deletion: You can initiate an account deletion request directly within the App settings.
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy within the App and updating the "Effective Date."
If you have any questions about this Privacy Policy or our privacy practices, please contact us at: ashish.narasimham@gmail.com