Privacy Policy

Last updated: June 2026

1. Introduction

Healthportal ("we", "our", or "Company") operates the Healthportal website and application. This Privacy Policy explains how we collect, use, disclose, and otherwise handle your information, including health information.

We are committed to protecting your privacy and ensuring you have a positive experience on our platform. This policy applies to all users of our website, mobile app, and services.

2. Information We Collect

We collect information you provide directly:

  • Account information (name, email, phone, password)
  • Health information (symptoms, medical history, medications, allergies)
  • Payment information (processed securely by Stripe)
  • Communication data (messages, feedback, support inquiries)
  • Profile information (age, gender, location preferences)

We also collect information automatically:

  • Device information (browser, OS, IP address)
  • Usage data (pages visited, time spent, search queries)
  • Cookies and local storage identifiers
  • Location information (if you permit)

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve our services
  • Deliver doctor consultations and health guidance
  • Process payments and manage subscriptions
  • Send transactional emails (confirmation, receipts, updates)
  • Respond to your inquiries and support requests
  • Detect fraud and enforce our legal agreements
  • Comply with legal obligations

We do not use your health information for marketing without explicit consent. We do not sell your data to advertisers or data brokers.

4. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, remember preferences, and analyze usage patterns. You can control cookies in your browser settings.

Essential cookies are required for the site to function. Analytics cookies help us understand how you use our services. You can opt out of analytics tracking, but essential cookies cannot be disabled.

5. Third-Party Services

We share your information with trusted partners only when necessary:

  • Payment processors (Stripe) — encrypted payment data only
  • Video consultation providers (Daily.co) — for doctor consultations
  • Email providers (Resend) — for transactional emails
  • Cloud infrastructure (AWS) — for secure data storage
  • Analytics services (Vercel Analytics) — anonymized usage data

All third parties are contractually bound to protect your information and comply with applicable laws.

6. Data Security

We employ industry-standard security measures to protect your information:

  • SSL/TLS encryption for data in transit
  • AES-256 encryption for sensitive data at rest
  • Secure authentication (Argon2 password hashing, OAuth, TOTP MFA)
  • Regular security audits and penetration testing
  • Restricted access to personal data (principle of least privilege)

While we implement strong safeguards, no system is completely secure. You are responsible for keeping your password confidential.

7. Data Retention

We retain your data only as long as necessary:

  • Account data: retained while your account is active, then deleted within 30 days of closure
  • Health records: retained for 7 years (required for legal/medical reasons)
  • Payment records: retained for 7 years (tax compliance)
  • Support tickets: retained for 2 years
  • Analytics data: aggregated after 12 months, then deleted

8. Your Rights (GDPR, CCPA)

If you are located in the EU, UK, or California, you have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request erasure of your data ("right to be forgotten")
  • Portability: Export your data in a standard format
  • Objection: Opt out of certain processing activities
  • Restriction: Limit how we use your data

To exercise these rights, email privacy@healthportal.com with your request. We will respond within 30 days.

9. Children's Privacy

Healthportal is not intended for children under 13. We do not knowingly collect information from children. If we discover we have collected data from a child under 13, we will delete it immediately.

For users aged 13-18, parental consent is required for creating an account. Parents can review and control their child's information.

10. International Data Transfers

Your data may be transferred to and stored in countries other than where you reside, including the United States. These countries may have data protection laws that differ from your home country.

When we transfer personal data internationally, we use Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection.

11. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact:

Email: privacy@healthportal.com

Mail: Healthportal Privacy Team, [Address], [Country]

Online form: healthportal.com/contact

12. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes by email or by posting a notice on our website. Your continued use of Healthportal following such notification constitutes acceptance of the updated policy.