DIGITALHEALTH PRIVACY POLICY
Last Updated: [06/01/2026]
DigitalHealth ("DigitalHealth," "we," "our," or "us") is a health data aggregation platform (the "Service") designed to collect, integrate, and display health-related information from connected devices and services. The Service enables users, healthcare professionals, and approved researchers to obtain a more comprehensive view of health and wellness data.
The Service also supports clinical, behavioral, and population health research by enabling approved research teams to collect and manage participant health data from connected devices and digital health services. Research activities conducted through DigitalHealth are performed in accordance with applicable institutional policies and, where required, approved by an Institutional Review Board (IRB) or equivalent ethics oversight body.
Protecting the privacy and security of user information is a core principle of DigitalHealth. This Privacy Policy explains what information we collect, how we use it, how we protect it, and the choices available to users regarding their information.
Account Information
When you create a DigitalHealth account, we collect:
- Username
- Email address
- Securely hashed password
Your username serves as a unique identifier within the Service. Your email address is used for account activation, account-related communications, and password recovery.
Health Information
If you choose to connect DigitalHealth with supported third-party health platforms or devices, we may collect health and wellness information that you authorize us to access, including but not limited to:
- Activity and exercise data
- Step counts
- Sleep information
- Weight measurements
- Blood pressure readings
- Blood glucose readings
- Nutrition information
- Other health-related data authorized by you
The specific data collected depends on the services and permissions you choose to connect.
If you choose to connect your Google account, DigitalHealth may access information authorized by you through Google APIs, including health, fitness, profile, or account information permitted by the scopes you approve.
Google user data is used solely to provide and improve the functionality requested by the user, including:
- Synchronizing authorized health information
- Displaying user health metrics
- Supporting approved research activities
- Maintaining user-requested integrations and services
DigitalHealth does not use Google user data for advertising purposes, does not sell Google user data, and does not use Google user data to develop, improve, or train generalized artificial intelligence or machine learning models.
Separately, approved research studies conducted through DigitalHealth may use participant data collected for research purposes to develop, validate, evaluate, or improve statistical, machine learning, or artificial intelligence models, subject to Institutional Review Board (IRB) approval, informed participant consent, applicable regulations, and institutional policies. Such research activities are distinct from DigitalHealth's operational use of Google API data and do not alter the restrictions described above regarding Google user data.
We may automatically collect certain technical information, including:
- IP address
- Browser type and version
- Operating system
- Device information
- Date and time of access
- Session duration
- Pages visited
- Features used
- System and application logs
This information is used to operate, maintain, troubleshoot, secure, and improve the Service.
DigitalHealth uses collected information to:
- Provide and maintain the Service
- Authenticate users
- Synchronize data from connected services
- Display and analyze health information
- Support approved research activities
- Improve platform functionality and user experience
- Detect, prevent, and investigate security incidents
- Comply with legal and regulatory obligations
- Communicate important service-related information
We do not sell personal information to third parties.
"Anonymous Information" refers to information that cannot reasonably be used to identify an individual user.
DigitalHealth may create and use aggregated or de-identified information for:
- Service improvement
- System performance analysis
- Academic and scientific research
- Statistical reporting
Anonymous or aggregated information may be shared with service providers, collaborators, researchers, or published in presentations, abstracts, publications, and conferences, provided such information does not identify individual users.
Research studies conducted using DigitalHealth generally require review and approval by an Institutional Review Board (IRB) or equivalent ethics oversight body when applicable.
Users may choose to participate in research studies conducted through DigitalHealth.
Research participation is voluntary and may require separate informed consent documentation. Information collected for research purposes may be subject to retention, disclosure, and management requirements described in the applicable research consent form.
Where applicable, research data may continue to be retained and used in accordance with the approved research protocol and informed consent documents even if a user later closes their DigitalHealth account.
DigitalHealth employs administrative, technical, and physical safeguards designed to protect personal and health information from unauthorized access, use, disclosure, alteration, or destruction.
Security measures include:
- Encryption of data in transit using Transport Layer Security (TLS)
- Encryption of sensitive application data before storage
- Encryption of storage systems at rest using enterprise storage encryption technologies, including Dell PowerStore Data-at-Rest Encryption (D@RE)
- Secure password hashing and credential protection
- Role-based access controls
- Least-privilege administrative access
- Account lockout mechanisms to mitigate brute-force attacks
- Session timeout controls
- Security monitoring and audit logging
- Vulnerability assessments and security testing
- Security patch and update management processes
All HTTP requests are redirected to HTTPS whenever possible.
While no system can guarantee absolute security, DigitalHealth takes reasonable and appropriate measures to protect user information.
DigitalHealth may use third-party service providers to support hosting, infrastructure, monitoring, analytics, authentication, security, and related operational functions.
Such providers may process information only on behalf of DigitalHealth and only as necessary to provide contracted services.
DigitalHealth may disclose information when required by law, court order, legal process, governmental request, or when necessary to protect the rights, safety, security, or integrity of DigitalHealth, its users, or the public.
DigitalHealth retains personal information only for as long as reasonably necessary to provide the Service, fulfill research obligations, comply with legal requirements, resolve disputes, enforce agreements, and maintain security records.
Upon account closure, personal information associated with the account will generally be deleted or anonymized within ninety (90) days unless retention is required for:
- Legal or regulatory compliance
- Security investigations
- Approved research activities
- Institutional recordkeeping requirements
- Enforcement of contractual obligations
Research data may be retained according to applicable research protocols, informed consent documents, institutional policies, and legal requirements.
Users may request closure of their DigitalHealth account at any time by contacting us.
Upon account closure:
- Access to the account will be disabled.
- Connections to third-party services will be terminated.
- Personal information will be deleted or anonymized according to the Data Retention section above.
- Third-party accounts connected to DigitalHealth will not be affected.
Subject to applicable law, users may:
- Access their account information
- Update or correct account information
- Disconnect third-party services
- Request account deletion
- Withdraw permissions previously granted to other users
- Request information regarding the processing of their personal information
Research participants should consult the applicable informed consent documentation regarding rights associated with research data.
DigitalHealth implements administrative, technical, and physical safeguards designed to protect health-related information and operates in accordance with applicable institutional, contractual, ethical, and regulatory requirements.
Nothing in this Privacy Policy should be interpreted as a representation that DigitalHealth is a HIPAA-covered entity or business associate unless explicitly stated in separate contractual or regulatory documentation.
DigitalHealth does not knowingly collect personal information from individuals in violation of applicable laws regarding children's privacy. If we become aware that such information has been collected improperly, we will take reasonable steps to delete it.
DigitalHealth may update this Privacy Policy from time to time.
If material changes are made, users will be notified through the Service, by email, or by other reasonable means prior to the changes becoming effective.
The "Last Updated" date at the top of this Privacy Policy indicates when the most recent revision was made.
If you have questions, concerns, or requests regarding this Privacy Policy or our handling of personal information, please contact:
DigitalHealth Privacy Team
via Contact Us
or Mailing address: 98 Varsity Way, Tallahassee, FL 32306
Subject Line: Privacy Policy Inquiry