Privacy Policy & HIPAA Notice of Privacy Practices

Effective Date: November 2, 2025
Last Updated: November 2, 2025

Table of Contents

1. Introduction
2. Information We Collect
3. How We Use Your Health Information
4. When We May Disclose Your Health Information
5. Your Privacy Rights Under HIPAA
6. Data Security & Protection
7. International Users & Data Transfers
8. Children's Privacy
9. Changes to This Policy
10. Contact Us

1. Introduction

Welcome to Anjiy ("we," "our," or "us"), a global healthcare platform providing telemedicine, pharmacy services, health monitoring, and AI-powered medical assistance. We are committed to protecting your privacy and complying with:

• HIPAA (Health Insurance Portability and Accountability Act of 1996) - United States
• GDPR (General Data Protection Regulation) - European Union
• CCPA (California Consumer Privacy Act) - California, USA
• Local data protection laws in 52+ countries where we operate

2. Information We Collect

2.1 Protected Health Information (PHI)

Under HIPAA, PHI includes any information that can identify you and relates to your health. We collect:

Medical Information:

• Appointments: Symptoms, diagnoses, treatment plans, doctor notes, consultation recordings
• Prescriptions: Medications, dosages, instructions, pharmacy orders, refill history
• Lab Results: Test results, interpretations, medical images (X-rays, scans), lab reports
• Health Analytics: Vital signs (blood pressure, heart rate, temperature), BMI, glucose levels, oxygen saturation
• Women's Health: Menstrual cycle data, pregnancy information, fertility tracking
• Immunizations: Vaccine records, vaccination schedules, travel vaccines
• AI Symptom Analysis: Symptom descriptions, AI-generated health assessments, medical recommendations
• Video Consultations: Audio/video recordings of telemedicine appointments (with consent)

Personal Identifiers:

• Full name, date of birth, gender, nationality
• Email address, phone number, physical address
• Government-issued ID numbers (for identity verification)
• Insurance information (company, policy number, coverage details)
• Emergency contact information

Financial Information:

• Wallet balance, transaction history
• Payment methods (last 4 digits only, no full card numbers stored)
• Billing addresses
• Insurance claims and payment records

2.2 Technical Information (Non-PHI)

• Device Information: Device type, operating system, app version, device ID
• Usage Data: Pages viewed, features used, time spent, navigation patterns
• Location Data: GPS coordinates (with permission) for hospital finder, pharmacy locator
• IP Address: For security, fraud detection, and regional service delivery
• Cookies & Similar Technologies: Session tokens, preferences, analytics

3. How We Use Your Health Information

3.1 Treatment (HIPAA Permitted Use)

We use your PHI to provide healthcare services:

• Facilitate video consultations between you and doctors
• Generate and deliver electronic prescriptions to pharmacies
• Share lab results with your healthcare providers
• Provide AI-powered symptom analysis and health recommendations
• Send medication reminders and health alerts
• Coordinate care between multiple healthcare providers

3.2 Payment (HIPAA Permitted Use)

• Process payments for consultations, prescriptions, and services
• Submit claims to insurance companies
• Manage your digital wallet and transaction history
• Provide invoices and receipts

3.3 Healthcare Operations (HIPAA Permitted Use)

• Quality improvement and safety monitoring
• Training healthcare staff and AI models
• Business analytics and service optimization
• Fraud detection and prevention
• Legal compliance and regulatory reporting

3.4 Other Uses (With Your Authorization)

4. When We May Disclose Your Health Information

4.1 Disclosures You Authorize

• To Healthcare Providers: Share your medical history with doctors you consult
• To Pharmacies: Send prescriptions to your chosen pharmacy
• To Insurance Companies: Submit claims for reimbursement
• To Family Members: With your permission, share health updates with designated contacts

4.2 Disclosures Required by Law

We may disclose your PHI without authorization when:

• Court Orders/Subpoenas: When legally required by judicial order
• Public Health Authorities: Disease reporting, vaccine-preventable diseases, FDA adverse events
• Law Enforcement: Criminal investigations, missing persons, victims of abuse
• Health Oversight: Government audits, investigations, licensing
• Serious Threats: To prevent serious harm to you or others
• Worker's Compensation: Work-related injury or illness claims
• Coroners/Medical Examiners: For death investigations

4.3 Business Associates (Third-Party Vendors)

We share PHI with trusted vendors who help us operate our services. All vendors sign HIPAA Business Associate Agreements (BAAs):

• Google Cloud (Firebase): Cloud infrastructure, data storage, authentication
• Stripe: Payment processing (name, email, payment methods)
• PayPal: Payment processing (name, email, transaction details)
• Agora: Video consultation platform (audio/video streams)
• Cloud Storage: Medical images, prescriptions, lab results (encrypted)

5. Your Privacy Rights Under HIPAA

5.1 Right to Access Your Health Information (§164.524)

You have the right to:

• View all your health information in our app (real-time access)
• Request a copy of your medical records within 30 days
• Export your data in machine-readable format (JSON, PDF)
• How to Exercise: Use the "Export My Data" feature in app settings or email privacy@anjiy.tech

5.2 Right to Amend Your Health Information (§164.526)

You can request corrections to your medical records:

• Update personal information (name, address, phone) directly in the app
• Request amendments to medical records created by your doctor
• We will respond within 60 days (may extend 30 days with notice)
• If denied, you can submit a statement of disagreement

5.3 Right to Accounting of Disclosures (§164.528)

You can request a list of PHI disclosures we made in the past 6 years:

• Who received your information
• Date and purpose of disclosure
• What information was shared
• How to Request: Email privacy@anjiy.tech or use "Request Disclosure Report" in app
• Note: Does NOT include disclosures for treatment, payment, operations, or disclosures you authorized

5.4 Right to Request Restrictions (§164.522)

You may request limits on how we use or disclose your PHI:

• Restrict disclosures to insurance companies for services you paid out-of-pocket (we MUST honor this)
• Request other restrictions (we will consider but are not required to agree)
• How to Request: Email privacy@anjiy.tech with your specific restriction request

5.5 Right to Confidential Communications (§164.522(b))

You can request we communicate with you in a specific way:

• Email-only (no SMS notifications)
• Alternative phone number or address
• In-app messaging only
• How to Request: Update communication preferences in app settings

5.6 Right to a Paper Copy of This Notice

You may request a paper copy of this Privacy Policy at any time:

• Download PDF: https://www.anjiy.tech/privacy-policy.pdf
• Request by Mail: Email privacy@anjiy.tech with your mailing address

5.7 Right to Be Notified of a Breach (§164.404)

If your PHI is breached (unauthorized access, use, or disclosure):

• We will notify you within 60 days of discovering the breach
• Notification will include: what happened, what information was affected, steps we're taking, steps you should take
• If breach affects 500+ people, we will notify media and the U.S. Department of Health & Human Services

6. Data Security & Protection

6.1 Technical Safeguards

• Encryption at Rest: AES-256 encryption for all stored data (Firestore, Cloud Storage)
• Encryption in Transit: TLS 1.3 for all API communications (HTTPS/WSS)
• Access Controls: Multi-factor authentication (password + biometric/PIN)
• Secure Storage: Sensitive data stored in device keychain/keystore
• API Security: HMAC-SHA256 request signing, rate limiting, IP filtering
• Password Hashing: bcrypt with salt (industry standard)

6.2 Administrative Safeguards

• Access Controls: Role-based permissions (patient, doctor, admin)
• Audit Logging: All PHI access tracked and logged for 6 years
• Employee Training: Annual HIPAA training for all staff
• Background Checks: For all employees with PHI access
• Incident Response Plan: Documented breach response procedures

6.3 Physical Safeguards

• Data Centers: Google Cloud's HIPAA-compliant facilities
• Geographic Replication: Multi-region backups (US, Europe, Asia)
• Disaster Recovery: Daily automated backups, 7-year retention

6.4 Data Retention

• Medical Records: 7 years after last treatment (HIPAA requirement)
• Financial Records: 7 years (tax/audit requirements)
• Audit Logs: 6 years (HIPAA requirement)
• Account Deletion: You can delete your account anytime; PHI retained per legal requirements, then securely destroyed

7. International Users & Data Transfers

7.1 Where We Store Your Data

Your data is stored in Google Cloud Platform data centers:

• Primary: United States (us-central1, Iowa)
• Backup: Europe (europe-west1, Belgium) and Asia (asia-northeast1, Tokyo)

7.2 European Union Users (GDPR)

If you are in the EU, you have additional rights:

• Right to Erasure ("Right to be Forgotten"): Request deletion of your data
• Right to Data Portability: Receive your data in machine-readable format
• Right to Object: Object to processing for direct marketing
• Right to Restrict Processing: Limit how we use your data
• Legal Basis: We process your data based on consent, contract performance, legal obligations, and legitimate interests
• Data Protection Officer: dpo@anjiy.tech
• Supervisory Authority: You may lodge a complaint with your local data protection authority

7.3 California Users (CCPA)

If you are a California resident, you have:

• Right to Know: What personal information we collect and how we use it
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt-out of sale of personal information (we do NOT sell your data)
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights
• How to Exercise: Email privacy@anjiy.tech or call +1-800-ANJIY-HELP

7.4 Africa, Asia, and Other Regions

We comply with local data protection laws in all 52+ countries we operate, including:

• Cameroon: Law No. 2010/012 on Cybersecurity and Cybercriminality
• Nigeria: Nigeria Data Protection Regulation (NDPR)
• Ghana: Data Protection Act, 2012
• Other regions: Please contact us for country-specific privacy information

8. Children's Privacy

Our services are not intended for children under 13 (or 16 in the EU) without parental consent:

• Age Verification: We verify age during account creation
• Parental Consent: Required for users under 18 (varies by country)
• COPPA Compliance: We comply with the Children's Online Privacy Protection Act (US)
• Pediatric Care: For minors, parents/guardians can manage their health records

9. Changes to This Privacy Policy

• We may update this policy annually or when regulations change
• You will be notified in-app and via email 30 days before changes take effect
• Continued use after notification constitutes acceptance
• You can always view the latest version at https://www.anjiy.tech/privacy-policy
• Version History: v2.0 (Nov 2, 2025), v1.0 (Jan 1, 2024)

10. Contact Us

---

© 2024-2025 Anjiy Inc. All rights reserved. | www.anjiy.tech | Terms of Service | Privacy Policy