Conquer Your Health – HIPAA Policy

Last Updated: 19th March 2025

Introduction

HIPAA Compliance Statement: This section outlines how Conquer Your Health and OneTwentyOne, Inc. approach the privacy and security of health-related information in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA is a U.S. law that provides data privacy and security protections for certain health information, known as Protected Health Information or "PHI". OneTwentyOne, Inc. is not a healthcare provider or insurance company, and we generally do not qualify as a "Covered Entity" under HIPAA. Additionally, we are not a "Business Associate" (since we do not handle PHI on behalf of any Covered Entity). However, we are committed to protecting user privacy and have designed Conquer Your Health in a way that upholds the core principles of HIPAA. The fundamental approach is privacy by design through data minimization – meaning that our App avoids collecting or storing your health data on our servers altogether.

No PHI Collected or Stored

Protected Health Information (PHI): Under HIPAA, PHI is defined as individually identifiable health information that relates to an individual's health condition, provision of healthcare, or payment for healthcare, which is held or transmitted by a Covered Entity or its Business Associate. Examples include medical histories, diagnoses, treatment information, and insurance details when tied to a person's identity. With Conquer Your Health, you can be assured that we do not collect or store any PHI on our systems:

  • On-Device Data Only: All health and wellness data you input into the App (such as your tasks, notes, or any health metrics) is stored only on your personal device. We do not receive, collect, or store that data on any server or cloud controlled by us.
  • No User Identity Collected: The App does not require you to enter your name, address, date of birth, or any other personal identifiers in order to use the health tracking features. Because we do not link data to your identity, and we do not store it off-device, the data you enter is not accessible to us in an identifiable form (or at all).
  • No Health Information Transmission: The App does not transmit your health entries to OneTwentyOne, Inc. or to any third-party service. There is no automatic syncing of your data to external servers. (If in the future we offer a cloud backup or sync feature, it will be purely optional and will be designed with strict privacy safeguards, and we will update this policy accordingly.)

Because we do not handle PHI, many HIPAA requirements (which apply to entities handling PHI) are not directly applicable. In essence, OneTwentyOne, Inc. has eliminated the risk of unauthorized disclosure of your protected health information by not storing or accessing it in the first place.

Data Stays on Your Device

The design of Conquer Your Health ensures that any health-related information you track remains under your control. Key points include:

  • No External Storage: Your in-app data (health tasks, notes, progress, etc.) stays on your iOS device and is part of the App's local storage. We do not copy this data to our servers. If you ever uninstall the App, all of that data is removed from your device during the uninstall process. (Keep in mind that if your device is backed up to a service like iCloud, the App data might be included in your personal backup, but that is controlled by you and your device's settings, not by us.)
  • Privacy by Design: Since your health data never leaves your device via the App's normal operation, your privacy is inherently protected. Even in the hypothetical event of a security breach on our servers, there would be no personal health data from the App for anyone to find.
  • User Control: You have the ability to control, edit, or delete your health information by using the App's features (for example, deleting entries) or by uninstalling the App entirely. We do not have the ability to retrieve or restore any of your data once it is deleted from your device.

By keeping your data local, Conquer Your Health aligns with HIPAA's goals of protecting sensitive health information, as there is no central database of health information to secure or potential leaks to worry about.

Support Communications and PHI

When you contact us for support or feedback, you may voluntarily share personal information, which could include health-related information. It's important to distinguish these communications from the data you input into the App:

  • Voluntary Disclosure: If you send us an email or text or call us for support, you might share details about your experience, which could include health-related information (for example, *"I am managing my asthma and I noticed the app..."). This information is something you choose to provide, and it is not pulled from the App automatically.
  • Not Stored as Health Records: Any information you share with our support team (whether it's an email or a phone conversation) is kept confidential, but it is not stored in a medical record system or used by us for any healthcare services. It remains simply a communication from you to us. We treat these communications as private customer support correspondence.
  • Limited Access: Support communications that you send us may be stored in our email or customer service system. Access to these is limited to authorized team members who need the information to assist you. We do not incorporate any health details you share into any form of database that could be used to identify you in relation to health services.
  • No Linking of Data: We do not link any health information you might mention in a support request to any App data, since, as noted, we have no access to your in-App health data. For example, if you tell us, "I completed all the exercise tasks this week," that statement is not cross-referenced with any record in our system, because we have no record of your exercise tasks—those are only on your device.

In summary, even if you voluntarily share some health information with us during a support interaction, that information remains confidential and is handled outside of any HIPAA-covered context. We consider it personal information protected under our Privacy Policy, and we do not use or disclose it for any purpose other than to assist you (unless required by law, such as if you report an adverse event that we are legally obligated to address or report).

Security Measures (HIPAA Security Rule Alignment)

HIPAA's Security Rule sets standards for safeguarding electronic PHI. While our company is not directly subject to the Security Rule due to our no-PHI policy, we still implement strong security practices as part of our commitment to user privacy:

  • Device-Level Encryption: Data stored on your device by Conquer Your Health is protected by the security of your device. Modern iOS devices encrypt stored data by default, especially when the device is locked with a passcode or biometric lock. We encourage you to use these device security features to protect all your data (including data from this App).
  • Secure App Design: We develop the App following industry best practices for security. This includes regular updates to address potential security vulnerabilities and thorough testing of the App to prevent unauthorized access or data leakage.
  • Minimal Data Transmission: The App does not send out your personal health data, which significantly reduces potential security risks. The only data transmissions occur when you choose to contact us (such as sending a support email or feedback). Those communications are secured by standard encryption protocols provided by email or phone networks. (For example, if you email us, that email is protected in transit by your email provider's security measures, such as TLS encryption, which is standard for most reputable email services.)
  • Internal Access Controls: Within OneTwentyOne, Inc., any personal information (like support emails) that we do hold is protected. We restrict access to authorized personnel only, and those personnel are trained to maintain confidentiality. We also employ standard security measures (firewalls, secure passwords, etc.) to protect our systems that hold this information.

By not storing your health data on our systems, we inherently mitigate many of the risks that the HIPAA Security Rule is concerned with. Nevertheless, we treat any data you provide to us with care and employ security measures to prevent unauthorized access.

HIPAA Privacy Rule and Your Data

The HIPAA Privacy Rule governs how PHI can be used and disclosed by entities that have it. Because Conquer Your Health does not collect PHI, the typical use and disclosure provisions of the Privacy Rule are not directly applicable. Here's how we align with the intent of the Privacy Rule:

  • No Unauthorized Use or Disclosure: We are not using or disclosing your health data because we do not possess it. Any health information you keep within the App stays with you. We have designed the App to function without requiring you to share that information with us.
  • You Are in Control: In the context of the App, you are effectively the custodian of your own health data. You decide what to enter into the App, and you have the power to delete it. Because we never see it, every "use" or "disclosure" of your health data is under your control (for instance, if you choose to show your App data to your doctor, that's your choice, not a disclosure by us).
  • If Things Change: If in the future the App were to collect any health information in a way that could be considered PHI, we would implement all required HIPAA Privacy Rule measures at that time, including providing notices of privacy practices and ensuring any use of PHI is permitted by HIPAA or authorized by the user.

By keeping your identifiable health information out of our hands, we ensure that there is no risk of us improperly using or disclosing it, intentionally or accidentally.

Future Compliance and Updates

OneTwentyOne, Inc. is committed to maintaining the highest privacy standards. Our current approach to HIPAA – not collecting or storing PHI – means compliance is achieved by not creating risk in the first place. If our data practices change in the future, we will take all necessary steps to remain compliant with HIPAA and any other relevant privacy laws. This includes:

  • Updating this HIPAA Policy and our Privacy Policy to accurately reflect our practices.
  • Implementing any necessary agreements (for example, Business Associate Agreements) and technical safeguards before we handle any PHI.
  • Notifying users of any significant changes in how their data is handled, especially if those changes involve any external storage or transmission of health data.

We will also continue to monitor changes in privacy regulations and best practices and will update our policies and app features as needed to ensure your information remains protected.

Contact Information

If you have any questions or concerns about our HIPAA Policy or how Conquer Your Health protects your information, please reach out to us:

  • Email: hello@121health.app
  • Phone/Text: (716) 237-0126 (available for calls or text messages)
  • Our mailing address is OneTwentyOne Inc., 254 Chapman Rd, Ste 208 #15242, Newark, DE, 19702, USA.