Privacy Policy

iHealix is operated by Innoedge Technologies Limited (incorporated number [registration number]), registered office [registered address]. For the personal data we process to run the platform, Innoedge Technologies Limited is the data controller.

Where an independent provider (a doctor, pharmacy, laboratory or nurse) treats you through iHealix, that provider is a separate controller of the clinical records they create about you, and processes your data under their own professional and legal obligations.

You can reach our Privacy Officer at info@innoedgetech.com.

This policy covers personal data we process through the iHealix mobile apps and website and the related services we facilitate. It is read together with our Terms of Service, Cookie Policy and Medical Disclaimer. Third parties we link to (for example a payment processor or a provider) have their own privacy notices.

Depending on how you use iHealix, we collect:

• Identity data — name, date of birth, gender, and, where required for verification or a regulated service, government-issued identifiers.
• Contact data — email address, phone number and delivery address.
• Health and sensitive personal data — symptoms, medical history, the reason for your consultation, prescriptions, lab requests and results, and notes shared during a consultation. This is protected health information (PHI) and is given the special handling described below.
• Payment data — transaction details needed to process payment. Full card details are collected and stored by our payment processor (Stripe), not by us.
• Device & technical data — device type, operating system, app version, IP address and similar diagnostic data.
• Usage & location data — how you interact with the Service, and, where you grant permission, approximate or precise location used to match you with nearby providers or for delivery.

We process your personal data under the lawful bases recognised by HIPAA (Health Insurance Portability and Accountability Act), principally:

• Performance of a contract — to provide the Service you have asked for (creating your account, facilitating a consultation, processing a payment, arranging delivery).
• Consent — for processing your protected health information (PHI), for non-essential cookies and analytics, and for using your location. You may withdraw consent at any time (this does not affect processing already carried out).
• Legal obligation — where we must process data to comply with applicable law or a lawful regulatory request.
• Legitimate interests — to secure the platform, prevent fraud and abuse, and improve the Service, balanced against your rights and interests.

We use personal data to:

• create and manage your account and verify eligibility;
• connect you with an independent provider and pass them the information they need to treat you;
• facilitate consultations (including video infrastructure), medicine delivery, lab sample collection, nurse visits and insurance claims;
• process payments and refunds and keep transaction records;
• communicate with you about bookings, results and the Service;
• keep the platform secure, prevent fraud and abuse, and meet our legal and regulatory obligations; and
• with your consent, understand and improve how the Service is used.

We share personal data only as needed to provide the Service, and never sell it. Recipients include:

• The treating provider or pharmacy — the independent doctor, pharmacist, laboratory or nurse you consult or order from receives the data necessary to care for you and fulfil your order.
• Stripe — our payment processor, which handles your payment data to take payment and issue refunds.
• LiveKit — the real-time video/audio infrastructure that carries your consultation media.
• Hosting and infrastructure providers — who store and run the platform on our behalf under data-processing terms.
• Couriers and delivery partners — the delivery details needed to bring your order to you.
• Insurers / health plans — where you ask us to submit a claim, the information needed to process it.
• Regulators, courts and authorities — where disclosure is required by law or to protect rights, safety or the public.

Where a recipient processes data on our behalf, we put a written data-processing agreement in place requiring appropriate safeguards.

We apply heightened safeguards to this data: it is encrypted in transit and at rest, access is restricted on a need-to-know basis, and it is shared with the independent provider treating you so they can deliver care. We do not use your health data for advertising.

We keep personal data only as long as necessary for the purposes above and to meet legal, regulatory, accounting and dispute-resolution requirements. Health and medical records may be retained for the period required by applicable law and professional standards; payment records for the period required by law. When data is no longer needed it is securely deleted or anonymised. You can ask us to delete your data — see your rights below — subject to retention we are legally required to maintain.

We apply technical and organisational measures appropriate to the sensitivity of your data, including encryption in transit and at rest, access controls and least-privilege access, network and application hardening, logging and monitoring, and staff confidentiality obligations. No system can be guaranteed completely secure; if a breach affecting your data occurs, we will act and notify you and the relevant authority where the law requires.

Subject to applicable law, you have rights to access, correct, and request deletion of your personal data. iHealix is not a covered entity under HIPAA but applies equivalent administrative, physical, and technical safeguards to all protected health information it handles on behalf of covered providers.

• Access — obtain confirmation of, and a copy of, the personal data we hold about you;
• Rectification — have inaccurate or incomplete data corrected;
• Erasure — ask us to delete your data where there is no lawful reason to keep it;
• Restriction — ask us to limit how we process your data in certain circumstances;
• Portability — receive certain data in a structured, machine-readable format where technically feasible;
• Objection — object to certain processing; and
• Withdraw consent — at any time, where we rely on your consent.

To exercise any right, contact info@innoedgetech.com. We may need to verify your identity before acting on a request.

Under applicable US state privacy laws, certain cookies require your opt-in or opt-out consent. Non-essential analytics cookies are set only after you choose "Accept all" in the consent banner. For full detail, see our Cookie Policy.

iHealix accounts are for adults (18+). We do not knowingly create accounts for children. A parent or legal guardian may use the Service to obtain care for a minor or dependant in their care; in that case the adult is responsible for the information provided. If you believe a child has provided us data without appropriate authority, contact info@innoedgetech.com and we will take appropriate action.

Some service providers we rely on may process data in countries other than the United States. Where personal data is transferred internationally, we use appropriate contractual safeguards — such as Standard Contractual Clauses or transfers to jurisdictions with an adequacy determination — to protect it.

Our Privacy Officer oversees our handling of personal data. You can reach them at info@innoedgetech.com.

If you are not satisfied with how we handle your data or a request, you have the right to lodge a complaint with the HHS Office for Civil Rights (OCR) (www.hhs.gov/ocr/privacy). We would appreciate the chance to address your concern first.

We may update this policy from time to time. When we make a material change we will update the “Last updated” date above and, where appropriate, notify you. Please review it periodically.