Upon registration, your health profile is developed from information which you provide. Only our authorized employees view this information internally to analyze usage patterns and provide a better experience to our users. We do not gather highly personal information, such as social security numbers, bank account numbers, or sensitive health data. Of course we cannot control the actions of others with whom you may choose to share your information, so please exercise caution when disclosing sensitive information on your health page.
Additional information may be collected as you navigate through our site and sent to your browser by means of "cookies". Cookies can be disabled by setting a preference within your browser.
Access to personal identifiable information is restricted, and by default, can only be shared by those with whom you choose to connect. Anonymous information in aggregate form is sometimes used to improve the value of the website and may be shared in the course of business. But we never sell personal information about our members to any third parties.
If you no longer desire our service, you may email our customer support at firstname.lastname@example.org or by contacting us by telephone or postal mail at the contact information provided. We will respond to your request within five business days.
Every reasonable precaution is taken to safeguard your information. Data is encrypted within cloud environments and store in highly secure data centers. Our servers do not require human interaction and information does not get viewed or handled by third parties.
We are compliant with HIPAA regulations through implementation of secure socket layers (SSL), disaster recovery measures, data-center access controls, administrative management processes, and other safeguards implemented by our online storage partners. For detailed information about HIPAA (Health Insurance Portability and Accountability Act), please visit www.hhs.gov.
We provide a communication service through our software applications and do not attempt to practice medicine or replace qualified healthcare professionals. Do not rely upon this service if you or anyone else needs emergency medical treatment.
Our service may be suspended at any time and data is subject to deletion without notice. You are responsible for maintaining back-up copies of your information separately from the application.
You agree to protect the confidentiality of passwords and other access information. Any attempt to “hack” or “reverse engineer” our software is prohibited by law. We are not responsible for any other site which may link to our application.
We reserve the right to retain and implement in future products or services any feedback obtained from users without compensation. If you use this application from a location outside the U.S., you do so on your own initiative and are responsible for compliance with local or international laws.
Mobile Security Policy
HealthApp Connect includes mobile messaging using an existing internet connection based on, for example, 3G/EDGE or Wi-Fi. It is currently available for the iOS platform only. Since HealthApp Connect uses the same internet connection as email and web browsing, sending messages is available at no additional cost. Unlike SMS, messages are not restricted to a certain number of characters or keystrokes. Messages are received instantly and stored on our servers.
Cloud storage secures your data in a secure centralized location. Our data center has state-of-the-art security systems built with redundant diverse segments to maximize up time and thwart most denial of service attacks. Our HIPAA compliant hosting partner employs a team of highly skilled professionals with industry leading experience.
Unlike some mobile messenger services, we do not synchronize your contact lists with our backend servers. We do not route messages between different users based on their phone numbers. Our registration process does not depend on texting or emailing. We do not use your PIN in the verification process, nor do we use your device’s unique ID number. In fact, with iOS5+ Apple advises against using UDID as part of the identification process.
Since messages can be eavesdropped, or “sniffed”, especially within a public Wi-Fi, we have ensured that all API calls between HealthApp and our server is in https or SSL (Single Socket Layer). What this means is that even if the data packet is sniffed from the Network Layer, it won’t have meaning since the data is encrypted on the Transport Layer.
HealthApp Connect uses the reliable XMPP (Extensible Messaging and Presence Protocol) as its messaging protocol. Traffic is private with SSL encryption using security port 443 for https. Connecting does not require names or telephone numbers, only a private username and password, both of which are scrambled and hashed.
Apps should be treated as a front-end for accessing back-end services. So major security measures are implemented in our backend. Long term authorization tokens are generated on our backend server and secured on the device by encrypting the token using Apple’s Data Protection API.
On our server’s web-facing side, we implement best practices to prevent SQL injection. SQL injection is a hacker technique wherein embedded SQL statements on the URL maliciously query data not supposed to be exposed. Again, this cannot happen on HealthApp Connect.
The number one reason people get hacked is they download software that has been tampered with. So never download or install any app other than from iTunes App Store. A practice called “jailbreaking” lets users override Apple’s app protection to download non-approved applications. This can cause your device to be vulnerable to malware attacks.
Please do not lend your devices to untrusted persons, who can introduce malware either intentional or not. Maintain the same control over your device as you would over your credit card. If you want to use Bluetooth, pair only with know devices and make sure the publicly displayed name doesn’t reveal your identity. DIsable Bluetooth when not in use.
Mobile device theft is on the rise. Register serial numbers. Do not use your device as the sole storage mechanism for data. Know how to report any missing device as soon as possible. Enable Apple’s phone-finding and remote-wiping features. Set iPhone’s pre-lock screen to display your contact information so a Good Samaritan has recourse to return your iPhone if found.
Our users must provide correct username and password to access encrypted mobile data. Apple’s iOS devices use 256-bit AES (Advanced Encryption Standard) to automatically encrypt on-device data and files stored in flash memory. You can use iPhone’s four digit PIN to lock the screen, or better, enable a lengthy passcode that follows best password-protection guidelines. When not using HealthApp, logout. After 24 hours of inactivity, automatic lockout is triggered on HealthApp Connect.
HealthApp Connect is software and software cannot be 100% perfect. As we discover bugs or security holes, we will close them. Spam is easy to identify since we never will ask you to forward messages to others. Our official Twitter handle @healthappconnect will advise you if bugs or hoaxes have been detected, and an error message will be displayed until we fix it. Install updates regularly since our fixes will often address any new security concerns.