PRIVACY POLICY
1. Introduction
Welcome to HealthRec1, a professional health record management service operated by Maven Innovations ("we," "our," "us," or "the Service"). We respect your privacy and are committed to protecting your personal health information. This Privacy Policy explains how we handle information when you use our platform at https://www.healthrec1.com.
Key Principle: HealthRec1 is designed as a zero-knowledge, patient-controlled platform. Maven Innovations does not access, view, or control your individual health records under any circumstances.
2. Information We Collect
2.1 Account Information (Minimal Collection)
When you create an account, we collect: Email address, Username, Password (encrypted and never stored in plain text), Account creation date, and Last login timestamp.
2.2 Technical Information
We automatically collect: IP address, Device type, browser profile, Operating system, and system usage metrics to ensure service stability.
2.3 Health Records (Zero-Access)
IMPORTANT: Your health records are encrypted on your local device before transmission and stored in a fully encrypted state. They are only accessible with your unique encryption key. HealthRec1 staff and Maven Innovations systems cannot read or access this data.
2.4 Information We Do NOT Collect
We strictly do not collect Social Security Numbers, Driver's license numbers, or Biometric data. Your physical location is never tracked beyond general IP region for security compliance.
3. How We Use Your Information
3.1 Account Information
We use your account details to authenticate your identity, provide secure access, send critical service notifications, and prevent unauthorized usage or fraud.
3.2 Technical Information
Technical data is analyzed in an anonymized format to monitor system performance, detect security threats, and troubleshoot technical issues within the Service.
3.3 Health Records
We do NOT use your health records for any internal or commercial purpose. Your data resides on our servers strictly for your retrieval and remains encrypted at all times.
4. How We Share Your Information
4.1 Non-Commercial Policy
Maven Innovations does not sell, lease, or trade your personal information or health data to third parties.
4.2 Service Providers
We involve trusted infrastructure partners (e.g., AWS for storage, Stripe for payments) who are contractually bound to maintain strict confidentiality and security protocols. They have zero access to your decrypted health records.
4.3 Legal Disclosure
We may disclose account metadata if required by a valid legal order. However, we cannot provide decrypted health data as we do not possess the necessary keys to access it.
5. Data Security
5.1 Technical Safeguards
We employ industry-leading security practices, including AES-256 encryption at rest and TLS/SSL 1.3 for data in transit. Regular security audits and penetration tests are conducted to maintain platform integrity.
5.2 End-to-End Encryption
Your records are encrypted using keys derived through secure hashing from your password. If you lose your credentials, your encrypted health records cannot be recovered by Maven Innovations, as we do not store your plain-text password or encryption keys.
6. Your Privacy Rights
6.1 Control & Access
You retain full ownership and control of your data. You may export your records, update your profile informations, or delete your account at any time.
6.2 California & State Rights
Residents of California, Virginia, and Colorado may have specific rights under state privacy laws (CCPA/CPRA, etc.). Please contact our privacy team for specific requests regarding these regulations.
7. Cookies and Tracking
We use session and essential cookies to maintain your login state and provide a secure environment. We also utilize anonymized analytics to monitor service performance. You can manage your cookie preferences through our dedicated preference center or your browser settings.
8. Children's Privacy
The Service is not intended for use by individuals under the age of 13. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal information, please notify our privacy office immediately.
9. International Users
Maven Innovations is headquartered in the United States. By using our Service, you acknowledge that your information may be processed and stored in the U.S. We implement Standard Contractual Clauses (SCCs) and high-level encryption to satisfy global data protection standards, including GDPR for European users.
10. Data Retention
We retain your account data as long as your account remains active. Encrypted health records are permanently purged within 30 days of account deletion, with secondary backups clearing within 90 days. Basic technical logs are kept for 90 days for troubleshooting and security forensics.
11. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or regulatory requirements. Significant modifications will be notified via email and through a notice on our platform. The effective date of the most recent version will always be prominently displayed at the conclusion of this document.
12. Third-Party Links
The Service may provide links to external websites that are not operated by Maven Innovations. We advise you to review the privacy policies of any third-party sites you visit, as we do not maintain control over their dedicated privacy practices.
13. Contact Us
If you have any questions, concerns, or specific requests regarding this Privacy Policy or how Maven Innovations handles your data, please reach out to our privacy office at: support@healthrec1.com.
14. Complaints and Disputes
If you believe your privacy rights have been violated, we encourage you to contact us first. If unresolved, you may file a complaint with the Oklahoma Attorney General's Office, the Federal Trade Commission (FTC), or your respective state's consumer protection agency. EU residents may contact their local data protection authority (DPA).
15. Electronic Communications
By using the Service, you consent to receive electronic communications from Maven Innovations. These communications may include notices about your account and information concerning or related to our Service.
16. Severability
If any part of this Privacy Policy is held invalid or unenforceable, that part will be construed to reflect the parties' original intent, and the remaining portions will remain in full force and effect.
17. Assignment
Maven Innovations may assign its rights and obligations under this Privacy Policy at any time without notice to you. You may not assign these rights without our prior written consent.
18. Entire Agreement
This Privacy Policy constitutes the entire agreement between Maven Innovations and you concerning the subject matter hereof, and they may only be modified by a written amendment signed by an authorized executive of Maven Innovations.
19. Governing Law
This Policy shall be governed by and construed in accordance with the laws of the State of Oklahoma, United States, without reference to its conflict of law provisions.
20. California Privacy Rights
If you are a California resident, you may have the right to request information regarding the disclosure of your personal information to third parties for their direct marketing purposes.
21. Final Acknowledgement
By submitting health records to our platform, you confirm that you have read, understood, and agree to be bound by the terms detailed across all 21 sections of this Privacy Policy.
By using our Service, you acknowledge that you have read and understood this Privacy Policy. This policy was last updated on October 24, 2026. Global health management empowered by HealthRec1. Your data, your control.