Privacy Policy

FullyCharted is a personal health record and care coordination tool built for patients managing complex chronic illness. You enter your own medications, diagnoses, providers, lab results, symptoms, and notes. We do not provide medical advice, diagnoses, or treatment recommendations.

We collect the information you choose to enter into the app, which may include:

• Account information (email address, password)
• Personal profile (name, date of birth, address, emergency contacts)
• Health information (medications, allergies, diagnoses, vital signs, lab results, symptoms, procedures, providers, appointments, and care notes)
• Uploaded files (lab reports, imaging documents, diagnostic documents, and symptom photos)
• Usage data (app interactions, error logs, and device type) to improve reliability

We use your information only to operate and improve the service:

• To store, organize, and display your personal health record
• To generate emergency views and physician handoff PDFs at your request
• To surface medication interaction checks, monitoring reminders, and care alerts based on your entered data
• To send email notifications (if enabled) for refill reminders and appointment prep
• To diagnose and fix bugs or performance issues

We do not use your health information for advertising, profiling, or building behavioral models. We do not sell or rent your data.

Your data is stored in an encrypted database with row-level access controls. Every request is authenticated, and only your account can read or modify your clinical records. Uploaded documents are stored in encrypted object storage with access scoped to your account. We use industry-standard TLS for all data in transit.

Only you can access your FullyCharted data through your authenticated account. If you choose to generate a public emergency token or share a physician handoff PDF, you control that sharing. No clinician, insurer, or third party can access your records through FullyCharted without an explicit action by you.

Our infrastructure providers process data only to host and deliver the service. They are contractually bound to confidentiality and security standards and do not access your clinical content.

We keep your data for as long as your account is active. You can delete individual records or clinical entries at any time. If you delete your FullyCharted account, we permanently remove all of your health data, uploaded documents, and authentication records within 30 days. Deleted data cannot be recovered.

You have the right to:

• Access, correct, or export your personal health information
• Delete individual records or your entire account
• Revoke shared emergency tokens at any time
• Contact us with questions about how your data is handled

FullyCharted is a personal health record tool operated directly for patients. We are not a healthcare provider, health plan, or healthcare clearinghouse, and we do not fall under HIPAA as a covered entity. However, we follow privacy and security practices consistent with protecting sensitive health information.

We may update this privacy policy as the service evolves. If we make material changes, we will notify you in the app and update the effective date above. Continued use of FullyCharted after changes constitutes acceptance of the revised policy.

If you have questions about this privacy policy or your data, please contact us at privacy@fullycharted.app.