HealtrixBack

Privacy Policy

Last updated: March 26, 2026

1. Introduction

Healtrix ("we," "us," or "our") is a UK-based clinical health portal. We are committed to protecting your privacy and ensuring the security of your personal and health information. This policy describes how we collect, use, and protect your data in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Health Insurance Portability and Accountability Act (HIPAA).

2. Information We Collect

To provide our clinical screening and health portal services, we collect the following categories of information:

  • Identity Data: Full name, date of birth.
  • Contact Data: Email address.
  • Health Data: Responses to clinical screening questionnaires (including PHQ-9, GAD-7, AUDIT-C, WHO-5, ISI, and ASRS).
  • Clinical Scores: Calculated results and interpretations derived from your questionnaire responses.
  • Technical Data: IP address, login timestamps, and session information.

3. Data Storage and Security

Your data is stored using industry-leading security practices:

  • Database: All patient data is stored in encrypted Neon Postgres databases.
  • Infrastructure: Our application is hosted on Vercel, utilizing secure, global infrastructure.
  • Encryption: Data is encrypted both at rest and in transit (using TLS/SSL).
  • Access Controls: We implement strict role-based access controls (RBAC) to ensure that only authorized clinical personnel can access your health records.

4. How We Use Your Data

We use your information for the following purposes:

  • To provide clinical health screening and assessment.
  • To manage your patient account and facilitate secure "magic link" authentication.
  • To communicate with you regarding your results and clinical care.
  • To comply with legal and regulatory obligations in the UK and relevant international jurisdictions.

5. Your Data Subject Rights

Under UK GDPR and HIPAA, you have significant rights regarding your data:

  • Right of Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can ask us to correct inaccurate or incomplete data.
  • Right to Erasure: You can request the deletion of your data (subject to clinical record retention laws).
  • Right to Restriction: You can ask us to limit how we process your data.
  • Right to Data Portability: You can request your data in a structured, machine-readable format.

6. Data Retention

As a clinical entity, we are required by law to retain health records for specific periods (typically 8 to 20 years depending on the nature of the care). Once the retention period expires, data is securely deleted or anonymized.

7. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact our Data Protection Officer at:

Healtrix
Email: contact@healtrix.clinic