Itechnocrat Health Privacy Policy
Last Updated: Dec 30 2025
1. Scope and Regulatory Framework
This Privacy Policy applies to Itechnocrat Health Inc. (“Itechnocrat Health,” “we,” “us,” or “our”) and governs the collection, use, disclosure, storage, and protection of personal data, personal health data, and protected health information (PHI) across our AI-powered EHR platform, mobile and web applications, and connected medical and wellness devices (including Garmin smart watches).
This policy is designed to comply with applicable privacy and health data laws, including: United States
HIPAA (Health Insurance Portability and Accountability Act)
HITECH Act
CCPA / CPRA (California)
U.S. Consumer Health Data (CHD) laws (e.g., Washington My Health My Data Act) European Union
GDPR (General Data Protection Regulation – EU 2016/679) Canada
PIPEDA (Personal Information Protection and Electronic Documents Act)
Provincial health privacy laws where applicable (e.g., PHIPA (Ontario), HIA (Alberta)) Cameroon
Law No. 2010/012 on Cybersecurity and Cybercrime
Law No. 2010/013 on Electronic Communications
Applicable CEMAC and OHADA data protection principles
National requirements governing health data confidentiality and electronic records
2. Categories of Data We Collect We collect and process data strictly on a minimum-necessary basis, grouped by service category: 2.1 Activity and Fitness
Steps, activity intensity, distance
Heart rate, HRV, stress metrics
Sleep stages and recovery data
GPS-based activity data (where enabled) 2.2 Nutrition and Weight Management
Weight, BMI, body measurements
Nutrition logs and dietary preferences
AI-generated nutrition insights 2.3 Diseases and Conditions Management
Diagnoses and clinical conditions
Disease-specific metrics and trends
Risk stratification indicators 2.4 Healthcare Services and Management
Electronic health records (EHR)
Clinician notes and care plans
Telehealth, scheduling, and coordination data 2.5 Medical Device Apps
Connected device identifiers
Sensor data and telemetry
Integration and interoperability logs 2.6 Medication and Treatment Management
Prescriptions and dosage schedules
Medication adherence data
Treatment response analytics
3. Lawful Basis for Processing We process personal and health data under one or more of the following lawful bases:
Explicit and informed consent
Provision of healthcare and related services
Compliance with legal and regulatory obligations
Vital interests of the data subject
Public interest in healthcare and research (where permitted) Consent may be withdrawn at any time without affecting prior lawful processing.
4. HIPAA Compliance (United States) Where applicable, Itechnocrat Health acts as a Covered Entity or Business Associate and:
Uses PHI only for treatment, payment, and healthcare operations
Executes Business Associate Agreements (BAAs)
Applies safeguards under the HIPAA Security Rule
Maintains breach detection, notification, and mitigation procedures
5. Canadian Privacy Compliance (PIPEDA & Provincial Laws) For Canadian users:
Personal health information is collected only for identified and appropriate purposes
Consent is obtained and documented
Individuals may access, correct, or withdraw consent
Safeguards align with PIPEDA Principle 7 (Safeguards)
Data residency requirements are respected where provincially mandated
Cross-border transfers are disclosed and protected by contractual safeguards
6. Cameroon Data Protection & Cybersecurity Compliance For users in Cameroon:
Health data is treated as confidential and sensitive
Electronic records are protected against unauthorized access, alteration, and disclosure
Data processing complies with national cybersecurity and electronic communications laws
Security measures are implemented to prevent cybercrime, data breaches, and misuse
Where data is transferred internationally, equivalent confidentiality and security safeguards are applied
7. How We Use Data We use collected data to:
Deliver personalized healthcare, fitness, and disease management services
Support clinicians and care teams
Enable AI-driven insights and predictive modeling
Improve system performance, safety, and accuracy
Meet legal, regulatory, and reporting obligations 🚫 We do not sell personal or health data, including consumer health data, under any jurisdiction.
8. Data Sharing and Disclosure We may share data only with:
Authorized healthcare providers
Approved processors and service providers under strict agreements
Device and integration partners where enabled by the user
Regulatory authorities when legally required All third parties must comply with equivalent privacy, security, and confidentiality obligations.
9. Consumer Health Data (CHD) Protections In compliance with U.S. CHD laws and equivalent international principles:
Explicit consent is required for collection and sharing
No geofencing or health inference without authorization
No discriminatory use of health data
Deletion and access rights are honored promptly
10. Individual Rights Users have rights under applicable law, including: GDPR
Access, rectification, erasure
Data portability and restriction
Objection to automated decision-making CCPA / CPRA
Right to know, delete, correct
Right to limit sensitive data use
Right to opt out (where applicable) HIPAA
Access and amend PHI
Accounting of disclosures
File complaints without retaliation Canada (PIPEDA)
Access and correction
Withdraw consent
Challenge compliance Cameroon
Confidentiality and security of personal data
Protection against unauthorized electronic processing Requests may be submitted to: 📧 privacy@itechnocrathealth.com
11. Data Security We employ industry-standard safeguards including:
Encryption at rest and in transit
Role-based access controls
Security logging and monitoring
Regular audits and risk assessments
Incident response and breach notification procedures
12. Data Retention Data is retained only as long as required to:
Provide healthcare services
Comply with applicable laws
Resolve disputes and enforce agreements Data is securely deleted or anonymized when no longer required.
13. International Data Transfers When data crosses borders, we apply:
GDPR Standard Contractual Clauses (SCCs)
PIPEDA-compliant contractual protections
Equivalent safeguards for Cameroon and other jurisdictions
14. Children’s Privacy We do not knowingly collect data from children under 13 (or higher local age thresholds) without verified parental or guardian consent.
15. Policy Updates This Privacy Policy may be updated periodically. Material changes will be communicated via our website or application.
16. Contact Information
Itechnocrat Health Inc.
📍 111 2845 23rd Street NE, Calgary, AB T2E 7A4
📧 privacy@itechnocrathealth.com
1. Scope and Regulatory Framework
This Privacy Policy applies to Itechnocrat Health Inc. (“Itechnocrat Health,” “we,” “us,” or “our”) and governs the collection, use, disclosure, storage, and protection of personal data, personal health data, and protected health information (PHI) across our AI-powered EHR platform, mobile and web applications, and connected medical and wellness devices (including Garmin smart watches).
This policy is designed to comply with applicable privacy and health data laws, including: United States
HIPAA (Health Insurance Portability and Accountability Act)
HITECH Act
CCPA / CPRA (California)
U.S. Consumer Health Data (CHD) laws (e.g., Washington My Health My Data Act) European Union
GDPR (General Data Protection Regulation – EU 2016/679) Canada
PIPEDA (Personal Information Protection and Electronic Documents Act)
Provincial health privacy laws where applicable (e.g., PHIPA (Ontario), HIA (Alberta)) Cameroon
Law No. 2010/012 on Cybersecurity and Cybercrime
Law No. 2010/013 on Electronic Communications
Applicable CEMAC and OHADA data protection principles
National requirements governing health data confidentiality and electronic records
2. Categories of Data We Collect We collect and process data strictly on a minimum-necessary basis, grouped by service category: 2.1 Activity and Fitness
Steps, activity intensity, distance
Heart rate, HRV, stress metrics
Sleep stages and recovery data
GPS-based activity data (where enabled) 2.2 Nutrition and Weight Management
Weight, BMI, body measurements
Nutrition logs and dietary preferences
AI-generated nutrition insights 2.3 Diseases and Conditions Management
Diagnoses and clinical conditions
Disease-specific metrics and trends
Risk stratification indicators 2.4 Healthcare Services and Management
Electronic health records (EHR)
Clinician notes and care plans
Telehealth, scheduling, and coordination data 2.5 Medical Device Apps
Connected device identifiers
Sensor data and telemetry
Integration and interoperability logs 2.6 Medication and Treatment Management
Prescriptions and dosage schedules
Medication adherence data
Treatment response analytics
3. Lawful Basis for Processing We process personal and health data under one or more of the following lawful bases:
Explicit and informed consent
Provision of healthcare and related services
Compliance with legal and regulatory obligations
Vital interests of the data subject
Public interest in healthcare and research (where permitted) Consent may be withdrawn at any time without affecting prior lawful processing.
4. HIPAA Compliance (United States) Where applicable, Itechnocrat Health acts as a Covered Entity or Business Associate and:
Uses PHI only for treatment, payment, and healthcare operations
Executes Business Associate Agreements (BAAs)
Applies safeguards under the HIPAA Security Rule
Maintains breach detection, notification, and mitigation procedures
5. Canadian Privacy Compliance (PIPEDA & Provincial Laws) For Canadian users:
Personal health information is collected only for identified and appropriate purposes
Consent is obtained and documented
Individuals may access, correct, or withdraw consent
Safeguards align with PIPEDA Principle 7 (Safeguards)
Data residency requirements are respected where provincially mandated
Cross-border transfers are disclosed and protected by contractual safeguards
6. Cameroon Data Protection & Cybersecurity Compliance For users in Cameroon:
Health data is treated as confidential and sensitive
Electronic records are protected against unauthorized access, alteration, and disclosure
Data processing complies with national cybersecurity and electronic communications laws
Security measures are implemented to prevent cybercrime, data breaches, and misuse
Where data is transferred internationally, equivalent confidentiality and security safeguards are applied
7. How We Use Data We use collected data to:
Deliver personalized healthcare, fitness, and disease management services
Support clinicians and care teams
Enable AI-driven insights and predictive modeling
Improve system performance, safety, and accuracy
Meet legal, regulatory, and reporting obligations 🚫 We do not sell personal or health data, including consumer health data, under any jurisdiction.
8. Data Sharing and Disclosure We may share data only with:
Authorized healthcare providers
Approved processors and service providers under strict agreements
Device and integration partners where enabled by the user
Regulatory authorities when legally required All third parties must comply with equivalent privacy, security, and confidentiality obligations.
9. Consumer Health Data (CHD) Protections In compliance with U.S. CHD laws and equivalent international principles:
Explicit consent is required for collection and sharing
No geofencing or health inference without authorization
No discriminatory use of health data
Deletion and access rights are honored promptly
10. Individual Rights Users have rights under applicable law, including: GDPR
Access, rectification, erasure
Data portability and restriction
Objection to automated decision-making CCPA / CPRA
Right to know, delete, correct
Right to limit sensitive data use
Right to opt out (where applicable) HIPAA
Access and amend PHI
Accounting of disclosures
File complaints without retaliation Canada (PIPEDA)
Access and correction
Withdraw consent
Challenge compliance Cameroon
Confidentiality and security of personal data
Protection against unauthorized electronic processing Requests may be submitted to: 📧 privacy@itechnocrathealth.com
11. Data Security We employ industry-standard safeguards including:
Encryption at rest and in transit
Role-based access controls
Security logging and monitoring
Regular audits and risk assessments
Incident response and breach notification procedures
12. Data Retention Data is retained only as long as required to:
Provide healthcare services
Comply with applicable laws
Resolve disputes and enforce agreements Data is securely deleted or anonymized when no longer required.
13. International Data Transfers When data crosses borders, we apply:
GDPR Standard Contractual Clauses (SCCs)
PIPEDA-compliant contractual protections
Equivalent safeguards for Cameroon and other jurisdictions
14. Children’s Privacy We do not knowingly collect data from children under 13 (or higher local age thresholds) without verified parental or guardian consent.
15. Policy Updates This Privacy Policy may be updated periodically. Material changes will be communicated via our website or application.
16. Contact Information
Itechnocrat Health Inc.
📍 111 2845 23rd Street NE, Calgary, AB T2E 7A4
📧 privacy@itechnocrathealth.com