This policy ensures data protection in compliance with HIPAA, GDPR, and Guinea’s laws.

• Data Collection:
  • Types: Personal (name, email, address), health (medical records, biometrics), usage (app interactions), technical (IP, device type).
  • Sources: User input, automated tracking (e.g., cookies), third parties (e.g., hospital records with consent).
  • Purpose: Service delivery, personalization, legal compliance, anonymized research.
• Data Use:
  • Primary: Execute services (e.g., diagnostics, dashboards).
  • Secondary: Improve products, conduct anonymized public health research.
• Data Sharing:
  • With service providers (e.g., AWS) under strict confidentiality.
  • With partners or authorities only with consent or legal obligation.
  • International transfers use GDPR-compliant clauses.
• Security:
  • End-to-end encryption (HTTPS, TLS), secure cloud storage, regular audits.
  • Breach notifications within 72 hours; immediate corrective actions.
• User Rights:
  • Access, rectify, delete, port, or oppose data processing.
  • Requests to dpo@digitalvoguewellness.com with ID; response within 30 days.
• Cookies:
  • Essential, analytical, and personalization cookies.
  • Managed via consent banner; respects Do Not Track settings.
• Minors: No data collection from children under 13 without parental consent.
• Data Retention:
  • Kept only as needed (e.g., medical records for 5 years).
  • Securely deleted or anonymized post-retention.
• International Transfers:
  • Data processed in Guinea, USA, or global cloud servers.
  • Compliant with HIPAA/GDPR via contractual safeguards.
• Updates:
  • Notified via email or app; effective May 3, 2025.