Health Data Privacy Policy
How FreeRxApp collects, protects, and uses your health information — and your rights under CCPA/CPRA, the Washington My Health My Data Act, and other applicable laws.
CCPA/CPRA Compliant
AES-256 Encrypted
De-Identified Data
Right to Delete
Effective: April 16, 2026 · Version 1.0
1. Data We Collect
When you complete the FreeRxApp Health Assessment, we collect the following information:
Page 1 — Demographics
| Field | Type | Purpose |
|---|
| Age range | Non-identifying category (e.g., "35–44") | Risk scoring algorithm |
| Gender | Category | Risk scoring |
| ZIP code | Geographic area (not precise location) | Regional health context |
| Height (inches) | Numeric | BMI calculation |
| Weight (lbs) | Numeric | BMI calculation |
| BMI | Calculated numeric | Risk scoring |
| Insurance type | Category | Resource matching |
| Household size | Category | Resource matching |
Page 2 — Lifestyle Factors
| Field | Type | Purpose |
|---|
| Exercise frequency | Category | Risk scoring |
| Sleep quality | 1–5 scale | Risk scoring |
| Smoking status | Category (Current/Former/Never) | Risk scoring |
| Alcohol use | Category | Risk scoring |
| Diet type | Category | Risk scoring |
| Stress level | 1–5 scale | Risk scoring |
Page 3 — Current Health Conditions
| Field | Type | Purpose |
|---|
| Health conditions | Multi-select (e.g., Diabetes, Hypertension, Asthma) | Risk scoring; audience segmentation |
| Condition details | Per-condition: medication, specialist, duration | Risk scoring |
| Seen a specialist | Boolean | Risk scoring |
| Treatment satisfaction | 1–5 scale | Switch-readiness indicator (internal) |
| Last doctor visit | Category (e.g., "Within 6 months") | Risk scoring |
Page 4 — Family Health History
| Field | Type | Purpose |
|---|
| Parent conditions | Multi-select | Genetic risk flags |
| Sibling conditions | Multi-select | Genetic risk flags |
| Family early-onset | Boolean | Genetic risk scoring |
| Early-onset conditions | Multi-select | Genetic risk scoring |
Page 5 — Email Gate & Consent
| Field | Storage | Purpose |
|---|
| Email address | AES-256-GCM encrypted; stored separately from health data | Delivering your results; identity resolution for deletion requests |
| Consent record | Timestamp, consent version, text shown | Proof of affirmative consent |
| IP address (hashed) | SHA-256 hash only — never stored in plaintext | Consent proof; fraud prevention |
No name collected.
We do not ask for your first or last name. Your email address and health assessment responses are stored in separate database tables and are only joined for authorized operations such as honoring deletion requests.
2. How We De-Identify Data
Before your health information is used for advertising or research purposes, it is de-identified using the following methods:
- Email hashing: Your email address is SHA-256 hashed. The hash is used only to resolve your identity for operations you request (e.g., deletion). The hash alone cannot be reverse-engineered to reveal your email.
- Two-table isolation: Health assessment responses (conditions, risk scores, family history) are stored under a randomly generated session UUID. Your email is stored in a separate consents table linked only by that UUID. The tables are never publicly joined.
- No name–condition linkage: We do not collect your name. Your health conditions are never stored alongside any field that directly identifies you by name.
- Aggregation before export: When health data is used to create advertising audience segments, it is aggregated with data from thousands of other users. We do not export individual health records to any third party.
- Category-level responses: Age, household size, income, and geography are collected as ranges/categories — not as precise personal attributes.
3. How We Use Your Data
- Deliver your results: We run a scoring algorithm on your responses to calculate your Health Age, 6 risk category scores, and genetic risk flags. These are shown to you immediately.
- Health research & audience segmentation: De-identified health data is used to create aggregate audience segments for healthcare advertising. For example, "adults 35–54 with diabetes in California" may be used to serve relevant pharmaceutical ads.
- Platform improvement: Aggregated, anonymized data helps us improve the accuracy of our risk scoring models.
- Email communication: If you consent, we may email you relevant health savings information from FreeRxApp. You can unsubscribe at any time.
We do not use your data for:
Employment decisions, insurance underwriting, credit decisions, or any purpose not described in this policy.
4. Who We Share Data With
Pharmaceutical companies, healthcare agencies, and demand-side advertising platforms receive only aggregate, de-identified audience segments — never individual health records.
| Recipient Type | What They Receive | What They Never Receive |
|---|
| Pharmaceutical advertisers |
Aggregate audience segments (e.g., "12,400 users with diabetes interest, age 45–64") |
Individual records, emails, names, raw health responses |
| Healthcare advertising agencies |
Aggregate segment data for campaign targeting |
Individual records |
| Demand-side platforms (DSPs) |
Anonymized segment identifiers for ad targeting |
Individual health records or personal identifiers |
| Analytics providers |
Page-level analytics (page views, events) without health data |
Health assessment responses |
| Service providers (hosting, database) |
Encrypted data at rest; no ability to read plaintext PII without encryption key |
Decrypted email addresses |
We do not sell individual health records.
If you opt out of the sale of your personal information (using the link below), your data will not be included in any audience segments shared with third parties.
5. Data Architecture & Security
Two-Table Architecture
Health data is physically separated from your email address in our database:
- Consents table: Stores your encrypted email, consent timestamp, consent version, and hashed IP. Linked to your assessment via a random session UUID.
- Assessments table: Stores your health responses and risk scores, keyed only by session UUID — no email stored here.
- These tables are only joined for authorized operations such as responding to your deletion request.
Encryption
- Email addresses: AES-256-GCM encryption at rest
- Database connections: TLS in transit
- IP addresses: SHA-256 hashed — never stored in plaintext alongside health data
- Encryption keys: Managed via environment-level key management, separate from application code
6. Consent & Your Choices
Your consent to use de-identified health information for research and advertising is affirmative and optional:
- The consent checkbox on the email gate page is unchecked by default. You must actively check it.
- You can still receive your health results without providing consent to the advertising use of your data — however, providing your email is required to unlock results.
- We record the exact consent text shown to you, the timestamp, and the consent version number, so we can always prove what you agreed to.
- You may withdraw consent at any time by submitting a deletion or withdrawal request using the contact information below.
Consent version tracking:
If we update the consent language, we assign a new version number. Users who consented under a prior version are not automatically re-consented — we will seek fresh consent for materially different uses.
7. Your Rights Under CCPA/CPRA (California Residents)
If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) give you the following rights:
🔍
Right to Know
Request disclosure of the categories and specific pieces of personal information we have collected about you.
🗑️
Right to Delete
Request deletion of your personal information. We will delete your email and anonymize your health assessment records.
🚫
Right to Opt-Out of Sale
Opt out of the sale of your personal information to third parties. Use the "Do Not Sell My Personal Information" link in our footer.
✏️
Right to Correct
Request correction of inaccurate personal information. Contact us at the address below.
⚖️
Right to Non-Discrimination
We will not discriminate against you for exercising any of these rights.
🎚️
Right to Limit Sensitive Data
Health information is "sensitive personal information" under CPRA. You may direct us to limit its use to providing the requested service.
To exercise these rights, email info@summitaudiencesegments.com or use the Do Not Sell page.
We will respond to verifiable consumer requests within 45 days (extendable to 90 days with notice). We do not charge a fee for reasonable requests.
Global Privacy Control (GPC)
We honor the GPC browser signal (Sec-GPC: 1). When we detect this signal, we automatically treat your visit as an opt-out of the sale of your personal information.
8. Washington My Health My Data Act
If you are a Washington State resident, the My Health My Data Act (effective July 2023) provides additional protections for health data:
- Affirmative consent required before collecting or sharing consumer health data — our consent checkbox satisfies this requirement.
- Right to withdraw consent: You may withdraw consent at any time by submitting a request to info@summitaudiencesegments.com. We will stop processing your health data within 30 days.
- Right to deletion: You may request deletion of all consumer health data we have collected about you.
- No geofencing: We do not use geofencing around health care facilities.
- No sale without consent: We do not sell consumer health data without affirmative authorization.
9. Connecticut Health Data Law (SB 3 / PA 23-16)
Connecticut residents have the following rights under SB 3 (effective July 1, 2023):
- Right to access personal data we have collected about you.
- Right to delete personal data provided by or obtained about you.
- Right to opt-out of the sale of personal data or use for targeted advertising.
- Right to data portability — obtain a copy of your data in a portable format.
- Right to correct inaccurate personal data.
To submit a request, email info@summitaudiencesegments.com with the subject line "Connecticut Privacy Request."
10. Data Retention
| Data Type | Retention Period | Deletion Process |
|---|
| Email address (encrypted) | 2 years from collection, or until deletion request | Permanently deleted from consents table |
| Health assessment responses | 2 years from completion, or until deletion request | All fields set to NULL; session UUID retained for audit log only |
| Risk scores (health age, category risks) | 2 years | Deleted with assessment record |
| Consent records | 5 years (required for legal proof of consent) | Email removed; anonymized consent record retained per legal requirement |
| Deletion request records | 5 years | Retained to demonstrate CCPA compliance; no health data retained in these records |
11. Security Measures
- Encryption at rest: Email addresses are encrypted with AES-256-GCM. Assessment data is stored on an encrypted PostgreSQL database.
- Encryption in transit: All data transmitted between your browser and our servers uses TLS 1.2 or higher (HTTPS).
- Physical separation: Email addresses and health data are in separate database tables. No single query returns both without authorization.
- No raw IP storage: IP addresses are SHA-256 hashed before storage and never retained in plaintext alongside health data.
- Access controls: Database access is restricted to application-level credentials. No third party has direct database access.
- Security monitoring: We monitor for unauthorized access patterns and maintain audit logs of data access.
12. FTC Health Breach Notification Compliance
FreeRxApp is operated by Summit Audience Segments, Inc. We are a personal health record (PHR) related entity as defined under the FTC Health Breach Notification Rule (16 CFR Part 318).
In the event of a breach of unsecured personally identifiable health information, we will:
- Notify affected individuals within 60 calendar days of discovering the breach.
- Notify the FTC within 60 calendar days (or 10 days for breaches affecting 500 or more individuals).
- Notify prominent media outlets in states where 500 or more residents are affected.
- Include in notifications: the nature of the breach, types of data affected, steps individuals can take to protect themselves, and our contact information.
Our security incident response plan is reviewed annually. Contact info@summitaudiencesegments.com to report a suspected security incident.
13. Cookies & Tracking
FreeRxApp uses the following cookies and tracking technologies:
| Name | Type | Purpose | Consent Required? |
|---|
_sc_vid | First-party, 1 year | Anonymous visitor ID for analytics (no health data attached) | No — essential analytics |
| Session storage | Browser session only | Health assessment in-progress state | No — essential functionality |
| Google Analytics (GA4) | Third-party | Page-level analytics — does not track health responses | No — no health data transmitted |
| Google AdSense | Third-party | Display advertising (non-targeted, not based on health data) | No |
Health pages are not cross-tracked.
We do not attach health assessment responses to any advertising tracking pixel or third-party analytics event. Google Analytics receives only standard page view data (URL, referrer, device) — never your health quiz answers.