Legal
Consumer Health Data Privacy Policy
The health-related data we handle, and the control you have over it.
The short version
Why health data gets extra protection
AffirmPax helps adults verify identity and age and record mutual consent for sexual activity. Some of the information involved is health-related, so Washington’s My Health My Data Act and similar laws give it extra protection. This page explains, in one place, what health data we handle and the control you have over it.
The most sensitive data never leaves your phone
- Your raw STI test panels, the specific substances in any drug-use disclosure, the ID and selfie images shown when you sign an agreement, and your date of birth stay encrypted on your device — we never receive them.
- During identity verification, your government ID is checked entirely on your own device and never reaches us — not the image, and not details like your license number or home address, which the app reads on your device and immediately discards. Only your verified name, your adult-age confirmation, and the verification selfie are sent; the selfie is encrypted, used to confirm the match, and then deleted.
What we hold, and how
- Everything we hold is encrypted so it can’t be read straight from our database — not even by us without the key.
- We never sell it, never use it for advertising, and never train AI on it.
You stay in control
- You can see your data, withdraw your consent, and delete your data — and deletion reaches our backups and the providers who hold it for us, not just the live copy.
- Reach our Privacy Officer at privacy@affirmpax.com or use the in-app privacy controls.
Full consumer health data policy
This policy describes how AffirmPax, Inc. handles consumer health data — information linked or reasonably linkable to you that identifies your past, present, or future physical or mental health status, including reproductive or sexual health, and precise location that could indicate you are seeking health-care services. It supplements our Privacy Policy and Data Sharing Policy; where they overlap, this policy controls for consumer health data.
1. Consumer health data we collect
The most sensitive material never reaches our servers: your raw STI test results and panels, the specific substances in any drug-use disclosure, the government-ID and selfie images shown at the moment you sign a consent agreement, the government ID used to verify your identity (the image stays on your device, and the app immediately discards the other details it reads — your license number, your home address, and the rest of the barcode data; only your verified name and age indicators are sent to us), and your exact date of birth all stay in encrypted storage on your own device. (Identity verification sends us only an encrypted selfie, which we delete as soon as the check is done — described below.)
Health data we collect and store, only after you opt in
- A coarse STI status summary (for example, “negative” or “indeterminate”) and the date of the panel — not the underlying results.
- A coarse drug-use category (for example, social/mild or illicit) — not the specific substances.
- The list of sexual activities the parties have agreed to, and the consent agreement record and its time-stamped history.
- At the moment you sign: your precise location (GPS), IP address, and device information, recorded as part of the signed consent record. Signing requires it.
- Identity- and age-verification data: a one-way fingerprint (hash) of your verification selfie, the encrypted verification selfie (held briefly by our cloud provider and deleted as soon as the check is complete), and verification metadata such as a face-match confidence score. Your government ID is checked on your own device and is never sent to us — neither the image nor details like your license number or home address (read on your device, then immediately discarded); only your verified name and age indicators reach us.
- Safety information you provide: duress-check answers and an emergency contact’s name, phone, and relationship.
- Messages you exchange with another party while negotiating an agreement.
Basic account data
Your phone number, your verified legal name, and age indicators (such as whether you are over 18, 21, or 25). We do not store your raw date of birth, and the app does not use email.
2. Where we collect it from
We collect consumer health data from you, directly, through the app; from your device (for example, location and device information at signing); from the other party to an agreement with you; and from our identity- and age-verification process.
3. How we use it
We use consumer health data only to:
- Verify that users are adults and are who they say they are, and record that verification.
- Create, present, and maintain the consent agreements you enter into.
- Establish a reliable consent record — including the time, parties, and signing context — so the agreement is trustworthy to the people relying on it.
- Support user safety, including the duress-check and emergency-contact features.
- Operate, secure, and debug the service, and comply with law and prevent serious harm.
4. How we ask for consent
- Opt-in to collect: we collect the data above only after you give clear, affirmative, opt-in consent, presented separately from our general terms. You can decline.
- Separate consent to share: sharing the agreed health disclosures with the other party to your agreement is the service you ask us to provide. Any sharing beyond that — except with the providers who operate the app for us under contract, or where the law requires it — happens only with your separate consent.
- Withdrawing consent: you can withdraw any consent at any time. Withdrawal stops future collection or sharing; it does not undo processing that already happened lawfully.
5. Who we share it with
We share consumer health data only with: the other party to your agreement (the core service); service providers acting for us under contract, as needed to run the app — Google Cloud and Firebase (encrypted storage and notifications) and Twilio (SMS verification codes), where used; and authorities, where the law requires it or to prevent serious harm.
- We never sell your consumer health data, and we have not sought and will not seek any authorization to sell it.
- We never share it for advertising or cross-context behavioral targeting, and our app contains no advertising or analytics tracking software.
6. Your rights and how to use them
You have the right to confirm and access the consumer health data we hold and learn who we have shared it with; to withdraw your consent; and to delete your data. When you delete, we delete it from all parts of our systems, including archived and backup systems, and we notify the providers and other parties that received it. Where data sits only in a backup that must be restored to reach it, deletion from that backup may take longer, but no more than six months.
- Use the in-app privacy controls (the app supports data export and account deletion) or email privacy@affirmpax.com.
- We will not require a new account to make a request, will respond within the time the law requires, and if we decline we will tell you why and how to appeal.
7. How we protect it
- The most sensitive material stays on your device and never reaches our servers.
- The consumer health data we do hold — your coarse STI status, the agreed-activities list, your messages, your signing location, and your safety information — is encrypted at the application level, with the keys kept separately from the database, so it cannot be read from the database itself or by staff with database access.
- The verification selfie is encrypted for the short time our cloud provider holds it and is deleted as soon as the check is complete; access is restricted to what is necessary to operate the service.
8. No geofencing
We do not use geofences around health-care facilities to identify or track you, to collect consumer health data, or to send you notifications or advertising. The precise location we record exists only to time-stamp and authenticate a consent agreement you choose to sign — never to track, profile, or target you.
9. If there is a data breach
If consumer health data is ever subject to a breach, we will notify affected users — and, where applicable, the Federal Trade Commission and the media — consistent with the FTC Health Breach Notification Rule and applicable law, without unreasonable delay and no later than 60 calendar days after discovery (we aim to act sooner).
10. How long we keep it
The verification selfie is deleted as soon as it has been used to verify you. We keep consent records while the agreement is active and for a limited period afterward for evidentiary and legal-defense purposes, then delete or de-identify them; signing location and device data are kept only as part of that consent record; messages and safety information are kept while needed. We delete or de-identify consumer health data when the purpose it was collected for, and any legal obligation to keep it, have ended.
11. Changes to this policy
If we make a material change to how we handle consumer health data, we will post the updated policy here with a new effective date and, where the law requires, obtain fresh consent before applying the change to data already collected.
12. Contact
Questions or requests about consumer health data: email our Privacy Officer at privacy@affirmpax.com, or write to AffirmPax, Inc., 131 Continental Dr, Suite 305, Newark, Delaware 19713.
Contact
Questions about your consumer health data? Email our Privacy Officer or use our contact form.