Privacy Policy | SeeMyHealth for Providers

1. Introduction

SeeMyHealth LLC ("SeeMyHealth," "we," "our," or "us") is a Delaware limited liability company. This Privacy Policy explains how we collect, use, share, and safeguard information when you use the SeeMyHealth for Providers platform at seemyhealth.care (the "Platform").

This policy applies to wellness professionals, practitioners, and organizations ("Providers" or "you") who use the Platform to manage their practice and monitor client health data from SeeMyHealth devices.

Relationship to Consumer Privacy Policy

This policy covers the provider platform at seemyhealth.care. If you are looking for the privacy policy that applies to SeeMyHealth consumer products, the mobile app, and the online store, please visit seemyhealth.ai/privacy.

2. Roles & Responsibilities

Data protection law distinguishes between data controllers (who determine the purposes and means of processing) and data processors (who process data on behalf of controllers). Our roles depend on the type of data:

SeeMyHealth as Data Processor

For client health and wellness data that flows through the Platform, SeeMyHealth acts as a data processor. We process this data solely on your instructions and in accordance with our Data Processing Agreement (DPA).

Provider as Data Controller

As the provider, you are the data controller for your clients' personal and health data. You determine why and how client data is processed and are responsible for obtaining appropriate client consent.

SeeMyHealth as Data Controller

For provider account data (your registration details, payment information, usage data), SeeMyHealth acts as the data controller. We determine the purposes and means of processing this data as described in this policy.

Data Processing Agreement

Detailed terms governing our processing of client data on your behalf are set out in our Data Processing Agreement (DPA), which forms part of your service agreement. The DPA covers sub-processors, data transfer mechanisms, audit rights, and breach notification obligations. Contact legal@seemyhealth.ai to request a copy.

3. Data We Collect from Providers

Account Information

Name, email address, organization name, practice type (e.g., nutritionist, therapist, physiotherapist, fitness professional), and practice location(s).

Payment Information

Subscription and billing data processed by Stripe. We do not store your credit card numbers, bank account details, or other sensitive payment credentials on our servers.

Usage Data

Login timestamps, features used, pages visited, session duration, and interaction patterns. Used to improve the Platform and provide support.

Communications

Support tickets, feedback submissions, survey responses, and any correspondence you send to us.

Device & Browser Information

IP address, browser type and version, operating system, screen resolution, and device identifiers. Collected automatically for security, fraud prevention, and analytics purposes.

4. Client Data Processed Through the Platform

Important: Provider Responsibility

As the data controller for your clients' data, you are responsible for obtaining appropriate consent from your clients before their data is processed through the Platform. We process client data only on your instructions and in accordance with our Data Processing Agreement.

The following categories of client data may be processed through the Platform:

Health & Wellness Data from Devices

Vitals (heart rate, HRV, SpO2), weight and body composition, hydration levels, sleep data, blood pressure readings, and blood glucose levels from SeeMyHealth devices

Appointment & Consultation Records

Appointment scheduling data, consultation notes, session recordings (if enabled), and follow-up records

Client Demographics

Client name, email address, phone number, and other contact information as entered by the provider or shared by the client through the C-MyHealth app

5. How We Use Provider Data

We use provider data to:

Provide and maintain the Platform including account management, feature delivery, and technical support
Process payments for subscriptions and services through Stripe
Send service communications including account notifications, security alerts, billing reminders, and feature updates
Improve the Platform using aggregated, anonymized analytics to understand usage patterns and prioritize features
Comply with legal obligations including tax reporting, regulatory requirements, and lawful government requests

We do NOT sell provider data or client data to any third party. We have never sold personal data and have no plans to do so.

6. Lawful Basis for Processing (GDPR)

We process provider personal data under the following legal bases:

Contractual Necessity: Processing required to provide the Platform, manage your subscription, and deliver the services you have contracted for
Legitimate Interest: Platform security, fraud prevention, service improvement through aggregated analytics, and ensuring system reliability, where our interests do not override your fundamental rights
Legal Obligation: Tax record-keeping, regulatory reporting, and responding to lawful government requests
Consent: Marketing communications, including product updates, newsletters, and promotional content. You may withdraw consent at any time without affecting the lawfulness of prior processing.

For client data processed on your behalf, the lawful basis is determined by you as the data controller. Our processing is governed by the Data Processing Agreement between us.

7. Data Sharing

We share data with the following categories of recipients:

Cloudflare

Hosting, CDN, security, DDoS protection

Stripe

Subscription billing, payment processing

Google Analytics

Anonymized usage analytics (G-J3EW7NFJTP)

Client Health Data

We do not share client health data with any third party except as specifically instructed by you, the provider. Client health data is never used for advertising, analytics, or any purpose beyond delivering the Platform services.

We may also disclose information to law enforcement or regulatory authorities when legally required to do so, such as in response to a valid court order, subpoena, or legal process.

8. International Data Transfers

Your data may be processed in the United States and the European Union, depending on your location and the services you use.

When we transfer data internationally, we ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs) approved by the European Commission for transfers from the EEA to the US
Cloudflare's global network provides edge-level security and may process requests through data centers worldwide, subject to Cloudflare's own data processing agreements
Data processing agreements with all sub-processors that require equivalent data protection standards

9. Data Security

We implement comprehensive security measures to protect provider and client data:

Encryption in transit: TLS 1.2+ for all data transmitted between your browser, the Platform, and our infrastructure
Encryption at rest: AES-256 encryption for all stored personal and health data
Role-based access controls: Internal access to data is restricted to authorized personnel on a need-to-know basis
Regular security reviews: Periodic assessments of our security posture, infrastructure, and access controls
Cloudflare WAF & DDoS protection: All endpoints protected by web application firewall and distributed denial-of-service mitigation

Breach Notification

In the event of a data breach affecting personal or client data, we will notify affected providers within 72 hours of becoming aware of the breach, as required by GDPR. We will also notify the relevant supervisory authority within the same timeframe. Our notification will include the nature of the breach, data affected, likely consequences, and measures taken.

10. Data Retention

We retain data for the minimum period necessary for the purposes described in this policy:

Data Type	Retention Period
Provider account data	Duration of account + 90 days after termination
Client data	As directed by provider; deleted within 30 days of provider account termination
Payment records	7 years (tax and legal compliance)
Usage analytics	26 months
Backups	Purged within 90 days of data deletion

11. Provider Rights

Under GDPR, CCPA, and other applicable privacy laws, you have the following rights regarding your personal data:

Access

Request a copy of all personal data we hold about you in a portable format.

Correct

Request correction of inaccurate or incomplete data in your account.

Delete

Request erasure of your personal data and account, subject to legal retention requirements.

Restrict Processing

Limit how we process your data while a dispute or request is being resolved.

Data Portability

Export your data in a structured, machine-readable format for transfer to another service.

Withdraw Consent

Revoke consent for marketing communications at any time without affecting the lawfulness of prior processing.

You also have the right to lodge a complaint with a supervisory authority (data protection regulator) in your jurisdiction if you believe your rights have been violated.

To exercise any of these rights, contact us at privacy@seemyhealth.ai. We will respond within 30 days (or sooner where required by local law).

12. Client Rights

Clients Should Contact Their Provider First

Because you (the provider) are the data controller for your clients' data, clients who wish to exercise their data rights (access, correction, deletion, portability) should contact you directly in the first instance.

We will assist you in fulfilling client data requests in accordance with our Data Processing Agreement. This includes providing data exports, facilitating deletions, and supporting access requests within the timeframes required by applicable law.

Clients may also contact us directly at privacy@seemyhealth.ai if they are unable to resolve their request with their provider. In such cases, we will coordinate with the relevant provider to address the request.

13. Cookies & Tracking

The Platform uses cookies and similar technologies:

Essential cookies: Required for session management, authentication, and security. These cannot be disabled as the Platform will not function without them.
Analytics cookies: Google Analytics (measurement ID G-J3EW7NFJTP) collects anonymized usage data to help us understand how providers use the Platform and prioritize improvements.
No advertising cookies: We do not use advertising, retargeting, or social media tracking cookies on the Platform.

You can manage cookie preferences through your browser settings. Disabling analytics cookies will not affect Platform functionality.

14. Children's Privacy

The Platform is designed for use by wellness professionals. It is not intended for direct use by children.

Providers who treat clients under the age of 13 must ensure that appropriate parental or guardian consent has been obtained before entering any child's personal or health data into the Platform. The provider, as data controller, is responsible for compliance with COPPA, GDPR (age of digital consent), and other applicable child privacy regulations.

If we become aware that a provider has entered data relating to a child under 13 without appropriate consent, we will work with the provider to address the situation.

15. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes that affect how we process provider or client data, we will notify you via email at least 30 days before the changes take effect.

For non-material updates, we will post the revised policy on the Platform and update the "Last updated" date. Continued use of the Platform after changes constitutes acceptance. If you do not agree with the revised policy, you may terminate your account.

16. Contact Us

For questions about this policy, to exercise your data rights, or to report a data protection concern:

Privacy inquiries: privacy@seemyhealth.ai
Legal & DPA requests: legal@seemyhealth.ai
Provider support: providers@seemyhealth.ai
Website: seemyhealth.care