Privacy Policy

1. Introduction

Heyzl ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our medical tourism platform (the "Platform"), including our website, mobile applications, APIs, and all related services that connect patients with healthcare providers globally.

This policy applies to all users of the Platform, including patients seeking medical care abroad, healthcare providers and facilities listing their services, employers and corporate partners administering health benefit programs, and any visitors browsing our website.

By using our Platform, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our Platform.

HIPAA Compliance: As a healthcare platform, we are committed to compliance with the Health Insurance Portability and Accountability Act (HIPAA) and other applicable healthcare privacy regulations. Where we act as a Business Associate under HIPAA, we maintain Business Associate Agreements (BAAs) with covered entities and implement the required administrative, physical, and technical safeguards.

2. Information We Collect

2.1 Information You Provide

The information we collect depends on how you use the Platform and your role:

All Users:

• Account Information: Full name, email address, phone number, date of birth, mailing address, profile photograph, and preferred language
• Identity Verification: Government-issued identification documents, selfie photographs for identity matching, and verification status
• Communication Data: Messages exchanged through our platform messaging system, inquiries, feedback, support tickets, and call recordings (where disclosed)
• Payment Information: Credit/debit card details, billing address, bank account information for payouts, and transaction history (payment card data is processed and stored by our PCI-DSS compliant payment processor and is not stored on our servers)

Patient-Specific Data:

• Medical History: Previous diagnoses, surgeries, hospitalizations, chronic health conditions, and ongoing treatments
• Allergies & Medications: Known allergies (drug, food, environmental), current medications and dosages, and supplement usage
• Health Records: Uploaded medical documents, lab results, imaging reports, physician notes, and discharge summaries
• Insurance Information: Insurance provider name, policy number, coverage details, and pre-authorization documentation
• Travel Preferences: Preferred travel destinations, travel dates, accommodation preferences, companion/caregiver details, mobility requirements, and dietary restrictions
• Budget & Financial Preferences: Treatment budget ranges, preferred payment plans, and financing preferences
• Emergency Contacts: Name, relationship, phone number, and email of designated emergency contacts

Provider-Specific Data:

• Professional Credentials: Medical licenses (including license numbers and issuing authorities), board certifications, medical school diplomas, residency and fellowship training records, and continuing education certificates
• Specializations & Services: Medical specialties, sub-specialties, procedures offered, treatment packages, and areas of expertise
• Practice Information: Facility name, address(es), contact details, accreditation status (e.g., JCI, NABH), facility photographs, and operating hours
• Pricing & Availability: Treatment pricing, package details, consultation fees, available appointment slots, scheduling preferences, and cancellation policies
• Team Members: Information about staff members, including names, roles, qualifications, and profile photographs of team members associated with your practice
• Banking & Payout Information: Bank account details, tax identification numbers, and payout preferences for receiving payments through our platform

Employer & Partner Data:

• Organization Information: Company name, business address, tax identification number, and authorized representative details
• Program Configuration: Employee benefit plan details, covered procedures, budget allocations, and partner-specific referral codes
• Administrative Data: Administrator contact information, billing contacts, and designated program managers

2.2 Information Automatically Collected

When you access or use our Platform, we automatically collect certain information:

• Device Information: IP address, browser type and version, operating system and version, device type (desktop, mobile, tablet), screen resolution, device identifiers, and device fingerprinting data used for security and fraud prevention
• Session Data: Unique session identifiers (ms_session_id), session duration, authentication tokens, and session activity timestamps
• Usage Data: Pages visited, features used, search queries, provider profiles viewed, time spent on pages, click patterns, scroll depth, and interaction sequences
• Location Data: General geographic location derived from IP address; precise location only with your explicit consent (used for finding nearby providers and travel planning)
• Referral & Attribution Data: Partner attribution codes (ms_partner_attr), UTM parameters (utm_source, utm_medium, utm_campaign, utm_content, utm_term), referring website URLs, and landing page information
• Performance Data: Page load times, error logs, crash reports, and application performance metrics
• Cookies & Tracking: See our Cookie Policy for comprehensive details on cookies, web beacons, pixels, and similar tracking technologies

2.3 Information from Third Parties

We may receive information about you from the following third-party sources:

• Identity Verification Services: We use Persona (or similar providers) to verify your identity, which may include document authenticity checks, facial recognition matching, and watchlist screening results
• Medical Credential Verification: For providers, we verify credentials through international medical registries and databases including the General Medical Council (GMC), Joint Commission International (JCI), the National Plan and Provider Enumeration System (NPPES/NPI), and the Office of Inspector General (OIG) exclusion checks
• Payment Processors: Stripe provides us with transaction confirmations, payout statuses, chargeback notifications, and fraud risk assessments
• Analytics Providers: Aggregated and anonymized usage insights from analytics services that help us understand how users interact with our Platform
• Healthcare Providers: With your explicit consent, providers may share treatment notes, medical records, post-operative reports, and care plans through our Platform
• Employer & Partner Programs: If you access Heyzl through an employer or partner program, that organization may provide us with your eligibility information, employee ID, and benefit plan details
• Social Authentication: If you choose to sign in using a third-party service (e.g., Google), we receive basic profile information as authorized by you during the authentication process

3. How We Use Your Information

We use the information we collect for the following purposes:

Core Platform Services:

• Provide, operate, and maintain the Platform and all related services
• Facilitate AI-powered matching between patients and healthcare providers based on medical needs, preferences, location, budget, and provider specializations
• Generate personalized treatment recommendations and destination matching based on your medical profile and preferences
• Provide price estimation and savings calculations comparing treatment costs across providers and destinations
• Facilitate video consultations between patients and providers (powered by Twilio)
• Process and manage medical record uploads, including document OCR processing and AI-assisted medical record analysis and summarization
• Process bookings, payments, escrow management, and provider payouts
• Coordinate travel logistics and accommodation arrangements

Provider Verification & Trust:

• Verify provider credentials across international medical registries (GMC, JCI, NPPES, OIG)
• Conduct identity verification for all platform users
• Maintain and display verified provider profiles, ratings, and reviews
• Monitor provider compliance with platform standards and accreditation requirements

Communications & Notifications:

• Send booking confirmations, appointment reminders, and status updates via email, SMS, and push notifications
• Deliver transactional messages related to your account, payments, and medical travel arrangements
• Send marketing communications, newsletters, and personalized blog content (with your consent)
• Provide customer support and respond to inquiries

Analytics, Attribution & Improvement:

• Analyze usage patterns to improve Platform features, user experience, and service quality
• Track partner and referral attributions to manage partner programs and calculate referral compensation
• Conduct A/B testing and product experimentation to optimize the Platform
• Generate aggregated, anonymized insights about medical tourism trends and pricing

Security & Compliance:

• Prevent fraud, detect suspicious activity, and protect the security of our Platform and users
• Comply with applicable legal obligations, including healthcare regulations, financial reporting, and tax requirements
• Enforce our Terms of Service and resolve disputes
• Maintain audit logs for regulatory compliance and security monitoring

4. How We Share Your Information

We do not sell your personal information. We share your data only in the following circumstances:

4.1 With Healthcare Providers

When you initiate a booking or consultation, we share necessary information with your chosen Provider to facilitate your care. This may include your name, contact details, medical history, uploaded medical records, and treatment preferences. Medical records are only shared with your explicit consent, and you can control which records are shared with each Provider through your account settings.

4.2 Service Providers

We share information with trusted third-party service providers who process data on our behalf, subject to strict data processing agreements:

• Stripe: Payment processing, provider payouts via Stripe Connect, fraud detection, and financial compliance
• Twilio: SMS notifications, voice calls, and video consultation infrastructure
• Resend / SendGrid: Transactional and marketing email delivery
• Supabase: Database hosting, user authentication, file storage, and real-time data synchronization
• Sentry: Application error monitoring, crash reporting, and performance tracking
• Persona: Identity verification, document authentication, and fraud prevention
• Google Maps / Mapbox: Mapping, geocoding, and location-based provider search services
• Analytics Providers: Anonymized usage analytics to help us understand and improve the Platform

Each service provider is contractually obligated to use your data only for the specific purposes we direct, and to maintain appropriate security measures.

4.3 Legal Requirements

We may disclose information when required by law, subpoena, court order, or government request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request.

4.4 Employer & Partner Programs

If you access Heyzl through an employer-sponsored health benefit program or a referral partner:

• Your employer or partner may receive aggregated, de-identified utilization reports (e.g., number of bookings, total savings) but will not receive your individual medical information without your explicit consent
• Program administrators may have access to your eligibility status and basic booking information (e.g., appointment dates, treatment category) as necessary to administer your benefits
• Partner attribution data is used to track referral sources for program management and compensation purposes
• You will be clearly informed at the time of enrollment about what information is shared with your employer or partner

4.5 International Provider Data Sharing

As a medical tourism platform, facilitating cross-border healthcare requires sharing certain information internationally:

• When you book a procedure with a provider in another country, your relevant medical information and personal details will be transferred to that provider in their jurisdiction
• We ensure that all international data transfers comply with applicable data protection laws, including through Standard Contractual Clauses, adequacy decisions, or other approved transfer mechanisms
• Providers receiving your data are required to maintain confidentiality and comply with applicable local healthcare privacy laws
• You will be informed of the destination country before any cross-border transfer of your medical data, and your explicit consent will be obtained

5. Data Security

We implement comprehensive, multi-layered security measures to protect your personal and medical information:

Encryption:

• AES-256 encryption for all data at rest, including databases, file storage, and backups
• TLS 1.2 or higher for all data in transit, ensuring secure communication between your device and our servers
• End-to-end encryption for sensitive medical documents and communications

Authentication & Access Control:

• Multi-factor authentication (MFA) available for all accounts and required for provider and admin accounts
• Automatic account lockout protection after repeated failed login attempts
• Role-based access controls (RBAC) with distinct permission levels for patients, providers, administrators, and super administrators
• Device fingerprinting for session security and anomalous login detection
• IP whitelisting for administrative access to sensitive systems

Infrastructure & Application Security:

• HIPAA-compliant infrastructure with conditionally enabled safeguards based on the sensitivity of data being processed
• CSRF (Cross-Site Request Forgery) protection on all state-changing operations
• Secure API key management and rotation policies
• Webhook signature verification for all inbound integrations
• Regular security audits, penetration testing, and vulnerability assessments

Monitoring & Incident Response:

• Comprehensive audit logging for all sensitive operations, including data access, modifications, and administrative actions
• Real-time breach detection and suspicious activity monitoring
• Automated alerting for anomalous access patterns, unusual login locations, and potential data exfiltration
• Documented incident response procedures with defined escalation paths and notification timelines
• Employee training on data protection, security awareness, and HIPAA compliance

While we employ industry-leading security measures, no method of electronic transmission or storage is 100% secure. We continuously evaluate and improve our security posture, but we cannot guarantee absolute security. In the event of a data breach affecting your personal information, we will notify you and applicable authorities in accordance with applicable law.

6. AI and Automated Processing

Heyzl uses artificial intelligence (AI) and automated processing to enhance your experience and improve our services. We believe in transparency about how these technologies are used.

AI-Powered Features:

• Smart Matching: We use AI algorithms to match patients with healthcare providers based on medical needs, preferences, budget, location, provider specializations, and historical outcomes
• Medical Record Analysis: AI-assisted processing of uploaded medical documents, including OCR (optical character recognition) for document digitization and automated summarization of medical records to help providers quickly understand your medical history
• Treatment Recommendations: AI-generated suggestions for treatment options, destinations, and providers based on your medical profile and preferences
• Price Estimation: Automated price estimation and savings calculations based on provider data, historical pricing, and destination cost factors
• Chatbot & Support: AI-powered chatbot for answering common questions, guiding you through the booking process, and providing initial support
• Content Personalization: AI-driven personalization of blog content, educational resources, and treatment information based on your interests and browsing history
• Fraud Detection: Automated systems that analyze patterns to detect and prevent fraudulent activity on the Platform

Important Limitations:

• AI features on Heyzl are designed to assist and inform -- they do not make medical decisions, provide medical diagnoses, or replace professional medical advice
• All treatment recommendations generated by AI are informational only and should be discussed with a qualified healthcare professional before making any medical decisions
• AI-generated medical record summaries are provided as a convenience tool and do not constitute a medical interpretation or diagnosis
• Provider matching suggestions are based on available data and algorithms, and you always retain full freedom to choose any provider on the Platform

Your Choices Regarding AI:

• You may opt out of AI-powered personalization and content recommendations through your account privacy settings
• You can request that your medical records not be processed by AI summarization tools; in this case, records will be shared with providers in their original form only
• Certain AI features (such as fraud detection and security monitoring) are essential to the safe operation of the Platform and cannot be opted out of
• To exercise any opt-out rights related to AI processing, visit your account settings or contact us

We regularly review and audit our AI systems for accuracy, bias, and fairness. If you believe an AI-generated recommendation or decision has been made in error, you may request a human review by contacting our support team.

7. Your Privacy Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal information
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your information (subject to legal requirements)
• Portability: Request transfer of your data to another service
• Opt-Out: Unsubscribe from marketing communications
• Restriction: Request limitation of processing

Regional Privacy Rights:

• GDPR Rights (EU/UK)
• CCPA Rights (California)
• CDPA Rights (Virginia)
• CPA Rights (Colorado)

To exercise your rights, please submit a request.

8. Cookies & Tracking

We use cookies and similar technologies to enhance your experience. For detailed information, see our Cookie Policy.

9. Children's Privacy

Our Platform is not intended for children under 18. We do not knowingly collect information from children. If you believe we have collected information from a child, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure adequate protection through:

• Standard Contractual Clauses (for EU data)
• Adequacy decisions where applicable
• Appropriate safeguards and security measures

11. Data Retention

We retain your information for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. Below are our specific retention periods:

• Account Data: Retained for the duration of your active account plus 3 years after account closure or last activity, to allow for account recovery and to fulfill any outstanding obligations
• Medical Records: Minimum of 7 years from the date of last treatment, as required by healthcare regulations in most jurisdictions (longer retention may apply based on applicable local law)
• Payment & Financial Records: 7 years from the date of the transaction, in compliance with financial reporting and tax regulations
• Audit Logs: 6 years, to support regulatory compliance, security investigations, and dispute resolution
• Communication Records: 3 years after the last interaction, including messages, support tickets, and consultation notes
• Cookie Consent Records: Retained for the duration of the consent period as proof of consent, in compliance with GDPR and similar regulations
• Partner Attribution Data: Attribution cookies expire after 30 days; aggregated attribution and referral data is retained for the duration of the partner relationship plus 2 years
• Identity Verification Data: Retained for the duration of your account plus 1 year, or as required by applicable anti-money laundering (AML) regulations

When data is no longer required, it is securely deleted or anonymized so that it can no longer be associated with you. Anonymized data may be retained indefinitely for statistical and research purposes.

You may request early deletion of your data by submitting a data deletion request. Please note that certain data may need to be retained to comply with legal obligations even after a deletion request.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on the Platform
• Sending an email to your registered address
• Displaying a prominent notice

Continued use after changes constitutes acceptance of the updated policy.