Also, how identifiable is the data? Can a (US state) government agency subpoena data for individual users?
Does the app/company fall under HIPAA regulation? If it does, what security & privacy measures are in place to guarantee compliance? If it does not, what security & privacy measures are in place to prevent government fishing expeditions?
Finally, what security & privacy measures are in place to prevent app developer having a change of heart about selling the data? What if, say, United Healthcare offers to buy the app and the data for $1B?
Yes. Two features high on my list of todos: 1) download all your data; 2) delete all data from the site.
The second is a bit more complicated, since multiple family members may have access to the same data, and may have different opinions on deleting it. I'll work it out.
Otherwise, you have only my integrity. I'm not looking to sell it, but I would love to hand this over to someone with more resources and bigger pockets. If I ever do, I would want those reassurances from them first, and I would definitely give all users fair warning, so they can pull out if they don't have the same confidence I do.
> The second is a bit more complicated, since multiple family members may have access to the same data, and may have different opinions on deleting it. I'll work it out.
I know it's been said elsewhere, but you need a lawyer. This isn't something for you to work out, it's something for you to clearly understand your legal obligations, and what your exposure is based on which jurisdictions a user might log in from.
Also, how identifiable is the data? Can a (US state) government agency subpoena data for individual users?
Does the app/company fall under HIPAA regulation? If it does, what security & privacy measures are in place to guarantee compliance? If it does not, what security & privacy measures are in place to prevent government fishing expeditions?
Finally, what security & privacy measures are in place to prevent app developer having a change of heart about selling the data? What if, say, United Healthcare offers to buy the app and the data for $1B?
> app developer having a change of heart
Yes. Two features high on my list of todos: 1) download all your data; 2) delete all data from the site.
The second is a bit more complicated, since multiple family members may have access to the same data, and may have different opinions on deleting it. I'll work it out.
Otherwise, you have only my integrity. I'm not looking to sell it, but I would love to hand this over to someone with more resources and bigger pockets. If I ever do, I would want those reassurances from them first, and I would definitely give all users fair warning, so they can pull out if they don't have the same confidence I do.
> The second is a bit more complicated, since multiple family members may have access to the same data, and may have different opinions on deleting it. I'll work it out.
I know it's been said elsewhere, but you need a lawyer. This isn't something for you to work out, it's something for you to clearly understand your legal obligations, and what your exposure is based on which jurisdictions a user might log in from.
8 replies →
And is it encrypted at rest and in transit? If so, what level of encryption? Are keys ever stored in the app?