Our Privacy Policy

How we collect, use, protect, and respect your data—with privacy-first principles at every step.

Last Updated: May 18, 2025

Contents

  1. Introduction
  2. Information We Collect
  3. How We Use Your Information
  4. Data Retention
  5. Data Sharing and Disclosure
  6. Security Measures
  7. Your Rights Under GDPR
  8. Your Rights Under HIPAA
  9. Tracking Technologies
  10. Children's Privacy
  11. Changes to This Privacy Policy
  12. Contact Us
  13. Legal Basis for Processing (GDPR)
  14. Data Transfers
  15. HIPAA Compliance
  16. California Privacy Rights

1. Introduction

status.health® ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website (status.health) and our services including status.health.

We understand the sensitive nature of health information and have designed our systems with privacy as a foundational principle. Our zero-knowledge proof technology allows us to verify your testing history without retaining your medical information.

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access our website or use our services.

2. Information We Collect

2.1 Personal Information

We collect the following categories of personal information:

  • Identity Information: Your name and email address
  • Testing Information: Dates of medical testing related to STI screening

2.2 How We Collect Information

We collect information only through:

  • Direct submissions via our secure forms
  • Authorized integrations with healthcare providers (when you explicitly grant permission)

2.3 Technical Data

We may automatically collect certain information when you visit our website, including:

  • IP address
  • Browser type
  • Operating system
  • Access times
  • Pages viewed

3. How We Use Your Information

We use the information we collect exclusively to:

  • Provide our testing verification service
  • Generate zero-knowledge proofs of your testing history
  • Track and reward your testing frequency
  • Communicate with you about our services
  • Ensure the security and functionality of our website
  • Comply with legal obligations

We DO NOT use your personal information for:

  • Marketing purposes
  • Profiling or automated decision-making
  • Sale to third parties

4. Data Retention

🔏

Our Zero-Retention Approach

We built our system to prioritize your privacy by minimizing the data we store. When you upload a test document, we immediately process it, create a cryptographic proof of the test date, and then permanently destroy the original document from our systems.

Our data retention policy is designed to minimize storage of sensitive information:

  • Test documentation is deleted immediately after computing the zero-knowledge proof, within a maximum of 1 hour
  • We retain only the zero-knowledge proof of testing dates, which cannot be reversed to reveal your medical information
  • Non-health personal information is retained only as long as necessary to provide our services

5. Data Sharing and Disclosure

We do not share your personal information with third parties, except:

  • When required by law
  • To protect our rights or the safety of others
  • With service providers who help us operate our website (under strict confidentiality agreements)
  • With partner platforms (such as dating apps) only when you explicitly request to share your testing status

We never sell your personal information under any circumstances.

6. Security Measures

We implement appropriate technical and organizational measures to protect your personal information, including:

🔒

End-to-End Encryption

All data is encrypted during transmission, processing, and at rest

🧾

Zero-Knowledge Verification

Our zkVM provides trustless verification without accessing raw data

🔍

Regular Assessments

Ongoing security and privacy reviews of all our systems

🚪

Access Controls

Strict authentication and authorization procedures

7. Your Rights Under GDPR

If you are in the European Economic Area (EEA), you have certain rights regarding your personal information:

Right to Access

Request copies of your personal information

Right to Rectification

Request correction of inaccurate information

Right to Erasure

Request deletion of your personal information

Right to Restrict Processing

Request limitations on how we use your data

Right to Data Portability

Request transfer of your data

Right to Object

Object to our processing of your data

To exercise these rights, please contact us at support@status.health.

8. Your Rights Under HIPAA

As an organization that handles protected health information, we comply with HIPAA regulations. You have the right to:

  • Access your health information
  • Request amendments to your health information
  • Receive an accounting of disclosures of your health information
  • Request restrictions on certain uses and disclosures
  • Request confidential communications
  • Receive notifications of breaches

9. Tracking Technologies

🍪

Cookie-Free By Design

Unlike most websites, we don't use cookies or similar tracking technologies. We've designed our platform to respect your privacy by collecting only what's necessary for functionality—nothing more.

10. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

11. Changes to This Privacy Policy

We may update this privacy policy from time to time. The updated version will be indicated by an updated "Last Updated" date. We encourage you to review this privacy policy frequently.

12. Contact Us

If you have questions or concerns about this privacy policy or our practices, please contact us at support@status.health.

14. Data Transfers

We process and store your information in the United States. If you are accessing our services from outside the United States, be aware that your information may be transferred to, stored, and processed by us in our facilities and by those third parties with whom we may share your personal information.

15. HIPAA Compliance

As an entity that handles protected health information, we implement all required administrative, physical, and technical safeguards mandated by HIPAA:

  • We maintain a comprehensive security management process
  • We conduct regular risk analyses
  • We have appointed a Privacy Officer
  • We train our staff on HIPAA requirements
  • We implement technical safeguards including access controls, audit controls, integrity controls, and transmission security

16. California Privacy Rights

California residents may have additional rights regarding their personal information under laws such as the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).