Privacy Policy

1. Introduction

Mahalo Health ("we," "our," or "us") operates the AEGIS platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services.

We are committed to protecting your privacy and ensuring the security of your personal and health information in compliance with HIPAA, GDPR, and other applicable regulations.

2. Information We Collect

2.1 Personal Information

We may collect personal information including but not limited to:

• Name, email address, and contact information
• Company name and professional details
• Account credentials and authentication data
• Payment and billing information

2.2 Health Information

For ACNU screening and SaMD functionality, we may process Protected Health Information (PHI) including:

• Medical history and diagnostic information
• Screening questionnaire responses
• EHR data (when integrated with patient consent)
• Treatment and medication information

2.3 Technical Information

• IP address, browser type, and device information
• Usage data and analytics
• Cookies and tracking technologies
• Log files and audit trails

3. How We Use Your Information

We use collected information for:

• Providing and maintaining AEGIS platform services
• Processing ACNU screening and SaMD workflows
• Ensuring regulatory compliance and audit trails
• Improving platform functionality and user experience
• Communicating with you about services and updates
• Detecting and preventing fraud or security issues
• Meeting legal and regulatory obligations

4. Data Security

We implement industry-leading security measures to protect your information:

• End-to-end encryption for data in transit and at rest
• SOC 2 Type II and ISO 27001 certified infrastructure
• HIPAA-compliant data handling and storage
• Role-based access controls and authentication
• Regular security audits and penetration testing
• 21 CFR Part 11 compliant audit trails

5. Data Retention

We retain your information for as long as necessary to fulfill the purposes outlined in this policy and to comply with regulatory requirements:

• ACNU and SaMD records: Minimum 10 years (FDA requirement)
• Audit trails and compliance documentation: As required by regulation
• Account information: Duration of active account plus applicable retention period

6. Information Sharing

We do not sell your personal information. We may share information with:

• Service providers who assist in platform operations (under strict confidentiality agreements)
• Healthcare providers and pharmacies (with patient consent for ACNU workflows)
• Regulatory authorities (as required by law)
• Business partners (with your explicit consent)

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access your personal information
• Request correction of inaccurate data
• Request deletion of your data (subject to regulatory retention requirements)
• Object to or restrict processing
• Data portability
• Withdraw consent (where applicable)

8. Cookies and Tracking

We use cookies and similar technologies to enhance user experience, analyze usage, and maintain security. You can control cookie preferences through your browser settings.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for international transfers in compliance with applicable data protection laws.

10. Children's Privacy

AEGIS is not intended for use by individuals under 18 years of age. We do not knowingly collect information from children.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or platform notification. Continued use of AEGIS after changes constitutes acceptance of the updated policy.

12. Contact Us

For questions about this Privacy Policy or to exercise your rights, please contact us: