Privacy
Policy

Last updated: July 5, 2026

1. Introduction

Helna ("we," "our," or "us") is committed to protecting the privacy and security of your personal information and protected health information (PHI). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our healthcare collaboration platform and services.

We comply with the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA), the Health Insurance Portability and Accountability Act (HIPAA) for protected health information in the United States, and other applicable data protection laws.

2. Information We Collect

2.1 Personal Information

We collect information that identifies, relates to, or could reasonably be linked with you, including:

  • Name, email address, and phone number
  • Professional credentials and license information
  • Account credentials and security information
  • Payment and billing information
  • Communication preferences

2.2 Protected Health Information (PHI)

For healthcare providers using our platform, we may process PHI on your behalf, including:

  • Patient medical records and health history
  • Diagnostic and treatment information
  • Insurance and billing records
  • Appointment and consultation records
  • Prescriptions and medication information

2.3 Technical Information

  • IP address, browser type, and device information
  • Usage data and analytics
  • Cookies and similar tracking technologies
  • Log files and system activity

3. How We Use Your Information

We use your information for the following purposes:

  • Service Delivery: To provide, maintain, and improve our platform and services
  • Healthcare Operations: To facilitate clinical workflows, patient management, and care coordination
  • Communication: To send service updates, technical notices, and respond to inquiries
  • Security: To protect against fraud, unauthorized access, and security threats
  • Compliance: To comply with legal obligations and regulatory requirements
  • Analytics: To analyze usage patterns and improve our services (using anonymized data)

4. Legal Basis for Processing (GDPR)

For users in the EEA, we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide our services
  • Consent: Where you have given explicit consent
  • Legal Obligation: To comply with applicable laws and regulations
  • Legitimate Interests: For our legitimate business interests, balanced against your rights
  • Vital Interests: To protect life or health in emergency situations

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information with:

  • Healthcare Providers: As necessary for treatment, payment, and healthcare operations
  • Service Providers: Third-party vendors who perform services on our behalf (under strict confidentiality agreements)
  • Business Associates: HIPAA-compliant partners who assist in healthcare operations
  • Legal Authorities: When required by law or to protect rights and safety
  • Business Transfers: In connection with mergers, acquisitions, or asset sales (with continued protection)

6. Data Security

We implement comprehensive security measures to protect your information:

  • End-to-end encryption (AES-256) for data at rest and in transit
  • Multi-factor authentication and role-based access controls
  • Regular security audits and penetration testing
  • HIPAA-compliant infrastructure and processes
  • 24/7 security monitoring and incident response
  • Employee training on data protection and security practices

7. Your Rights

7.1 GDPR Rights (EEA Users)

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to certain types of processing
  • Right to Withdraw Consent: Withdraw consent at any time
  • Right to Lodge a Complaint: File a complaint with your local supervisory authority

7.2 HIPAA Rights (US Users)

  • Right to Access: Obtain copies of your health information
  • Right to Amend: Request corrections to your health records
  • Right to Accounting: Receive a list of disclosures of your PHI
  • Right to Request Restrictions: Ask for limits on uses and disclosures
  • Right to Confidential Communications: Request communications by alternative means

8. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

  • Account Information: For the duration of your account plus 7 years
  • Health Records: As required by applicable law (typically 7-10 years after last treatment)
  • Financial Records: 7 years for tax and audit purposes
  • Marketing Data: Until you withdraw consent or request deletion

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. For transfers from the EEA, we use:

  • European Commission-approved Standard Contractual Clauses
  • Adequacy decisions for countries with equivalent data protection
  • Other appropriate safeguards as required by GDPR

10. Cookies and Tracking

We use cookies and similar technologies to:

  • Maintain your session and preferences
  • Analyze platform usage and performance
  • Enhance security and prevent fraud
  • Personalize your experience

You can control cookies through your browser settings. Note that disabling cookies may affect platform functionality.

11. Children's Privacy

Our platform is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. Healthcare providers may enter information about pediatric patients as part of legitimate healthcare operations.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

  • Posting the updated policy on our website
  • Updating the "Last updated" date
  • Sending email notification for significant changes
  • Requesting renewed consent where required by law

13. Contact Information

For questions, concerns, or to exercise your rights regarding your personal information:

Data Protection Officer

Email: privacy@helna.tech

EU Representative

For users in the European Union, you may also contact our EU representative at:

Supervisory Authority

EEA users have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.

Your Privacy Matters

We are committed to transparency and protecting your privacy. If you have any questions or concerns about how we handle your information, please don't hesitate to contact us.