Privacy Policy

Effective Date: April 17, 2025

HIPAA Studio, operated by Invaluable Labs, Inc., a Delaware corporation founded in 2025 ("we", "us", "our"), is committed to protecting your privacy and complying with all applicable laws, including the Health Insurance Portability and Accountability Act (HIPAA), the General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA).

Information We Collect

• Personal information you provide (name, email, organization, etc.)
• Account and authentication data
• Usage data, log files, device information, and cookies
• Health-related information only as required for HIPAA-compliant workflows

How We Use Information

• To provide, operate, and improve HIPAA Studio services
• To ensure compliance with HIPAA, GDPR, CCPA, and other applicable laws
• To communicate with you regarding your account, product updates, and support
• To detect, prevent, and address technical or security issues
• For analytics and product development (using de-identified or aggregated data where possible)

Legal Basis for Processing

• Performance of contract (Terms of Service)
• Compliance with legal obligations (including HIPAA, GDPR, CCPA)
• Legitimate interests (improving the platform, preventing fraud)
• Consent, where required (e.g., marketing communications, cookies)

User Rights & Requests

• Right to access, correct, or delete your personal data
• Right to data portability (request a copy of your data)
• Right to restrict or object to certain processing
• Right to withdraw consent at any time (where applicable)
• California and EU residents: additional rights under CCPA and GDPR

To exercise your rights, email privacy@hipaastudio.com. We respond to all requests within 30 days as required by law.

Data Security & Retention

• All data is encrypted at rest and in transit
• Access controls and audit logs are enforced
• Data is retained only as long as necessary for business or legal purposes
• Incident response and breach notification workflows are in place

Data Sharing & Disclosure

• We do not sell your personal data
• Data may be shared with service providers under strict confidentiality and compliance agreements
• We may disclose data if required by law or to protect rights and safety

International Transfers

If you are outside the United States, your data may be transferred to and processed in the US. We use appropriate safeguards (such as Standard Contractual Clauses) for international transfers.

Children's Privacy

HIPAA Studio is not intended for children under 18. We do not knowingly collect personal information from minors.

Contact Us

If you have questions about this Privacy Policy or our privacy practices, contact us at privacy@hipaastudio.com or by mail at: Invaluable Labs, Inc., 123 Main St, Wilmington, DE 19801, USA.

Updates to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes via email or in-app notification.