سياسة حماية البيانات الصحية HIPAA

Dektori Notice of HIPAA Privacy Practices

Effective Date: August 4, 2025

Introduction and Commitment to Privacy

This Notice explains how Dektori may use and disclose your health information and describes your rights regarding that information. While Dektori is not a "covered entity” under the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA), we voluntarily follow HIPAA’s privacy and security standards to protect your data.

When this Notice refers to "health information” or "Protected Health Information” (PHI), it means any identifiable information about your health, healthcare, or related payments. Although Dektori provides health education rather than medical treatment, any personal health details you share are treated as PHI.

All PHI is stored securely using HIPAA-eligible cloud infrastructure. Data is encrypted in transit and at rest, with strict access and monitoring controls. We keep PHI only as long as needed for services or as required by law, after which it is securely deleted or de-identified.

How We May Use and Disclose Health Information

Dektori uses and discloses PHI only as permitted under this Notice or when required by law. In all cases, we limit use and disclosure to the minimum necessary.

• Providing Services: PHI may be used by Providers to review your submissions, answer questions, and offer educational consultations. Information may be shared with affiliated Providers as needed for your session.
• Payment Processing: If you purchase a consultation, your name and billing details may be shared with secure processors such as Stripe or PayPal. Dektori does not store full card details; we retain only payment confirmations and transaction records.
• Operations: PHI may be used for quality assurance, Provider training, customer support, auditing, and compliance. For example, transcripts may be reviewed to evaluate service quality or de-identified for analytics and platform improvement. Consultants or auditors engaged by Dektori may see limited PHI, but only under strict confidentiality agreements.

Outside of these purposes, we do not use or share your PHI unless you authorize it in writing. You may revoke such authorization at any time for future uses.

Third-Party Service Providers and Integrated Technologies

Dektori works with carefully vetted third-party service providers, sometimes called "business associates,” who support the operation of our Platform. These include hosting providers (such as AWS EC2 under a signed Business Associate Agreement), payment processors, secure communication tools, translation services, and analytics platforms. Each provider is contractually obligated to protect your PHI and may only use it to perform their specific functions for Dektori.

Payment processors like Stripe and PayPal handle sensitive billing information using industry-standard encryption. Dektori itself never stores complete credit card numbers. Translation services (e.g., Microsoft Translator) may process text for communication purposes but do not retain your PHI. Integrated tools such as Google Analytics, Tag Manager, Firebase, and reCAPTCHA help us monitor performance, security, and reliability. These tools may collect technical or usage data but are not permitted to access or use your PHI.

All integrated technologies are configured to comply with HIPAA best practices, and PHI shared with service providers is always encrypted and limited to the minimum necessary.

Disclosures Required or Permitted by Law

In certain circumstances, Dektori may be required or permitted to disclose PHI without your prior authorization. Such disclosures are made only when lawful and only to the extent necessary.

Examples include:

• Responding to valid court orders, subpoenas, or other legal directives (with notice to you when permitted).
• Preventing or addressing a serious threat to your health or safety, or that of others.
• Reporting suspected abuse, neglect, or domestic violence to appropriate authorities.
• Supporting public health activities such as communicable disease reporting or assisting in health surveillance.
• Cooperating with law enforcement, national security, or intelligence agencies when legally mandated.

Outside these circumstances, PHI is not shared without your explicit written authorization. Dektori never sells PHI or uses it for marketing without your consent.

Your Rights Regarding Your Health Information

You have important rights related to your PHI, including:

• Access and Copies: You may request a copy of the PHI we maintain about you, either electronically through our secure portal or in paper form. We will generally provide access within 30 days.
• Amendments: If you believe your PHI is inaccurate or incomplete, you may request an amendment. If denied, we will explain why and allow you to submit a statement of disagreement.
• Restrictions: You may request limits on how your PHI is used or disclosed. While we may not be able to honor all restrictions, we will make good-faith efforts to comply, especially when services are paid out-of-pocket.
• Confidential Communications: You may ask us to contact you in a particular way (e.g., by email or alternate address).
• Accounting of Disclosures: You may request a record of disclosures of PHI not related to treatment, payment, or operations, covering up to six years.
• Breach Notification: If a breach involving your unsecured PHI occurs, you will be notified without unreasonable delay, including an explanation of what happened, what information was affected, and what steps you can take.
• Complaints: You may file a complaint with Dektori or the U.S. Department of Health and Human Services’ Office for Civil Rights if you believe your privacy rights have been violated. Dektori will never retaliate against you for exercising this right.

Security Measures

Dektori applies strict safeguards to maintain the confidentiality, integrity, and availability of your PHI. All communications between your device and our systems are encrypted, and PHI is also encrypted at rest. Access to PHI is restricted to staff and Providers who need it to perform their roles, each of whom receives HIPAA training and signs confidentiality agreements.

We use firewalls, intrusion detection, continuous monitoring, and regular vulnerability assessments to protect our network. Physical security is ensured by AWS data centers, which include biometric access, 24/7 monitoring, and restricted entry. Business Associate Agreements are maintained with all third-party providers who handle PHI, obligating them to apply HIPAA-level protections.

Despite our efforts, no electronic system can be guaranteed 100% secure. You play an important role by safeguarding your account credentials, using strong passwords, and notifying us promptly of any suspected unauthorized use.

Contacting Us About Privacy

If you have questions, concerns, or requests related to this Notice or your PHI, please contact us at info@dektori.com or through the secure messaging feature within your account. We will respond promptly, typically within 30 days.

You may also file a complaint directly with the U.S. Department of Health and Human Services Office for Civil Rights. While we encourage you to contact us first so we can address your concern, you are not required to do so. Dektori will never retaliate against you for raising a privacy issue.

Changes to this Notice

Dektori reserves the right to revise this Notice at any time. Updates will apply to all PHI we maintain, including information created before the change, unless otherwise prohibited by law. When revisions are made, we will update the effective date and post the new Notice on our website and application. Continued use of the Platform signifies acceptance of the updated practices.

Our Commitment to Privacy

Protecting your privacy is central to Dektori’s mission of delivering safe and accessible health education. By hosting on HIPAA-eligible servers, encrypting all PHI, and working only with carefully vetted partners, we ensure your data is treated with the highest standards of care. If you have questions about how we safeguard your information, please contact us at info@dektori.com.