Privacy Policy

Omaroon operates as a Business Associate under HIPAA when processing Protected Health Information (PHI) on behalf of healthcare providers. We maintain:

• Administrative safeguards including workforce training and access controls
• Physical safeguards for our data centers and facilities
• Technical safeguards including encryption, audit controls, and integrity controls
• Business Associate Agreements (BAAs) with covered entities and subcontractors
• Documented policies and procedures for handling PHI

Personal Information

When you create an account or use our services, we may collect:

• Name, email address, and phone number
• Account credentials and authentication information
• Profile information and preferences
• Communication preferences

Health Information (PHI)

Through our PKU monitoring platform, we may collect:

• Phenylalanine (Phe) level readings from connected devices
• Date, time, and location of readings
• Medical history related to PKU management
• Communications between patients and healthcare providers
• Treatment notes and care plans

Technical Information

We automatically collect:

• Device information and identifiers
• IP address and browser type
• Usage data and interaction logs
• Cookies and similar tracking technologies

We use collected information to:

• Provide and maintain our PKU monitoring platform
• Enable communication between patients and healthcare providers
• Process and display health readings and trends
• Send important notifications about your health data
• Improve our services and develop new features
• Comply with legal and regulatory requirements
• Protect against fraud and unauthorized access
• Conduct research (only with proper consent and de-identification)

We may share your information with:

• Healthcare Providers: Your assigned doctors and care team can access your health data
• Service Providers: Third parties who help us operate our platform (under strict confidentiality agreements)
• Legal Requirements: When required by law, court order, or government request
• Emergency Situations: To protect the health and safety of individuals
• Business Transfers: In connection with a merger, acquisition, or sale of assets

We never sell your personal or health information to third parties.

We implement industry-standard security measures including:

• End-to-end encryption for data in transit (TLS 1.3)
• AES-256 encryption for data at rest
• Multi-factor authentication options
• Regular security audits and penetration testing
• Access controls and audit logging
• Secure data backup and disaster recovery procedures
• Employee security training and background checks

Under HIPAA and applicable state laws, you have the right to:

• Access your health information and request copies
• Request corrections to inaccurate information
• Request restrictions on certain uses and disclosures
• Receive an accounting of disclosures of your PHI
• Request confidential communications
• File a complaint if you believe your privacy rights have been violated

California residents have additional rights under the CCPA, including the right to know, delete, and opt-out of the sale of personal information.

We retain your personal information for as long as your account is active or as needed to provide services. Health records are retained in accordance with applicable medical record retention laws (typically 6-10 years depending on jurisdiction). You may request deletion of your account, though certain information may be retained as required by law or for legitimate business purposes.

Our services are primarily operated in the United States. If you access our services from outside the United States, your information may be transferred to, stored, and processed in the United States. We ensure appropriate safeguards are in place for any international data transfers.

Children's Privacy

Our platform may be used by minors with PKU under the supervision of their parents or guardians and healthcare providers. We collect only the minimum information necessary for PKU management. Parents and guardians have the right to access, correct, or delete their child's information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes affecting how we handle PHI, we will provide additional notice as required by law.

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights if you believe your HIPAA privacy rights have been violated.