Privacy Policy

Effective Date: June 22, 2025 | Last Updated: June 22, 2025

HIPAA Aligned

Strong security under signed BAA

Minimal Data

We collect only what's necessary

Your Control

Delete your data anytime

1. Introduction

Twin Tip Solutions LLC, doing business as DermaWhiz ("we," "our," or "us"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the "Service").

Important: DermaWhiz is designed for educational purposes only and is not intended to provide medical diagnosis, treatment, or professional medical advice.

2. HIPAA Alignment

✓ HIPAA-Aligned Service: DermaWhiz operates under a signed Business Associate Agreement (BAA) with Google Cloud Platform, following HIPAA best practices for handling Protected Health Information (PHI).

  • All authentication and data processing uses Google Cloud Identity Platform under HIPAA coverage
  • No anonymous authentication - all accounts use device-based identification
  • All data transmission is encrypted using industry-standard protocols
  • Access controls and audit logging are maintained per HIPAA requirements
  • Zero AI Training: Under our HIPAA BAA, your data is not used to train or improve AI models

Disclaimer: While we strive to align with HIPAA standards and maintain a BAA with our cloud providers, users should review this full privacy policy to understand our security practices. As a free educational app, we implement industry best practices to protect your data.

3. Information We Collect

3.1 Images and Analysis Data

  • Encrypted Skin Images: Photos you upload are encrypted for secure AI analysis
  • Analysis Results: AI-generated educational information about skin characteristics
  • Analysis History: Previous analyses for your reference
  • Questions and Responses: Educational questions you ask and AI responses

3.2 Technical Information

  • Device Information: Device type, operating system, app version
  • Usage Analytics: App feature usage for improvement purposes
  • Error Logs: Technical logs to diagnose and fix issues

3.3 Information We Do NOT Collect

  • Personal identifying information (name, email, phone number)
  • Location data or GPS information
  • Contact lists or social media information
  • Financial or payment information

4. How We Use Your Information

  • Educational Analysis: Provide AI-powered educational information about skin characteristics
  • Service Improvement: Analyze usage patterns to improve app functionality
  • Technical Support: Diagnose and resolve technical issues
  • HIPAA Alignment: All data processing follows HIPAA best practices - no data is used for AI model training or improvement
  • Legal Requirements: Meet regulatory requirements and respond to legal requests

5. Information Sharing and Disclosure

5.1 Service Providers

  • Google Cloud Platform with Vertex AI: HIPAA-capable infrastructure, authentication, and AI processing under strict BAA - no data used for model training
  • Firebase Infrastructure: HIPAA-aligned database and authentication services under BAA coverage

5.2 We Do Not Share

  • Individual encrypted images or personal health information with third parties
  • Data for advertising, marketing, or AI model training purposes
  • Information with data brokers, commercial partners, or research institutions

6. Data Security

Strong Security: Your data is protected with robust security measures designed for healthcare applications.

  • Encryption: All data encrypted in transit and at rest using AES-256
  • Access Controls: Strict role-based access with multi-factor authentication
  • Network Security: VPC isolation and firewall protection
  • Monitoring: 24/7 security monitoring and incident response
  • Regular Audits: Third-party security assessments and HIPAA alignment audits

7. Data Retention and Deletion

  • Retention Period: We retain your encrypted data only as long as necessary for educational purposes and service provision under HIPAA best practices
  • Manual Deletion: You can delete your account and all associated encrypted data (images and analysis in encrypted string format) from your device at any time through the app settings
  • Reported Content Exception: Content voluntarily reported for AI accuracy improvement cannot be deleted as it becomes part of our quality assurance process
  • Backup Recovery: Deleted data is permanently removed from all backups within 30 days

8. Your Rights and Choices

  • Access: Request copies of your personal data
  • Rectification: Correct inaccurate personal data
  • Erasure: Delete your account and all associated data
  • Withdrawal of Consent: Stop using the service at any time

To exercise these rights, contact us at: reid@twintipsolutions.com

9. Children's Privacy

Our Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn we have collected personal information from a child under 13, we will delete that information immediately.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure adequate protection through:

  • Google Cloud Platform's global infrastructure with HIPAA coverage
  • Standard contractual clauses approved by relevant authorities
  • Adherence to international data protection frameworks

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Effective Date" at the top of this Privacy Policy
  • Providing in-app notification for significant changes

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: reid@twintipsolutions.com

Company: Twin Tip Solutions LLC

Privacy Inquiries: reid@twintipsolutions.com

HIPAA Alignment: reid@twintipsolutions.com

Medical Disclaimer

Important: DermaWhiz is for educational purposes only and is not a substitute for professional medical advice, diagnosis, or treatment. Always seek the advice of your physician or other qualified health provider with any questions you may have regarding a medical condition.