PathwayBio PathwayBio

Privacy Policy

Last Updated: December 16, 2024

Our Commitment to Your Privacy

PathwayBio handles sensitive health information. We take this responsibility seriously. This Privacy Policy explains what data we collect, how we protect it, and how we use it to serve you.

The short version: Your personal health information is encrypted and stored separately from your identity. Research organizations only see anonymized data. We never sell your personal information.

1. Information We Collect

Account Information

When you create an account, we collect:

  • Name and email address
  • Password (stored encrypted, never in plain text)
  • Primary autoimmune condition

Health Information

To provide our services, we collect health information you choose to share:

  • Lab results you upload (PDFs, images, or manual entry)
  • Questionnaire responses about your symptoms, treatments, and health history
  • Information about medications and biologics you've tried
  • Your health goals and concerns

Usage Information

We automatically collect:

  • How you interact with our platform (pages visited, features used)
  • Device information (browser type, operating system)
  • IP address and general location (city/region level)

2. How We Protect Your Data

🔒 HIPAA-Compliant Architecture

PathwayBio uses a split-database architecture designed for healthcare data protection. Your personal identifying information (name, email) is encrypted and stored separately from your health data.

Our security measures include:

  • Encryption at rest: All personal data is encrypted using AES-256 encryption
  • Encryption in transit: All data transmitted to and from PathwayBio uses TLS 1.2+
  • Separated storage: Your identity is stored in a secure vault separate from your health data
  • Anonymous tokens: Your health data is linked to an anonymous patient token, not your name
  • Access logging: All access to personal data is logged for audit purposes
  • Regular security reviews: We regularly assess and improve our security practices

3. How We Use Your Information

To Provide Our Services

  • Analyze your lab results using AI to provide educational insights
  • Track your health markers over time and identify trends
  • Personalize content and recommendations to your condition
  • Match you with relevant clinical trials and research opportunities

To Improve PathwayBio

  • Analyze usage patterns to improve our platform
  • Train and improve our AI analysis systems (using de-identified data only)
  • Fix bugs and technical issues

To Communicate With You

  • Send important account notifications
  • Alert you to new research opportunities that match your profile
  • Respond to your questions and support requests

4. How We Share Your Information

We never sell your personal information. Period.

Research Organizations (Anonymized Only)

Pharmaceutical companies, academic institutions, and research organizations can access anonymized patient profiles to identify potential research participants. They see:

  • Anonymous patient token (e.g., "Patient p47382")
  • Condition and general health profile
  • Lab marker ranges and patterns
  • Treatment history categories

They cannot see your name, email, or any information that directly identifies you. Your identity is only revealed if YOU choose to express interest in a specific research opportunity.

Service Providers

We work with trusted service providers who help us operate PathwayBio:

  • Cloud hosting: Our infrastructure is hosted on secure, HIPAA-eligible cloud platforms
  • AI processing: We use AI services to analyze lab results (data is processed securely and not retained by the AI provider)
  • Email services: To send you account notifications

All service providers are contractually bound to protect your data and use it only for the services they provide to us.

Legal Requirements

We may disclose your information if required by law, such as in response to a valid court order or subpoena. We will notify you if legally permitted to do so.

5. Your Rights and Choices

Access Your Data

You can view all the health data you've uploaded and your profile information through your dashboard at any time.

Download Your Data

You can request a copy of all data we have about you. Contact us at george@investigate.health to request a data export.

Delete Your Data

You can request deletion of your account and all associated data. Upon deletion:

  • Your personal information will be permanently removed from our identity vault
  • Your health data and lab results will be deleted
  • Your anonymous token will be deactivated
  • Deletion is typically completed within 30 days

Note: We may retain certain anonymized, aggregated data that cannot be linked back to you for research and improvement purposes.

Communication Preferences

You can opt out of non-essential emails at any time. Essential account notifications (security alerts, terms changes) cannot be opted out of while you have an active account.

Research Participation

You control whether your anonymized profile is visible to research organizations. You can opt out of research matching in your account settings.

6. Cookies and Tracking

We use cookies and similar technologies to:

  • Keep you logged in to your account
  • Remember your preferences
  • Understand how you use our platform
  • Improve our services

We do not use cookies for third-party advertising. You can disable cookies in your browser settings, but some features of PathwayBio may not work properly.

7. Data Retention

We retain your data for as long as you have an active account. After account deletion:

  • Personal information is deleted within 30 days
  • Backup copies are purged within 90 days
  • Audit logs are retained for 7 years as required for HIPAA compliance

8. Children's Privacy

PathwayBio is not intended for use by anyone under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.

9. International Users

PathwayBio is currently designed for users in the United States. If you access our services from outside the US, your data will be transferred to and processed in the United States.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email and/or a prominent notice on our platform. Your continued use of PathwayBio after changes take effect constitutes acceptance of the updated policy.

11. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, request deletion, and opt out of the sale of personal information.

As noted above, we do not sell personal information. To exercise your other rights, contact us at george@investigate.health.

12. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

Email: george@investigate.health
Company: Pathway Biosciences / Investigate Health Publishing LLC