Privacy Policy

1. Introduction

Unlock Health ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Unlock Client Portal ("Portal").

By accessing or using the Portal, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Portal.

2. Information We Collect

2.1 Information from Google Authentication

When you sign in using Google OAuth, we collect:

• Your Google account email address
• Your name (as provided by Google)
• Your profile picture (if available)

2.2 Usage Information

We automatically collect certain information when you access the Portal:

• Access logs (date, time, and files accessed)
• Browser type and version
• Device information
• IP address

2.3 Files and Content

The Portal provides access to files stored in Google Shared Drives. We do not store copies of your files on our servers. Files remain in Google's infrastructure and are accessed through Google's APIs.

3. How We Use Your Information

We use the information we collect to:

• Authenticate your identity and provide access to the Portal
• Determine which client files you are authorized to access
• Maintain security and prevent unauthorized access
• Improve the Portal's functionality and user experience
• Comply with legal obligations

4. Information Sharing

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

• Service Providers: We use Google Cloud Platform and Cloudflare to host and operate the Portal
• Legal Requirements: We may disclose information if required by law or in response to valid legal requests
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred

5. Data Security

We implement appropriate technical and organizational security measures to protect your information, including:

• Encryption of data in transit (HTTPS/TLS)
• Secure authentication via Google OAuth 2.0
• Access controls based on Google Drive permissions
• Regular security assessments

6. Data Retention

We retain your account information for as long as your account is active or as needed to provide you access to the Portal. Access logs may be retained for up to 12 months for security and compliance purposes. You may request deletion of your account by contacting us.

7. Your Rights

Depending on your location, you may have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your information
• Object to or restrict processing of your information
• Data portability

To exercise these rights, please contact us using the information provided below.

8. Third-Party Services

The Portal integrates with Google services. Your use of Google authentication and Google Drive is subject to Google's Privacy Policy. We encourage you to review Google's privacy practices at https://policies.google.com/privacy.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of the Portal after any changes constitutes acceptance of the updated Privacy Policy.