Privacy Policy

1. Introduction

This Privacy Policy describes how IoT Softworks ("Company," "we," "us," or "our") collects, uses, and protects information in connection with the LuminaEHR electronic health records platform (the "Service"). This policy applies to our website (lumina.iotsoftworks.com), our mobile and desktop applications, and our backend services.

2. Information We Collect

2.1 Account Information (Stored on Our Servers)

When you create an account, we collect:

• Registration data: Name, email address, and password (hashed with bcrypt)
• Authentication data: MFA secrets (encrypted with AES-256-GCM), backup codes (bcrypt-hashed)
• Subscription data: Plan tier, billing status, trial dates, payment gateway references
• Device registration data: Device identifiers for P2P discovery and sync
• FCM tokens: Firebase Cloud Messaging tokens for push notifications

2.2 Clinical & Patient Data (Stored Locally on Your Devices)

The following data is stored only on your devices in AES-256 encrypted SQLite databases and is never transmitted to or stored on our servers:

• Patient demographics and records
• Clinical notes, problems, allergies, medications, vital signs
• Orders (CPOE), prescriptions, and CDS alerts
• Appointments and scheduling data
• Billing data: insurance plans, charges, invoices, payments, claims
• Custom forms and form responses
• Attachments and clinical documents
• Audit trail entries

2.3 P2P Synchronization Data (Encrypted End-to-End)

When you use P2P sync, clinical data is transmitted directly between your authorized devices using AES-256-GCM encryption with Perfect Forward Secrecy. Our servers may facilitate:

• Device discovery: Helping your devices find each other across networks
• Relay connections: Forwarding encrypted data when direct connections cannot be established

In both cases, the data is end-to-end encrypted and we cannot read, access, or decrypt the contents.

2.4 Website & Service Usage

We may collect standard web analytics data including:

• IP address and browser/device type
• Pages visited and features used
• Error logs and performance metrics

3. How We Use Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Process subscription payments and manage your account
• Facilitate P2P device discovery and relay connections
• Send transactional emails (account verification, password reset, subscription notices)
• Send push notifications for sync events and alerts (if enabled)
• Monitor and improve Service security and performance
• Respond to support requests and communications
• Comply with legal obligations

4. Information We Do NOT Collect

• Protected Health Information (PHI) or patient records
• Clinical notes, diagnoses, or treatment information
• Patient demographics, contact information, or insurance data
• Prescription or medication data
• Lab results, imaging, or clinical documents

This data exists exclusively on your devices and is under your sole control.

5. Data Sharing

We do not sell, rent, or trade your personal information. We may share account information with:

• Payment processors: Paddle, Stripe, PayPal, or Lemon Squeezy for subscription billing
• Firebase (Google): For push notification delivery via FCM
• Law enforcement: Only when required by law, subpoena, or court order

We do not share clinical or patient data because we do not have access to it.

6. Data Security

We implement multiple layers of security:

• Local database encryption: AES-256 via SQLCipher for all clinical data at rest
• P2P encryption: AES-256-GCM with Perfect Forward Secrecy for data in transit
• Server security: JWT authentication, bcrypt password hashing, rate limiting, HTTPS/TLS
• MFA secrets: TOTP secrets encrypted with AES-256-GCM on the server
• Backup codes: Bcrypt-hashed, never stored in plaintext
• Session security: Concurrent session prevention, inactivity lock screen, forced logout on account changes
• Infrastructure: Helmet security headers, CORS, input validation, PM2 clustering

7. Data Retention

• Account data: Retained while your account is active. Deleted upon account deletion request, subject to any legal retention requirements.
• Clinical data: Stored on your devices only. We have no ability to retain or delete this data. You control its lifecycle.
• Server logs: Retained for up to 90 days for security and debugging purposes, then automatically purged.
• Payment records: Retained as required by applicable financial regulations.

8. Your Rights

You have the right to:

• Access: Request a copy of the account information we store about you
• Correction: Update your account information at any time
• Deletion: Request deletion of your account and associated server-side data
• Data portability: Export your clinical data via FHIR R4 or other export tools at any time
• Opt-out: Disable push notifications or marketing communications

To exercise these rights, contact us through our Contact page.

9. Children's Privacy

The Service is designed for use by healthcare professionals and is not directed at children under 18. We do not knowingly collect information from children under 18. If we discover such data has been collected, we will delete it promptly.

10. International Users

Our servers are located in the United States. If you access the Service from outside the U.S., your account information may be transferred to and processed in the U.S. Your clinical data remains on your local devices regardless of your location.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes at least 30 days before they take effect by email or through the Service. The "Effective Date" at the top of this page indicates the latest revision.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

• Email: Contact Page
• Website: lumina.iotsoftworks.com