Community Liver Alliance
← Home

Legal

Consumer Health Data Privacy Policy

Effective: July 14, 2026

DRAFT — pending final legal review by Community Liver Alliance counsel. This page reflects the app’s current practices for admin access and third-party data sharing and is published for transparency. The exact legal wording may be adjusted before it is finalized.

Admin access & third-party data sharing

We follow a two-tier identity model so we can operate the app and share what CLA learns without exposing you:

  • Admin support view (identified, audited). A small number of authorized CLA administrators can view a single user’s real name, email, and check-ins only when needed to answer a support request or investigate a safety issue. Every time an admin reveals your identity in the app, the system writes a permanent audit entry with the admin’s ID, timestamp, and stated reason.
  • Everything else is de-identified. All admin dashboards, cohort analytics, CSV/PDF reports, and datasets shared outside CLA are automatically stripped of direct identifiers (name, email, phone, exact dates of birth), replace your user ID with a stable pseudonymous code, coarsen dates to the ISO week, and exclude free-text notes. Aggregates with fewer than 10 people are suppressed (“insufficient sample”) so individuals cannot be re-identified from small groups.

Who receives your data, and in what form:

RecipientFormRequires your opt-in?
CLA internal / boardDe-identified aggregate + row-levelNo — needed to run the program
Academic researchersDe-identified row-levelYes — Research participation opt-in
Pharmaceutical / industry sponsorsDe-identified aggregateYes — Research participation opt-in
Your treating clinicianIdentified single-patient reportYes — per-request in Settings

What we never do: we do not sell your personal information; we do not share your name or email with researchers, pharma sponsors, or advertisers; we do not include your free-text notes in any external share; we do not disable the audit log.

You can withdraw research participation, request a copy of your data, or request deletion at any time from Settings → Privacy & consent.

De-identification method (technical)

  • Direct identifiers removed: name, email, phone, address/ZIP, date of birth.
  • Pseudonymous user code: your internal user ID is replaced by a stable HMAC-SHA-256 code (“P-XXXXXXXXXXXX”) so the same person is the same code across a share, but the code cannot be reversed to your identity without a server secret CLA does not release.
  • Date coarsening: check-in and event timestamps are reduced to ISO week (e.g. 2026-W29).
  • Free-text excluded: notes, comments, and other free-text fields are not included in external shares.
  • Small-cell suppression (k-anonymity): any aggregate bucket with fewer than 10 people is shown as “insufficient sample” instead of a count.
  • Audit trail: every export records the admin, timestamp, dataset, filters, recipient audience, row count, and a SHA-256 hash of the exported file.

Why this policy exists. The Washington My Health My Data Act (MHMDA) and comparable Nevada, Connecticut, and Oregon consumer-health-data laws require a separate, plainly written policy that describes how “consumer health data” is collected, used, shared, and how you can control it. We apply this policy to all users of the PBC Itch Tracker & Discussion Guide (the “App”), regardless of state.

1. Not a HIPAA-covered service

The App is provided by the Community Liver Alliance (“CLA”), a 501(c)(3) nonprofit. CLA is not a health care provider, health plan, or health care clearinghouse, and is not a “covered entity” or “business associate” under HIPAA. Nothing in this policy or in the App creates a HIPAA-regulated relationship. Your rights under this policy come from the FTC Health Breach Notification Rule and state consumer-health laws, not HIPAA.

2. What we treat as consumer health data

  • Your Primary Biliary Cholangitis (PBC) diagnosis year (if you provide it)
  • Your daily itch severity score, sleep impact, mood impact, and mood valence
  • Triggers you tag (e.g., heat, humidity, stress)
  • Treatments you record and their perceived effect
  • Free-text symptom notes you choose to enter
  • Reminder preferences related to your care
  • Account identifiers (email, display name) linked to the above

3. How we collect it

Only from you, and only when you enter it. We do not import health data from any third party. We do not buy or license health data. We do not infer health data from device fingerprinting or advertising signals.

4. How we use it

  • To operate the App for you: store your check-ins, render your trends, generate your discussion guide.
  • To send you the reminders you opted into.
  • To secure the App: detect abuse, investigate incidents, and comply with law.
  • Only if you separately opt in in Settings: to include your data, in de-identified and aggregated form, in CLA nonprofit research and program reporting.

5. How we share it

We do not sell your consumer health data. We do not share it for cross-context behavioral advertising. We share it only with:

  • Service providers that host the App and its database, bound to confidentiality obligations and permitted to use the data only to run the App. Current subprocessors: hosting/database provider, authentication provider, error monitoring, transactional email.
  • Law enforcement or courts when required by a valid subpoena, warrant, or court order. We will attempt to notify you first unless prohibited.
  • You, when you export your data or generate a report to bring to your clinician. What you do with the exported PDF or JSON is your decision.

If the App is ever transferred to another organization (merger, acquisition, or wind-down), your consumer health data may transfer with it, subject to the same or stronger obligations. We will notify you in-app and by email before that happens.

6. Your rights

  • Access & portability. Download all of your data as JSON from Settings.
  • Deletion. Delete your account (and all associated data) from Settings. Deletion is permanent and cannot be undone.
  • Withdraw consent. Turn off research participation, AI processing, or reminders in Settings at any time. Withdrawal does not affect processing that already happened.
  • Complain. You may complain to the Washington State Attorney General, your own state Attorney General, or the Federal Trade Commission.

7. Security

Data is encrypted in transit (HTTPS) and at rest by our hosting provider. Access is scoped to your account by row-level security policies. Passwords are checked against the HaveIBeenPwned breach list. Administrative access to production data is logged. Details are in our Privacy Policy.

8. Breach notification

If your identifiable health information is accessed, acquired, or disclosed without authorization, we will notify you (and, where applicable, the FTC and state Attorneys General) within the timelines required by the FTC Health Breach Notification Rule and applicable state law — in no event later than 60 calendar days after discovery.

9. Not intended for children

The App is for adults 18 and older. We do not knowingly collect data from anyone under 13. If we learn we have, we will delete it.

10. Not intended for EU / UK residents

The App is designed for United States residents. If you are in the European Union, the United Kingdom, or another region whose health-data laws (e.g., GDPR Article 9) require legal safeguards we do not currently offer, please do not create an account.

11. Artificial intelligence

The App may include an optional AI assistant that answers questions about PBC itch and summarizes your check-ins. It is off by default. If you turn it on, we will send only de-identified check-in data (never your email or name) to our AI provider under a contractual restriction that prohibits reuse for model training. AI responses are informational and are not medical advice.

12. Changes

If we change this policy in a way that materially reduces your rights, we will notify you in-app and by email at least 30 days in advance and, where required, re-ask for consent.

13. Contact

Community Liver Alliance — communityliveralliance.org