LafiaSign in

Privacy Policy

Effective Date: March 1, 2026

Last Updated: March 1, 2026

1. Introduction

Lafia Health Technologies ("Lafia," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our health concierge platform ("Platform").

2. Information We Collect

Personal Information: Name, email address, phone number, date of birth, and other contact details you provide during registration.

Health Information: Medical history, medications, lab results, vital signs, appointment records, and other health data you share or that is generated through your use of the Platform. This information is classified as Protected Health Information (PHI) under HIPAA.

Usage Data: Device information, IP addresses, browser type, pages visited, and interaction patterns with our Platform.

Payment Information: Billing details processed through our secure payment providers (Stripe and Flutterwave). We do not store full credit card numbers.

3. How We Use Your Information

  • Provide and improve our health concierge services
  • Facilitate communication between you and healthcare providers
  • Generate personalized health insights using AI-powered analysis
  • Process appointments, prescriptions, and payments
  • Send health reminders, appointment notifications, and service updates
  • Comply with legal and regulatory requirements

4. How We Share Your Information

We do not sell your personal or health information. We may share information with:

  • Healthcare Providers: Your designated care team, with your consent
  • Service Providers: Third-party services that help us operate the Platform (hosting, analytics, communications), bound by data processing agreements
  • Legal Requirements: When required by law, court order, or government regulation
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

5. Data Security

We implement industry-standard security measures including encryption in transit (TLS 1.3) and at rest (AES-256), access controls, audit logging, and regular security assessments. Our infrastructure is hosted on SOC 2 compliant providers.

6. Your Rights

You have the right to:

  • Access your personal and health data
  • Request correction of inaccurate information
  • Request deletion of your account and associated data
  • Opt out of non-essential communications
  • Request a copy of your data in a portable format
  • File a complaint with the HHS Office for Civil Rights

7. Data Retention

We retain your information for as long as your account is active or as needed to provide services. Health records are retained in accordance with applicable medical record retention laws (minimum 7 years for adults, longer for minors).

8. Children's Privacy

Our Platform supports family accounts for managing children's health records. A parent or legal guardian must create and manage accounts for users under 18.

9. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or Platform notification.

10. Contact Us

For privacy inquiries: privacy@lafia.io

Lafia Health Technologies
Dallas, TX, United States

Last updated: March 9, 2026