Privacy Policy

Effective: June 6, 2026 · Last updated: June 6, 2026

CareShield is operated by Janus NW Research LLC ("we", "us", "our"). This policy describes how we collect, use, and protect your health information when you use our service to connect your electronic health records.

What We Collect

When you connect your health records through your patient portal, we receive:

• Your name, date of birth, and gender
• Active medical conditions
• Current medications
• Insurance coverage information
• Immunization history
• Lab results and vital signs
• Encounter history

We only access data you explicitly authorize through your health system's consent screen.

How We Use Your Data

• Display your health summary to you
• Identify preventive care gaps based on public clinical guidelines (USPSTF, ACIP)
• Compare healthcare costs relevant to your conditions

Required for service: Displaying your health summary and identifying care gaps requires access to your conditions, medications, and labs. Optional: Cost comparison features use your insurance and ZIP code — you may decline these without losing core functionality.

What We Never Do

• We never sell your data — not to advertisers, data brokers, employers, or insurers
• We never share your data with third parties without your explicit consent
• We never use your data for advertising or marketing profiles
• We never train AI models on your personal health information
• We never use your data for automated decisions that affect your access to insurance, employment, housing, credit, or healthcare services

Data Storage & Security

• Your OAuth tokens are encrypted at rest using AES-256-GCM
• A fast-access summary is stored in Cloudflare's global network (encrypted in transit and at rest)
• Full clinical records are stored on privately-owned infrastructure within the United States
• All connections use HTTPS/TLS 1.3

Shield AI — On-Device Processing

Shield is our AI health assistant. It runs entirely on your device using WebGPU — your health data is never sent to any external AI service, cloud API, or third-party server.

• The AI model is downloaded once and runs locally in your browser
• Your health records are loaded into the model's context on your device only
• No conversation history, prompts, or model outputs are transmitted off-device
• Shield cannot access the internet, make API calls, or send data anywhere

Data Retention

Your health data is collected on a persistent basis — we sync updated records from your connected health systems periodically until you disconnect. Upon disconnection, we delete your clinical data and encrypted tokens within 30 days. Anonymized, aggregated statistics (e.g., "X% of users had a care gap") may be retained indefinitely and cannot be traced back to you.

Impact on Others

Your health records may contain information about family members (e.g., family health history, genetic conditions, emergency contacts). When you share records via QR code or authorize third-party access, this information may be included. Please consider the privacy of family members before sharing.

Breach Notification

In the unlikely event of a data breach affecting your health information, we will notify you within 60 days via the email or contact method on file, as well as the Federal Trade Commission, consistent with the FTC Health Breach Notification Rule (16 CFR Part 318).

Your Rights

• Access: View all data we hold about you at any time in your dashboard
• Deletion: Request complete deletion of your data by emailing us or using the "Delete my data" option in settings
• Portability: Export your data in standard FHIR or PDF formats
• Disconnect: Revoke access to your health records at any time via Settings → Connected Accounts
• Withdraw consent: Email us at the address below or tap "Disconnect" in the app. We will stop all data collection immediately and delete stored data within 30 days.

Business Transfer

If Janus NW Research LLC is acquired, merges, or ceases operations, your data will be handled as follows: (1) the successor entity must honor this privacy policy in full, OR (2) you will be notified and given the option to export or delete your data before any transfer, OR (3) your data will be securely destroyed. You will always have the option to close your account.

Dormant Accounts

Accounts with no login activity for 12 months are considered dormant. We will send a notification before taking action. After 18 months of inactivity with no response, we may securely delete your health data while preserving your account credentials for future reconnection.

Children

CareShield is not intended for use by individuals under 18 without parental consent.

Changes to This Policy

We will post material changes here with an updated effective date. Continued use after changes constitutes acceptance.

Contact

Privacy Officer: Gerald January
Janus NW Research LLC
Bethel, AK
[email protected]

Complaints: If you believe your privacy rights have been violated, you may file a complaint by emailing the privacy officer above. We will acknowledge receipt within 5 business days and provide a substantive response within 30 days. You may also file a complaint with the Federal Trade Commission at reportfraud.ftc.gov.