Notice of Privacy Practices
Effective Date: March 11, 2026 · Last Updated: March 11, 2026
This Notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
Table of Contents
- Our Privacy Obligations
- Changes to This Notice
- Information We Collect
- Permissible Uses and Disclosures Without Your Written Authorization
- Other Permitted Uses and Disclosures
- Uses and Disclosures Requiring Your Written Authorization
- Use and Disclosure of PHI Related to Reproductive Healthcare
- Service Providers and Technology Partners
- Communications
- Your Individual Rights
- For Additional Information and Complaints
- Contact Us
1. Our Privacy Obligations
We understand that your health information is personal, and we at UniqueHuman Inc. ("we" or "us") are committed to protecting your privacy. This Notice of Privacy Practices ("Notice") applies to the medical records and other protected health information that we maintain about you ("PHI"). Your PHI may consist of paper, digital, or electronic records but could also include photographs, videos, voice recordings, and other electronic transmissions or recordings that are created during your care and treatment.
UniqueHuman provides migraine health tracking, journaling, and prediction services through a combination of artificial intelligence and human clinicians. Our services integrate health device data, voice and text journaling, location-based weather analysis, and AI-powered predictions to help you understand and manage your migraines.
We are required by law to maintain the privacy of your PHI, to provide you with this Notice of our legal duties and privacy practices with respect to your PHI, and to notify you in the event of a breach of your unsecured PHI. When we use or disclose your PHI, we are required to abide by the terms of this Notice (or other notice in effect at the time of the use or disclosure).
2. Changes to This Notice
We may change the terms of this Notice at any time. If we change this Notice, we may make the new notice terms effective for all your PHI that we maintain, including any information created or received prior to issuing the new notice. If we change this Notice, we will post the new notice on our website at uniquehuman.care. You also may obtain any new notice by contacting us using the contact information at the end of this Notice.
3. Information We Collect
In the course of providing care and services to you, we collect and maintain the following categories of information, which may constitute PHI:
Account Information
- •Name, email address, and Apple ID (via Sign in with Apple)
- •Biological sex, date of birth
- •Device information (device model, device identifier, timezone)
Health and Biometric Data
With your explicit permission, we collect data from Apple HealthKit, including:
- •Heart rate, resting heart rate, heart rate variability (HRV), walking heart rate averages
- •Blood oxygen saturation, respiratory rate, VO2 max
- •Step count, active and basal energy burned, exercise minutes, distance, flights climbed
- •Sleep analysis (including sleep stages: awake, REM, core, deep sleep), awakenings
- •Body mass, body fat percentage, body and wrist temperature
- •Blood pressure (systolic and diastolic), blood glucose
- •Menstrual flow and cycle day
- •Mindfulness and meditation sessions
Migraine and Health Journal Data
- •Migraine episodes: pain severity, intensity, onset and end times, associated symptoms (nausea, light/sound/smell sensitivity)
- •Medications taken, dosage, timing, effectiveness, and recurrence
- •Lifestyle factors: sleep hours, stress levels, missed meals, hydration quality, menstrual phase
- •Functional impact on work, daily activities, and social interactions
- •Trigger preferences and personalized trigger weights
Voice and Audio Data
With your permission, we collect voice recordings through voice journaling sessions. Audio is transcribed to text using speech recognition services and may be stored alongside your conversation records. Audio recordings are used solely to provide and improve your journaling experience.
Location and Weather Data
With your permission, we collect your location (latitude, longitude, altitude) and associated weather data (temperature, humidity, barometric pressure, wind conditions, UV index, cloud cover). This data is used to identify environmental migraine triggers such as barometric pressure changes and temperature swings. Location data is also reverse-geocoded to a general place name for your reference.
Documents and File Uploads
You may upload medical documents (PDFs, images) which are processed using optical character recognition (OCR) for text extraction and classification. Documents are stored securely and used to enrich your health record within our services.
Conversation Data
Text and voice conversations with our AI and clinical team, including session transcripts, extracted health entities, and session summaries. This data is used to provide care, generate insights, and maintain continuity of your health record.
4. Permissible Uses and Disclosures Without Your Written Authorization
We typically use and disclose your PHI without your written authorization in the following ways:
Treatment
We use and disclose your PHI to provide treatment and other services to you. For example, we may use your information to direct or recommend alternative treatments, therapies, health care providers, or settings of care to you or to describe a health-related product or service. Our AI-powered prediction engine analyzes your health data, sleep patterns, stress indicators, weather conditions, and personal triggers to provide migraine risk assessments and recommendations. Our human clinicians review and oversee your care. We may also disclose PHI to other providers involved in your treatment.
Payment
We may use and disclose your PHI to obtain payment for health care services that we provide to you. For example, we may disclose PHI to claim and obtain payment from Medicare, Medicaid, your health insurer, HMO, or other company or program that arranges or pays the cost of your health care. We may also disclose PHI to your other health care providers when such PHI is required for them to receive payment for services they render to you.
Health Care Operations
We may use and disclose your PHI for our health care operations, which include internal administration and planning and various activities that improve the quality and cost-effectiveness of the care that we deliver to you. For example, we may use PHI to evaluate the quality and competence of our health care providers and AI systems or to resolve any complaints you may have and ensure that you are satisfied with our services.
5. Other Permitted Uses and Disclosures
We are allowed or required to disclose your PHI in other ways, usually in ways that contribute to the public good, such as public health and research. We have to meet many conditions in the law before we can disclose your information for these purposes, which may include:
- •Disclosure to Business Associates. We may disclose your PHI with certain of our "business associates" or other third parties that perform various activities (e.g., billing, coordinating care, data processing, technology services) for us. We contractually require our business associates to implement safeguards to protect the privacy of your PHI.
- •Disclosure to Relatives, Close Friends, and Other Caregivers. We may use or disclose your PHI to a family member, other relative, a close friend, or any other person identified by you when you are present for, or otherwise available prior to, the disclosure, if: (1) we obtain your agreement or provide you with the opportunity to object to the disclosure and you do not object; or (2) we reasonably infer that you do not object to the disclosure. If you are not present for or unavailable prior to a disclosure, we may exercise our professional judgment to determine whether a disclosure is in your best interest. If we disclose information under such circumstances, we would only disclose information that is directly relevant to the person's involvement with your care.
- •As Required by Law. We may use and disclose your PHI when required to do so by any applicable federal, state, or local law.
- •Public Health Activities. We may disclose your PHI: (1) to report health information to public health authorities for the purpose of preventing or controlling disease, injury or disability; (2) to report child abuse and neglect to a government authority authorized by law to receive such reports; (3) to report information about products under the jurisdiction of the U.S. Food and Drug Administration; (4) to alert a person who may have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading a disease or condition; and (5) to report information to your employer as required under laws addressing work-related illnesses and injuries or workplace medical surveillance.
- •Victims of Abuse, Neglect or Domestic Violence. We may disclose your PHI if we reasonably believe you are a victim of abuse, neglect or domestic violence to a government authority authorized by law to receive reports of such abuse, neglect, or domestic violence.
- •Health Oversight Activities. We may disclose your PHI to an agency that oversees the health care system and is charged with responsibility for ensuring compliance with the rules of government health programs such as Medicare or Medicaid.
- •Judicial and Administrative Proceedings. We may disclose your PHI in the course of a judicial or administrative proceeding in response to a legal order or other lawful process.
- •Law Enforcement Officials. We may disclose your PHI to the police or other law enforcement officials as required by law or in compliance with a court order.
- •Decedents. We may disclose your PHI to a coroner or medical examiner as authorized by law.
- •Organ and Tissue Procurement. We may disclose your PHI to organizations that facilitate organ, eye or tissue procurement, banking, or transplantation.
- •Clinical Trials and Other Research Activities. We may use and disclose your PHI for research purposes pursuant to a valid authorization from you or when an institutional review board or privacy board has waived the authorization requirement. Under certain circumstances, your PHI may be disclosed without your authorization to researchers preparing to conduct a research project, for research of decedents or as part of a data set that omits your name and other information that can directly identify you.
- •Health or Safety. We may use or disclose your PHI to prevent or lessen a serious and imminent threat to a person's or the public's health or safety.
- •Specialized Government Functions. We may use and disclose your PHI to units of the government with special functions, such as the U.S. military or the U.S. Department of State under certain circumstances.
- •Workers' Compensation. We may disclose your PHI as authorized by and to the extent necessary to comply with state law relating to workers' compensation or other similar programs.
Some state and federal laws may apply more stringent privacy protections to certain health information about you, such as mental health or developmental disability treatment information or substance use disorder records. We must obtain your consent or authorization in order to use such information for a purpose unless otherwise permitted by law.
7. Use and Disclosure of PHI Related to Reproductive Healthcare
Our services may collect reproductive health information, including menstrual flow and cycle day data from Apple HealthKit.
HIPAA provides special protections for PHI related, or potentially related, to reproductive healthcare. Where the reproductive healthcare (a) is lawful under the laws of the state where it was provided, (b) is protected, required, or authorized by federal law (regardless of the state in which it was provided), or (c) was provided by a person other than us, HIPAA prohibits us from using or disclosing PHI related, or potentially related, to such reproductive healthcare in furtherance of an investigation or imposing of liability on any person for the mere act of seeking, obtaining, providing, or facilitating reproductive healthcare.
If we receive a request for PHI related to reproductive healthcare, a signed attestation may be required.
8. Service Providers and Technology Partners
To provide our services, we work with service providers who may process your PHI on our behalf. These service providers are contractually required to safeguard your information and use it only for the purposes we specify. Our service providers include:
- •Cloud Infrastructure. We use Amazon Web Services (AWS) for secure data storage, computing, and hosting. Data is encrypted at rest using AES-256 encryption and in transit using TLS.
- •AI and Machine Learning Services. We use third-party AI service providers to process your health conversations, generate insights, and power our migraine prediction engine. These providers process your data under strict contractual obligations and do not use your data for their own purposes.
- •Voice Processing. When you use voice journaling, audio data may be processed by third-party speech recognition services for transcription purposes only.
- •Error Monitoring. We use error reporting services to identify and fix technical issues in our application. These services may receive limited technical data to help us maintain service reliability.
- •Analytics. We use analytics services to understand how our application is used so we can improve the user experience. We have disabled advertising-related data collection across all analytics services.
We do not sell your PHI to any third party. We do not use your PHI for third-party advertising, behavioral targeting, or ad personalization.
9. Communications
We may communicate with you through the following channels in connection with your care and our services:
- •Email. We may send you emails regarding your account, sign-in notifications, service updates, feedback requests, and health-related communications pertinent to your care.
- •SMS / Text Messages. We may send you text messages for sign-in verification, appointment reminders, feedback requests, and important service notifications.
- •Push Notifications. With your permission, we may send push notifications to your device regarding migraine risk alerts, health insights, and other care-related updates.
- •In-App Messaging. We communicate with you through our AI-powered and clinician-supported chat and voice journaling features within the application.
You may opt out of non-essential communications at any time by contacting us at the email address provided at the end of this Notice. However, certain transactional and care-related communications may be necessary for us to provide our services to you.
10. Your Individual Rights
When it comes to your PHI, you have certain rights. This section explains your rights and some of our responsibilities to help you.
- •Right to Request Additional Restrictions. You may request restrictions on our use and disclosure of your PHI (1) for treatment, payment and health care operations, (2) to individuals (such as a family member, other relative, close personal friend or any other person identified by you) involved with your care or with payment related to your care, or (3) to notify or assist in the notification of such individuals regarding your location and general condition. While we will consider all requests for additional restrictions carefully, we are not required to agree to a requested restriction unless the request is to restrict our disclosure to a health plan for purposes of carrying out payment or health care operations, the disclosure is not required by law and the information pertains solely to a health care item or service for which you (or someone on your behalf other than the health plan) have paid us out of pocket in full. If you make a request, we will send you a written response.
- •Right to Receive Communications by Alternative Means or at Alternative Locations. You may request, and we will accommodate, any reasonable written request for you to receive your Protected Health Information by alternative means of communication or at alternative locations.
- •Right to Inspect and Copy Your Health Information. You may request access to your medical record file and billing records maintained by us in order to inspect and request copies of the records. Under limited circumstances, we may deny you access to a portion of your records. If you desire access to your records, please contact us using the contact information at the end of this Notice. If you request copies, we may charge you a reasonable copy fee.
- •Right to Amend Your Records. You may request that we amend your PHI maintained in your medical record file or billing records. We will comply with your request unless we believe that the information that would be amended is accurate and complete or other special circumstances apply.
- •Right to Receive an Accounting of Disclosures. You may request an accounting of certain disclosures of your PHI made by us during any period of time prior to the date of your request provided such period does not exceed six years. If you request an accounting more than once during a twelve (12) month period, we may charge you a reasonable fee for the accounting statement.
- •Right to Receive Paper Copy of this Notice. Upon request, you may obtain a paper copy of this Notice, even if you agreed to receive such notice electronically.
- •Right to Delete Your Account. You may delete your account and all associated data at any time through the application. Upon account deletion, your data is immediately and permanently removed from our systems. You may also request account deletion by contacting us at the email address below.
To exercise any of the above rights (other than account deletion, which is available in-app), please contact us using the contact information at the end of this Notice. We will respond to your request in a timely manner as required by law.
11. For Additional Information and Complaints
If you desire additional information about your privacy rights, disagree with a decision that we made about access to your PHI, or are concerned that we have violated your privacy rights, you may contact us using the contact information below. You may also file written complaints with the Office for Civil Rights of the U.S. Department of Health and Human Services ("OCR"). Upon request, we will provide you with the correct contact information for OCR.
We will not retaliate against you if you file a complaint with us or OCR.
12. Contact Us
You may contact us at:
UniqueHuman Inc.
3500 South DuPont Highway
Dover, Kent County, Delaware 19901