Legal
Privacy Policy
Effective Date: May 30, 2026 · Last Updated: July 2, 2026
HealChain is built on a core principle: your files never leave your device. We store only cryptographic hashes and structured metadata — never the original document content. This policy explains exactly what we collect and why.
1. Introduction
HealChain ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information when you use HealChain at healchain.org or through our API.
2. Information We Collect
2.1 Information You Provide
- Wallet addresses — when you connect a wallet or register an account
- Email address — optional, when you create an account
- API keys — generated upon account creation; we store a cryptographic hash of your key, never the plaintext
- Payment information — processed by Stripe, Inc. We do not store your payment card details; Stripe handles payment data under their own privacy policy. For crypto payments, only your wallet address is recorded.
- Document metadata — structured fields you fill in (names, dates, reference numbers, descriptions). This metadata is stored on-chain permanently.
- Cryptographic hashes — SHA-256 or ci-sha4096 fingerprints of files you choose to hash. The hash proves a file existed at a point in time — it cannot be reversed to recover the original file.
- Feedback — if you submit feedback through the Service
2.2 Information Collected Automatically
- Usage logs — records of API operations including operation type, data size, fee charged, chain used, timestamp, and a hashed IP address. We hash IP addresses — we do not store them in plaintext.
- Chain and transaction data — transaction hashes and record IDs associated with your operations on public blockchain networks
- Device information — browser type, operating system. Used for security and fraud prevention.
- Referral codes — if you arrived via a builder referral link, that relationship is stored to calculate revenue share
2.3 Blockchain Data
Important: Data you store through HealChain is written to public blockchain networks. Blockchain data is public and permanent. Once data is stored on-chain, we cannot delete or modify it. Do not store personally identifiable information, private keys, passwords, or sensitive personal data on-chain.
2.4 What We Do NOT Collect
- Your original document files — only their cryptographic hash fingerprints
- Your name or physical address (unless you choose to include these in document metadata)
- Government-issued ID numbers
- Private keys or seed phrases (never share these with anyone)
- We do not use cookies for tracking or advertising
- We do not sell your data to third parties
- We do not use your data for advertising purposes
3. How We Use Your Information
- Providing the service — storing your record metadata on-chain, processing payments, sending Record IDs
- Account management — authentication, session management, account recovery
- Security — fraud detection, abuse prevention, rate limiting
- Service improvement — understanding which features are used, fixing bugs, improving reliability
- Legal compliance — complying with applicable laws, responding to lawful requests from authorities
- Builder revenue share — tracking referral relationships to calculate and pay 40% revenue share to API builders
4. Data Sharing
We do not sell your personal information. We may share information with:
- Stripe, Inc. — for payment processing, subject to Stripe's Privacy Policy
- Infrastructure providers — AWS and VPS providers may have access to server logs as part of normal operations. These providers are bound by their own privacy and security commitments.
- Blockchain networks — record metadata is broadcast to and stored across multiple public blockchain networks as part of the service
- Law enforcement — if required by valid legal process, court order, or to protect the rights and safety of others
- Business transfers — in the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction
5. Data Retention
- Usage logs — retained for up to 12 months for billing, fraud prevention, and audit purposes
- Account data — retained while your account is active and for a reasonable period after termination
- Payment records — retained as required by applicable law and Stripe's retention policies
- Blockchain data — permanently stored on public blockchain networks and outside our control to delete
6. Security
We implement reasonable security measures to protect your information including:
- API keys stored as cryptographic hashes only — never in plaintext
- Secrets managed via AWS Secrets Manager and GPG-encrypted storage on oracle servers
- IP addresses stored only as hashed values
- TLS encryption for all data in transit
- Reed-Solomon encoded redundant storage across 20 blockchain networks
- Rate limiting and abuse detection
No security system is impenetrable. If you discover a security vulnerability, please report it to security@healchain.org.
7. Your Rights
Depending on your jurisdiction, you may have rights including:
- Access — request a copy of the personal data we hold about you
- Correction — request correction of inaccurate personal data (note: on-chain records cannot be modified)
- Deletion — request deletion of your account and off-chain personal data. On-chain records cannot be deleted by design.
- Portability — request your data in a portable format
- Opt-out — opt out of any marketing communications
EU/EEA residents: You may have additional rights under the General Data Protection Regulation (GDPR). We process your data on the legal basis of contractual necessity and legitimate interest.
California residents: Under the CCPA, you have the right to know what personal information is collected, the right to delete, and the right to opt out of the sale of personal information. We do not sell personal information.
To exercise these rights, contact hello@healchain.org. We will respond within 30 days.
8. Cookies
HealChain uses minimal cookies for:
- Session authentication (keeping you logged in)
- Referral code tracking (builder revenue share)
- Language preferences (Google Translate)
We do not use advertising or tracking cookies.
9. Children's Privacy
The Service is not directed to individuals under the age of 18 (21+ for gaming features). We do not knowingly collect personal information from minors. If you believe we have inadvertently collected information from a minor, contact us at hello@healchain.org and we will take steps to delete it.
10. Third-Party Links and Services
The Service may contain links to third-party websites or services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you use.
11. International Users
HealChain is operated from the United States. If you access the Services from outside the US, your information may be transferred to and processed in the US. By using the Services, you consent to this transfer.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last Updated" date above. Continued use of the Services after changes constitutes acceptance.
13. Contact
For privacy questions or requests: hello@healchain.org
For security concerns: security@healchain.org
Website: healchain.org
HealChain is committed to operating with transparency and respect for the privacy of our users.