Privacy Policy

Effective July 7, 2026 · Version 0 (development phase)

TensorHealthWell ("THW", "we") is a venture founded by Robert Rozploch (incorporation as a Delaware Public Benefit Company planned), building the Personal Health Vault ("PHV") — an application that helps you gather, organize, and protect your own health records. This policy covers both this website and the PHV application in its current development phase. Contact: privacy@tensorhealthwell.com.

The short version

1. This website

We host a static informational site. Our hosting provider processes basic technical request data (such as IP address and browser type) to serve and secure the pages; we do not use it to identify or profile visitors, and we add no analytics or tracking of any kind.

2. The PHV application (development phase)

Your right to obtain your own medical records electronically is established by federal law — including the HIPAA right of access, the 21st Century Cures Act's information-blocking rules, and the CMS Patient Access API requirements — and the PHV exists to help you exercise it. The PHV connects to health-data sources — such as patient-access APIs offered by health systems and insurance plans — only at the direction of the individual whose records they are, using read-only access. During development:

3. Commitments that carry into every future version

4. Your rights

Write to privacy@tensorhealthwell.com with any privacy question or request. Full data export (free, in standard formats) and verifiable deletion are designed into the product from the first version — when the PHV launches, you will be able to leave, with everything, at any time.

5. Where HIPAA fits

THW is not a health-care provider or insurer. When you direct your provider or health plan to transmit your records to your PHV (for example, under your HIPAA right of access or the 21st Century Cures Act API programs), the copy you receive through the app is governed by this policy and by consumer-protection law — including the FTC Act and the FTC Health Breach Notification Rule — rather than by HIPAA. We consider that a responsibility, not a loophole, and the commitments in §3 are written to exceed what those laws require.

6. Security incidents

If a security incident affects personal data, we will notify affected individuals and regulators as applicable law requires, without unreasonable delay.

7. Children

Neither the site nor the application is directed at children under 18 during the development phase.

8. Changes

Material changes will be posted here with a new effective date. No external user will be onboarded before a complete, user-tested privacy policy is published.