Beta version — pending legal review. This document may change before launch.
Privacy Policy — Praxia
Version: v2.0-beta — Date: 2026-06-10
Beta version — pending specialized legal review (Chile, Law 21.719). This policy is published during Praxia's beta phase and will be validated by qualified legal counsel in Chile (data protection + health) before its final version. It replaces v1.0 (Klinea, "training" scope). Moving to the final version will require re-acceptance at login.
This policy describes how Praxia collects, uses, protects, and shares your personal data. Praxia is an Electronic Health Record (EHR / "RCE") and, as such, is designed to process identifiable clinical patient data (including real name and RUT) under reinforced consent, encryption, least-privilege access, and a prior impact assessment (DPIA). During the closed beta of the Practice module, no real patient data is stored (see Terms of Use §6).
1. Controller identity and contact
- Data controller: [Praxia/HealthHero LEGAL ENTITY] — Tax ID (RUT) [TO COMPLETE].
- Domicile / jurisdiction: [TO COMPLETE — Chile].
- Data Protection Officer (DPO): [NAME/ROLE to be appointed] — contact: [DPO email].
- Channel to exercise rights and inquiries: [email/channel] — response time: [X business days, per law].
2. Catalog of data we process and purposes
- Patient identification (real name, RUT, contact details). Purpose: unambiguous identification in the health record; continuity of care. Legal basis: patient reinforced consent and/or performance of the agreement with the society (to be confirmed by legal review).
- Patient health data (clinical log, PROMs such as SOC-13 / EQ-5D-5L, care plans, appointments). Purpose: clinical case management (EHR), follow-up, scheduling. Legal basis: reinforced consent (sensitive data).
- Professional data (name, email, profession, country, specialty, institution, registration number). Purpose: platform access, professional verification, certificates. Legal basis: explicit consent + contract performance.
- Society member roster (via the society: name, email/RUT, specialty, registration number, membership status). Purpose: validate membership and activate the "Member" tier. Legal basis: agreement (DPA) with the controlling society.
- Platform usage (courses, sections, answers, self-assessments, journals). Purpose: service access, progress, aggregate/anonymized improvement. Legal basis: contract performance + legitimate interest (aggregated data only).
- Technical (IP, user agent, timestamps). Purpose: security, audit, fraud prevention. Legal basis: legitimate interest / legal obligation (audit trail).
- Consents (what you consented to, when, which version). Purpose: compliance and proof (append-only audit trail). Legal basis: legal obligation.
Minimization: we collect only the fields needed for each declared purpose. We do not use data for undisclosed secondary purposes.
3. Sensitive health data (EHR condition)
Praxia, as an Electronic Health Record, processes identifiable health data of the patient. To do so we apply:
- Reinforced consent specific to health data (separate from general consent). Exact wording to be validated by legal counsel.
- Encryption of clinical PII (AES-256 at rest + TLS in transit) and isolation of the identity store.
- Least-privilege access by role via Row Level Security (RLS) and 2FA for clinical/administrative staff.
- DPIA (impact assessment) completed before storing the first real record.
- Immutable auditing of all record access (who, what, when).
4. Data subject rights
You have the right to access, rectification, cancellation, objection, and portability of your data:
- Access: download your data (export) from Settings → Data, or request it via the §1 channel.
- Rectify: edit in your profile or request via the channel.
- Cancel: account deletion with a 30-day grace period.
- Objection / portability: via the §1 channel.
Patient's right to access their health record (Law 20.584): as the holder of a health record in Praxia, you have the right to access the information it contains. Channel and deadline to be confirmed by legal review.
Important (retention vs. deletion): the health record is subject to a legal retention period (Decree 41/2012, typically 15 years from the last entry — to be confirmed by legal review). Therefore, "cancellation" of health-record data is performed as blocking/anonymization, not physical deletion, for as long as the legal retention obligation lasts.
5. Supervisory authority
You may file complaints with Chile's Personal Data Protection Agency (APDP), without prejudice to the internal channels in §1.
6. Data location and international transfers
- Data is hosted on Supabase, region `sa-east-1` (São Paulo, Brazil), which constitutes an international transfer.
- Applicable safeguards: Data Processing Agreement (DPA) + standard contractual clauses (SCC) with the processor, data subject consent, and encryption of clinical PII. Sufficiency of these safeguards under Law 21.719 to be confirmed by legal review.
- A migration path to Chile for the identity store is designed should the law, a society, or MINSAL require it.
7. How we protect your data
- Encryption in transit (TLS) and at rest (AES-256 for clinical PII).
- RLS by tenant/role: each user and each clinic accesses only what corresponds to them.
- 2FA for clinicians and administrators.
- Append-only auditing with verifiable integrity.
- Secrets kept out of the repository + rotation policy.
- Encrypted backups and a restoration plan.
8. Retention periods
- Health record: legal retention period (Decree 41/2012, typically 15 years from the last entry — to be confirmed by legal review), guaranteeing integrity, timely access, confidentiality, and authenticity; deletion is documented in a formal record.
- Other data: for as long as the declared purpose lasts + minimization; upon account closure, deletion after the grace period (unless a legal retention obligation applies).
9. Processors and sub-processors
We work with vendors acting as processors, under contract (DPA) and equivalent security and confidentiality obligations: Supabase (database, auth, storage), Hostinger (application VPS), Cloudflare (CDN/DNS/WAF), Resend (transactional email), our own push notifications, and a WhatsApp/SMS provider if reminders are enabled. The current list is available on request.
10. Breach notification
In the event of a security breach affecting your data, we will notify the APDP and affected data subjects without undue delay, in accordance with Law 21.719 and our internal breach management procedure.
11. Version and change history
- v1.0 — initial policy ("training" scope, Klinea).
- v2.0-beta (2026-06-10) — EHR reframe: identifiable clinical data, reinforced consent, DPIA, Brazil transfer with safeguards, record retention (Decree 41/2012), right to access the record (Law 20.584), APDP, breach procedure. The final version will require re-acceptance at login.
Pending legal review in Chile before the final version. Items to confirm: primary legal basis, reinforced-consent wording, sufficiency of the international transfer, exact retention and rights-response deadlines, and the record-access channel/deadline.