1. Introduction
My Sunrise App, LLC ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our progressive web application ("Service") and related marketing sites.
We are a HIPAA-covered entity and handle your protected health information (PHI) in accordance with HIPAA regulations.
2. Data Protection Commitment
We will never sell, rent, or provide access to your personal data or protected health information to third parties for marketing or commercial purposes.
Your health information and personal data are strictly confidential and used solely to provide you with our services.
3. Information We Collect
3.1 Personal Information
- Account Information: Name, email address, username, password
- Profile Information: Age, recovery-related preferences and settings
- Contact Information: Information provided when contacting support or submitting website forms
3.2 Protected Health Information (PHI)
Under HIPAA, we may collect PHI including:
- Recovery progress data and metrics
- Journal entries and notes related to your TBI recovery
- Symptoms, challenges, and recovery milestones you choose to track
- Goals and objectives related to your recovery journey
- Photos you upload related to your recovery (Premium users only)
3.3 Usage and Technical Information
- Device information (type, operating system, browser)
- App usage patterns and feature utilization
- Performance and crash data
- IP address and general location data (for security and service optimization)
- Website analytics (for example, Google Analytics on mysunrise.app)
3.4 Communication Data
- Support inquiries and our responses
- Contact form and mailing list submissions from our website
- Feedback and survey responses
4. How We Use Your Information
4.1 Service Delivery
- Provide and maintain the My Sunrise App service
- Process your account registration and manage your subscription
- Deliver personalized features and content
- Provide AI-powered insights (Premium users)
- Send service-related notifications and updates
4.2 Service Improvement
- Analyze usage patterns to improve our features
- Conduct research to enhance TBI recovery support tools
- Develop new features and services
- Ensure technical functionality and security
4.3 Communication
- Respond to your support requests and inquiries
- Send important service announcements
- Provide optional marketing communications (only with your consent)
4.4 Legal and Safety
- Comply with legal obligations
- Protect against fraud and security threats
- Enforce our Terms of Use
5. Marketing Communications — Opt-In / Opt-Out
- All marketing emails are opt-in only — we will never add you to marketing lists without your explicit consent
- You can opt out at any time by clicking the unsubscribe link in any marketing email, updating preferences in your account settings, or contacting support
- Service-related communications (such as billing or security alerts) are necessary for account management and cannot be opted out of while maintaining an active account
6. How We Share Your Information
6.1 No Third-Party Sales or Marketing
We do not and will never sell, rent, or share your personal information or PHI with third parties for their marketing purposes.
6.2 Service Providers
We may share limited information with trusted service providers who help us operate our service:
- Vercel — hosts application and website infrastructure
- Stripe — processes subscription payments (payment data only, not health data)
- Kastro — receives contact form and mailing list submissions on our behalf
- Google Analytics — helps us understand traffic on our marketing site
6.3 Legal Requirements
We may disclose information when required by law, such as in response to valid legal process, to protect our rights or safety, or to investigate fraud or security incidents.
6.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, user information may be transferred, subject to the same privacy protections.
7. Data Security and HIPAA Compliance
We implement comprehensive security measures including encryption in transit and at rest, access controls, monitoring, and HIPAA-aligned infrastructure practices. As a covered entity, we maintain administrative, physical, and technical safeguards for PHI.
8. Your Privacy Rights
Under HIPAA, you may request access, amendment, restriction, accounting of disclosures, and confidential communications regarding your PHI. You may also request access, correction, deletion, and opt-out of marketing. California residents have additional CCPA rights including the right to know, delete, and non-discrimination for exercising privacy rights.
9. Data Retention and Deletion
- Active accounts: data retained while your account is active
- Inactive accounts: data deleted after 3 years of inactivity
- PHI: retained per HIPAA requirements (typically 6 years from last activity)
- Marketing data: deleted within 30 days of opt-out
- Account deletion: personal data deleted within 30 days, with PHI disposed of per HIPAA
10. International Data Transfers
Our services are provided from the United States and intended for U.S. residents only. We do not intentionally collect information from individuals outside the United States.
11. Children's Privacy
Our service is not intended for children under 14 years of age. We do not knowingly collect personal information from children under 14. If we become aware that we have collected such information, we will take steps to delete it promptly.
12. Cookies and Tracking Technologies
We use cookies and similar technologies to maintain login sessions, remember preferences, analyze usage and performance, and provide security features. You can control cookies through your browser settings, though some features may not function properly if cookies are disabled.
13. Third-Party Links
Our app and website may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.
14. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will post the updated policy with a new "Last Updated" date, notify you of material changes via email or in-app notification, and for PHI-related changes provide notice as required by HIPAA.
15. Data Breach Notification
In the unlikely event of a data breach involving your PHI, we will notify you within 60 days of discovery, report to the Department of Health and Human Services as required, and take immediate steps to secure your information.
16. Contact Information
For privacy questions, HIPAA-related requests, or data protection concerns, contact us at hello@mysunrise.app or through the support form in the app.
My Sunrise App, LLC
Houston, Texas, United States
By using My Sunrise App, you acknowledge that you have read and understood this Privacy Policy and agree to our collection, use, and disclosure of your information as described herein.
Contact us