FH-ALPHA-PRIVACY-v1
Alpha Privacy & Health Data Authorization.
This Alpha Privacy and Health Data Authorization explains the types of data Fursan Health, Inc. (the "Company") may collect during the private alpha and the limits that should be built into the signup and testing process. This is intended to supplement, not replace, a full public Privacy Policy.
1. Data categories
| Category | Examples | Alpha collection rule |
|---|---|---|
| Identity and contact | Name, email, phone, state, military status flag, provider role flag | Collected for signup, eligibility, legal records, support, and DocuSign |
| Technical / device | IP, user agent, device, OS, app version, crash logs, telemetry | Collected for security, debugging, audit, and product improvement |
| Fitness and wellness | Nutrition logs, calories, macros, micros, fasting, workouts, sleep, weight, hydration, vices, supplements | Collected only if user chooses to test relevant features |
| Wearable / integration data | Apple Health, Fitbit, Garmin, Oura, WHOOP, Withings, or similar data if connected | Permissioned only; provenance should be stored |
| Medical records / labs | Blood panels, lab PDFs, clinical records, medical history | Do not collect in alpha unless specifically enabled with separate consent and workflow controls |
| Provider notes | Session notes, voice notes, transcripts, client/athlete notes | Provider testing only; no third-party PHI / client / patient data without separate consents |
| Feedback | Bug reports, survey responses, suggestions, product-shaping notes | Used for product improvement and assigned to Company under the Alpha Agreement |
| Legal records | Clickwrap events, E-SIGN consent, DocuSign envelope ID, signed PDFs, hashes | Retained for enforceability, audit, and compliance |
2. Alpha privacy commitments
- Company will not sell alpha participants' personal health data.
- Company will not use alpha health data for targeted advertising.
- Company will collect only the information reasonably needed for alpha testing, product improvement, security, support, and legal records.
- Company will use role-based access controls and logging for internal access to alpha data.
- Company will retain legal acceptance records, audit records, security logs, and signed documents even if product data is deleted, to the extent permitted by law.
- Company will support deletion requests for alpha product data, subject to legal, security, backup, fraud, audit, and contractual retention exceptions.
- Company will not intentionally route PHI or sensitive records to AI vendors unless the workflow, vendor posture, and user consent permit it.
3. State-specific privacy rights
Tester may have privacy rights under state laws, including rights to access, delete, correct, opt out of certain sharing/sales, limit sensitive personal information uses, and revoke health-data consent. Company should provide a clear privacy request channel at privacy@fursanhealth.com and a self-service deletion/export roadmap.
- Washington residents may have rights under Washington's My Health My Data Act.
- California residents may have rights under California privacy and medical information laws.
- Oregon and New Jersey residents may have rights under their state privacy laws if Company meets statutory thresholds.
- Pennsylvania does not currently have the same comprehensive consumer privacy framework as California, Washington, Oregon, or New Jersey, but Company should voluntarily honor privacy requests where practical and lawful.
4. Consent to alpha processing
By signing the Alpha Agreement, Tester authorizes Company to collect, use, disclose to processors/vendors, store, analyze, transmit, secure, debug, and process Tester's alpha data as described in this Authorization, the Alpha Agreement, and the Privacy Policy/Notice presented during signup. Tester may withdraw from the alpha program by contacting Company, but withdrawal does not invalidate prior lawful processing or legal acceptance records.