Privacy Policy

Remedy Fund, LLC ("Company", "we", "us", "our") operates the Remedy Fund platform and is committed to protecting your privacy, including your health-related information. This Privacy Policy explains how we collect, use, and safeguard your information, with special attention to health information privacy.

Data Security Notice

We use industry-standard encryption, access controls, and security audits to protect your information. We are not a HIPAA-covered entity but implement strong security measures including 256-bit SSL encryption, encrypted data storage, strict access controls, and regular third-party security audits. Researchers are prohibited from requesting or posting Protected Health Information (PHI) on our platform.

Effective Date: January 1, 2025
Last Updated: January 1, 2025

1. Information We Collect

1.1 Information You Provide

Health-Related Information We May Collect:

  • Medical conditions or diseases you're interested in funding
  • Personal health stories you choose to share
  • Research areas related to specific health conditions
  • Your connection to medical conditions (patient, caregiver, etc.)
  • Account Information: Name, email address, password
  • Profile Information: Institution affiliation, research interests, bio
  • Payment Information: Processed securely through Stripe (we don't store card details)
  • Project/Pool Information: Research proposals, funding goals, updates
  • Communications: Messages, comments, support inquiries

1.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, time spent
  • Device Information: Browser type, operating system, IP address
  • Cookies: Session management and preferences

2. How We Use Your Information

2.1 General Uses

  • Process contributions and distribute funds
  • Connect researchers with funding opportunities
  • Send updates about projects you've backed
  • Notify about relevant funding pools
  • Improve platform features and user experience
  • Prevent fraud and ensure platform security
  • Comply with legal obligations

2.2 Health Information Uses

We use health-related information only for:

  • Matching researchers with relevant funding opportunities
  • Categorizing research projects and funding pools
  • Facilitating community connections around shared health interests
  • Improving platform features for medical research funding
  • Never for advertising or sale to third parties

3. Information Sharing

3.1 Public Information

The following is publicly visible:

  • Researcher names and institutions
  • Project titles, descriptions, and funding progress
  • Pool creator names and pool details
  • Contribution amounts (contributor names optional)
  • Project updates and milestone reports

3.2 Private Information

We keep private:

  • Individual votes (anonymous until results)
  • Email addresses
  • Payment details
  • Private messages between users

3.3 Third-Party Sharing

We share information with:

  • Payment Processors: Stripe for secure payments
  • Analytics: Aggregated usage data only
  • Legal Requirements: When required by law
  • Never: We never sell your personal information

4. Data Security and HIPAA-Inspired Safeguards

We implement comprehensive security measures inspired by HIPAA standards:

4.1 Technical Safeguards

  • SSL/TLS encryption for all data transmission
  • Encryption at rest for sensitive health information
  • Secure password hashing using industry standards
  • Access controls with role-based permissions
  • Audit logs for health information access
  • Regular security vulnerability assessments
  • PCI compliance through Stripe for payment data

4.2 Administrative Safeguards

  • Employee training on health information privacy
  • Access limited to minimum necessary information
  • Background checks for employees with data access
  • Confidentiality agreements for all staff
  • Regular privacy and security training
  • Incident response procedures

4.3 Physical Safeguards

  • Secure data center facilities with 24/7 monitoring
  • Restricted physical access to servers
  • Secure disposal of electronic media
  • Device encryption requirements
  • Clean desk policy for health information

5. Your Rights and Choices

5.1 Health Information Rights

Inspired by HIPAA's individual rights, you have the right to:

  • Access: Request a copy of your health information we maintain
  • Amendment: Request corrections to your health information
  • Accounting: Receive a list of certain disclosures of your health information
  • Restriction: Request limits on how we use your health information
  • Confidential Communications: Request communications by alternative means
  • Data Portability: Export your health information in a structured format

5.2 General Privacy Rights

You can also:

  • Access all your personal information
  • Update or correct your information
  • Delete your account (subject to legal requirements)
  • Export your data
  • Opt out of non-essential communications
  • Withdraw consent for health information processing

5.2 Communication Preferences

You can control:

  • Project update frequency
  • Marketing emails (opt-out available)
  • Notification settings

6. Cookies and Tracking

We use cookies for:

  • Keeping you logged in
  • Remembering your preferences
  • Understanding platform usage
  • Improving user experience

You can control cookies through your browser settings, but some features may not work properly without them.

7. Health Information Consent

We obtain your explicit consent before collecting health-related information:

  • Consent is requested at the time of collection
  • You can withdraw consent at any time
  • Separate consent for different uses of health information
  • Clear explanation of how health information will be used
  • Option to participate without sharing health information

Your Choice: Sharing health information is always optional. You can use Remedy Fund without providing personal health details.

8. Data Breach Notification

In the event of a data breach involving health information:

  • Individual Notice: Affected users notified within 72 hours of discovery
  • Content: Description of breach, types of information involved, steps taken
  • Remediation: Free credit monitoring if financial data compromised
  • Regulatory Notice: Appropriate authorities notified as required
  • Public Notice: Website notice for breaches affecting 500+ users

9. Data Retention

We retain:

  • Account Information: Until account deletion
  • Project Information: Indefinitely for historical record
  • Transaction Records: 7 years for tax/legal compliance
  • Communications: 2 years or as legally required

10. Children's Privacy

The Remedy Fund platform is not intended for users under 18. We do not knowingly collect information from children. If we learn we have collected information from a child under 18, we will delete it.

11. International Users

If you access the Remedy Fund platform from outside the United States, please note that your information will be transferred to and processed in the United States where Remedy Fund, LLC is located.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by email or through the platform. Continued use after changes constitutes acceptance.

13. Contact Us

For privacy-related questions or concerns:
Email: privacy@remedy.fund
General support: support@remedy.fund

Remedy Fund, LLC
Data Protection Officer
privacy@remedy.fund

Health Information Inquiries:
For questions specifically about how we handle health information:
Email: health-privacy@remedy.fund
Phone: 1-800-REMEDY-1 (ask for Privacy Officer)

This Privacy Policy is part of our Terms of Service. By using the Remedy Fund platform, you agree to both policies.