This Privacy Policy explains how New Heights Pharmaceuticals (“we”, “us”, “our”) collects, uses, protects, and shares information when you use the NHP HealthCheck mobile application (the “App”) and its related services. By creating an account or using the App, you agree to the practices described in this policy.
1. Who We Are
NHP HealthCheck is operated by New Heights Pharmaceuticals. For privacy enquiries, contact us at info@newheightspharma.com or visit newheightspharma.com.
2. Who Uses the App
The App supports two kinds of accounts:
- Hospital accounts — healthcare institutions and their staff who record and review patient health checks.
- Individual accounts — people managing their own personal health records.
Where a hospital enters patient information, the hospital is responsible for ensuring it has the appropriate authority and patient consent to record that information. We process such information on the hospital's behalf to provide the service.
3. Information We Collect
Account information
- Name (institution name or personal name)
- Email address
- Password (stored only as a secure cryptographic hash — we cannot see your password)
- For individual accounts: date of birth and gender
- For hospital accounts: institution address (optional)
Health information
- Patient demographic details (name, date of birth, gender)
- Physical measurements (height, weight, calculated BMI, vital signs)
- Laboratory and diagnostic test results entered into the App, scanned from test cassettes, or extracted from uploaded documents
- AI-generated clinical summaries derived from the above
Technical information
- Crash and error reports (via Sentry), which include device model, operating system version, and the technical details of the error. We configure error reporting to exclude personal and health information.
- Basic service logs (timestamps, request outcomes) needed to operate and secure the service.
We do not collect your location, contacts, or advertising identifiers, and the App contains no advertising or third-party marketing trackers.
4. How We Use Information
- To provide the service: recording health checks, generating reports and PDFs, and displaying patient records to authorised users.
- To generate AI clinical summaries of entered test results (see Section 5).
- To send essential transactional emails: verification codes, password reset codes. We do not send marketing email through the App.
- To secure the service: authentication, rate limiting, and abuse prevention.
- To fix problems: crash and error diagnostics.
We do not sell personal information, and we do not use health information for advertising.
5. AI Processing
When a health check is submitted, certain patient data is sent to Anthropic, PBC (anthropic.com) and processed by their Claude AI model to generate a clinical summary. The following data is sent to Anthropic:
- Patient name, date of birth, and gender
- Vital signs (blood pressure, heart rate, temperature, etc.)
- Laboratory and diagnostic test results (blood tests, lipid panel, kidney and liver function, metabolic markers, hematology, infectious disease markers, reproductive health, urinalysis, and other entered results)
- Photos of rapid diagnostic test cassettes, if scanned via the camera
- Uploaded lab document files (e.g. PDF lab reports), if provided
Consent: Before any health data is sent to Anthropic, the App displays a clear disclosure and asks for your explicit consent. You may withdraw this consent at any time from the Profile screen within the App. Without consent, AI clinical summaries cannot be generated.
All data is transmitted to Anthropic over an encrypted HTTPS connection via our backend server. Under Anthropic's commercial API terms, submitted data is not used to train AI models. Anthropic's data handling is governed by their privacy policy at anthropic.com/privacy. The generated summary is stored with the health check record and is visible only to the account that created it.
6. Service Providers
We use a small number of service providers to run the App. Each receives only the information necessary to perform its function:
| Provider | Purpose | Data involved |
|---|---|---|
| Railway | Application hosting and database | All service data, encrypted in transit |
| Anthropic | AI clinical summary generation | Submitted test results and demographics |
| Resend | Transactional email delivery | Email address, verification codes |
| Sentry | Crash and error reporting | Technical error data only; configured to exclude personal and health information |
| Apple / Google | App distribution | Standard app store telemetry under their own policies |
7. Data Security
- All data is transmitted over encrypted connections (HTTPS/TLS).
- Passwords are hashed with bcrypt; we never store or transmit them in readable form.
- Access to records is restricted by account: hospitals can only access their own patients, and individuals only their own records.
- Authentication tokens are stored in the device's secure storage (iOS Keychain / Android Keystore) and expire automatically.
8. Data Retention and Deletion
- Your information is retained while your account is active.
- You may delete your account at any time from the Profile screen in the App. Deleted accounts can no longer sign in or be accessed.
- To request complete erasure of your data from our systems, contact info@newheightspharma.com. We will action verified erasure requests within 30 days, except where retention is required by law.
9. Your Rights
Depending on the laws that apply to you, you have the right to:
- Access a copy of the personal information we hold about you
- Correct inaccurate information
- Delete your information
- Object to or restrict certain processing
- Receive your information in a portable format
You may also withdraw AI consent at any time directly from the Profile screen in the App, without needing to contact us.
To exercise any of these rights, contact info@newheightspharma.com. Individuals whose records were entered by a hospital should direct requests to that hospital in the first instance, as the holder of the treatment relationship.
10. Children
The App is not directed at children, and individual accounts may only be created by adults. Patient records for minors may be entered by hospital accounts in the course of providing healthcare, under the hospital's own consent processes.
11. International Transfers
Our service providers may store or process data in countries other than your own. Where they do, we rely on their contractual safeguards and security certifications to protect your information to the standard described in this policy.
12. Changes to This Policy
We may update this policy as the App evolves. Material changes will be announced in the App or by email, and the “Last updated” date above will always reflect the current version.
13. Contact
New Heights Pharmaceuticals
Email: info@newheightspharma.com
Website: newheightspharma.com