1. Data Stored by This App

PHR stores personal health information you enter, including but not limited to: medical conditions, medications, allergies, vital signs, immunizations, test results, procedures, treatments, insurance details, care team contacts, legal documents, and visit history. This data is stored locally on your device in a SQLite database within the app's sandboxed storage area, inaccessible to other apps. We do not have access to your health data.

In addition to records you type in directly, PHR can import data from two sources you control: a Continuity of Care Document (CCDA) XML file you download from a patient portal, and an Apple Health export you generate on your iPhone. Both imports happen entirely on your device — PHR reads the file you select, stages the contents for your review, and saves only what you choose to import. Neither feature contacts the patient portal, Apple, or any other server.

Several screens in PHR (Reports, Procedures, Conditions, Legal Documents, Treatments, Insurance, and Visits) let you attach files such as PDFs, images, and documents. Attached files are copied into PHR's sandboxed storage and included in your local backups. They stay on your device and are never transmitted.

2. Device Security

PHR does not have its own login or password. Access to your records is protected by your iPad's lock screen — anyone who can unlock the iPad can open the app. We strongly recommend keeping a passcode enabled in your iPad's Settings, and using Face ID or Touch ID where available. iPadOS also lets you require Face ID, Touch ID, or your passcode to open individual apps; you can enable this for PHR by long-pressing the PHR icon on the Home Screen and choosing Require Face ID (or Touch ID). PHR itself does not request biometric data — these protections are managed entirely by iPadOS.

3. On-Device Storage Only

All health data remains on your device at all times. PHR does not upload, sync, or transmit your health records to any server, cloud service, or third party, except for the limited, user-initiated cases described in Section 4. There is no account creation, no remote database, and no telemetry. Your data exists solely on the device where you enter it.

4. When Data Leaves Your Device

Backups and exported files are not encrypted.

PHR does not put a password or encryption on backups, transferred patient files, or exported spreadsheets. Once such a file leaves the app, anyone who has it can open your health information. Store these files somewhere secure, share them only with people you trust, and delete copies you no longer need.

No identifying information is sent.

Name, date of birth, street address, phone numbers, email addresses, medical record numbers, insurance policy or member numbers, lot numbers, care team names / phones / emails, signatures, and report attachments are never transmitted during a Health Check.

A confirmation screen appears every time you run a Health Check, showing exactly what will be sent before you tap Send.

Your own free-text questions on the Health Check screen are sent to the AI service verbatim and are not scrubbed. Do not type names, phone numbers, addresses, or other identifying details into that field.

Ask AI does not strip identifiers.

Unlike the Health Check, Ask AI sends your question exactly as typed. Any names, dates of birth, addresses, phone numbers, email addresses, or record numbers you include in the question — or in an attached file — will be transmitted to the AI service. Review your question before tapping Send.

API keys for AI services are stored in the device's encrypted Keychain and are used only to authenticate your own requests. Once data reaches the AI service, it is governed by that service's own terms and privacy policy.

5. Website Analytics

The app itself collects no analytics — nothing about how you use it ever leaves your device. This website (evansassoc-phr.com) is separate: it uses Google Analytics to count page visits and see which articles people find useful. That analytics is anonymous, applies only to the website, and has no access to anything inside the app.

6. HIPAA Notice

PHR is a personal-use application and is not a Covered Entity under HIPAA. It is not intended for use by healthcare providers, insurance companies, or other regulated entities. All records are for your personal reference only.

7. Children's Privacy

PHR is designed for use by adults managing their own or their family's health records. The app does not knowingly collect information from children under 13 independently of parental involvement.

8. Changes to This Policy

Any updates to this Privacy Policy will be reflected in the app and at this URL with a revised effective date. Continued use of PHR after an update constitutes acceptance of the revised policy.

9. Contact

Questions about this Privacy Policy may be directed to:

Evans & Associates PHR, LLC
Fred@evansassoc-phr.com