Privacy Policy — PHR Health Records

1. Data Stored by This App

PHR stores personal health information you enter, including but not limited to: medical conditions, medications, allergies, vital signs, immunizations, test results, procedures, treatments, insurance details, care team contacts, legal documents, and visit history. This data is stored locally on your device in a SQLite database within the app's sandboxed storage area, inaccessible to other apps. We do not have access to your health data.

In addition to records you type in directly, PHR can import data from two sources you control: a Continuity of Care Document (CCDA) XML file you download from a patient portal, and an Apple Health export you generate on your iPhone. Both imports happen entirely on your device — PHR reads the file you select, stages the contents for your review, and saves only what you choose to import. Neither feature contacts the patient portal, Apple, or any other server.

Several screens in PHR (Reports, Procedures, Legal Documents, Treatments, Insurance, and Visits) let you attach files such as PDFs, images, and documents. Smaller files are copied into PHR's sandboxed storage; larger files are referenced in place using an iPadOS security-scoped bookmark. Either way, attachments stay on your device and are included in your local backups but are never transmitted.

2. Device Security

PHR does not have its own login or password. Access to your records is protected by your iPad's lock screen — anyone who can unlock the iPad can open the app. We strongly recommend keeping a passcode enabled in your iPad's Settings, and using Face ID or Touch ID where available. iPadOS also lets you require Face ID, Touch ID, or your passcode to open individual apps; you can enable this for PHR by long-pressing the PHR icon on the Home Screen and choosing Require Face ID (or Touch ID). PHR itself does not request biometric data — these protections are managed entirely by iPadOS.

3. On-Device Storage Only

All health data remains on your device at all times. PHR does not upload, sync, or transmit your health records to any server, cloud service, or third party, except for the limited, user-initiated cases described in Section 4. There is no account creation, no remote database, and no telemetry. Your data exists solely on the device where you enter it.

4. When Data Leaves Your Device

Support Requests — When you tap Send on a support request, PHR opens your device's email app with a pre-filled message addressed to Evans & Associates PHR, LLC. The message is sent from your own email account — no email credentials leave the PHR app. You review the message and tap Send yourself. If you include health information in the description, that information passes through your email provider and is stored in Gmail on our side.
Backups — You may export a backup of your database to a location you choose (e.g., external drive, iCloud Drive). We do not receive or store your backups.
Transfer Patient — You may export a single patient's records as a .phrp file to move them to another iPad. The file goes wherever you tell iOS to send it (AirDrop, the Files app, email, etc.). We do not receive or store transferred files.
Medication Lookups — When you use the NIH Lookup or FDA Drug Info features on the Medications screen, your search terms are sent to the National Institutes of Health (clinicaltables.nlm.nih.gov — NIH RxTerms / Clinical Table Search Service) and the U.S. Food and Drug Administration (api.fda.gov) to retrieve drug names, labels, and interaction data. These are U.S. government public APIs. No personal health records or patient information is transmitted — only the drug name you search for.
Sharing / Printing — You may print or share health reports through your device's built-in sharing features. These actions use your device's native capabilities and do not route through our servers.
Health Check (AI Analysis) — If you run a Health Check, PHR sends a de-identified snapshot of the patient record to the AI service you have configured (Claude, OpenAI, Gemini, or xAI (Grok)) using the API key you have entered on this device. The snapshot includes age (as an integer), sex, height, weight, lifestyle notes, and the clinical categories you choose.

No identifying information is sent.

Name, date of birth, street address, phone numbers, email addresses, medical record numbers, insurance policy or member numbers, lot numbers, care team names / phones / emails, signatures, and report attachments are never transmitted during a Health Check.

A confirmation screen appears every time you run a Health Check, showing exactly what will be sent before you tap Send.

Your own free-text questions on the Health Check screen are sent to the AI service verbatim and are not scrubbed. Do not type names, phone numbers, addresses, or other identifying details into that field.

Ask AI — The Ask AI feature sends whatever question you type — plus any attachment you choose to include — to the AI service you have configured. Perplexity opens your question in Safari and does not require an API key or account. Claude, OpenAI, Gemini, and xAI (Grok) are sent directly from the app using your own API key, and each requires a paid subscription with that vendor — PHR does not provide AI service itself. PHR does not automatically attach your health record to Ask AI queries; only what you type or attach leaves the device.

Ask AI does not strip identifiers.

Unlike the Health Check, Ask AI sends your question exactly as typed. Any names, dates of birth, addresses, phone numbers, email addresses, or record numbers you include in the question — or in an attached file — will be transmitted to the AI service. Review your question before tapping Send.

API keys for AI services are stored in the device's encrypted Keychain and are used only to authenticate your own requests. Once data reaches the AI service, it is governed by that service's own terms and privacy policy.

5. HIPAA Notice

PHR is a personal-use application and is not a Covered Entity under HIPAA. It is not intended for use by healthcare providers, insurance companies, or other regulated entities. All records are for your personal reference only.

6. Children's Privacy

PHR is designed for use by adults managing their own or their family's health records. The app does not knowingly collect information from children under 13 independently of parental involvement.

7. Changes to This Policy

Any updates to this Privacy Policy will be reflected in the app and at this URL with a revised effective date. Continued use of PHR after an update constitutes acceptance of the revised policy.

8. Contact

Questions about this Privacy Policy may be directed to:

Evans & Associates PHR, LLC
Fred@evansassoc-phr.com