Rash ID Logo

Rash ID

Privacy Policy

Effective Date: July 11, 2025

1. Our Commitment to Your Privacy

Your privacy is a sacred trust. At Rash ID, we are committed to treating you and your information with the dignity, respect, and confidentiality you deserve. This policy describes our practices for handling your information as a "business associate" under HIPAA and as a "data controller" under GDPR. We handle your data in compliance with these and other applicable data protection laws, including the California Consumer Privacy Act (CCPA).

2. Information We Collect and Legal Basis for Processing

We collect only the minimum information necessary. The legal basis for processing your data is outlined for each category.

Account Information:

We collect your first name and email address.

  • Legal Basis: Performance of our contract with you to provide the service.

Protected Health Information (PHI):

This includes your age range, gender, skin tone, images of your skin condition, and your textual description of your symptoms.

  • Legal Basis: Your explicit and informed consent. Before you submit your first scan, you will be presented with a clear consent form that explains exactly what data you are providing and how it will be used. You must affirmatively agree to this consent before we can process your health information. This consent is logged.

Technical Data:

This includes device type, operating system, and IP address.

  • Legal Basis: Our legitimate interest in ensuring the security and functionality of our service.

Optional Research Data:

This is a de-identified copy of your PHI used for service improvement.

  • Legal Basis: Your explicit, opt-in consent, separate from the consent to process your PHI for service delivery.

3. How We Use Your Information

  • To Provide Our Educational Service: We use your PHI to provide you with educational, AI-powered insights to help you prepare for a conversation with a qualified healthcare provider. To be clear: Rash ID does not provide medical advice, medical diagnoses, or medical treatment.
  • To Communicate With You: To send critical updates about our service or respond to your inquiries.
  • To Improve Our Service (With Consent): With your explicit opt-in consent, we use de-identified data to improve our AI models.

4. Data Sharing, Security, and Retention

Data Security:

We implement and maintain robust administrative, physical, and technical safeguards to protect your PHI, including end-to-end encryption for data in transit and at rest.

Business Associates:

We do not sell your data. We utilize trusted third-party partners for essential services, such as secure cloud infrastructure (e.g., AWS, Google Cloud) and other service providers for analytics or customer support. We have a signed Business Associate Agreement (BAA) with any partner that may come into contact with your PHI.

Data Retention:

We retain your personal data and PHI for as long as your account is active. If you delete your account, we will permanently and irretrievably delete your information from our active systems within a period of 30 days. Please note that after deletion from our active systems, your data may persist in our backup archives for a limited period before being overwritten, in accordance with our backup and disaster recovery protocols.

5. Children's Privacy

This service is intended for adults and is not directed to individuals under the age of 18. We do not knowingly collect any personal information from individuals under 18. If you are a parent or guardian and you believe your child has provided us with information without your consent, please contact us immediately so we can take steps to delete that information.

6. International Data Transfer

Our services are hosted in the United States. If you are using the service from another country, the laws governing data collection and use may differ. By using this service, you consent to the transfer of your information to the United States and the processing of your data in accordance with this Privacy Policy. For users in the European Economic Area (EEA), we rely on approved data transfer mechanisms, such as Standard Contractual Clauses, to ensure your information is adequately protected.

7. Your Rights and Control Over Your Information

You have specific rights regarding your information, which you can exercise through the app's settings or by contacting us. These include the Right to Access, Rectification, Erasure, Withdrawal of Consent, Objection to Processing, and Data Portability.

8. Your California Privacy Rights

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA). This includes the rights listed in Section 7. We do not sell your personal information.

9. Response to "Do Not Track" Signals

Our service is a native mobile application and does not use third-party advertising cookies that track your activity across different websites. Therefore, browser-based 'Do Not Track' signals are not applicable to the core functionality of our service.

10. Changes to This Privacy Policy

We may update this policy to reflect changes in our practices or the law. If we make material changes, we will provide you with prominent notice and obtain your consent where required.

11. Contact Information

For any questions, concerns, or to exercise your rights, please contact our:

Rash ID

Copyright ©2024 Appsmiths LLC. All rights reserved.