Data Processing and Security

AndEase provides data processing and security documentation to clinics during onboarding after confirming clinic scope, data categories, subprocessors, roles, and required agreements.

This page is an overview for evaluation and does not replace a signed data processing agreement, business associate agreement, or other written clinic agreement where required.

For the personal app, AndEase is local-first by default and users control local entries, exports, HealthKit permissions, and Secure Sync choices.

For clinic portal workflows, a clinic may act as controller for its care context, and AndEase may act as processor or service provider for shared patient-reported data depending on the agreement and jurisdiction.

Depending on patient choices and clinic setup, Secure Sync can include pain logs, pain areas, medication logs, medication profiles, treatment logs, treatment profiles, selected HealthKit or Fitness summaries, selected workouts, patient name, date of birth, and optional verified email.

Provider portal account information can include names, work email addresses, clinic details, authentication data, access logs, and support information.

Clinic documentation should cover authentication, role-based access, logging, encryption, hosting, backup, incident response, retention, deletion, support channels, and subprocessor details.

AndEase will confirm the current implementation and clinic requirements before providing documents intended for signature or operational reliance.

AndEase is not intended to receive or process HIPAA-covered protected health information on behalf of a US covered entity unless a separate written agreement, such as a business associate agreement where required, is in place.

Clinics can request data processing, security, and onboarding documentation at [email protected].