Privacy Policy

PRE-RELEASE TESTING VERSION

Last Updated: February 26, 2026

⚠️ IMPORTANT BETA NOTICE

This Privacy Policy applies to the HealthSync Beta Service, which is a pre-release testing version of our platform. The Beta Service is fully secured with enterprise-grade security controls. However, certain compliance-related features and processes required by HIPAA, GDPR, and PDPA are still being finalized and are not yet fully operational during the beta phase. For example, automated data portability features are implemented but being enhanced before public availability. During beta, compliance requests can be fulfilled by contacting privacy@healthsync.lk. By using the Beta Service, you acknowledge that you are voluntarily participating in a testing program where compliance features are pending completion.

1. Introduction

Axon Systems (Pvt) Ltd (“we,” “us,” “our,” or “HealthSync”) is committed to protecting your privacy during the beta testing phase of the HealthSync platform. This Beta Privacy Policy (“Policy”) explains how we collect, use, disclose, store, and protect your information when you participate in the HealthSync Beta Service (“Beta Service,” “Beta Platform,” or “Services”).

This Policy is specifically designed for the beta testing phase and may differ from our final production Privacy Policy. Key differences include additional testing-related data collection, preliminary security implementations, and ongoing compliance development activities.

By accessing or using the Beta Service, you agree to the collection, use, and disclosure of your information as described in this Policy and the Beta User Agreement. If you do not agree with this Policy, you must not use the Beta Service.

2. Beta Status and Compliance Positioning

2.1 Current Development Status

HealthSync is currently in beta testing phase. This means:

  1. The platform is undergoing active testing, refinement, and feature enhancements
  2. Core security systems are fully implemented and operational
  3. Certain compliance-related features and processes are being finalized before public availability
  4. The platform may contain bugs or usability issues that are being identified and resolved
  5. Features and functionality may be added, modified, or improved based on beta testing feedback
2.2 Compliance Framework Design

HealthSync has been architected and designed from the ground up with privacy and security at its core, aligning with the principles and requirements of:

  1. Personal Data Protection Act No. 9 of 2022 of Sri Lanka (PDPA)
  2. Health Insurance Portability and Accountability Act of the United States (HIPAA)
  3. General Data Protection Regulation of the European Union (GDPR)
2.3 Security and Compliance Status

Important Disclosure: HealthSync is fully secured with enterprise-grade security controls, encryption, and access management systems. However, certain compliance features required by HIPAA, GDPR, and PDPA are still being finalized and are not yet fully operational during the beta phase.

The system is secure and protects your data using industry-standard security practices. What is pending are specific compliance-related features and processes, such as:

  1. Automated data portability features (e.g., self-service “download all my data” functionality required by GDPR is implemented but being enhanced before public availability)
  2. Complete compliance documentation and standard operating procedures
  3. Third-party compliance audits and formal certifications
  4. Advanced compliance monitoring and automated reporting tools
  5. Final business associate agreements and data processing agreements with all service providers

During the beta phase, compliance-related requests (such as data downloads, data deletion, or specific rights exercises) can be fulfilled by contacting privacy@healthsync.lk. These features will be fully automated and self-service in the production environment. All pending compliance features will be completed and operationalized prior to our official commercial launch.

3. Definitions

For the purposes of this Beta Privacy Policy:

  1. “Beta Service” or “Beta Platform” means the pre-release testing version of HealthSync that you are accessing.
  2. “Beta Participant” or “Beta User” means any individual who has been granted access to the Beta Service.
  3. “Personal Data” means any information relating to an identified or identifiable natural person.
  4. “Health Information” or “Protected Health Information (PHI)” means any information relating to your physical or mental health, medical history, treatment, or healthcare services.
  5. “Testing Data” means data collected specifically for beta testing purposes, including usage patterns, error logs, performance metrics, and feedback.
  6. “Production Environment” means the final commercial version of HealthSync that will be launched after beta testing is complete.

4. Information We Collect During Beta

During the beta testing phase, we collect additional information beyond what will be collected in the production environment. This additional data collection is necessary for testing, debugging, improving the platform, and ensuring security and compliance readiness.

4.1 Standard User Information

We collect the same types of information described in our standard privacy framework:

4.1.1 Account Information (Required)
  1. Email address for account management and communications
  2. Password (encrypted using industry-standard hashing)
4.1.2 Profile and Health Information (Optional)
  1. Personal information: name, date of birth, gender, contact details
  2. Health information: medical records, test results, medications, diagnoses, treatment history
  3. Health metrics: vital signs, symptoms, health journal entries
  4. Documents and files: uploaded health records, images, PDFs
4.2 Beta-Specific Testing Data

In addition to standard data collection, we collect enhanced technical and behavioral data during the beta phase:

4.2.1 Enhanced Usage Analytics
  1. Detailed feature usage patterns and interaction flows
  2. Click tracking, navigation paths, and time spent on features
  3. Feature adoption rates and abandonment patterns
4.2.2 Comprehensive Error and Performance Monitoring
  1. Detailed error logs, stack traces, and crash reports
  2. Performance metrics: page load times, API response times, database query performance
  3. System resource utilization: memory usage, CPU usage, network bandwidth
  4. Browser and device compatibility data
4.2.3 Enhanced Security Monitoring
  1. Detailed authentication and access logs with timestamps
  2. Security event logs: failed login attempts, permission violations, suspicious activities
  3. Network traffic patterns and API call histories
  4. Data access patterns and anomaly detection metrics
4.2.4 Beta Feedback and Communications
  1. Voluntary feedback, suggestions, bug reports, and feature requests you submit
  2. Survey responses and testing questionnaires
  3. Communications with our beta support team
  4. Screenshots or recordings you voluntarily provide to illustrate issues
4.2.5 Development and Testing Metadata
  1. Beta version numbers and build information
  2. A/B test assignments and experiment participation
  3. Feature flag states and configuration settings

This enhanced data collection is temporary and specific to the beta testing phase. Many of these monitoring capabilities will be reduced or removed in the production environment, retaining only what is necessary for security, compliance, and essential operations.

5. How We Use Your Information During Beta

During the beta testing phase, we use your information for all standard service delivery purposes plus additional beta-specific purposes:

5.1 Standard Service Delivery
  1. Creating, maintaining, and managing your account
  2. Storing, organizing, and displaying your health information
  3. Generating health insights, charts, and reports
  4. Enabling data sharing with healthcare providers and authorized individuals
5.2 Beta Testing and Development
  1. Testing platform functionality, features, and integrations
  2. Identifying, debugging, and fixing errors, bugs, and technical issues
  3. Improving user experience, interface design, and usability
  4. Optimizing performance, speed, and reliability
  5. Validating data accuracy and quality of third-party integrations
  6. Conducting A/B tests and experiments to optimize features
5.3 Security and Compliance Validation
  1. Testing security controls, authentication, and authorization mechanisms
  2. Validating encryption, data protection, and privacy safeguards
  3. Detecting and preventing security threats, fraud, and abuse
  4. Preparing for compliance audits and certifications
  5. Establishing audit trails and monitoring capabilities for compliance readiness
5.4 Analytics and Research
  1. Analyzing usage patterns to understand how beta users interact with features
  2. Conducting research to improve health technology and platform capabilities
  3. Creating de-identified or aggregated datasets for product development

6. Data Security During Beta

6.1 Implemented Security Controls

Even during the beta phase, we have implemented comprehensive security measures to protect your data:

  1. Encryption: All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.2 or higher
  2. Password Security: Passwords are hashed using bcrypt with salt and cannot be recovered by our team
  3. Access Controls: Role-based access controls (RBAC) ensure data access is limited to authorized personnel
  4. Authentication: Multi-factor authentication (MFA) is available and recommended for all users
  5. Audit Logging: Comprehensive logs track all access to sensitive data for accountability
  6. Network Security: Firewalls, intrusion detection, and DDoS protection are active
  7. Secure Infrastructure: Hosted on enterprise-grade cloud infrastructure (Microsoft Azure) with physical and environmental security
  8. Data Backup: Regular automated backups with encryption and secure storage
6.2 Security Controls Under Development

The following advanced security controls are currently being implemented and will be fully operational before commercial launch:

  1. Advanced threat detection and automated incident response systems
  2. Security Information and Event Management (SIEM) integration
  3. Enhanced data loss prevention (DLP) mechanisms
  4. Comprehensive penetration testing and vulnerability assessment programs
  5. Advanced compliance monitoring and automated audit trail generation
6.3 Beta Testing Considerations

You acknowledge and accept the following considerations during the beta phase:

  1. Certain compliance-related features are being finalized and enhanced before public availability
  2. Some compliance automation and self-service features may require manual processing during beta
  3. Third-party security audits and penetration tests are not yet complete
  4. Beta environments may have different monitoring and reporting configurations than production environments

While the system is fully secured, we recommend that you maintain backup copies of critical health records during the beta period as a general best practice for any digital health platform.

7. Data Sharing During Beta

We do not sell your data, and our data sharing practices during beta are similar to our planned production practices, with a few exceptions for testing and development purposes.

7.1 User-Authorized Sharing

We share your information only when you explicitly authorize us to do so through the platform’s sharing features with healthcare providers, family members, caregivers, or authorized individuals.

7.2 Service Providers

We engage trusted third-party service providers who process data on our behalf:

  1. Cloud Infrastructure: Microsoft Azure and Cloudflare for hosting and content delivery
  2. AI Services: Multiple LLM-based AI solutions for optional AI-powered features (data is processed with minimal retention and encrypted)
  3. Communication Services: Email and notification delivery platforms
7.3 Beta-Specific Data Access

During the beta phase, authorized HealthSync employees and contractors may access certain data for the following purposes:

  1. Debugging: Investigating and fixing reported bugs or technical issues using error logs and system diagnostics
  2. Support: Providing customer support and responding to your inquiries
  3. Testing: Validating features and platform functionality through development and testing environments
  4. Quality Assurance: Ensuring platform functionality and system integrity
  5. Security Auditing: Reviewing access logs and investigating security events

Important: All patient health data is encrypted, and authorized employees do not have access to decrypt your personal health information. Employee access is limited to system logs, error reports, usage analytics, and development-related data only. All employees and contractors are bound by strict confidentiality agreements and are trained on data protection requirements. Access is granted on a need-to-know basis and is logged for audit purposes.

8. Data Retention and Migration to Production

8.1 Retention During Beta

During the beta phase, we retain all data you upload, create, or authorize us to collect. This includes your health records, account information, usage data, testing data, and feedback. You maintain full control and can delete individual records or your entire account at any time.

8.2 Automatic Transition to Production Environment

When HealthSync transitions from beta to production (official commercial launch), all beta user accounts and data will be automatically migrated to the production environment. This ensures continuity of service and preserves all your health information.

8.2.1 Automatic Migration Process

Your beta account and all associated data will be seamlessly migrated to the production platform. This includes:

  1. All health records, documents, and uploaded files
  2. Account information and user preferences
  3. Health metrics, journal entries, and tracked data
  4. Third-party integration connections and settings
  5. All historical data and activity logs
8.2.2 Production Terms and Policies

Before the migration occurs, you will be required to:

  1. Review and accept the updated production Terms of Service and Privacy Policy
  2. Confirm your account information and contact details
  3. Choose a subscription plan (if applicable) or continue with the free tier

Once migrated, your data will be subject to the production Privacy Policy and will benefit from fully implemented compliance features including complete HIPAA, GDPR, and PDPA compliance controls.

8.2.3 Option to Exit Before Migration

If you do not wish to continue with HealthSync after the beta period, you may delete your account before the migration deadline. Upon account deletion, all your data will be permanently removed from our systems within 30 days in accordance with our data retention policies. You are responsible for downloading any data you wish to retain before deleting your account.

8.2.4 Notification Timeline

We will notify you at least 30 days before the beta-to-production transition via email and in-app notifications. This notice will include clear instructions on the migration process, the updated Terms of Service and Privacy Policy for your review, subscription plan options, and the deadline for opting out if you choose not to continue.

8.3 Beta Testing Data Retention

Beta-specific testing data (enhanced usage analytics, error logs, performance metrics, feedback) will be retained for a limited period after the beta phase ends to complete final analysis and improvements. This testing data will be de-identified where possible and deleted within 180 days after production launch, except where required for compliance or security purposes.

9. Your Rights During Beta

Even during the beta phase, you maintain significant rights regarding your personal and health information:

9.1 Access and Portability
  1. You can access all your data at any time through your account
  2. You can request a complete data download at any time by emailing privacy@healthsync.lk. During the beta phase, data portability features are implemented in the background but not yet available as a self-service feature. We will fulfill your request manually within 30 days, typically much faster. In the production environment, self-service data download will be available directly from your account settings.
9.2 Correction and Deletion
  1. You can update, correct, or modify your information at any time from your account settings
  2. You can delete individual records, documents, or data entries
  3. You can delete your entire account and all data at any time (deletion is permanent within 30 days)
9.3 Opt-Out of Beta Testing Data Collection

While essential error logging and security monitoring cannot be disabled (as they are necessary for platform operation and security), you can opt out of certain beta testing data collection activities such as enhanced usage analytics and A/B testing by contacting privacy@healthsync.lk. Note that opting out may limit our ability to provide support or improve features based on your experience.

9.4 Withdraw Consent and Exit Beta

You can exit the beta program at any time by deleting your account. Upon exit, your data will be handled according to Section 8 (Data Retention and Migration). We encourage you to download your data before exiting if you wish to keep it.

10. Cookies and Tracking Technologies

During the beta phase, we use cookies and similar technologies for essential functionality and enhanced testing purposes:

10.1 Essential Cookies
  1. Authentication and session management
  2. Security and fraud prevention
  3. User preferences and settings
10.2 Beta Testing Cookies
  1. Analytics cookies to understand feature usage and navigation patterns
  2. Performance monitoring cookies to track page load times and errors
  3. A/B testing cookies to deliver different feature variations

We do not use third-party advertising or tracking cookies. All analytics are first-party and used solely for product development. You can manage cookies through your browser settings.

11. Changes to This Beta Privacy Policy

We may update this Beta Privacy Policy as we continue developing and refining the platform. During the beta phase, changes may occur more frequently than in the production environment. We will notify you of material changes via email or in-app notifications. Your continued use of the Beta Service after changes constitutes acceptance of the updated Policy.

12. Children’s Privacy

The Beta Service is not intended for individuals under 18 years of age without parental or guardian consent. We do not knowingly collect information from children under 18 without proper parental authorization. If a parent or guardian believes we have collected information from their child without consent, please contact us immediately at privacy@healthsync.lk.

13. International Data Transfers

HealthSync is based in Sri Lanka and primarily serves users in Sri Lanka during the beta phase. However, our cloud infrastructure operates globally, which means your data may be stored and processed in data centers located in various countries. We ensure appropriate safeguards are in place, including encryption, data processing agreements with service providers, and compliance with Sri Lankan data protection requirements.

14. Geographic Scope and Jurisdiction

The Beta Service is primarily intended for users in Sri Lanka during the testing phase. If you access the Beta Service from other jurisdictions, you do so at your own initiative and are responsible for compliance with local laws. This Policy and our data practices are designed to comply with Sri Lankan law (PDPA) and are inspired by international standards (HIPAA and GDPR principles).

15. Beta-Specific Limitations and Disclaimers

BY PARTICIPATING IN THE BETA SERVICE, YOU ACKNOWLEDGE AND ACCEPT THE FOLLOWING:

  1. The Beta Service is provided “AS IS” and “AS AVAILABLE” for testing purposes
  2. The system is fully secured, but certain compliance-related features and processes are being finalized
  3. Some compliance requests may require manual processing during beta instead of automated self-service
  4. Features may change, be enhanced, or be refined based on testing feedback
  5. Formal compliance certifications are not yet complete and will be obtained before official launch
  6. Your beta account and data will be automatically migrated to production unless you opt out
  7. Your participation is voluntary, and you may exit the beta program at any time by deleting your account

We recommend consulting with healthcare professionals before relying on any information stored in or generated by the Beta Service for critical health decisions.

16. Contact Information

If you have questions, concerns, or requests regarding this Beta Privacy Policy or our data practices during the beta phase, please contact us:

Axon Systems (Pvt) Ltd

Email: privacy@healthsync.lk

Beta Support: privacy@healthsync.lk (mark as “BETA SUPPORT” in subject)

We will respond to beta-related inquiries within 48-72 hours during business days. For urgent security or privacy concerns, please mark your communication as “URGENT.”

17. Acknowledgment and Consent

BY ACCESSING OR USING THE HEALTHSYNC BETA SERVICE, YOU ACKNOWLEDGE THAT:

  1. You have read, understood, and agree to this Beta Privacy Policy
  2. You understand the beta nature of the platform and that certain compliance features are being finalized
  3. You understand that the system is fully secured but formal compliance certifications are pending completion before commercial launch
  4. You understand that your account and data will be automatically migrated to production unless you opt out before the migration deadline
  5. You consent to the collection, use, and processing of your information as described in this Policy
  6. You can withdraw your participation and delete your data at any time before the migration to production

***

Thank you for participating in the HealthSync Beta Program.

Your feedback and participation help us build a better health management platform.

We are committed to protecting your privacy and earning your trust throughout the beta journey and beyond.