Conquer Your Health – HIPAA Policy

Last Updated: 24 June 2025

Introduction

HIPAA Compliance Statement. Conquer Your Health is a desktop wellness application provided by OneTwentyOne, Inc. Although we are neither a “Covered Entity” nor a “Business Associate” under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), we adopt “privacy-by-design” practices that respect HIPAA’s core principles. Our guiding rule is simple:HIPAA-sensitive data—specifically biomarker measurements and any other data that could be reasonably classified as Protected Health Information (“PHI”)—never leaves your computer. All other data you voluntarily upload (nutrition logs, wearable exports, and spreadsheet entries) are stored securely in our cloud database and are not PHI because they are not linked to personal medical identifiers.

What We Do Not Collect or Store

  • Biomarker Data Stays Local. Blood-test results, lab values, and other biomarker metrics you enter are encrypted and stored only on your local Windows or macOS device. They are never transmitted to our servers and never included in any cloud backup we control.
  • No Personal Treatment Records. We do not request or store diagnoses, prescription details, insurance information, or provider notes.

Data We Do Collect and Why It Is Not PHI

  • User-Uploaded Wellness Data. If you choose to sync nutrition logs (e.g., CSV exports from a food-tracking app), wearable summaries (steps, heart-rate trends, sleep stages), or other spreadsheet-based data sets, those files are encrypted in transit and stored in our database. We tag them to your app- specific anonymous identifier—not to your legal name, address, or medical record—so they are not individually identifiable health records under HIPAA.
  • Optional Account Email. When you create an optional desktop sign-in (for multi-computer sync), you provide an email address. We store that email separately from your biomarker data, and we never attach HIPAA-sensitive values to it.

Payments Handled by Stripe

Any subscription or one-time purchase is processed by Stripe. Your credit-card details never pass through or reside on our servers; we receive only a token and basic billing metadata (e.g., plan tier, payment status).

Security Measures

  • Data-in-Transit Encryption. All connections between the desktop app and our servers use TLS 1.3.
  • Data-at-Rest Encryption. Uploaded nutrition, wearable, and spreadsheet data are encrypted at rest using AES-256 on our HIPAA-ready cloud infrastructure—even though these files are not PHI.
  • Local-Only Biomarkers. Biomarker files remain inside an encrypted vault on your computer; they never traverse the network stack.
  • Role-Based Access. Only engineers with a direct need-to-know can access production databases, and all access is logged and audited.

Support Communications

If you email or call us, you may choose to mention health details. Such disclosures are voluntary and are stored only in our ticketing system, separated from any app data. We do not import those details into our databases, nor do we link them to biomarker files.

Your Responsibilities

Keep your computer’s operating-system security patches current and use a strong login password or biometric lock. Because biomarker data never leaves your device, the primary safeguard is the security of your own hardware.

Future Updates

Should we ever introduce cloud sync for biomarker data or expand our scope under HIPAA, we will (1) sign any required Business Associate Agreements, (2) update this Policy, and (3) obtain your explicit opt-in.

Contact

  • Email: hello@121health.app
  • Phone/Text: (716) 237-0126
  • Mail: OneTwentyOne Inc., 254 Chapman Rd Ste 208 #15242, Newark, DE 19702 USA