Legal

HIPAA Information

Understanding Reyma's position on healthcare data privacy

Reyma Is a Consumer Wellness Application

Reyma is a consumer wellness application that individuals use voluntarily to monitor their well-being. Reyma is not a healthcare provider, health plan, or healthcare clearinghouse. As such, Reyma is not a “covered entity” under the Health Insurance Portability and Accountability Act (HIPAA).

Data you enter into Reyma is your personal wellness data. When stored solely on your device and in your Reyma account, this data is not Protected Health Information (PHI) under HIPAA.

When Provider Sync Is Enabled

Reyma offers an optional feature that allows you to share summarized wellness data with a licensed healthcare provider. When you opt into provider sync:

  • Your shared data may be considered Protected Health Information (PHI) once received by your healthcare provider
  • Your healthcare provider is the covered entity responsible for HIPAA compliance when handling your shared data
  • Only AI-generated summaries are shared - raw conversation messages are never transmitted to providers
  • You can disconnect from your provider at any time, immediately revoking their access

How We Protect Your Data

While Reyma is not required to comply with HIPAA, we implement security measures consistent with industry best practices:

  • Encryption at rest: All cloud-stored data is encrypted using AES-256
  • Encryption in transit: All data transmissions use TLS 1.2 or higher
  • Access controls: Role-based access with consent-gated data sharing
  • No employee access: Reyma employees do not have access to your personal wellness data or conversation content
  • Audit logging: All provider data access is logged with timestamps

Healthcare Provider Responsibilities

If you are a healthcare provider using the Reyma dashboard, you are responsible for your own HIPAA compliance obligations. This includes ensuring appropriate safeguards for any patient data you access through the Reyma platform and maintaining compliance with all applicable federal and state privacy regulations.

Reyma provides tools to support your compliance, including consent-gated access, audit logging, and data minimization (summaries only, no raw messages). However, the responsibility for HIPAA compliance rests with you as the covered entity.

Account Deletion

Users can delete all of their data at any time through the app by navigating to Settings → Danger Zone → Delete All Data. This permanently removes all data from both local storage and cloud servers, including any data that has been shared with connected providers. This action cannot be undone.

Questions

If you have questions about Reyma's data practices or HIPAA considerations, contact us at privacy@withreyma.com