Privacy Policy

Last updated: February 2026

1. Overview

FHIR Gateway ("Service") is an API gateway that connects users to healthcare FHIR endpoints. This policy explains what data we collect, how we use it, and your rights regarding that data.

2. Data We Collect

We collect the following data to operate the Service:

• Session identifiers - Random tokens stored in cookies to maintain your session
• OAuth tokens - Access and refresh tokens from healthcare platforms you authorize, stored temporarily in your session
• Request logs - Timestamp, platform ID, resource type, and response status for operational monitoring (no PHI)

We do not store, cache, or retain any Protected Health Information (PHI) or personal health data. All healthcare data flows through the Service in real-time and is not persisted.

3. How We Use Your Data

We use collected data solely to:

• Route your requests to the healthcare platforms you authorize
• Maintain your authenticated session
• Monitor service reliability and performance
• Troubleshoot technical issues

We do not use your data for marketing, advertising, analytics profiling, or any purpose other than providing the Service.

4. Data Disclosure

We disclose data only in the following circumstances:

• To healthcare platforms - When you authorize a connection, we transmit your OAuth tokens to that platform to retrieve your data
• As required by law - If legally compelled by valid legal process

We do not sell, rent, or share your personal data or health information with third parties for marketing or any other commercial purpose.

5. Consent

You explicitly consent to each healthcare platform connection through the OAuth authorization flow. Each platform requires separate authorization. We only access data from platforms you have authorized.

6. Withdrawing Consent

You can withdraw consent at any time by:

• Using the logout function to revoke platform access
• Clearing your browser cookies to end your session
• Revoking access through the healthcare platform's settings

When you withdraw consent, your session tokens are immediately deleted. Since we do not persistently store PHI, there is no health data to delete.

7. Data Retention

• Session tokens - Automatically expire after 1 hour of inactivity
• OAuth tokens - Deleted when you log out or your session expires
• Request logs - Retained for up to 30 days for operational purposes, contain no PHI

8. Data Security

We protect your data through:

• Encryption of OAuth tokens at rest (when configured)
• TLS encryption for all data in transit
• Session isolation - your tokens are not accessible to other users
• No persistent storage of PHI

9. De-identified Information

We do not collect, use, or disclose de-identified health information. Request logs contain only operational metadata (timestamps, resource types, status codes) and cannot be used to identify individuals or their health conditions.

10. Third-Party Service Providers

Any third-party service providers (such as hosting providers) are contractually obligated to protect your data and may only use it to provide services to us.

11. Changes in Ownership

If the Service undergoes a change in ownership or ceases operation:

• All session data and OAuth tokens will be deleted
• Users will be notified if possible before any transfer
• Any successor would be bound by this privacy policy for existing data

12. Policy Updates

We may update this policy from time to time. Material changes will be noted with an updated "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy. For significant changes affecting data use, we will seek re-affirmation of consent where feasible.

13. Your Rights

You have the right to:

• Know what data we collect about you
• Withdraw consent and have your session data deleted
• Request information about our data practices

14. Contact

For questions about this privacy policy or to exercise your rights, please open an issue on our GitHub repository or contact the maintainers.