MyIPS
Privacy Policy
Effective date: 18 May 2026
Version 2.0 — applies to MyIPS Release 2
Important: This privacy policy was prepared in good faith by an individual developer and has not yet been reviewed by a lawyer. It is intended to accurately describe the app’s privacy practices. If you have questions or concerns, please contact the developer directly.
1. Overview
MyIPS is a personal health summary application built around the International Patient Summary (IPS) standard. It is designed from the ground up to keep your health data under your control, on your device, at all times.
This policy describes what data MyIPS collects, how it is stored, when (if ever) it leaves your device, and your rights over that data. It applies to the MyIPS mobile application available on the Apple App Store and Google Play.
The developer of MyIPS is an individual developer based in New Zealand.
2. Our Core Privacy Commitment
MyIPS is built on the following principles, which are architectural commitments, not just policy statements:
- Your health data is stored only on your device. There is no MyIPS server, no cloud database, and no account system.
- No data leaves your device unless you explicitly choose to share it, on a case-by-case basis, for a specific purpose.
- We collect no analytics, no usage data, no crash reports, and no telemetry of any kind in this version of the app.
- We do not sell, share, or disclose your data to any third party.
- Deleting a record permanently removes it from your device. Deleted data is not retained anywhere.
3. What Data MyIPS Stores
3.1 Health Data You Enter or Import
MyIPS stores the health information you choose to enter or import, including:
- Patient demographics (name, date of birth, gender)
- Medications, allergies, and medical conditions
- Any other health information you choose to add in future releases
Data may be entered directly by you or imported from an external source such as a FHIR JSON file or a SMART Health Link (see section 4). Regardless of how it was created, all health data is stored in a local database on your device. It is not transmitted to any server by MyIPS.
3.2 Provenance Metadata
For every piece of health data you create, update, delete, or import, MyIPS records a small provenance record that includes:
- The type of action (created, updated, deleted, or imported)
- The date and time of the action
- The source of the data (for example, entered by you, or imported from a named external source)
Provenance records exist to provide an audit trail of your health record’s history. When you delete a health record, the deleted content is permanently removed. Only the provenance metadata — the fact that a deletion occurred and when — is retained. The content of deleted records is not stored anywhere.
3.3 Import Source Records
When you import data, MyIPS records a brief log entry that includes:
- The name you assign to the import source (for example, a filename or a SMART Health Link label)
- The date and time of the import
- A count of how many resources were imported
This log is stored locally on your device and is visible within the app. It is not transmitted anywhere.
3.4 What MyIPS Does Not Collect
MyIPS does not collect, store, or transmit any of the following:
- Your name, email address, or any account information
- Device identifiers, advertising IDs, or IP addresses
- Location data
- Usage data, analytics, or behavioural data
- Crash reports or diagnostic data
- Any data not directly entered by you or explicitly imported by you
4. When Data Leaves Your Device
Your data leaves your device only in the following circumstances, all of which require your explicit action:
4.1 PDF Export and Share
When you choose to export your IPS as a PDF, the PDF is generated on your device and shared via your device’s native share sheet. You choose where it is sent — for example, to your email, a file storage service, or another app. MyIPS does not control or log the destination of shared PDFs.
4.2 FHIR JSON Export
When you choose to export your complete health record as a FHIR JSON file, the file is generated on your device and shared via your device’s native share sheet. This file contains your complete health data including provenance metadata. You choose where it is sent. MyIPS does not control or log the destination of exported files.
4.3 FHIR JSON File Import
When you choose to import a FHIR JSON file from your device, MyIPS reads the file locally. No data is transmitted over a network during a file import.
4.4 SMART Health Link Import
When you choose to import health data via a SMART Health Link (SHL) — either by scanning a QR code or pasting a link — MyIPS makes a network request to the server address encoded in the link in order to retrieve your health data. This is a one-time, explicit request initiated by you. MyIPS does not retain the server address, does not make any background requests, and does not transmit any of your existing health data to the SHL server.
You should only scan or paste SMART Health Links from sources you trust.
4.5 No Other Data Transmission
No other data transmission occurs. MyIPS does not make background network requests, does not phone home, and does not connect to any server operated by the developer.
5. Your Rights
You have the following rights over your data, all of which are exercisable directly within the app:
5.1 Right of Access
You can view all health data stored in MyIPS at any time within the app. You can export your complete record as a FHIR JSON file at any time.
5.2 Right to Rectification
You can edit any health record in MyIPS at any time.
5.3 Right to Erasure
You can delete any individual health record at any time. Deletion is permanent and genuine — the deleted content is immediately removed from your device and cannot be recovered. Deleting the app from your device removes all data stored by MyIPS.
5.4 Right to Data Portability
You can export your complete health record in standard FHIR R4 JSON format at any time. This is an open, internationally recognised standard, allowing you to import your data into other compatible systems. You can also import data from other FHIR-compatible systems using the import features described in section 4.
5.5 Right to Withdraw Consent
Because MyIPS does not transmit your data without your explicit action, there is no ongoing consent to withdraw. Each sharing, export, or import action is a one-time, explicit decision by you.
6. Legal Basis for Processing
MyIPS processes your health data on the basis of your explicit consent, provided when you choose to enter or import data into the app. All processing occurs locally on your device. You may withdraw this consent at any time by deleting your data or the app.
MyIPS is designed to comply with the following frameworks:
- New Zealand Privacy Act 2020 — as the developer is based in New Zealand
- General Data Protection Regulation (GDPR) — for users in the European Economic Area
- Health Insurance Portability and Accountability Act (HIPAA) — for users in the United States
Because MyIPS stores all data locally on your device and does not operate any servers or databases, many obligations under these frameworks that apply to data controllers and processors do not apply in the traditional sense. The app is designed to minimise processing to what is strictly necessary for its function.
7. Children’s Privacy
MyIPS is not directed at children under the age of 13 (or under 16 in the European Economic Area). We do not knowingly collect personal information from children. If a parent or guardian believes their child has entered data into MyIPS, they can delete it by removing the relevant records or uninstalling the app.
8. Data Security
MyIPS uses your device’s built-in security features to protect your data, including platform secure storage (iOS Keychain and Android Keystore) for sensitive identifiers. The security of your data also depends on the security of your device — we recommend using a device passcode or biometric lock.
Because your data is stored only on your device, it is not exposed to server-side breaches. If your device is lost, stolen, or accessed by another person, your health data may be accessible to them. We recommend enabling device-level encryption and screen lock.
9. Changes to This Policy
As MyIPS adds new features — particularly features that involve optional data sharing such as online validation, cloud-based sharing, or connections to external health systems — this privacy policy will be updated before those features are released. We will note the version and effective date at the top of this document.
If a future release introduces any data processing that is materially different from what is described in this policy, we will notify users within the app before the change takes effect and obtain fresh consent where required.
10. Contact
If you have questions, concerns, or requests relating to your privacy or this policy, please contact the developer at:
[YOUR EMAIL ADDRESS]
We will respond to privacy inquiries within 20 working days, in accordance with the New Zealand Privacy Act 2020.
Legal disclaimer: This privacy policy is provided in good faith and represents an accurate description of MyIPS’s data practices as of the effective date above. It has not been reviewed by a lawyer and does not constitute legal advice. The developer recommends obtaining independent legal review before publishing this policy, particularly before launch in regulated markets.