MyIPS

Privacy Policy

Effective date: 18 May 2026

Version 2.0 — applies to MyIPS Release 2

Important: This privacy policy was prepared in good faith by an individual developer and has not yet been reviewed by a lawyer. It is intended to accurately describe the app’s privacy practices. If you have questions or concerns, please contact the developer directly.

1. Overview

MyIPS is a personal health summary application built around the International Patient Summary (IPS) standard. It is designed from the ground up to keep your health data under your control, on your device, at all times.

This policy describes what data MyIPS collects, how it is stored, when (if ever) it leaves your device, and your rights over that data. It applies to the MyIPS mobile application available on the Apple App Store and Google Play.

The developer of MyIPS is an individual developer based in New Zealand.

2. Our Core Privacy Commitment

MyIPS is built on the following principles, which are architectural commitments, not just policy statements:

3. What Data MyIPS Stores

3.1 Health Data You Enter or Import

MyIPS stores the health information you choose to enter or import, including:

Data may be entered directly by you or imported from an external source such as a FHIR JSON file or a SMART Health Link (see section 4). Regardless of how it was created, all health data is stored in a local database on your device. It is not transmitted to any server by MyIPS.

3.2 Provenance Metadata

For every piece of health data you create, update, delete, or import, MyIPS records a small provenance record that includes:

Provenance records exist to provide an audit trail of your health record’s history. When you delete a health record, the deleted content is permanently removed. Only the provenance metadata — the fact that a deletion occurred and when — is retained. The content of deleted records is not stored anywhere.

3.3 Import Source Records

When you import data, MyIPS records a brief log entry that includes:

This log is stored locally on your device and is visible within the app. It is not transmitted anywhere.

3.4 What MyIPS Does Not Collect

MyIPS does not collect, store, or transmit any of the following:

4. When Data Leaves Your Device

Your data leaves your device only in the following circumstances, all of which require your explicit action:

4.1 PDF Export and Share

When you choose to export your IPS as a PDF, the PDF is generated on your device and shared via your device’s native share sheet. You choose where it is sent — for example, to your email, a file storage service, or another app. MyIPS does not control or log the destination of shared PDFs.

4.2 FHIR JSON Export

When you choose to export your complete health record as a FHIR JSON file, the file is generated on your device and shared via your device’s native share sheet. This file contains your complete health data including provenance metadata. You choose where it is sent. MyIPS does not control or log the destination of exported files.

4.3 FHIR JSON File Import

When you choose to import a FHIR JSON file from your device, MyIPS reads the file locally. No data is transmitted over a network during a file import.

When you choose to import health data via a SMART Health Link (SHL) — either by scanning a QR code or pasting a link — MyIPS makes a network request to the server address encoded in the link in order to retrieve your health data. This is a one-time, explicit request initiated by you. MyIPS does not retain the server address, does not make any background requests, and does not transmit any of your existing health data to the SHL server.

You should only scan or paste SMART Health Links from sources you trust.

4.5 No Other Data Transmission

No other data transmission occurs. MyIPS does not make background network requests, does not phone home, and does not connect to any server operated by the developer.

5. Your Rights

You have the following rights over your data, all of which are exercisable directly within the app:

5.1 Right of Access

You can view all health data stored in MyIPS at any time within the app. You can export your complete record as a FHIR JSON file at any time.

5.2 Right to Rectification

You can edit any health record in MyIPS at any time.

5.3 Right to Erasure

You can delete any individual health record at any time. Deletion is permanent and genuine — the deleted content is immediately removed from your device and cannot be recovered. Deleting the app from your device removes all data stored by MyIPS.

5.4 Right to Data Portability

You can export your complete health record in standard FHIR R4 JSON format at any time. This is an open, internationally recognised standard, allowing you to import your data into other compatible systems. You can also import data from other FHIR-compatible systems using the import features described in section 4.

Because MyIPS does not transmit your data without your explicit action, there is no ongoing consent to withdraw. Each sharing, export, or import action is a one-time, explicit decision by you.

MyIPS processes your health data on the basis of your explicit consent, provided when you choose to enter or import data into the app. All processing occurs locally on your device. You may withdraw this consent at any time by deleting your data or the app.

MyIPS is designed to comply with the following frameworks:

Because MyIPS stores all data locally on your device and does not operate any servers or databases, many obligations under these frameworks that apply to data controllers and processors do not apply in the traditional sense. The app is designed to minimise processing to what is strictly necessary for its function.

7. Children’s Privacy

MyIPS is not directed at children under the age of 13 (or under 16 in the European Economic Area). We do not knowingly collect personal information from children. If a parent or guardian believes their child has entered data into MyIPS, they can delete it by removing the relevant records or uninstalling the app.

8. Data Security

MyIPS uses your device’s built-in security features to protect your data, including platform secure storage (iOS Keychain and Android Keystore) for sensitive identifiers. The security of your data also depends on the security of your device — we recommend using a device passcode or biometric lock.

Because your data is stored only on your device, it is not exposed to server-side breaches. If your device is lost, stolen, or accessed by another person, your health data may be accessible to them. We recommend enabling device-level encryption and screen lock.

9. Changes to This Policy

As MyIPS adds new features — particularly features that involve optional data sharing such as online validation, cloud-based sharing, or connections to external health systems — this privacy policy will be updated before those features are released. We will note the version and effective date at the top of this document.

If a future release introduces any data processing that is materially different from what is described in this policy, we will notify users within the app before the change takes effect and obtain fresh consent where required.

10. Contact

If you have questions, concerns, or requests relating to your privacy or this policy, please contact the developer at:

[YOUR EMAIL ADDRESS]

We will respond to privacy inquiries within 20 working days, in accordance with the New Zealand Privacy Act 2020.

Legal disclaimer: This privacy policy is provided in good faith and represents an accurate description of MyIPS’s data practices as of the effective date above. It has not been reviewed by a lawyer and does not constitute legal advice. The developer recommends obtaining independent legal review before publishing this policy, particularly before launch in regulated markets.