Privacy Policy
How Global Health DataChain collects, anonymizes, and protects your data — and the rights you keep over it under the LGPD, GDPR, and HIPAA-aligned de-identification.
Effective: June 2026 · Version: 2026-06
Global Health DataChain ("GHDC", "we", "us", "our") is a borderless health-data protocol. This Privacy Policy explains what we collect, how we use and protect it, and the rights you keep over your data. It is written to align with Brazil's Lei Geral de Proteção de Dados (LGPD), the EU General Data Protection Regulation (GDPR), and HIPAA-style de-identification standards.
This document is the English-language authoritative version. A Portuguese (Brazil) translation is provided for convenience; if the two conflict, the English version governs.
1. Who is responsible for your data
The protocol is operated by GlobalHealth DataChain LLC ("the Operator"), established in the United States. For privacy questions, to exercise your rights, or to reach our Data Protection Officer (DPO), contact info@globalhealthdatachain.com.
2. The principle: off-chain data, on-chain economy
GHDC is built around a strict separation of who you are from what you contribute:
- Your personal data never goes on a blockchain. The chain layer concerns only the economic credits/token system, never your health information or identity.
- Two network-isolated databases. Identifying data lives in a private Identity Vault; de-identified clinical data lives in a separate Research Vault. The two are isolated by design.
- Anonymization before research use. No data reaches the Research Vault until an automated pipeline strips direct identifiers and the 18 HIPAA identifier categories, generalizes quasi-identifiers, and enforces a k-anonymity (k≥10) threshold so no individual can be singled out.
3. What we collect
We only collect what the protocol needs. In v1, health data is collected exclusively through the standardized WHO questionnaire — we do not collect data from wearables, devices, passive sensors, or document scans.
Account & identity data (Identity Vault):
- Email address (verified via our authentication provider, Privy), used as your contact channel.
- Your blockchain wallet address (an embedded wallet is created for you; it holds no funds and performs no transactions in v1).
- Country and language preference.
- A World ID nullifier hash if you complete proof-of-personhood verification. This is a one-way pseudonymous value confirming you are a unique human; we never receive or store your biometrics — those are processed by World ID, not by us.
- Authentication signals from device passkeys (WebAuthn). We store the result of an authentication, never biometric templates or images.
Profile data (Identity Vault): age band, gender, ethnicity, country, and optionally weight/height, plus medical background you choose to provide (conditions, allergies, current medications).
Health contribution data: for each submission — the medicine or supplement, dosage, frequency and duration, patient-reported outcomes (e.g. symptom severity before and after), and any adverse reactions. Before research use this is de-identified and stored in the Research Vault, linked only to a blind internal identifier.
Consent records: the version, purpose, and timestamp of each consent you grant or withdraw.
Rewards data: your credits ledger (credits earned for contributions).
Technical data: minimal local storage for your language choice and login session, and security/audit logs. See our Cookie Policy.
4. Why we use it (legal bases)
| Purpose | LGPD basis | GDPR basis |
|---|---|---|
| Create and operate your account | Execution of a contract | Art. 6(1)(b) contract |
| Process and reward your contributions | Consent | Art. 6(1)(a) consent |
| Use of health data for research (anonymized) | Specific, highlighted consent | Art. 9(2)(a) explicit consent |
| Fraud / Sybil prevention, security | Legitimate interest | Art. 6(1)(f) legitimate interests |
| Legal and regulatory compliance | Legal obligation | Art. 6(1)(c) legal obligation |
Providing health data is always voluntary. You may withdraw consent at any time (see Section 7); withdrawal does not affect processing already carried out, nor data that has already been irreversibly anonymized.
5. How your data is shared
- Researchers, public-health bodies, and industry access only anonymized, aggregated datasets from the Research Vault — never identifiable data, and only for cohorts that meet the k-anonymity threshold.
- Service providers (processors) that help us operate, under contract and confidentiality — for example our authentication/wallet provider (Privy), proof-of-personhood provider (World ID / Tools for Humanity), and our hosting infrastructure.
- We never sell your personal (identifiable) data.
- We may disclose data where required by law or to protect rights and safety.
6. International transfers
GHDC is a global protocol, so data may be processed in countries other than yours. Where we transfer personal data internationally we rely on appropriate safeguards (such as adequacy decisions or standard contractual clauses) consistent with the LGPD and GDPR.
7. Your rights
Subject to applicable law, you may:
- Access the personal data we hold about you and request a copy.
- Correct inaccurate or incomplete data.
- Delete your account and identifying data ("right to erasure"). Note that data already irreversibly anonymized in the Research Vault is no longer personal data and cannot be re-identified or individually removed.
- Withdraw consent at any time, and object to or restrict certain processing.
- Port your data to another service in a structured, machine-readable format.
- Lodge a complaint with your supervisory authority (e.g. the ANPD in Brazil, or your local EU Data Protection Authority).
To exercise any right, contact info@globalhealthdatachain.com. We respond within the timeframes required by applicable law.
8. Data retention
- Identity Vault data is kept while your account is active and deleted (or further anonymized) after closure, except where law requires longer retention.
- Anonymized Research Vault data may be retained indefinitely for research, as it no longer identifies you.
- Consent and security/audit records are retained as long as needed to evidence compliance.
9. Security
We apply technical and organizational measures including network isolation between the Identity and Research Vaults, encryption in transit (TLS), access controls and audit logging, and the principle of least privilege. No system is perfectly secure, but de-identification and vault isolation are designed so that a breach of research data cannot reveal who you are.
10. Children
GHDC is not directed to children. You must be of the age of majority in your jurisdiction (and at least 18) to participate. We do not knowingly collect data from minors.
11. Changes to this policy
We may update this policy. Material changes will be notified in the app and, where the change affects how we use your health data, you will be asked to review and consent again under a new version number.
12. Contact
Questions, requests, or complaints: info@globalhealthdatachain.com.