Privacy and Security Notice
For: Advokare Inc
Effective Date: 02/01/2026
Welcome to Advokare (“we,” “us,” “our,” or the “IAS Provider”). This Privacy and Security Notice explains how we collect, access, use, disclose, store, and protect your information when you use our application (the “Platform”), including when you request access to your electronic health information through the Trusted Exchange Framework and Common Agreement (TEFCA).
Advokare acts as an Individual Access Services (IAS) Provider under TEFCA.
———————
REQUEST-ONLY IAS PROVIDER
REQUEST-ONLY IAS PROVIDER: ADVOKARE DOES NOT PROVIDE BIDIRECTIONAL SERVICES. YOU WILL HAVE THE ABILITY TO REQUEST ACCESS TO YOUR HEALTH INFORMATION VIA TEFCA EXCHANGE. YOU WILL NOT BE ABLE TO USE ADVOKARE TO SHARE YOUR HEALTH INFORMATION WITH OTHER PARTICIPANTS IN TEFCA.
———————
1. About Our Platform
Our Platform helps individuals better understand their health information and prepare for medical visits using secure technology, including artificial intelligence (AI). You may use the Platform yourself or authorize a caregiver to use it on your behalf.
When you choose, we can retrieve your electronic health information from TEFCA-connected networks at your direction.
———————
2. Our Legal Status
Advokare is not a HIPAA Covered Entity or Business Associate as a matter of law. However, we voluntarily follow HIPAA-aligned privacy and security practices as a matter of business practice and commitment to user trust.
All disclosures of information through TEFCA are made in accordance with the permitted and required Uses and Disclosures specified in the TEFCA Common Agreement and applicable U.S. Department of Health and Human Services guidance.
———————
3. What Information We Collect
We may collect:
a. Electronic Health Information (EHI) / Individually Identifiable Information
With your express authorization and request, we retrieve your health records from TEFCA participants and other connected sources. This may include:
Medical history
Conditions and diagnoses
Medications and treatments
Lab results
Demographic information
Other information included in a Designated Record Set
b. User-Generated Content
Information you enter into the Platform, including questions, notes, and preferences.
c. Usage Data (De-identified)
We collect anonymized usage statistics to improve our services.
———————
4. How We Use Your Information
We use your Individually Identifiable Information only to provide services you request, including:
Retrieving your health information through TEFCA
Presenting and explaining your records
Supporting AI-powered question and answer sessions
Storing information according to your selected preferences
We do not sell your Individually Identifiable Information.
Individually Identifiable Information obtained by Advokare may not be accessed, exchanged, used, or disclosed to assert any claim against you, except for the collection of fees (if applicable).
———————
5. No Fees for IAS Services
At this time, Advokare does not charge any fees for IAS services described in this Notice.
We reserve the right to:
Limit the frequency or volume of requests to manage operational costs
Offer optional paid features in the future under a “freemium” model
Any paid features would be clearly described before purchase. Core IAS access rights described in this Notice remain free.
———————
6. How Advokare Makes Money
To keep core services free, Advokare earns revenue in privacy-protective ways:
De-identified analytics. We may create aggregated, de-identified insights about how the Platform is used (for example, common health topics or general usage trends). These insights do not identify you and do not include your medical records.
Sponsored health content. We may display clearly labeled sponsored or educational content inside the Platform. Content may be shown based on general topics you are already exploring. Advertisers never receive your Individually Identifiable Information, and all targeting happens within Advokare’s secure environment. Sponsors may receive de-identified, aggregated reports about campaign performance.
We do not sell your Individually Identifiable Information and do not give sponsors access to your medical records.
———————
7. Consent
Use of TEFCA retrieval services requires your express, informed consent.
Consent may be provided electronically within the Platform. You may also request to provide consent via paper or other legally valid methods by contacting the Privacy Officer at privacy@advokare.health.
———————
8. How to Revoke Consent
You may revoke your consent at any time:
Step-by-step:
Log into the Advokare application
Go to Settings
Select Privacy & Data
Choose Revoke TEFCA Access Consent
Revocation will stop future data retrieval but does not affect prior lawful uses.
———————
9. Your Right to Access and Export Your Information
You have the right to obtain your Individually Identifiable Information in both:
Machine-readable format (FHIR)
Human-readable format (PDF)
How to download your data:
Log into the application
Go to Settings
Select Download My Health Data
Choose FHIR (machine-readable) or PDF (human-readable)
FHIR files can be interpreted using compatible health apps or electronic health record systems that support the FHIR standard.
———————
10. Caregiver Access
You may authorize a caregiver to access your information. You control and may revoke this access at any time within the Platform.
———————
11. AI Use
All AI processing occurs within our controlled environment; your data never leaves our systems. Your Individually Identifiable Information is not used to train external AI systems.
———————
12. Security Practices
Advokare:
Acts in conformance with this Privacy and Security Notice
Protects the security of information in accordance with the applicable TEFCA Framework Agreement
Uses commercially reasonable efforts to protect Individually Identifiable Information from unauthorized or unlawful access, modification, use, or destruction
Encrypts all Individually Identifiable Information both in transit and at rest, regardless of whether the information was obtained through TEFCA
———————
13. Third-Party Service Providers
We use trusted third parties (such as cloud infrastructure providers) to operate our Platform. We require these providers, through contractual agreements, to:
Safeguard Individually Identifiable Information
Use appropriate administrative, technical, and physical security measures
Process information only to provide services to Advokare and not for their own purposes
———————
14. Legal Demands and Law Enforcement
Unless prohibited by law, we will provide written or electronic notice within three (3) business days if:
We receive a subpoena, court order, search warrant, or other compulsory legal demand for your Individually Identifiable Information, or
We make your Individually Identifiable Information available to law enforcement
You will have the right, where legally permitted, to object or seek a protective order.
———————
15. IAS Incidents & Breach Notification
We will notify affected individuals if their Individually Identifiable Information has been or is reasonably believed to have been affected by an IAS Incident, in accordance with applicable law.
You also have the right to be notified in the event such an incident occurs.
———————
16. Data Retention
Our obligations under this Privacy and Security Notice continue for as long as we maintain your Individually Identifiable Information.
You may choose storage preferences within the Platform, including deletion.
———————
17. Children’s Privacy
Our services are not directed to children under 13.
———————
18. Your Rights
You have the right to:
Access your information
Export your information
Revoke consent
Request deletion
Be notified of an IAS Incident
———————
19. Contact Information
For questions, complaints, or more information about this Notice:
Privacy Officer
Advokare
📧 privacy@advokare.health
📞 508.318.8797
———————
20. Updates
We may update this Notice periodically. We will notify users in the Platform and revise the Effective Date.
———————
Thank you for trusting Advokare.
We’re committed to giving you clarity, control, and confidence in how your health data is used.