Privacy & Security Policy — GuardianHeart LLC

body { margin: 0; font-family: Inter, system-ui, sans-serif; background: #0f172a; color: #f8fafc; } .ns-wrap { max-width: 720px; margin: 0 auto; padding: 64px 24px; } .ns-logo { font-size: 1.5rem; font-weight: 700; color: #2dd4bf; margin-bottom: 8px; } .ns-tag { font-size: 0.875rem; color: #94a3b8; margin-bottom: 40px; } h1 { font-size: 2rem; font-weight: 700; line-height: 1.25; margin-bottom: 16px; } h2 { font-size: 1.3rem; } p { color: #cbd5e1; line-height: 1.7; margin-bottom: 16px; } ul { color: #cbd5e1; line-height: 1.9; padding-left: 20px; } a { color: #2dd4bf; } .ns-cta { display: inline-block; margin-top: 32px; padding: 12px 28px; background: #0d9488; color: #fff; border-radius: 8px; text-decoration: none; font-weight: 600; } .ns-footer { margin-top: 64px; font-size: 0.8rem; color: #475569; }

GuardianHeart

Privacy & Security Policy

Effective: May 2026 · Jurisdiction: Arizona + Federal HIPAA
Guardian Heart LLC · Phoenix, Arizona

§ 1 — Data Sovereignty

GuardianHeart operates on a local-first, sovereign architecture. All Protected Health Information (PHI) is processed and stored within the facility's own network. No PHI is transmitted to external servers without explicit, documented authorization from the covered entity. Our Edge Node deployment ensures 100% data residency compliance.

§ 2 — What We Collect

De-identified clinical telemetry (12-factor TRM data) for care optimization
Encrypted medication administration records (PHI, stored locally)
Caregiver interaction logs (anonymized SHA-256 hash identifiers)
Audit chain events (Merkle-hashed, immutable, 6-year retention)

§ 3 — Technical Safeguards

AES-256 encryption at rest, TLS 1.3 in transit
SHA-256 Merkle-chained audit trail — tamper-evident and retroactively verifiable
Dynamic Poly-Encryption (DPE) for PHI at the field level
Zero-trust access controls with role-based permissions
Break-glass emergency access with mandatory justification and audit logging

§ 4 — HIPAA Compliance

GuardianHeart is designed as a HIPAA-compliant Business Associate. We execute Business Associate Agreements (BAAs) with all covered entities. Our platform is built to satisfy the 2026 HIPAA Security Rule updates and Arizona R9-10 requirements including 6-year audit record retention.

§ 5 — Contact

Data Privacy Officer: contact@guardianheart.care
Guardian Heart LLC · Phoenix, Arizona

Home · About Us · Platform