Links

Privacy Policy

At Ulalo, your privacy and data security are paramount. We are fully compliant with international health data regulations to ensure your personal health information is protected.

🔒

HIPAA Compliant

USA: Health Insurance Portability and Accountability Act

🛡️

GDPR Compliant

Europe: General Data Protection Regulation

🔐

End-to-End Encryption

Military-grade security for all data

Contents

Overview

Ulalo is committed to protecting your privacy and ensuring you have a positive experience on our platform. This Privacy Policy outlines our practices regarding the collection, use, and protection of your personal health information.

We operate under the strictest international standards for health data protection, ensuring compliance with regulations in both the United States and Europe.

Data Collection & Usage

Health Information

We collect medical records, health metrics, and clinical data only with your explicit consent. This information is used solely to provide you with personalized health insights and clinical trial matching services.

Personal Data

Name, email, and contact information are collected to establish your account and communicate important updates. We never share this information with third parties without your consent.

No Data Selling

Ulalo never sells, rents, or trades your personal or health data. Your information is your property, and we respect that fundamental right.

Data Security

We implement comprehensive security measures to protect your data:

  • End-to-End Encryption: All data is encrypted in transit and at rest using AES-256 encryption.
  • Secure Servers: Data is stored on secure, HIPAA-compliant servers with multi-factor authentication.
  • Access Controls: Strict access controls ensure only authorized personnel can access your data.
  • Regular Audits: We conduct regular security audits and penetration testing.
  • Incident Response: We have a dedicated incident response team for security events.

Your Rights

Under GDPR and HIPAA regulations, you have the following rights:

Right to Access

You can request and download a copy of all your data at any time.

Right to Rectification

You can correct any inaccurate or incomplete information.

Right to Erasure

You can request deletion of your data, subject to legal obligations.

Right to Data Portability

You can transfer your data to another service provider.

Right to Object

You can object to certain processing of your data.

Compliance Standards

🇺🇸 HIPAA (USA)

We comply with the Health Insurance Portability and Accountability Act, which sets national standards for privacy, security, and breach notification of health information.

  • • Protected Health Information (PHI) is encrypted and secure
  • • Business Associate Agreements (BAAs) in place
  • • Audit controls and access logs maintained

🇪🇺 GDPR (Europe)

We comply with the General Data Protection Regulation, which provides strong protections for personal data of EU residents.

  • • Lawful basis for processing all personal data
  • • Data Protection Impact Assessments (DPIA) conducted
  • • Privacy by Design principles implemented

Additional Standards

  • SOC 2 Type II: Independent security and compliance audits
  • ISO 27001: Information security management system certification
  • CCPA: California Consumer Privacy Act compliance

Contact Us

If you have questions about our privacy practices or wish to exercise your rights, please contact our Data Protection Officer:

Ulalo Data Protection Team

Email: privacy@ulalo.io

Response Time: Within 30 days

Last Updated: April 2026