Privacy Notice
Effective July 15, 2026 · Early-access and sandbox version
1. Scope and operator
This Notice explains how Folio, currently operated by Michael Dulin (“Folio,” “we,” or “us”), handles information through foliohealth.app, the Folio early-access service, and patient-authorized health-record connections. The public demonstration uses fictional data and does not connect to healthcare systems.
2. Information we collect
- Account and contact information: name, email address, authentication identifiers, pilot status, preferences, and support requests.
- Patient-authorized health information: records you direct a health system to provide, such as demographics, conditions, allergies, medications, immunizations, laboratory and vital-sign results, diagnostic and radiology reports, clinical notes, encounters, procedures, appointments, orders, and genetics-related observations.
- Information you add: corrections, notes, goals, questions, home-health information, family history, documents, and sharing choices.
- Technical and security information: device/browser information, timestamps, connection status, error and diagnostic events, and security logs needed to operate and protect the service.
3. How we obtain information
We receive information from you, from healthcare organizations you explicitly authorize through SMART on FHIR, and from service providers that support authentication, hosting, security, and features you request. Folio does not ask for or store your health-system portal password.
4. How we use information
- Retrieve, stage, organize, display, reconcile, export, and share information as you direct.
- Provide source-linked AI summaries, reviews, and drafts that you request.
- Authenticate users, operate the service, troubleshoot errors, prevent misuse, and maintain security.
- Respond to support, access, export, correction, and deletion requests.
- Comply with law and protect users, the service, and others.
5. AI processing
When you request an AI-assisted feature, Folio sends only the information needed for that task to the configured AI service under commercial data-processing terms. We do not permit that information to be used to train general-purpose models. AI-generated material is labeled and remains subject to your review before it is accepted, exported, or shared.
6. When information is disclosed
- At your direction: to a clinician, caregiver, family member, or other recipient you explicitly choose.
- Service providers: to vendors that provide hosting, storage, authentication, security, communications, and AI processing under contractual limits appropriate to their role.
- Legal and safety needs: when required by law or reasonably necessary to protect rights, safety, and service security.
- Organizational change: as part of a financing, reorganization, acquisition, or transfer, subject to notice and protections required by law.
We do not sell health information, share it with data brokers, or use it for targeted advertising. We do not disclose it for independent research without separate, explicit consent.
7. Storage and security
Early-access data is stored in the United States. We use access controls, encrypted transport, managed cloud infrastructure, least-privilege rules, and provenance records designed to protect data and preserve its source. No online service can guarantee absolute security.
8. Retention and deletion
We retain active account and health information while your account is open and as needed to provide the service. When you request account deletion, we delete active Folio account and health data, subject to short-lived technical backups, security records, and any limited retention required by law. Backup copies are isolated from normal use and age out under provider retention schedules.
9. Your choices
- Review and correction: review staged records before accepting them and add corrections or context.
- Export: request a complete copy of information stored about you.
- Deletion: request deletion of your Folio account and health information.
- Revoke connection: revoke future access in your health system’s portal. Previously imported data remains until you delete it.
- Sharing: choose whether, what, and with whom to share. Folio does not share automatically.
Folio maintains technical security logs, but the early-access version does not yet provide users a complete viewer-access log or per-access notifications. We will update this Notice before representing that feature as available.
10. Children
The early-access service is not intended for children under 13. We do not knowingly collect a child’s information through the pilot without an appropriate parent, guardian, or legally authorized representative and an approved workflow.
11. Changes and contact
We may update this Notice as the service develops. We will post a new effective date and provide additional notice when required. Questions or requests concerning access, export, correction, or deletion may be sent to mdulin@mikedulinmd.com.