NinthMoon.AI logo
    Back to Legal

    HIPAA Privacy

    Version: v1.0Effective Date: Sep 01, 2025

    Our Commitment to Your Privacy

    NinthMoon.AI is committed to protecting the confidentiality of its users' health information. This Notice of Privacy Practices ("Notice") describes how we may use and disclose your health information and your rights concerning your health information. This Notice is provided to you pursuant to the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations ("HIPAA"). Although NinthMoon.AI does not provide direct medical care, some of the information you share may qualify as Protected Health Information (PHI) under HIPAA. This Notice outlines our responsibilities and your rights related to such information.

    Who This Notice Applies To

    This Notice applies to all users of NinthMoon.AI who provide information relating to the user's pregnancy tracking, fertility challenges, miscarriage and abortion recovery, postpartum adjustment, emotional and mental wellness insights, either raised through a query or while conversing with our AI chat agent.

    Other features of our platforms such as emotional check-ins, journaling features, wellness questionnaires, reproductive milestones or logs may also involve disclosing sensitive health information which will be treated with the highest standard of confidentiality and care.

    What Information We Collect

    Based on the services we provide, there might be three types of information which we may collect either directly, data collected automatically, and data inferred or derived through analytics and engagement.

    Information You Provide Directly:

    • Account registration details (name, date of birth, email address, street address, postal address or mobile phone number)
    • Health Information including information you provide through the apps or during health coaching sessions, such as the sexual orientation, date of your last period, estimated due date, reproductive stage and other details related to fertility, pregnancy, health, sexual wellness, and personal life circumstances.
    • Demographic information (age range, race, ethnic group, nationality, region).
    • Wellness check-in data (mood, emotions, symptoms, journal entries).
    • Responses to prompts, affirmations, or AI chats.
    • Audio and Visual Information.
    • Inquiries to support or coaching sessions.
    • Information entered voluntarily in surveys, feedback forms, or community discussions.

    Information We Collect Automatically:

    • Device and usage data (IP address, device type, OS, browser version, timestamps).
    • App interaction logs (feature usage, button clicks, screen views).
    • Session duration and frequency.
    • Location data, if permission is granted.
    • Cookies, web beacons, and similar technologies.

    Inferred or Analytical Data:

    Using AI and emotional analytics, we may generate personalized suggestions, behavioral tags (e.g., recurring stress patterns), or predictive insights (e.g., mood fluctuation forecasts) based on your usage and reflection history. These outputs are system-generated and are designed to enhance your self-awareness.

    How We May Use and Disclose Your PHI

    We may use and disclose your PHI in the following ways:

    • Health oversight activities: We may disclose your health information to a health oversight agency for conducting research under certain circumstances, we may also use and disclose your health information for research purposes. All research projects are subject to a special approval process through an appropriate committee. We may use and disclose your health information to run our business operations, improve and evaluate your care and how we are providing services to you.
    • Comply with the law: We may use or disclose your health information to the extent the use or disclosure is required by law. Any such use or disclosure will be made in compliance with the law and other activities authorized by law. These oversight activities include, for example, audits, investigations, proceedings or actions, inspections, and disciplinary actions, or other activities necessary for appropriate oversight of the health care system, government programs and compliance with applicable laws.
    • Law enforcement: We may disclose your health information to law enforcement in very limited circumstances, such as to identify or locate suspects, fugitives, witnesses or victims of a crime, to report deaths from a crime, and to report crimes that occur on our premises.
    • Judicial and administrative proceedings: We may disclose information about you in response to an order of a court or administrative tribunal as expressly authorized by such order.
    • To avert a serious threat to health or safety: We may use or disclose your health information when necessary to prevent a serious and imminent threat to your health or safety or the health and safety of the public or another person.
    • Our service providers: We may disclose your health information to third parties referred to as "business associates" that provide products and services on our behalf. If we disclose your information to these entities, we shall enter into an agreement with them to safeguard your information.

    Your Rights Under HIPAA

    You have certain rights when it comes to your health information. If you want to exercise any of the rights described in this section, please email us at legal@ninthmoon.ai or contact us at the address listed below.

    • Get an electronic or paper copy of your medical record: You can ask to see or get an electronic or paper copy of your medical record and other health information we have about you. We will provide a copy or a summary of your health information.
    • Ask us to correct your medical record: You can ask us to correct health information about you that you think is incorrect or incomplete.
    • Request confidential communications: You can ask us to contact you in a specific way or to send mail to a different address. We will say "yes" to all reasonable requests.
    • Ask us to limit what we use or share: You can ask us not to use or share certain health information for treatment, payment or our operations. We are not required to agree to your request, and we may say "no" to your request, if so required. If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer. We will say "yes" unless a law requires us to share that information.
    • Get a list of those with whom we have shared your information: You can ask for a list of certain times we have shared your health information for six years prior to the date you ask, with whom we shared it, and why. We will include all disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make). We will provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months.
    • Get a copy of this Privacy Notice: You can ask for a paper copy of this Notice at any time, even if you have agreed to receive the Notice electronically. We will provide you with a paper copy promptly.

    If you feel we have violated your rights, you may also file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/. We will not retaliate against you for filing a complaint.

    Data Security Measures

    We implement technical, administrative, and physical safeguards to protect your personal information from unauthorized access, disclosure, alteration, or destruction. Our security measures include:

    • Requisite encryption of data: All user data is encrypted both at rest and in transit to ensure the highest level of security and confidentiality. Data at rest is protected using AES-256 encryption through secure cloud infrastructure providers such as Firebase and AWS. Data in transit is encrypted using Transport Layer Security (TLS) version 1.2 or higher, safeguarding all communications between the application, servers, and user devices. These encryption measures are implemented to prevent unauthorized access, ensure data integrity, and comply with applicable data protection standards.
    • Secure user authentication and access control protocols.
    • Firewalls and regular security monitoring.
    • Limiting employee access to sensitive data.
    • Regular internal audits and security reviews.

    While we strive to protect your data, practically, no method of transmission over the internet or electronic storage is 100% secure. We encourage you to keep your login credentials confidential and to notify us immediately of any suspected security incident.

    Third-Party Service Providers

    We do not sell your personal data solely for advertising. We only share your information in limited circumstances, including:

    • With third-party service providers who help us operate our platform (e.g., hosting, analytics, communications, payment processors). These providers are contractually obligated to safeguard your information.
    • With your explicit consent, such as when you choose to share journal entries with a friend or family member.
    • In anonymised or aggregated formats for research, analysis, or product development, where individuals cannot be identified.
    • To comply with legal requirements or to protect our rights and users.
    • As part of a future corporate transaction such as a merger, acquisition, or sale, under strict confidentiality agreements.

    Changes to This Notice

    We reserve the right to update this Notice at any time. If material changes are made, we will notify you via email or in-app notification. Your continued use of the platform after such updates constitutes acceptance of the revised Notice.

    Contact Us

    For questions about this Notice or your privacy rights, please contact:

    Email: legal@ninthmoon.ai
    Address: NinthMoon.AI, 8 THE GREEN STE A DOVER DE 19901

    For more details on our data handling practices, please refer to our Privacy Policy and Cookie Policy.

    Note on HIPAA Applicability

    HIPAA protections apply primarily when we process health-related data on behalf of a Covered Entity, such as through an employer-sponsored wellness program or a partnership with a healthcare provider. For individual users accessing the Services independently through a free or paid plan, HIPAA may not apply in all jurisdictions. In those cases, our general Privacy Policy governs the collection and use of data.

    Note on International Data Processing

    NinthMoon.AI has operational offices in the United States. All health-related data is processed under U.S. standards for HIPAA compliance.

    Your privacy matters to us.

    Transparent policies.

    HIPAA-conscious design.

    We never sell your data.

    Built on trust, designed with care.

    Download NinthMoon today 💛