Our Holistic Approach to Privacy
What we mean when we say “privacy-first”
aboboTech was born from the escalation of attacks on bodily autonomy and the recognition that data privacy is becoming more critical than ever.
We went back to basics: What does privacy actually mean? We learned pretty quickly that different folks have different ideas of privacy, depending on their areas of expertise.
So we built the privacy elements people need and expect.
privacy everyone can feel good about
Different stakeholders have different privacy needs. We've built with them in mind. Each layer works with the others in a meaningful way — one part without the others misses the bigger picture.
Three Layers of Privacy
1. Geeks and Lawyers
We end-to-end encrypt the most sensitive data — meaning we literally cannot access it. All other data is encrypted and accessed only when essential to operate the platform.
“The safest data is the data we don't have and can't access.”
2. Patient Privacy
Designed for real-world scenarios like staying safe in your own home, keeping care private from partners, avoiding tracking.
“What good is encryption if you're not safe at home?”
3. Clinic Privacy
One suite, one data sub-processor, minimized data footprint. So clinics can feel confident providing care.
“Fewer tools = less data scattered across vendors.”
Data privacy in our work requires intentional design at every level.
The safest data
is the data we don't have or can't access
We designed aboboTech from the ground up to collect as little data as possible. The most sensitive patient health information is end-to-end encrypted, meaning we literally cannot read it. All other patient data is encrypted at rest and in transit, and we access only what's essential to operate the platform. No tracking pixels, no location data, no browsing history. We don't just promise privacy — we build it into our technical architecture.
Because the best way to protect sensitive data is to never have access to it in the first place.
Location Data
— We do not store IP addresses, GPS, or geolocation tracking
Browsing History
— No tracking pixels or cross-site tracking
Search Queries
— We don't log what patients search for
Trackers
— No advertising trackers. Only essential cookies for authentication and security
Data Brokers
— No data broker integrations
Device Fingerprinting
— No device profiles or cross-device tracking
Metadata
— Minimal collection, no data profiling
Legal Framework & Compliance
HIPAA Privacy Rule
We safeguard patient health information in line with HIPAA privacy standards. We sign Business Associate Agreements (BAAs) with all clinic partners and maintain required safeguards for PHI.
State Privacy Laws
We monitor and comply with evolving state privacy laws, including restrictions on data sharing and requirements for patient consent. We implement privacy protections designed to exceed minimum legal requirements where possible.
Patient Data Protection
We do not sell or rent patient data to third parties. We do not share patient data for marketing or advertising purposes. Patient data is shared only with authorized service providers under strict contractual protections (Business Associate Agreements) as necessary to provide our services.
Legal Requests for Data
If we receive a legal request for patient data (subpoena, warrant, etc.), we will notify affected clinics when legally permitted to do so. We are committed to protecting your data and will engage legal counsel to evaluate requests for validity and scope. We may challenge requests that appear overly broad or legally insufficient where legally appropriate, and will provide only the minimum information we are legally compelled to disclose. We encourage clinics to consult with their own legal counsel regarding data requests and will coordinate our response with your legal team when possible.