Privacy Policy

Who We Are

Qbit is a healthcare analytics and education platform built by Kenneth Nguyen. Qbit helps students, researchers, and healthcare professionals learn from real hospital data using AI-powered analysis tools.

Our platform is available in two forms: a web application at qbit.health and an app accessible through Pi Browser. This policy covers both.

Contact for privacy questions: privacy@qbit.health

What We Collect and Why

We collect only the data necessary to provide our platform's features. We do not sell, share, or disclose your personal data to third parties.

Account Information

Web users (qbit.health):

When you create an account on our website, we collect your email address and a password. We use your email for authentication, password resets, and account-related notifications. Your password is stored as a cryptographic hash — we never see or store your actual password.

You may optionally provide your Pi Network username to receive priority access to new features. This is a text field you fill in yourself; we do not verify it through Pi Network's systems.

Pi Browser users:

When you use Qbit through Pi Browser, Pi Network's SDK provides us with your Pi User ID and Pi username. Your Pi User ID is a pseudonymous identifier — it does not contain your name, email, or other personal details. We use it to link your Qbit account to your Pi identity so your saved work carries across sessions.

When you first log in through Pi Browser, we ask for your explicit consent before linking your Pi identity to your Qbit account. You can decline and still use the platform through a web account with email registration instead.

We check your KYC verification status through Pi's SDK when you log in to determine payment eligibility, but we do not store your KYC status or any KYC documents. Your Pi session token exists only in your device's memory during your session and is never saved to our servers.

Healthcare Analytics Data

When you use Qbit's analysis tools, we store your questions and the results the system generates. These are your work product — you created them, and they belong to you. We store them so you can return to your analyses later.

Your healthcare queries and analysis results are private to your account. They are not visible to other users, not used to build profiles or recommendations, and not shared with anyone.

The hospital data you analyze through Qbit comes from publicly available datasets published by the US Centers for Medicare & Medicaid Services (CMS). This is aggregate, hospital-level data — not individual patient records. We do not collect or process personal health information as defined under Ontario's Personal Health Information Protection Act (PHIPA).

Payment Information (Pi Browser Users)

If you purchase credits through Pi Browser, we record the transaction: a payment ID, the amount in Pi, and the payment status. These records are necessary for credit allocation and financial record-keeping under Canadian tax law.

We do not access your Pi wallet balance, private keys, or transaction history with other apps. Our credit system tracks service entitlements within Qbit — it is not a wallet and does not hold Pi on your behalf.

Refunds: Qbit does not process refunds for completed Pi payments. If a technical issue prevents credit delivery after a successful payment, contact support@qbit.health and we will manually credit your account. We retain payment records for 7 years per Canadian financial record-keeping requirements regardless of any dispute resolution.

What We Do Not Collect

We do not collect your IP address at the application level, your physical location, your device fingerprint, your browsing history on our site, or any health insurance or personal medical information. We do not use tracking cookies, analytics pixels, or third-party advertising tools. The only cookies we use are essential for keeping you logged in during your session.

How Long We Keep Your Data

Your Rights

Access Your Data

You can request a copy of all personal data we hold about you by emailing privacy@qbit.health. We will respond within 30 days. We are building a self-service data export feature for a future release.

Correct Your Data

You can update your profile information (email, Pi username) through your account settings at any time.

Delete Your Data

You can delete your account through account settings or by emailing privacy@qbit.health. When you delete your account, we remove your personal information and saved analyses. Pi payment records are retained for the legally required 7-year period but are disassociated from your identity.

Unlink Your Pi Identity

If you connected your Pi Network identity to your Qbit account, you can unlink it at any time. Unlinking removes your Pi User ID and Pi username from your account. Your saved analyses, credit balance, and other account data remain intact.

Raise a Concern

If you believe we are handling your data improperly, contact us at privacy@qbit.health. Kenneth Nguyen, the platform's founder, reviews all privacy complaints personally. You also have the right to file a complaint with the Office of the Privacy Commissioner of Canada.

How We Protect Your Data

We take the security of your data seriously. Our technical safeguards include:

• Authentication via industry-standard JSON Web Tokens (JWT) with ES256 signing
• All credentials stored using SecretStr patterns that prevent accidental exposure in logs or error messages
• Structured logging with automatic PII redaction
• Data stored in Canadian infrastructure (Azure Canada Central)
• Rate limiting and bounded caches to prevent abuse
• Non-root container execution in our server infrastructure
• Automated security scanning in our development pipeline

Cookies and Tracking

Qbit uses only essential cookies necessary for authentication and session management. We do not use analytics cookies, advertising cookies, tracking pixels, or third-party analytics services.

Children's Privacy

Qbit is designed for healthcare students, researchers, and professionals. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, contact us at privacy@qbit.health and we will delete it.

Future: Health Data Contribution Program

Qbit is designing a voluntary health data contribution program for future phases of the platform. This program is not active today. When it launches, it will operate under a tiered consent model where each level of data sharing requires separate, explicit enrollment.

We will update this privacy policy with full details before the program becomes available, and participation will never be required to use Qbit's core features.

Changes to This Policy

If we make material changes to this policy, we will notify you by email (for web users) or through an in-app notice (for Pi Browser users) at least 14 days before the changes take effect.

Contact