Privacy Policy

EDEN Connect (“we”, “us”) is a digital health intelligence platform currently piloting in Eastern Highlands Province, Papua New Guinea, in partnership with the Eastern Highlands Province Health Authority. This policy describes what information we collect, how we use it, and how you can request that your data be deleted.

• Account information: name, email address, phone number, role, and the community or organization you belong to.
• Community profile data: community name, location (GPS coordinates), population, household counts, photos, and health-related descriptions submitted by community leaders or health workers.
• Survey and report data: health and demographic information collected during baseline and quarterly surveys, including respondent name and phone number where the respondent has provided informed consent.
• Authentication data: when you sign in via Google or Facebook, we receive your name, email address, and profile picture from that provider. We do not receive your password or access your social network contacts.
• Device and connectivity signals: approximate location, device identifiers, app version, and offline-sync queue state, used to operate the offline-first capture experience.
• Usage and audit logs: sign-in events, content edits, and administrative actions, retained for security and compliance.

• Operate the platform and provide its features to authorized users.
• Surface community and provincial health insights to partner health authorities.
• Send notifications about activity relevant to your role (e.g. new community submissions, health alerts).
• Maintain security through audit logs and abuse detection.

The EDEN Connect web dashboard includes an AI Assistant called TISA (The Intelligent Survey Assistant), available to users with the National Coordinator role and above. CHWs and the mobile app do not have access to TISA.

TISA is powered by Anthropic’s Claude language models (currently claude-haiku-4-5). When an authorised user submits a question or runs a briefing, the following may be transmitted to Anthropic for processing:

• The full text of the user’s question or prompt.
• Summary statistics and database context relevant to the request, which may include community names, ward and facility identifiers, and personal identifiers (such as community-health-worker names) where they appear in the underlying data.
• Conversation history within the active TISA session, used to maintain continuity within a query.

Anthropic processes this information solely to generate the AI response and, per its enterprise terms with EDEN Connect, does not use it to train its models. See Anthropic’s privacy policy for details on its data handling. AI-generated responses are intended to support decision-making by qualified personnel and are not a substitute for professional clinical judgement.

We do not sell personal information. We share data only with the following parties, and only to the extent necessary to operate the service:

• Authorised users within EDEN Connect — per their role and access level (e.g. CHWs see their assigned communities; partner health authorities see their region).
• Partner health authorities in the regions where we operate (currently the Eastern Highlands Province Health Authority, Papua New Guinea).
• Anthropic, PBC (United States) — when authorised users invoke AI-assisted features, as described in “AI-assisted features (TISA)”.
• Google Cloud Platform (Google LLC) — application hosting (Cloud Run), database (Cloud SQL for PostgreSQL), object storage (Cloud Storage for photos and survey attachments), and operational logging, all in the australia-southeast1 region (Sydney).
• Firebase (Google LLC) — authentication and the offline-sync buffer (Realtime Database).
• SendGrid (Twilio Inc.) — transactional email (invitations, notifications).
• Twilio (Twilio Inc.) — SMS and (where enabled) WhatsApp Business messaging.
• Expo (Expo, Inc.) — mobile-app over-the-air update delivery and crash reporting.
• Legal recipients — where required by law, court order, or to protect the rights, property, or safety of EDEN Connect, our users, or the public.

EDEN Connect operates with users in Papua New Guinea and Australia and uses service providers that may process data outside those jurisdictions. Specifically:

• Primary data storage (Cloud SQL, Cloud Storage, Cloud Run, Firebase) is hosted in Sydney, Australia (australia-southeast1).
• AI processing through Anthropic may take place in the United States.
• Some operational telemetry, email, and messaging providers may process data in the United States or Singapore.

Where personal data is transferred outside your jurisdiction, we rely on the service provider’s contractual commitments (including standard contractual clauses where applicable) to maintain a level of protection consistent with this policy.

Data is stored in Google Cloud in the australia-southeast1 region (Sydney) and is encrypted at rest by Google and in transit using TLS. The platform is composed of:

• Cloud Run — application hosting for the web dashboard and API.
• Cloud SQL (PostgreSQL) — primary database for accounts, communities, surveys, and audit logs.
• Cloud Storage — object storage for community photos and survey attachments.
• Firebase Authentication — sign-in identity and role custom claims.
• Firebase Realtime Database — offline-sync buffer for the mobile app.

Access is gated by Firebase Authentication, role-based access controls, and audit logging. We follow least-privilege principles for staff access to production data.

We retain personal data only as long as necessary for the purposes set out in this policy:

• Account data — for the active life of your account.
• Survey and community data — typically up to seven (7) years, consistent with health-records retention practice, or for the period required by the partner health authority.
• Audit logs — typically up to seven (7) years for security and compliance.
• Aggregated, de-identified statistics — may be retained indefinitely for reporting and research where the data cannot be linked back to an identifiable individual.

You may request deletion at any time using the instructions below.

You have the right to request that your personal data be deleted from EDEN Connect at any time, including data obtained through Facebook Login or Google Sign-In.

To request deletion of your account and associated personal data, please email us at privacy [at] edenconnect.health with the subject line “Data deletion request”. Include the email address associated with your account and, if applicable, the name of your community or organization.

We will acknowledge your request within 5 business days and complete deletion within 30 days. The following will be removed:

• Your user account and authentication identifiers
• Personal contact information (name, email, phone)
• Profile pictures and any photos you uploaded
• Information received from Facebook or Google Sign-In

Aggregated, de-identified community health statistics may be retained for reporting and research purposes where they cannot be linked back to you. Audit logs may be retained for the period required by law for security and compliance.

EDEN Connect is intended for use by adults working in or with health programs. We do not knowingly collect personal information directly from children under 13.

We may update this policy as the platform evolves. Material changes will be communicated to active users via email. The “Last updated” date at the top of this page reflects the most recent revision.

Questions about privacy or this policy can be sent to privacy [at] edenconnect.health.