---
title: "Privacy Policy — TVshuru Health"
description: "How TVshuru Health handles protected health information as a HIPAA Business Associate, plus website and lead data."
url: "https://health.tvshuru.com/privacy.html"
last_updated: "2026-07-15"
---

# Privacy Policy

Last updated: 15 July 2026

This policy explains how Tangible Spin LLP ("TVshuru Health", "we") handles information in connection with the TVshuru Health interactive patient-care platform and the health.tvshuru.com website. It is a plain-language summary, not legal advice.

## 1. Two different kinds of data

- **Patient information inside a hospital deployment (PHI).** When TVshuru Health runs at a hospital, it may process protected health information (name, room, care team, education/requests) *on behalf of the hospital*. The hospital is the covered entity; TVshuru Health acts as its **Business Associate** under HIPAA.
- **Website and enquiry information.** When you browse the site or submit the demo form, we process ordinary business-contact information (name, work email, organization, message).

## 2. Patient information (Business Associate role)

Under a **Business Associate Agreement (BAA)** with each hospital and the HIPAA Privacy, Security, and Breach Notification Rules:

- We use/disclose PHI only as permitted by the BAA and only to provide and support the service — never to sell it or for our own marketing.
- Each hospital's data is logically segregated.
- Personalized content and patient inputs are cleared from the room between admissions.
- PHI is encrypted in transit and at rest, with role-based access and audit logging.
- Patients exercising rights over their health information should contact the hospital (the covered entity); we support the hospital in fulfilling those requests.

See [Data & Security](data-security.md).

## 3. Website and enquiry information

We collect what you provide (name, work email, organization, role, approximate beds, message) and basic technical data (page, referrer), used only to respond to you and keep business records. We do not sell it or build advertising profiles.

## 4. Cookies and analytics

The marketing site is intentionally lightweight, with no advertising trackers. Any analytics are limited to aggregate site usage; where required we present a cookie notice and honor your choices.

## 5. Sharing and subprocessors

We share information only with service providers that help us operate, each bound by confidentiality and, where PHI is involved, HIPAA obligations. A subprocessor list is available to contracted hospitals on request. We may disclose if required by law.

## 6. Retention

Patient information is retained only as directed by the hospital and BAA, and cleared from rooms between admissions. Website enquiry information is retained as needed to respond and maintain records, then deleted or anonymized.

## 7. Security

We use administrative, physical, and technical safeguards appropriate to healthcare — encryption, access controls, monitoring, and training. Report concerns to security@tangiblespin.com.

## 8. Children

On pediatric wards, TVshuru Health processes children's information strictly on behalf of and under the direction of the treating hospital. The marketing website is not directed to children.

## 9. International

Where a deployment or enquiry involves data protected by additional laws (GDPR, India's DPDP Act), we handle it under the applicable law and our agreement with the relevant organization.

## 10. Changes

Material changes will be posted here with a new "Last updated" date.

## 11. Contact

privacy@tangiblespin.com. For patient information at a specific hospital, also contact that hospital, which is the covered entity.
