Health Data Privacy (Protected Health Information)

TruWaiver handles participant waivers that often contain medical declarations (such as emergency contact details, allergies, pre-existing conditions, or heart disclosures). We treat all such declarations as Protected Health Information (PHI).

Security Architecture

• **AES-256 Encryption**: All PHI is encrypted both at rest inside Firebase and Firestore database structures, and in transit via TLS 1.3 tunnels.
• **Role-Based Access Control (RBAC)**: Only authorized business owners or admins with validated tokens can access incident logs or guest medical waivers.
• **Comprehensive Audit Log**: The database maintains cryptographically stamped timestamp logs for all document access, creation, and downloads.

Business Associate Agreement (BAA)

Enterprise accounts requiring BAA signatures for medical disclosures can contact our safety compliance officer at compliance@waivershield.com to finalize agreements prior to active deployment.