top of page

Privacy Policy

Privacy Policy of Pyllola.com

Last Updated: April 2026

 

Pyllola Srls, as the Data Controller pursuant to EU Regulation 679/2016 (GDPR), describes the management of personal data for those who interact with our services via www.Pyllola.com.

 

HIPAA and Protected Health Information (PHI)

Pyllola is committed to protecting the privacy and security of our users' medical and personal data. For users subject to United States jurisdiction, we fully align our platform architecture with the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act.

1. Data Encryption Standards

All communication channels routed through the Pyllola platform are heavily secured. We implement industry-leading AES 256-bit encryption for all data both in transit and at rest. This rigorous standard encompasses:

  • All integrated intake forms and questionnaire submissions.

  • Live audio and video consultations between patients and healthcare professionals.

  • Any digital prescription routing, medical recommendations, or administrative data.

2. Ephemeral Architecture & Non-Retention of PHI

Because Pyllola is designed around a modern, frictionless user experience—requiring Zero App Downloads and No Registration—we significantly minimize the attack surface for data breaches.

Pyllola does not permanently store Protected Health Information (PHI) on our public web servers. Video consult links are encrypted, and patient-doctor interactions occur over an isolated, secure, HIPAA-compliant pipeline.

Once your consultation is finished, medical history details are not cached or stored on our public-facing internet infrastructure.

 

3. Business Associate Agreements (BAAs)

In strict compliance with HIPAA rules, Pyllola executes formal Business Associate Agreements (BAAs) with all critical backend infrastructure providers, video API vendors, and hosting environments that handle, transmit, or route data on our platform. These legally binding agreements ensure that every partner in our technical ecosystem maintains the exact same institutional security safeguards required by federal law to keep your healthcare data private.

For an everyday breakdown of our data security frameworks, read our guide on [Traveling to Italy: Medical Privacy Abroad]

1. DATA CONTROLLER

The Data Controller is Pyllola Srls, located in Rome, Italy. You may contact our Data Protection Officer (DPO) at info@pyllola.com for any inquiries regarding the processing of your personal data.

 

2. TYPES OF DATA PROCESSED

  • Personal Data: Name, surname, telephone number, gender, date of birth, and email address.

  • Health Data (Sensitive Data): Pursuant to Article 9 of the GDPR, we collect specific information regarding symptoms and allergies. This is strictly necessary to provide the requested medical consultation. No other unnecessary health data is collected.

 

3. LEGAL BASIS & CONSENT

Processing is based on your explicit consent (Art. 6, par. 1(a) and Art. 9, par. 2(a) GDPR). Consent is given by clicking the "Privacy Consent" box before submitting a request. You have the right to withdraw consent at any time, though this may make it impossible to provide our medical services.

 

4. DATA RETENTION

  • Medical Records: In compliance with Italian healthcare regulations, data related to medical consultations is retained for 10 years.

  • Navigation Data: Anonymous statistical data is deleted immediately after processing.

  • Our calculators are designed for local browser processing only. Pyllola does not store, transmit, or sell your personal biological data (weight, age, or metabolic results).

 

5. SHARING AND DISCLOSURE

We do not sell or lease your data. Information is only shared with:

  1. Internal Collaborators: Licensed physicians assigned to your case.

  2. Technical Providers: Secure telematic services (video platforms, secure hosting) instrumental to the service.

  3. Legal Obligations: When required by the Judiciary or Public Security authorities.

 

6. DATA SECURITY

We implement rigorous automated security measures to prevent data loss, illicit use, or unauthorized access. All medical consultations are conducted via encrypted channels to ensure patient confidentiality.

 

7. YOUR RIGHTS (GDPR Arts. 15-22)

You have the right to:

  • Access your data and receive a copy.

  • Request rectification, integration, or deletion.

  • Limit processing or object to processing for legitimate reasons.

  • Lodge a complaint with the Data Protection Authority (www.garanteprivacy.it).

Pyllola_Logo
bottom of page