Privacy, Health Information & US Deployment

Last updated: May 2026

This page supports a United States–first rollout of GALIMED. It does not constitute legal advice.

1. Data Controller / Business Associate

GALIMED is operated by Groupe Business Thérapie.

For privacy inquiries, data subject requests, compliance matters, or breach notifications:
📧 contact@groupe-businesstherapie.net

2. What We Process

Account Information
Email address; Password hash; User role and authentication data; Technical identifiers and IP addresses.

Health-Related Information
Symptom descriptions; Optional medical or image descriptions; AI-assisted triage inputs; Interaction history and scan history.

Technical Logs
Request identifiers; Security logs; API monitoring data; Error tracking and audit logs.

GALIMED does not replace professional medical care, diagnosis, treatment, or emergency services.

3. Subprocessors & Infrastructure

GALIMED may rely on trusted third-party subprocessors and cloud providers, including:

• Microsoft Azure (hosting, databases, monitoring);
• Azure Cosmos DB;
• OpenAI or Azure OpenAI services;
• Public healthcare APIs such as RxNorm.

Appropriate Data Processing Agreements (DPAs) and Business Associate Agreements (BAAs) should be executed where legally required.

For a US-first deployment, Microsoft Azure US regions and HIPAA-aligned infrastructure are strongly recommended.

4. Data Retention

GALIMED should define retention periods for:

• User accounts;
• Scan history and AI interactions;
• Security and technical logs;
• Backups and archived records.

Secure deletion, encryption, and backup lifecycle policies should be implemented.

5. User Rights

Depending on applicable jurisdiction and privacy laws, users may have rights to:

• Access their data;
• Correct inaccurate information;
• Delete personal information;
• Restrict or object to processing;
• Request data portability.

Requests may be submitted to:
📧 contact@groupe-businesstherapie.net

6. Security Measures

• HTTPS/TLS encryption;
• Encrypted storage;
• Strong authentication and access control;
• Password hashing (bcrypt or equivalent);
• Audit logging;
• Rate limiting and API protection;
• Backup and disaster recovery procedures;
• Security monitoring and incident response.

7. HIPAA & US Compliance

If GALIMED processes Protected Health Information (PHI), additional HIPAA compliance obligations may apply:

• Execution of Business Associate Agreements (BAAs);
• HIPAA-compatible Azure infrastructure;
• Access logging and traceability;
• Security safeguards and compliance procedures;
• Incident response and breach notification protocols.

8. Azure Marketplace Readiness

Publishing GALIMED on Microsoft Azure Marketplace generally requires:

• A commercial marketplace offer;
• Pricing and billing configuration;
• Support and legal documentation;
• Privacy and compliance disclosures;
• Security baseline validation;
• Microsoft Partner Center onboarding.

A dedicated compliance and certification track with Microsoft is recommended before large-scale commercialization.

9. Limitation of Medical Liability

GALIMED is not a certified medical device unless explicitly approved by relevant regulatory authorities. AI-generated outputs may contain inaccuracies and require human validation.

In case of medical emergency, users must immediately contact licensed healthcare professionals or emergency services.

© 2026 GALIMED — Groupe Business Thérapie — All rights reserved.

Back to home