Privacy & Data Notice

Bentley is a personal health management application. It helps you organize health records, lab results, medications, appointments, and related documents in one place. You may connect Google (Gmail, Calendar, Drive) and health-system portals to import your own data.

HIPAA regulates covered entities — healthcare providers, health plans, and clearinghouses — and their business associates, the vendors that handle protected health information on their behalf. An individual managing their own health records is neither.

Bentley is not a covered entity or a business associate. When you use Bentley for personal health management, HIPAA's compliance requirements generally do not apply, and a Business Associate Agreement (BAA) is not required.

One part of HIPAA that is still relevant to you: under §164.524, you have the right to access and receive a copy of your own health records from your providers. That right of access is the legal basis for importing records from patient portals via Fasten Connect and Metriport.

Health records and account data are stored in Supabase (Indexia project). The application is hosted on Vercel. File uploads (documents, imaging) are stored in Supabase Storage with access controlled by row-level security policies.

Google. If you sign in with a personal Google account (@gmail.com), data accessed through Gmail, Calendar, or Drive is outside any Google Workspace BAA. Bentley requests read-only access and you can revoke it at any time in your Google account settings.

Fasten Connect & Metriport. When you connect a patient portal, these services act as trusted intermediaries. They never share your portal credentials with Bentley. Records are imported under your right of access to your own health data (HIPAA §164.524 and the ONC Cures Act). Disconnecting a portal does not delete records already imported.

Anthropic. If you use AI features, Bentley sends your health records — including identifying details such as names, dates, diagnoses, and lab values — to Anthropic's API for analysis. This data is not de-identified before transmission. Only use AI features if you are comfortable sharing this information with a third-party model provider.

• Row-level security — each profile's data is isolated; you only see records you have been granted access to.
• Audit log — changes to health records are recorded with actor, timestamp, and before/after snapshots.
• Soft delete — deleted records are retained for a recovery period before permanent purge.
• Data export — download a complete JSON export of any profile you can read, including records, sources, audit log, and access list.
• Account deletion — schedule permanent removal of your account and owned profiles, with a 30-day cancellation window.
• Access controls — invite others to view or edit a profile with viewer, editor, or admin roles; revoke access at any time.

Under HIPAA §164.524 and GDPR Article 20, you have the right to receive a copy of your health information in a portable format. Use Settings → Export data to download your records.

If you are a U.S. resident, you may also have rights under state privacy laws (such as the California Consumer Privacy Act) to know what data is collected, request deletion, and opt out of certain sharing. Bentley does not sell personal information.

You may invite family members or caregivers to view a profile. Only share access with people you trust. Anyone with access can view the health information in that profile according to their role.

If you have questions about how your data is handled, sign in and review your connected sources under Settings, or export your data before closing your account.