VynMed Inc.

Account & data deletion

How to request deletion of your VynMed (Android app) account, or specific data within it.

Delete your entire account

To request deletion of your VynMed account, send an email to [email protected] with the subject line:

Account Deletion Request

Include in the body:

  • The email address associated with your VynMed account
  • A short statement that you are requesting deletion (e.g., "Please delete my VynMed account and associated profile data.")

We confirm receipt within 2 business days and complete the deletion within 14 business days of confirmation.

Delete specific data without deleting your account

If you only want to remove certain information (e.g., your saved name or phone number) but keep your sign-in credentials active, you have two options:

  1. In-app: open the VynMed app, go to Profile, clear the relevant fields, tap Save profile. Local profile changes propagate immediately.
  2. By email: send a request to [email protected] with subject Partial Data Deletion Request, listing which fields or data types you want removed. We respond within 2 business days.

What gets deleted

When you delete your account, the following are removed:

  • Your Cognito sign-in record (email + authentication credentials)
  • Profile fields you set (name, phone, role display)
  • Local mobile-app data (cached profile, preferences, biometric-enable flag)
  • Active session tokens (you are signed out everywhere)

What is retained, and why

VynMed Inc. operates as a HIPAA Business Associate to skilled-nursing facilities. Certain records are retained for compliance and legal-defensibility reasons even after account deletion:

  • Test session metadata (test_id, device_id, facility_id, timestamp, validator result) is retained for 7 years in tamper-evident, write-once storage (S3 Object Lock COMPLIANCE), as required for healthcare audit trails. By design, VynMed does not store patient names, dates of birth, or other patient identifiers; the retained data does not directly identify any individual.
  • Audit log entries (which user took which administrative action) are retained for 7 years in the same tamper-evident store, also for HIPAA chain-of-custody compliance.
  • Billing records (subscription history, invoice metadata) are retained for 7 years per IRS requirements for business records.

These retained records are encrypted at rest with KMS-managed keys, accessible only to authorized VynMed staff for legal, regulatory, or audit-response purposes. They cannot be deleted on individual request because doing so would violate the compliance obligations that the underlying SNF facility relies on.

Response timeline

  • Account deletion request: 2 business days to confirm, 14 business days to complete.
  • Partial data deletion request: 2 business days to respond.
  • Verification: we may ask you to confirm your request from the email address on file before proceeding, to prevent unauthorized deletions.

Contact

Questions about deletion or what data is retained:

Last updated: 2026-05-05