Claim what is already yours
Your records.
Your vault. Your call.
Every clinical encounter, lab, prescription, and 8-axis reading you've ever generated belongs to you. The DataVault holds it under your encryption key, on infrastructure you control, with audit you can read. Claiming the vault takes about ninety seconds.
AES-256-GCM at rest BAA-eligible Patient-owned HIPAA Safe HarborHow claim works
Three steps.
Ninety seconds.
A vault is a private, encrypted record store keyed to you alone. Claiming it provisions the keys, registers your account, and binds your existing records to the vault you now own.
Email + biometric (Face ID, Touch ID, or hardware key). Two factors required. We never accept SMS as a second factor for health-record claim because SMS is not HIPAA-grade.
The vault provisions an AES-256-GCM master key locally on your device. The key never leaves your hardware enclave. You receive a recovery phrase. We do not retain it.
We bind any existing records under your name (clinical visits, labs, prescriptions, 8-axis readings) to the vault you now own. Future records flow in automatically through your providers.
What's inside
Eight kinds
of record.
The vault holds every record kind a clinical encounter can produce, plus the eight-axis readings the orb gathers continuously. All encrypted at rest, addressed by content hash, auditable on read.
Every visit, every clinician note, every diagnosis. Versioned.
CBC, BMP, hormone panels, genomic. Original PDF + structured values.
DICOM-grade radiology storage with provider-attached interpretations.
Every Rx with timestamps, prescriber, refills, and adherence signal.
Heart, sleep, activity, blood pressure. Apple Health, Whoop, Oura, Garmin.
Daily eight-axis snapshots, scored 0–100, with axis-level decomposition.
Every grant, every revocation, every audit-read of your record.
Linked relatives' relevant records, by reciprocal consent only.
Begin
Start the
claim.
We collect the minimum needed to verify you and provision your vault. Your information is encrypted at rest and never used for anything other than the claim flow.
Common questions
The fine
print.
Who owns the vault?
You do. Conceptual Healthcare Corporation is a custodian, not an owner. Your master key is generated on your device. We cannot read your records without your consent, and we cannot recover your key if you lose it.
What if I lose my key?
You can configure a recovery phrase, a hardware key, or a trusted-contact recovery. We strongly recommend at least two. If all recovery paths are lost, your records are permanently encrypted and unrecoverable.
Does claim cost anything?
No. The patient claim flow is free, forever. We earn revenue from clinics paying for the clinical platform and from IRB-approved research access to de-identified, aggregated data (only with your explicit per-study consent).
Will research access read my data?
Only if you opt in per-study, and only as de-identified, aggregated cohorts. You can review every research grant before consenting. You can revoke at any time. Past consents do not auto-renew.
What about minor patients?
A parent or legal guardian may claim a Family-Linked vault on behalf of a minor. The vault binds to the family until the minor reaches the state's age of majority (18 in most states; 19 in Alabama and Nebraska; 21 in Mississippi), then transfers ownership automatically. Pediatric clinical records follow HIPAA personal-representative rules — the parent is the personal representative for the minor's PHI. State mature-minor exceptions for sensitive categories are honored.
Is this HIPAA-compliant?
Yes. The DataVault is engineered against HIPAA Privacy and Security Rules. A standard BAA is available for institutional accounts. SOC 2 Type II audit is in process for Q3 2026.