HIPAA, GDPR and Your Bathroom Data
What data-protection laws actually mean for consumer health devices — and the questions they should prompt you to ask.

HIPAA and GDPR shape how health data can be handled, but consumer devices sit in a nuanced space. Knowing the basics helps you ask the right questions.
What the frameworks cover
GDPR grants strong rights over personal data — access, deletion, portability and consent. HIPAA governs protected health information in specific US contexts. Consumer devices may not automatically fall under HIPAA, which makes a vendor's own commitments crucial.
Questions to ask
Where is data stored and processed? Can you exercise deletion and portability rights? Is consent explicit and revocable? Strong vendors welcome these questions.
- Access and portability rights
- Deletion on request
- Explicit, revocable consent
- Vendor commitments beyond law
“LUXOSMT treats every share as an explicit, revocable decision.”
Beyond compliance
The best products exceed the legal minimum, treating privacy as a design principle rather than a checkbox.

