Concepts
Privacy and consent — the short version
How sharing works: by default nothing leaves you; everything else is opt-in and revocable.
Three rules sit underneath every feature in Teloma:
- Your record is yours. You can use Teloma without granting access to anyone and without consenting to research.
- Every form of sharing is opt-in and revocable. Caregivers, clinicians, and research consent are three separate switches.
- Every view, write, and denied access is audited. The audit log is append-only and visible to admins.
What each switch means
| Caregiver access | A trusted person can read (and optionally log) for you. You name them by email. You can revoke. |
| Clinician access | A named clinician can read your record. You name them by email. You can revoke. |
| Research consent | With your explicit, versioned consent, de-identified data may be used to support cancer research. Off by default. You can withdraw anytime. |
Note
Research consent is its own switch. Granting clinician access does NOT mean your data flows into research. The two are independent on purpose.