Added HIPAA-compliant privacy policy page

code/mymedic/tests/users/test_privacy_policy.py

@@ -0,0 +1,9 @@
+from django.test import TestCase
+from django.urls import reverse
+
+class PrivacyPolicyViewTests(TestCase):
+    def test_privacy_policy_page(self):
+        url = reverse("privacy_policy")  
+        response = self.client.get(url)
+        self.assertEqual(response.status_code, 200)
+        self.assertContains(response, "Privacy Policy")

code/mymedic/users/templates/users/dashboard.html

@@ -190,5 +190,9 @@ <h5 class="activity-title">Prescription Refilled</h5>
       </div>
 
     </div>
+    <footer class="mt-4 text-center">
+      <a href="{% url 'privacy_policy' %}" class="text-dark fw-bold fs-6">Privacy Policy</a>
+
+    </footer>
   </main>
 </html>

code/mymedic/users/templates/users/privacy_policy.html

@@ -0,0 +1,75 @@
+{% load static %}
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <title>Privacy Policy</title>
+  <link rel="stylesheet" href="{% static 'css/base.css' %}">
+  <style>
+    body {
+      background-color: #f4f4f4;
+      display: flex;
+      justify-content: center;
+      align-items: center;
+      min-height: 100vh;
+      margin: 0;
+    }
+
+    .policy-box {
+      max-width: 800px;
+      background-color: #f4f4f4;
+      padding: 40px;
+      border-radius: 10px;
+      box-shadow: 0 0 10px rgba(0,0,0,0.1);
+      font-family: Arial, sans-serif;
+    }
+
+    .policy-box h2 {
+      text-align: center;
+      margin-bottom: 30px;
+      color: #20b2aa;
+
+    }
+
+    .policy-box h4 {
+      margin-top: 25px;
+      color: #20b2aa;
+    }
+
+    .policy-box p {
+      margin-top: 10px;
+      line-height: 1.6;
+    }
+  </style>
+</head>
+<body>
+  <div class="policy-box">
+    <h2>Privacy Policy</h2>
+
+    <p>At <strong>MyMedic</strong>, we understand that your health information is personal. We are committed to protecting your privacy in accordance with applicable laws, including the Health Insurance Portability and Accountability Act (HIPAA).</p>
+
+    <h4>Information We Collect</h4>
+    <p>We collect your name, contact details, medical history, prescriptions, and appointment data to provide and improve our services.</p>
+
+    <h4>How We Use Your Information</h4>
+    <p>Your data is used solely to facilitate appointments, manage prescriptions, and support your healthcare journey. We do not sell or share your information without your explicit consent.</p>
+
+    <h4>HIPAA Compliance</h4>
+    <p>All health data is handled in compliance with HIPAA regulations. We implement strong administrative, physical, and technical safeguards to protect your information.</p>
+
+    <h4>Data Sharing</h4>
+    <p>We only share data with licensed medical professionals involved in your care. Any third-party service providers are bound by strict confidentiality agreements.</p>
+
+    <h4>Your Rights</h4>
+    <p>You have the right to access your data, request corrections, and withdraw consent. You may contact us at any time to exercise these rights.</p>
+
+    <h4>Contact Us</h4>
+    <p>If you have any questions or concerns about our privacy policy, please reach out at <a href="mailto:support@mymedic.com">support@mymedic.com</a>.</p>
+    <p style="font-size: 0.9em; color: #1d5967; text-align: center; margin-top: 20px;">
+        This Privacy Policy was last updated on June 13, 2025.
+      </p>
+
+  </div>
+</body>
+</html>
+

code/mymedic/users/urls.py

@@ -9,4 +9,6 @@
     path('mlogout', views.mlogout, name='mlogout'),
     path('', views.mlogin, name=''),  # Default route to login
     path('cancel/<int:appointment_id>/', views.cancel_appointment, name='cancel_appointment'),
+    path("privacy/", views.privacy_policy, name="privacy_policy"),
+
 ]

code/mymedic/users/views.py

@@ -117,12 +117,14 @@ def profile(request):
             return redirect("profile")
     else:
         return render(request, 'users/profile.html', context={"form": form})
-
 
 @login_required(login_url='mlogin')
 def cancel_appointment(request, appointment_id):
     appointment = get_object_or_404(Appointment, id=appointment_id, user=request.user)
     if request.method == "POST":
         appointment.delete()
         messages.success(request, "Appointment canceled successfully.")
-    return redirect("dashboard")
+    return redirect("dashboard")
+
+def privacy_policy(request):
+    return render(request, 'users/privacy_policy.html')