We Do Not Sell Your Data

Last Updated: April 12, 2025

Introduction

Health Cloud is a U.S.-based healthcare technology platform committed to protecting the privacy and security of personal data and Protected Health Information (“PHI”). We serve both patients and healthcare providers, and we are dedicated to maintaining your trust through transparent and ethical data practices. This Policy affirms in clear terms that we do not sell, rent, or trade your data – including any PHI – and explains how we collect, use, and share information in compliance with applicable laws and industry standards. We are pursuing compliance with the Health Insurance Portability and Accountability Act (“HIPAA”), the SOC 2 security and privacy framework, and U.S. privacy regulations such as the California Consumer Privacy Act (“CCPA”) (as amended by the California Privacy Rights Act). We want you to know exactly how your data is handled and the choices and rights you have.

    Definition of “Sell” Under Applicable Law

    When we say we do not “sell” your data, we use the term “sell” as defined in laws like the CCPA. Under the CCPA, “sell” broadly means sharing a consumer’s personal information with another business or third party for monetary or other valuable consideration. In other words, it’s not just about exchanging data for money – any exchange of personal information for a benefit could be considered a “sale.” Importantly, transfers of personal information to service providers for legitimate business purposes (under contracts that prohibit further use of the data) are not considered sales. Health Cloud adheres to these definitions and requirements. We also note that under HIPAA, the “sale” of PHI (defined as disclosing PHI in exchange for direct or indirect remuneration) is generally prohibited without the individual’s authorization.

      No Selling, Renting, or Trading of Personal Data or PHI

      Health Cloud does not sell, rent, or trade personal data or PHI, period. This principle is fundamental to our business. We do not disclose your personal information or health information to third parties for their own commercial use, marketing, or any purpose outside of the services we provide to you. This means:

      • We do not sell personal information, as “sell” is defined under the CCPA, and we do not “share” it for targeted advertising purposes either. Any data sharing we engage in is strictly limited to the service-related purposes described in this Policy, and always under protective agreements.
      • We do not sell PHI. In fact, HIPAA regulations forbid the sale of PHI without patient authorization, and we fully comply with that requirement. We will never receive payment or anything of value in exchange for your PHI.
      • We do not allow unauthorized third-party access to your data. We will never provide your personal data or PHI to data brokers or other companies to use for their own marketing or research. Your data is used only to serve you and operate our platform, as described below.

      By clearly stating the above, we assure our users – individual patients, providers, enterprise clients, and partners alike – that your information is treated as confidential and used only in ways you would expect. If in the future we ever consider a use of data that falls outside these commitments, we will seek your permission and comply with all applicable legal requirements (for example, providing any required notice or opt-in). But as of now and going forward, your data is not for sale.

      Categories of Data We Collect and How We Use It

      In order to provide our healthcare platform services, Health Cloud collects and processes several categories of data. We apply strict purpose limitations to each category, meaning we only use the data for specific, disclosed purposes necessary to serve our users and run our operations. Below we outline the types of information we collect and how we use it:

      • Account and Contact Information: When you sign up or are onboarded as a patient or provider, we collect personal identifiers such as your name, email address, phone number, mailing address, login credentials, and professional information (for providers, this may include practice name, title, and licensing information). We use this information to create and manage user accounts, authenticate users, communicate with you (for instance, sending account-related notifications or responding to support inquiries), and personalize your experience on the platform. We do not use contact information for any unrelated marketing without your consent, and we do not share it with third parties except as needed to provide our services (as described in the next section).
      • Protected Health Information (PHI): As a healthcare platform, we handle PHI – meaning any health or medical information that can identify an individual (for example, medical histories, treatment or diagnosis information, medications, appointment records, and other health-related data you or your provider input into Health Cloud). We collect PHI only to facilitate the healthcare services you have chosen to use on our platform. For patients, this might include symptoms you track or information you share with providers; for providers, this might include notes or records about patient care. We use PHI solely for healthcare purposes, such as providing the cloud-based health record service, enabling patient-provider communications, coordinating care, and other uses allowed by HIPAA (like treatment, payment, or health care operations). We do not use PHI for any marketing or advertising purposes. Access to PHI within Health Cloud is restricted to authorized users (e.g., the patient and their healthcare providers, and our personnel or contractors who need access to support the service). All PHI is handled in accordance with HIPAA’s privacy and security rules and with stringent confidentiality protections.
      • Analytics and Usage Data: We collect data about how users interact with our platform, which may include device information (such as IP address, browser type, or mobile device identifiers), log data (like login times, pages or features accessed, clickstream data), and usage statistics or events within the app. This behavioral analytics data helps us understand product performance and user engagement. We use this information to maintain and improve our services – for example, to debug issues, enhance usability, and develop new features that better serve our users. Whenever possible, we use this data in aggregated or de-identified form for analytics, meaning it is not linked to a specific individual. Any analytics tools we use are configured to limit data to what is necessary. We do not use analytics data to profile you for advertising, nor do we allow analytics providers to use it for their own purposes. If analytics cookies or similar technologies are used on our informational website, they are used with appropriate notice or consent, and always in a manner that does not “sell” your data.
      • Support and Communications Data: If you contact Health Cloud for support or feedback (for example, via email, chat, or phone), we will collect the information you provide in those communications. This may include contact details and a description of your issue or question, and sometimes diagnostic data or screenshots if you provide them. We use this information to assist you and resolve issues, to improve our customer support services, and to document and track support outcomes. We treat support communications as confidential and do not share the contents with any third party except the support service providers acting on our behalf (described below) or as required by law.
      • Other Personal Data You Provide: In the course of using Health Cloud, you may have opportunities to provide other personal information – for instance, responding to surveys, participating in beta testing feedback, or adding profile details. We will explain at the time what such data will be used for. Generally, we will use it for the purpose stated (such as improving our beta product based on your feedback). We will not use this information for unrelated purposes.

      How We Do Not Use Collected Data: We want to emphasize that we do not use any personal data or PHI for purposes incompatible with those listed above. In particular, we do not use your data for third-party advertising targeting, we do not monetize your data through sale or trading, and we do not use sensitive health information for any purpose that you have not consented to or that isn’t clearly outlined in this Policy. We adhere to principles of data minimization and purpose limitation – meaning we collect only what we need, and use it only for the purposes for which it was collected (see Data Minimization and Retention below for more on this).

      Third-Party Service Providers and Data Sharing

      While Health Cloud does not sell or give away your information, we do work with a limited number of trusted third-party service providers who help us operate our platform and deliver services to you. Whenever we share data with these third parties, it is only for the specific purposes of providing our services or fulfilling a legitimate business purpose on our behalf, and never for the third party’s own use or gain. These partners are bound by strict agreements to protect your information, maintain confidentiality, and use the data only as instructed by Health Cloud.

      • Categories of Third-Party Recipients: The types of third parties with whom we may share data (never sell) include:
      • Cloud Infrastructure and Hosting Providers: We use secure cloud computing platforms and data storage providers to host Health Cloud and store data (including PHI) reliably and safely. These providers may process encrypted personal data or PHI for storage, backup, and retrieval, but they do not have access to use that data for any other purpose. They operate under Business Associate Agreements (for PHI) or comparable data protection agreements that require HIPAA-level safeguards and prevent any independent use or disclosure of your information.
      • Analytics and Diagnostics Tools: We may use third-party analytics services to help us understand system performance and user interaction. For example, we might utilize analytics software to identify which features are used most often or to catch errors in the app. In doing so, we either avoid sending any personally identifiable information or PHI to these tools, or we anonymize/pseudonymize data before analysis. The service providers behind these tools are contractually prohibited from using your data for their own purposes and are only allowed to process it to provide insights to us (as a “service provider” under CCPA). This means analytics data is not shared onward and is not considered a sale of your information. We take care to ensure any analytics use is compliant with privacy regulations and, where required, we will ask for your consent before enabling certain types of analytics (such as those involving cookies or tracking on our website).
      • Customer Support and Communication Services: Health Cloud integrates with thirdparty platforms for functions like user support ticketing, live chat support, or email delivery. Examples may include helpdesk software, email service providers, or secure messaging gateways. When you contact us or when we send you notifications, your relevant contact info and message content may be processed through these systems. We ensure that any such provider has a data processing agreement in place that mandates strict confidentiality and security, and that any information (which might include personal data like your email, or in some cases limited PHI if you share health details in a support request) is used solely to facilitate the communication or support services. These providers do not obtain any ownership or independent rights to your data.
      • Advertising and Marketing Partners: Health Cloud does not share identifiable personal data or any PHI with advertising networks for third-party marketing. We do, however, utilize certain advertising and marketing tools to reach people who might be interested in our platform (for instance, a service that displays our ads to users who have visited our website). In doing so, we may use cookies or pixels that collect device identifiers or browsing information on our public website for the purpose of our marketing (for example, measuring ad effectiveness or retargeting our ads to interested users). We treat these interactions carefully under privacy laws: if such tools are used, we will disclose it in our Cookie Notice or website Privacy Policy, obtain consent where required, and ensure that any data sharing with these advertising platforms is configured under a “service provider” or equivalent arrangement whenever possible. This means the data is only used to provide services to Health Cloud (e.g., ad campaign measurement) and not for the advertising partner’s own purposes. No health information or sensitive personal data is ever used for advertising purposes. Additionally, you have choices to manage cookies and trackers on our site via our privacy preferences center, and as noted, we do not consider any such limited use as a “sale” of data. If the law were to interpret it otherwise, we would comply with opt-out requirements, but again we emphasize: we do not share data in a way that monetizes your information or lets third parties target you outside of our own directives.
      • Business Partners and Integrations: In some cases, you may use Health Cloud in tandem with other services – for example, if we integrate with a healthcare provider’s electronic health record system or if you opt to link Health Cloud with another health app. In these cases, data sharing will occur only with your knowledge and direction. For instance, if your doctor’s office (a Health Cloud enterprise client) inputs your data into Health Cloud, that information is shared between Health Cloud and the provider as part of delivering your care. Such exchanges are covered by HIPAA (with us acting as a Business Associate to the provider) and by strict contractual obligations. We do not share PHI with any third-party integration partner unless it is for a permitted purpose you’ve agreed to (such as transmitting a prescription to a pharmacy, where allowed, or syncing your data to a personal health app at your request). All such integrations will be transparently disclosed and will require appropriate authorization.

      Service Provider Agreements and Protections: All third parties that process personal data or PHI on our behalf are engaged under legally binding agreements that require them to safeguard your data and use it only for the services they provide to us. In the context of PHI, we execute Business Associate Agreements (BAAs) with these vendors as required by HIPAA, contractually obligating them to protect PHI to the same standards that apply to Health Cloud. Under these agreements and applicable law, our service providers cannot:

      • Sell your information,
      • Share it for their own marketing or advertising,
      • Use it for any purpose other than the specific business purpose for which we hired them, or
      • Disclose it except as permitted under our contract (for example, for sub-processing with equivalent protections or as required by law).

      Any subcontractors they use must also agree to the same restrictions. This structure ensures that even when your data is in the hands of a third-party assisting Health Cloud, it remains protected and not exploited for any secondary purposes.

      Legal Compliance and Other Disclosures: Aside from using service providers, Health Cloud will not disclose your personal data to any third party except in a few narrow circumstances required or permitted by law. These include situations such as: responding to lawful requests by public authorities (e.g. court orders or subpoenas), fulfilling legal reporting obligations, or protecting the rights, property, or safety of Health Cloud, our users, or the public. In all such cases, we will ensure any disclosure is legally vetted and minimized (for instance, we would only disclose the information that is necessary and required). Importantly, none of these occasional legal compliance disclosures involve selling your data. They are done only as mandated by relevant law (for example, reporting a communicable disease to public health authorities as required by law, which HIPAA permits, or cooperating with law enforcement). When permissible, we will notify you of such disclosures.

      Data Minimization and Purpose Limitation

      Health Cloud adheres to the principles of data minimization and purpose limitation in all our data practices. This means we carefully evaluate what data we collect and how long we keep it, ensuring we only gather the minimum information necessary to achieve the purposes described in this Policy, and we use it only for those stated purposes or other purposes that are compatible with or required for those purposes. Key aspects of our data minimization and purpose limitation approach include:

      • Limited Collection: We strive to collect only the data that we need to provide our services effectively and comply with our obligations. Before collecting any piece of personal information or PHI, we ask, “Is this necessary for the user experience, the service, or a legal requirement?” If not, we do not collect it. By limiting the scope of data collection, we reduce risks to your privacy. In practice, this means, for example, we only ask for health information that is needed for the specific health management features of our platform, and we don’t collect extraneous details about you that have no relevance to your healthcare or our services.
      • “Minimum Necessary” Use and Disclosure (HIPAA Standard): For PHI, we follow HIPAA’s “minimum necessary” rule, which requires that any use or disclosure of PHI is limited to the minimum amount of information needed to accomplish the intended purpose. Our internal policies enforce this principle. For instance, our staff are trained to access only the specific PHI required to perform their job (a support agent troubleshooting a problem will access the minimal data needed to assist you, not your entire medical history). When we share information with a provider or a service provider, we share only what that party needs to fulfill their function. We do not provide full data sets when a partial data set will suffice. By applying “minimum necessary” standards, we honor patient confidentiality and reduce unnecessary exposure of health data.
      • Specific Purpose Use: We use your data only for the purposes we have told you about. We will not repurpose your personal information for an unrelated objective without first obtaining your consent or providing notice. For example, if we collect your email to send you appointment reminders or platform updates, we will not later use that email to sign you up for a third-party newsletter. Similarly, PHI you enter for tracking your health will not be repurposed by Health Cloud for, say, marketing new services to you, unless you actively opt in to such use. If we ever desire to use data for a new purpose, we will ensure it is compatible with the original purpose or seek your explicit permission.
      • Data Retention Limits: We retain personal data and PHI only for as long as necessary to fulfill the purposes described in this Policy or as required by law. In practice, this means we keep your account information and health records while your account is active and for a reasonable period thereafter in case you return or as needed for legal/regulatory purposes. If you are a patient, your provider may have legal obligations to retain certain PHI for a minimum period (for example, medical record retention laws), and we accommodate those requirements. For other types of data, we set retention periods based on necessity – for instance, we might retain analytics logs for a shorter duration (aggregating or deleting older raw data) once we’ve extracted useful insights. When data is no longer needed, we either delete it or de-identify it so it is no longer associated with you. Our retention schedules are reviewed periodically to ensure we aren’t keeping data longer than necessary. Additionally, if you request deletion of your data (see Your Rights below), we will delete your information from our active systems, unless a specific legal exception applies.
      • Ethical Data Handling: Beyond formal policies, Health Cloud’s culture is one of ethical stewardship of data. This means every team member understands that behind the data points are real people trusting us with sensitive information. We have privacy-by-design practices in our product development – we incorporate privacy and security considerations from the start when designing new features or deciding whether to collect a type of data. We also conduct periodic reviews of our data practices to ensure they align with our values and legal obligations. If a practice does not meet our ethical standards or your expectations, we change it. By limiting data collection and sticking to clear purposes, we reduce the risk of misuse and demonstrate respect for the individuals who trust us with their information.

      In summary, data minimization and purpose limitation are about collecting less, using only what’s needed, and guarding against “mission creep” in data use. Health Cloud is committed to these principles as part of respecting your privacy.

      Your Privacy Rights and Choices

      We believe in empowering our users with knowledge and control over their personal information. Depending on who you are (patient, provider, etc.) and where you live, you may have various privacy rights under U.S. law. Health Cloud is committed to honoring all applicable rights, and in many cases, we extend additional courtesy measures even if not strictly required by law. Below, we outline key rights you have regarding your data and how you can exercise them.

      • Access and Knowledge Rights: You have the right to know what information we have about you and to access that information. This includes the right to request a copy of the personal data or PHI we maintain about you in a readily usable format. For healthcare patients, this is aligned with your HIPAA right to access your health records; you can request an electronic or paper copy of your medical information that we store, and we will provide it to you (or to a person or entity you designate) within a reasonable time, consistent with HIPAA regulations. For California residents, the CCPA grants a “right to know” the categories and specific pieces of personal information a business has collected about you, along with details about the sources, purposes, and third-party disclosures of that information. Health Cloud will provide this information upon request. In practice, you can exercise access/knowledge rights by contacting us as described in the Contact Us section. We will verify your identity (to protect your privacy) and then disclose the relevant data and information in compliance with applicable law.
      • Right to Correction/Amendment: It is important that your information is accurate and complete. Under HIPAA, patients have the right to request an amendment of their PHI if they believe something is incorrect or incomplete in their health records. Similarly, California residents have a right to request correction of inaccurate personal information held by a business. Health Cloud honors these rights. If you find that any personal data or PHI we maintain about you is inaccurate or outdated, you may request that we correct or update it. In the case of medical information, if we are not the originator of the record (for example, if a healthcare provider entered a note), we may refer your request to that provider or work with them to correct it. We will inform you of the outcome of correction requests and act on them as required by law. We also proactively allow you to update certain profile information via your account settings, where applicable, to keep your information current.
      • Right to Deletion: You have the right, in many cases, to request deletion of your personal information. For California residents, the CCPA provides a “right to delete” personal information that a business has collected from you (with certain exceptions). If you request deletion, Health Cloud will erase the personal data we hold about you from our records and instruct our service providers to do the same, except to the extent we are permitted or required to retain it. Possible exceptions might include situations where we need to keep information to comply with a legal obligation or if the data is necessary to complete an ongoing transaction or provide a service you requested (for example, if you are in the middle of an active treatment program coordinated via Health Cloud, deletion may need to be deferred until completion). For PHI, while there is no general HIPAA right to deletion, if you wish to close your account or have your patient data removed from Health Cloud, we will work with you and (if applicable) your healthcare provider to safely export or transfer your records and then delete or de-identify the PHI in our systems, consistent with legal retention requirements. Please note that in healthcare, providers might need to retain certain records for a minimum period by law, but such retained records would remain protected under HIPAA and this Policy even if not deleted.
      • Right to Opt-Out of Sale or Sharing: As discussed, Health Cloud does not sell your personal information. Therefore, the CCPA “right to opt-out” of the sale of personal information is effectively already honored by default – there are no sales or sharing with third-party data brokers or advertisers from which you need to opt out. We do not knowingly engage in “sharing” for cross-context behavioral advertising either, so we do not have a “Do Not Sell or Share My Personal Information” link on our site (because there is nothing to opt out of in this regard). However, if you ever have concerns about any particular data transfer and whether it constitutes a sale or sharing under California law, we encourage you to contact us. We will listen, explain our practices, and honor any request to limit data disclosures that you make. If in the future we were to engage in any practice that legally qualifies as a “sale” or “sharing” of personal information, we would update this Policy accordingly and provide a clear opt-out mechanism in compliance with the law. Rest assured that is not our practice or plan.
      • Right to Limit Use of Sensitive Personal Information: Under California’s privacy laws, you have the right to direct businesses to limit the use of “sensitive personal information” (which includes information like health data, social security numbers, precise geolocation, etc.) to what is necessary to perform the services or provide the goods you reasonably expect. Health Cloud’s use of sensitive personal information (including PHI, which is considered sensitive) is already limited to providing our services – we do not use sensitive data for secondary purposes like profiling or marketing that would trigger the need for an opt-out. In essence, we already operate with this limitation in place. Nonetheless, we support this right by ensuring you can contact us to discuss or restrict any use of your sensitive data that concerns you. For example, if you wanted to ensure that your health information is not used for any research or product improvement purpose, we would accommodate your request to the extent possible (bearing in mind that we typically would only use de-identified data for such purposes, which is no longer sensitive or identifiable).
      • Right to Non-Discrimination: Health Cloud will never discriminate against you for exercising any of your privacy rights. This means we will not deny you our services, give you a different level of service, or charge you a different price or rate because you exercised a privacy right (such as requesting deletion or opting out of data sharing). The CCPA explicitly prohibits businesses from retaliating or discriminating in this way, and we agree with this principle. Our service to you remains the same regardless of your privacy choices. If you decline certain optional uses of data (like optional analytics cookies or an optional research program), we will still provide our core services to you as we would to any user.
      • How to Exercise Your Rights: You may contact us at any time to exercise the rights described above or to ask questions about your privacy and data. See Contact Us at the end of this Policy for the contact methods (email, physical mail, and any web portal if applicable). For certain requests, we will need to verify your identity to ensure we are acting on behalf of the correct individual – we may ask you to provide information that matches our records or take other steps for verification. For some requests, we may also need additional information to process your request (for example, if an authorized agent is making the request on your behalf, we will require proof of authorization). We will respond to legitimate requests within the timeframe required by law (for instance, CCPA requires a response within 45 days, with an extension of an additional 45 days if reasonably necessary). If we need more time, we will let you know. If for some reason we cannot fulfill your request (due to a legal exception), we will explain the reason in our response. Generally, there is no fee for making a privacy rights request, though if requests become excessive or unfounded, applicable law may allow us to charge a reasonable fee or decline to respond, but we have not had to do that and aim to treat all requests in good faith. In addition to these rights, we are committed to transparency. That means we will provide notice of our data collection at appropriate points (for example, when you sign up, we present a Privacy Notice summarizing what data we collect and why). If you have any confusion or need clarification about our practices, you can always reach out and we will do our best to clarify. Your trust is our priority, and respecting your rights is a critical part of earning and keeping that trust.

      Data Security and Compliance Commitments

      Protecting your data is integral to our mission. Health Cloud employs robust security measures and follows established compliance frameworks to ensure that personal data and PHI are safeguarded against unauthorized access, disclosure, alteration, and destruction. Below, we outline some of the key security and compliance practices we have in place:

      • HIPAA Compliance (Protection of Health Information): As a handler of PHI, we have implemented administrative, physical, and technical safeguards in line with HIPAA Security Rule requirements. This includes access controls (each user has unique login credentials and access is limited by role), encryption of PHI both in transit (e.g., HTTPS secure connections) and at rest on our servers, audit controls that log access to health data, and regular training of our workforce on privacy and security obligations. We maintain written policies and procedures governing the privacy and security of PHI, and we designate a Privacy Officer and Security Officer responsible for HIPAA compliance. We also perform periodic risk assessments and risk management to address potential vulnerabilities. In pursuing HIPAA compliance, we ensure that any electronic health information is handled with the highest degree of confidentiality, integrity, and availability. Our compliance program is designed to meet or exceed what HIPAA requires, giving our users and enterprise healthcare clients confidence that Health Cloud can be trusted as a Business Associate or custodian of health information.
      • SOC 2 and Industry Best Practices: We are actively working toward SOC 2 compliance (Service Organization Control 2), which involves independent audits of our controls related to security, availability, confidentiality, processing integrity, and privacy. By aligning with SOC 2’s rigorous standards, we are systematically verifying that our internal processes (from software development to data storage to employee management) are following best practices for protecting user data. Achieving SOC 2 compliance means an outside auditor will evaluate and report on our controls, providing assurance to our enterprise customers that we have appropriate safeguards. Even while in beta, we treat our system as if it is production-level critical. We employ measures like firewalls, intrusion detection systems, continuous monitoring for anomalies, regular software updates/patching, and incident response plans. We also enforce strict access management internally – only authorized personnel with a need-to-know can access sensitive systems or data, and we implement multi-factor authentication and encryption to further secure those accesses. These efforts underscore our commitment to a high standard of security and privacy, comparable to mature enterprises.
      • Privacy by Design and Default: Our product development lifecycle incorporates privacy reviews at each stage. When designing new features, we evaluate their impact on privacy and ensure that default settings favor privacy protection. For example, features that involve sharing data with other users or third parties are built to require user initiation or consent. We minimize data collection in new features (consistent with our data minimization principle) and ensure that we have a legitimate purpose for any new data point. By baking privacy into our design process, we aim to prevent issues before they arise rather than reacting afterward.
      • Continuous Monitoring and Improvement: Security and compliance are not one-time goals but ongoing commitments. We continuously monitor our systems for potential security events and have an incident response plan ready in case of any security issue. Our team conducts regular internal audits and assessments. We also stay updated on the latest threats and vulnerabilities in the cybersecurity landscape, adjusting our defenses accordingly. On the compliance side, we track changes in relevant laws and regulations (for instance, new state privacy laws or updates to HIPAA/CCPA rules) to ensure our policies and practices remain up-to-date. We may also engage external experts to perform penetration tests or compliance gap analyses to validate our security posture. All employees undergo background checks and sign confidentiality agreements, and we foster a culture where everyone is responsible for security (for example, by encouraging reporting of potential issues and not penalizing it).
      • Business Associate Agreements and Vendor Management: Whenever we engage a third-party vendor who may handle PHI or sensitive data (as described earlier), we not only sign a BAA, equivalent contract, or terms of use, but we also vet their security practices. We choose reputable providers with demonstrated security credentials. We review their compliance with frameworks like HIPAA, SOC 2, or ISO 27001 as applicable. Through our vendor management program, we maintain oversight of how our service providers protect data, and we require them to notify us of any security incidents involving our data. This extends our security and compliance program to all corners of our data ecosystem.
      • Data Breach Response: Despite all precautions, if a data breach were to occur, we are prepared to act swiftly. In line with applicable breach notification laws (including HIPAA’s breach notification rule), we would investigate and notify affected individuals, regulators, and clients in a timely manner, and take steps to mitigate any harm. Our incident response plan outlines specific procedures for containment, investigation, eradication of the threat, recovery, and communication. Fortunately, by maintaining strong preventive measures, we strive to avoid ever having to use this plan; but know that we have plans in place as part of our comprehensive approach to data protection.

      Our commitment to security and compliance isn’t just about avoiding penalties or breaches; it’s about honoring the trust you place in Health Cloud. We understand that in healthcare, data isn’t just data – it can be deeply personal and sensitive, and lives can literally depend on its proper handling. We take that responsibility seriously every day.

      Updates to This Policy

      We may update this “We Do Not Sell Your Data” Policy from time to time to reflect changes in our practices, accommodate new legal requirements, or improve clarity. If we make material changes to the way we handle your personal information or PHI, we will provide you with prominent notice – for example, by posting a notice on our website or within the app, or by emailing you if appropriate. The “Last Updated” date at the top of this Policy indicates when the latest changes were made.

      If a change would result in a use or sharing of your data in a way that is materially different from what was stated at the time of collection, we will obtain any necessary consent or give you the opportunity to opt out, as required by law. For instance, if in the future we ever considered selling data (which we have no plans to do), we would not only update this Policy but also proactively seek your consent or allow you to opt out well in advance of any such change. (Again, to be clear, we do not foresee this happening – our business model does not and will not rely on selling data.)

      We encourage you to review this Policy periodically for any updates. Continuing to use Health Cloud after a revised Policy is in effect means that you accept the revised Policy. However, we want to assure you that our core commitment – that we do not sell your data – will not change. If you have any questions about any changes, you can always contact us for more information.

        Contact Us

        Your privacy and trust are paramount to Health Cloud. If you have any questions, concerns, or requests regarding this Policy or our data practices, please do not hesitate to reach out:

        Health Cloud LLC

        4117 Hillsboro Pike, Suite 103-131

        Nashville, Tennessee 37215 USA

        Email: contact@healthcloud.email

        We will respond as promptly as possible to address your questions and fulfill any requests. If you are an enterprise client with a dedicated account representative or contact, you may also reach out to your representative, and they will coordinate with our privacy team.

        Thank you for reading our Policy. We deeply appreciate the trust you place in Health Cloud to handle your personal and health information. Our commitment is to continue earning that trust every day by safeguarding your data and being transparent about our practices. Remember: We are in the business of healthcare and technology – not data brokerage. Your data is yours, and our role is to protect it and use it only to serve you.