Care Atlas Privacy Policy

Last Updated: October 23, 2025

Introduction

Welcome to Care Atlas, a mobile application ("App") designed to help you and your healthcare providers securely manage care, communicate, and monitor health data.

This Privacy Policy explains how Care Atlas ("we," "our," or "us") collects, uses, and protects your information when you use our App.

This policy focuses on the information we collect to operate the App and our services. Your rights and our uses of your Protected Health Information (PHI)—such as your medical records and communications with your doctor—are governed by a separate, legally required document called the HIPAA Notice of Privacy Practices.

By using the Care Atlas App, you agree to the terms of this Privacy Policy and acknowledge that you have been provided with our HIPAA Notice of Privacy Practices.

1. Our Commitment to Your Privacy

We build privacy into our platform from the ground up.

  • We do not sell or rent your personal information.
  • We do not use or share your Protected Health Information (PHI) for third-party marketing or advertising. We may, however, use your information to communicate with you about services, features, or offers from Care Atlas that may be of interest to you.
  • We do use your information to operate the App, provide our services, and secure your account.
  • We do comply with all applicable laws, including HIPAA.

2. Information We Collect

We collect information in three main ways:

a. Information You Provide

When you create an account, you provide us with:

  • Account Information: Your name, date of birth, and contact information.
  • Authentication Information: Your phone number, which we use to send you a one-time password (OTP) via SMS to securely log you in.

b. Information from Your Healthcare Provider (PHI)

To make the App useful, your healthcare provider securely provides us with your health information so we can display it to you. This is Protected Health Information (PHI) and may include medical records, vital signs, insurance information, clinical notes, and secure messages.

The collection, use, and disclosure of your PHI is governed by our HIPAA Notice of Privacy Practices.

c. Information We Collect Automatically (Technical Data)

When you use the App, we automatically collect technical information to maintain security, fix bugs, and improve performance. This includes:

  • Device Information: Operating system, app version, and device model.
  • Usage Data: Information about how you interact with the App, such as features used and session times.
  • Diagnostic Data: App performance metrics and crash logs.
  • Other Identifiers: IP address, device identifiers, general location information (e.g., from your IP address), and other information related to your interaction with our services.

3. How We Use Your Information

We use your information to:

  • Provide you with secure access to the App and your health records.
  • Authenticate and verify your identity when you log in.
  • Enable secure communication between you and your healthcare team.
  • Respond to your customer support requests.
  • Personalize your in-app experience.
  • Develop, test, and improve new and existing products, features, and services.
  • For our internal business purposes, such as data analysis, audits, and fraud monitoring.
  • Enforce our terms of service and other policies.
  • Comply with legal obligations and healthcare regulations.

For detailed information on how your PHI is used and disclosed for treatment, payment, or healthcare operations, please refer to our HIPAA Notice of Privacy Practices.

4. How We Share Your Information

We only share your information in the following limited circumstances:

a. With Your Healthcare Team

We share your information and any data you enter into the App (like RPM readings) with your authorized healthcare providers and their care team members so they can manage your care.

b. With Our Service Providers (Vendors)

We share information with trusted third-party partners who help us operate our platform, such as cloud hosting providers, data warehousing and analytics services, and communications (SMS) providers. These partners are contractually bound (e.g., by a Business Associate Agreement) to protect your data and comply with HIPAA.

c. For Legal and Safety Reasons

We may disclose information if we are required to do so by law, court order, or other legal processes, or to protect the safety and security of our users.

d. Business Transfers

If Care Atlas is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred as part of that transaction, subject to our commitments under this policy and applicable law.

5. De-Identified and Aggregated Data

We may use your information to create de-identified or aggregated data in accordance with HIPAA's standards.

Once data is de-identified or aggregated, it is no longer considered personal information or PHI. We may use, disclose, and commercialize such data for any lawful purpose, including but not limited to analytics, industry research, and improving our services.

6. Security and Data Storage

We implement and maintain reasonable administrative, physical, and technical security safeguards designed to protect the confidentiality, integrity, and availability of your information in accordance with applicable laws, including HIPAA.

Despite these safeguards, no digital transmission or storage method is 100% secure. Therefore, we cannot and do not guarantee the absolute security of your information. You use the App at your own risk.

7. Your Privacy Rights

You have specific rights regarding your information.

a. Rights Regarding Your Health Information (PHI)

Under HIPAA, you have the right to access, amend (correct), and request an accounting of disclosures of your PHI. These rights are managed by your healthcare provider. Please refer to our HIPAA Notice of Privacy Practices for detailed instructions.

b. Rights Under State Laws (e.g., CCPA)

Residents of California and other states with privacy laws have additional rights, including:

  • Right to Know: What personal information we collect and how it's used.
  • Right to Delete: Request deletion of your personal data, subject to numerous legal and regulatory exceptions, including our legal obligation to retain medical record information as required by HIPAA and other state or federal laws.
  • Right to Opt-Out of Sale: We do not sell your data, so there is nothing to opt-out of.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these state-specific rights, please contact us using the details in Section 11.

8. Children's Privacy

We comply with the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect personal information from children under the age of 13 without verifiable parental or guardian consent. The App may be used to manage the care of a minor, but this must be done through an account held by the minor's authorized parent or legal guardian.

9. Data Retention and Transfers

We retain your information only for as long as necessary to provide our services and to meet our legal and regulatory obligations. Health records are retained in accordance with HIPAA and applicable state medical record retention laws.

Our services are operated from the United States. If you use our App from outside the U.S., your information will be transferred to, stored, and processed in the United States and other locations where we or our service providers operate. By using the App, you consent to these transfers.

10. Updates to This Policy

We reserve the right to update, modify, or replace this Privacy Policy at any time, at our sole discretion, for any reason or no reason at all. We will notify you of material changes by posting the updated policy in the App and on our website and updating the "Last Updated" date at the top of this policy.

Your continued use of Care Atlas after any such changes constitutes your binding acceptance of the updated Privacy Policy. The updated policy will supersede and replace all prior versions in their entirety. You waive any right to receive individual notice of changes, and you agree that posting the updated policy constitutes adequate and sufficient notice.

If you do not agree to the updated Privacy Policy, your sole remedy is to discontinue use of the App and contact us to request deletion of your account. By continuing to use the App after changes are posted, you explicitly agree to be bound by the updated terms and acknowledge that any previous versions of this policy are null and void.

It is your responsibility to review this Privacy Policy periodically. We are not obligated to notify you of changes beyond posting the updated policy and updating the "Last Updated" date.

11. Contact Information

If you have questions or concerns about this Privacy Policy or our data practices, please contact us.

Care Atlas Privacy Office
Email: support@careatlas.com

Back