Privacy Policy for Upturn

Upturn (“we,” “our,” or “us”) values your trust and is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and share your information, including health-related data, in compliance with applicable laws and regulations in the United States, such as the Health Insurance Portability and Accountability Act (HIPAA) and state-specific privacy laws.

1. Information We Collect

We may collect the following types of information when you use our app:

• Personal Information: Name, email address, phone number, date of birth, and other identifiers.
• Health Information: Medical history, symptoms, test results, treatment plans, health data from other apps (with your consent) and communications with clinicians.
• Device and Usage Data: IP address, device identifiers, app usage statistics, and crash logs.
• Payment Information (if applicable): Billing details or insurance information if required for payments.

2. How We Use Your Information

We use your information to:

• Provide and enhance our services, including facilitating communication with clinicians.
• Maintain and improve the functionality of the app.
• Respond to your inquiries and provide customer support.
• Comply with legal obligations, including health data regulations.
  

3. How We Share Your Information

We only share your information in the following circumstances:

• With Clinicians and Healthcare Providers: To support your care and treatment.
• With Service Providers: We may share data with trusted third-party vendors who provide technical, administrative, or operational services (e.g., cloud storage, analytics).
• As Required by Law: To comply with subpoenas, court orders, or other legal processes.

We will never sell your personal health information. If data sharing practices change, you will be notified and asked for explicit consent.

4. Your Rights

Under US privacy laws, you may have the following rights:

• Access and Correction: You can request access to or correction of your health and personal information.
• Data Deletion: You can request that we delete your personal information, subject to legal and contractual limitations.
• Data Portability: You may request an electronic copy of your health records.
• Restrict Processing: You can restrict certain uses of your information.
• Opt-Out of Certain Uses: If applicable, you can opt out of non-essential data sharing, such as marketing communications.

To exercise these rights, please contact us at privacy@upturn.health.

5. Data Retention

We retain your information for as long as necessary to provide our services, comply with legal obligations, and support your clinical needs. Data may be securely archived after the retention period.

6. Data Security

We implement robust administrative, physical, and technical safeguards to protect your data, including:

• Encryption: Data is encrypted in transit and at rest.
• Access Controls: Only authorized personnel can access sensitive data.
• Monitoring: Systems are monitored to detect unauthorized access or breaches.

In the event of a data breach, we will notify affected users in compliance with applicable laws.

7. HIPAA Compliance

Upturn is not a "covered entity" under the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, and its related regulations and amendments from time to time (collectively, “HIPAA”).   As a provider of services that involve Protected Health Information (PHI), Upturn complies with any applicable HIPAA requirements. We may act as a Business Associate and follow all necessary safeguards to protect your PHI.

8. State-Specific Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) may provide additional rights:

• The right to know what personal information we collect, use, and share.
• The right to request deletion of your personal information.
• The right to opt out of the sale of personal information (note: we do not sell health data).

To exercise these rights, contact us at privacy@upturn.health.

9. Children’s Privacy

Our app is not intended for children under 18 years old, and we do not knowingly collect personal information from them without parental consent. If you are a parent or guardian and believe your child has provided information, please contact us.

10. Changes to This Policy

We may update this Privacy Policy periodically. Any significant changes will be communicated through the app or email, where appropriate. The updated policy will include the effective date.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email:privacy@upturn.health