Arc

Introduction

Alpine Digital Health, Inc. ("Alpine," "we," "us," or "our") operates the Arc and Arc Care mobile applications and related services (collectively, the "Services"). We are committed to protecting your privacy and being transparent about how we collect, use, and share your information.

This Privacy Policy explains how we handle your personal information when you use our Services. By using Arc or Arc Care, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Information You Provide Directly

Account Information

When you create an account, we collect your name, email address, phone number, date of birth, and other registration information.

Health Information

Through your use of the Services, we collect health-related information including:

Medical history and conditions
Symptoms and health concerns
Medications and treatment information
Vital signs and biometric data
Communications with your healthcare provider
Care plans and health goals

Communications

We collect the content of your messages, voice recordings, and other communications through the Services, including conversations with your healthcare provider and AI-assisted interactions.

Payment Information

If you make payments through the Services, our third-party payment processors collect payment card information and billing details.

Information Collected Automatically

Usage Data

We collect information about how you interact with the Services, including:

Features you use and actions you take
Time, frequency, and duration of your activities
Device information (type, operating system, unique identifiers)
IP address and general location information

Cookies and Similar Technologies

We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activities and preferences.

How We Use Your Information

Provide Healthcare Services:

Enable communication between you and your healthcare provider
Support clinical decision-making and care delivery
Generate and maintain your digital health record
Facilitate AI-assisted patient engagement and monitoring
Schedule appointments and send reminders
Process payments and manage billing

Improve Our Services:

Analyze usage patterns and user feedback
Develop new features and enhance existing functionality
Train and improve our AI models and algorithms
Conduct research and analytics (using de-identified data where possible)

Communicate With You:

Send administrative messages about your account and Services
Provide customer support
Share updates about new features or changes to our Services
Send health-related notifications and reminders

Legal and Safety Purposes:

Comply with legal obligations and respond to lawful requests
Protect the rights, property, and safety of Alpine, our users, and others
Detect and prevent fraud, abuse, or security incidents
Enforce our Terms of Service

How We Share Your Information

We do not sell your personal information.

We may share your information in the following circumstances:

With Your Healthcare Providers

We share your health information with the healthcare providers who are involved in your care through our Services. This is essential for providing you with medical care.

With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

Service Providers

We engage third-party companies and individuals to perform services on our behalf, such as:

Cloud hosting and data storage
Analytics and performance monitoring
Payment processing
Customer support services

These service providers have access to your information only to perform specific tasks and are obligated to protect your information consistent with this Privacy Policy.

Business Transfers

If Alpine is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to:

Comply with applicable laws or respond to valid legal process
Protect the rights, property, or safety of Alpine, our users, or others
Detect, prevent, or address fraud or security issues

De-identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you for research, analytics, or other purposes.

HIPAA Compliance

Alpine Digital Health, Inc. is committed to complying with the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations. For users whose healthcare providers are covered entities under HIPAA:

We act as a Business Associate to your healthcare provider
We maintain appropriate administrative, physical, and technical safeguards to protect your Protected Health Information (PHI)
We have entered into Business Associate Agreements with covered entities
We limit the use and disclosure of PHI as required by HIPAA

Data Security

We implement reasonable administrative, technical, and physical security measures designed to protect your information against unauthorized access, loss, misuse, or alteration. These measures include:

Encryption of data in transit and at rest
Regular security assessments and audits
Access controls and authentication measures
Employee training on data protection
Incident response procedures

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Data Retention

We retain your information for as long as necessary to:

Provide you with the Services
Comply with legal obligations (including medical record retention requirements)
Resolve disputes and enforce our agreements
Support business operations and analytics

Health information is typically retained in accordance with applicable state and federal medical record retention laws, which may require retention for several years after your last interaction with the Services.

When we no longer need your information, we will securely delete or de-identify it.

Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

Access and Portability

You can request a copy of your personal information and, in some cases, receive it in a portable format.

Correction

You can request that we correct inaccurate or incomplete information.

Deletion

You can request deletion of your personal information, subject to certain legal and operational limitations.

Restriction

You can request that we limit how we use your information.

Objection

You can object to certain uses of your information.

Withdraw Consent

Where we rely on your consent, you can withdraw it at any time.

To exercise these rights, please contact us using the information provided below. We will respond to your request within the timeframe required by applicable law.

You can also:

Update your account information directly in the Services
Opt out of non-essential communications through your account settings
Disable cookies through your browser settings (though this may affect functionality)

Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.

State-Specific Privacy Rights

California Residents

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to know what personal information we collect, use, and disclose
Right to request deletion of your personal information
Right to correct inaccurate information
Right to opt out of the "sale" or "sharing" of personal information (we do not sell or share personal information)
Right to limit the use of sensitive personal information
Right to non-discrimination for exercising your privacy rights

To exercise these rights, contact us at privacy@arc.healthcare. We will verify your identity before processing your request.

Other States

Residents of Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws may have similar rights. Please contact us to exercise your rights under applicable state law.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those of your country. We take measures to ensure that your information receives an adequate level of protection in the jurisdictions in which we process it.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

Posting the updated policy with a new "Last Updated" date
Sending you a notification through the Services or via email
Requesting your consent if required by law

Your continued use of the Services after changes become effective constitutes acceptance of the updated Privacy Policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Alpine Digital Health, Inc.

Email: privacy@alpine.healthcare

Phone: 609-721-2155

For HIPAA-related inquiries or to file a complaint about our privacy practices, you may also contact:

Our Privacy Officer at the address above
The U.S. Department of Health and Human Services Office for Civil Rights

Privacy Policy

Table of Contents