Privacy Policy

1. Introduction

Gleam Health, Inc. (“Gleam Health,” “we,” “us,” or “our”) provides an online appointment scheduling platform on behalf of healthcare providers (“Providers”). This Privacy Policy describes how we collect, use, and protect your information when you use our scheduling service (“Service”).

By using the Service, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

We collect the following categories of information:

Information you provide directly:

• Name (first and last)
• Date of birth
• Appointment preferences (type, date, time, provider)
• Comments or special requests you submit during booking

Information collected automatically:

• Browser type and device information
• Pages visited and actions taken within the Service
• Date and time of access

We do not collect Social Security numbers, financial account information, or insurance information through the scheduling Service.

3. How We Use Your Information

We use the information we collect to:

• Process and manage your appointment bookings on behalf of your Provider
• Verify your identity as an existing patient of the Provider
• Send appointment-related communications, including confirmations, reminders, and scheduling updates
• Improve and maintain the performance and security of the Service
• Comply with legal obligations

We do not sell your personal information to third parties. We do not use your information for marketing purposes unrelated to your appointment.

4. HIPAA and Protected Health Information

When we handle your health-related information on behalf of a Provider, we do so as a Business Associate under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). This means:

• We maintain a Business Associate Agreement (BAA) with each Provider that governs how we handle Protected Health Information (PHI)
• We use PHI only as permitted by our BAA and applicable law — specifically to provide the scheduling Service on behalf of the Provider
• We implement administrative, physical, and technical safeguards to protect PHI as required by the HIPAA Security Rule

Your Provider remains the Covered Entity responsible for their own HIPAA Notice of Privacy Practices, which governs how the Provider uses and discloses your health information more broadly.

5. How We Share Your Information

We share your information only in the following limited circumstances:

• With your Provider: We share your scheduling information with the healthcare provider whose booking page you are using, as necessary to process and manage your appointment.
• Service providers: We may use third-party service providers (such as hosting and infrastructure providers) who process data on our behalf and are contractually obligated to protect your information.
• Legal requirements: We may disclose your information if required to do so by law, regulation, legal process, or enforceable governmental request.

6. Data Security

We implement reasonable technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit, access controls, and regular security assessments.

However, no method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Data Retention

We retain your information only as long as necessary to provide the Service, fulfill the purposes described in this Privacy Policy, and comply with our legal obligations. When your information is no longer needed, we will securely delete or de-identify it.

8. Your Rights

You may request access to, correction of, or deletion of your personal information by contacting us at the address below. We will respond to your request within a reasonable timeframe and in accordance with applicable law.

For requests related to health information held by your Provider, please contact your Provider's office directly, as they are the Covered Entity responsible for responding to HIPAA-related requests.

9. Children's Privacy

The Service is not intended for use by individuals under the age of 18 without the involvement of a parent or guardian. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will take steps to delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the “Last updated” date at the top of this page. Your continued use of the Service after any changes constitutes your acceptance of the revised Privacy Policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Gleam Health, Inc.
Email: support@usegleamhealth.com