Privacy Policy

Last updated: April 3, 2026

ClearPath Virtual Health ("we", "our", or "us") is committed to protecting your privacy and the security of your personal and health information. This Privacy Policy describes how we collect, use, store, and share information when you use the ClearPath Virtual Health mobile application ("App").

1. Information We Collect

We collect the following types of information:

• Account Information: Name, email address, phone number, date of birth, and profile photo when you create or update your account.
• Health Information: Weight, BMI, body fat percentage, blood glucose levels, blood pressure readings, and other vitals recorded by your care team during appointments.
• Medication Information: Prescription names, dosages, frequencies, and medication adherence records (when you mark a medication as taken).
• Appointment Information: Scheduled appointment dates, times, and types (virtual or in-person).
• Health Goals: Goals set by your care team and their completion status.
• Device Information: Device type, operating system version, and app version for technical support purposes.

2. How We Use Your Information

We use your information to:

• Provide and operate the App's features, including health tracking, medication management, and appointment scheduling.
• Enable your care team (Virtual Care Coordinators and healthcare providers) to monitor and support your health.
• Display your health trends and progress over time.
• Send you notifications about appointments, medication reminders, and goal updates.
• Improve the quality and functionality of the App.
• Comply with legal obligations and healthcare regulations.

3. HIPAA Compliance

ClearPath Virtual Health handles Protected Health Information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA). We implement the following safeguards:

• All data is encrypted in transit (TLS/SSL) and at rest.
• Access to health information is restricted to authorized care team members.
• All access to PHI is logged in a tamper-evident audit trail.
• Two-factor authentication is available for all accounts.
• We maintain Business Associate Agreements (BAAs) with our service providers as required.

4. Information Sharing

We do not sell, rent, or trade your personal or health information. We share your information only with:

• Your Care Team: Virtual Care Coordinators and healthcare providers assigned to your care.
• Service Providers: Third-party services that help us operate the App (e.g., Zoom for virtual appointments, cloud hosting providers). These providers are bound by confidentiality agreements and, where applicable, BAAs.
• Legal Requirements: When required by law, court order, or government regulation.

We do not use your health data for advertising, marketing, or data mining purposes.

5. Data Storage and Security

Your data is stored on secure servers located in the United States. We employ industry-standard security measures including:

• Encrypted database storage for sensitive health information.
• HMAC-SHA256 integrity hash chains for audit trail tamper detection.
• Role-based access controls limiting who can view your data.
• Regular security monitoring and suspicious activity detection.

6. Your Rights

You have the right to:

• Access your health information through the App at any time.
• Correct inaccurate information by contacting your care team or our support.
• Request deletion of your account and associated data by contacting support.
• Receive a copy of your health records as permitted by HIPAA.
• Revoke consent for data collection by discontinuing use of the App.

7. Data Retention

We retain your health information for as long as your account is active and as required by healthcare record retention regulations. If you request account deletion, we will remove your personal data within 30 days, except where retention is required by law or for legitimate healthcare purposes.

8. Children's Privacy

The App is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will promptly delete it.

9. Third-Party Services

The App integrates with the following third-party services:

• Zoom Video Communications: For virtual healthcare appointments. Zoom's privacy policy applies to video sessions.
• Google Authenticator: For optional two-factor authentication. No health data is shared with Google.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes through the App or by email. Your continued use of the App after changes are posted constitutes your acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

• Support Page: clearpathvirtualhealth.com/support
• Website: clearpathvirtualhealth.com