Privacy Policy

Privacy Policy

POD Health, Inc.
Last Updated: April 15, 2026

This Privacy Policy (or “Policy”) describes how we, POD Health, provide greater clarity on the types of data we collect, how we use and share your information, and your privacy rights under U.S. state laws and international regulations. It also includes sections on cookies and tracking technologies, interest-based advertising, and enhanced Business Associate relationships with healthcare providers. Please review the policy to learn more about your rights and our data practices.

1. Introduction

POD Health, Inc. (POD Health, we, our, or us) is committed to protecting the privacy and security of individuals who use our digital health platform, applications, and website (collectively, the Platform or Services). This includes our public-facing website at www.podhealth.ai (the Sites), marketing communications, and our suite of products including NeuroPrecision, OpenMind, and Piper, unified by the POD Exchange layer.

This Privacy Policy describes how POD Health collects, uses, stores, shares, and protects personal information and health-related data when individuals access or use the Platform, create accounts, interact with our marketing communications, or provide information through our Services.

2. Applicability and Scope

2.1 Who This Policy Applies To

This Privacy Policy applies to:

  • Website Visitors: Individuals who visit our Sites or interact with our marketing communications
  • Authorized Healthcare Professionals: Physicians, neurologists, psychiatrists, therapists, and other licensed healthcare providers who create accounts and use our Services
  • Patients: Individuals whose information is submitted to the Platform for clinical analysis, genetic testing, or care coordination
  • Authorized Representatives: Parents, guardians, caregivers, or legal representatives of patients
  • Healthcare Organizations: Hospitals, healthcare systems, clinics, and other organizations that contract with POD Health to provide Services to their authorized users

2.2 Business Associate Relationships and Customer Data

This Policy does not apply to the content that our customers (e.g., hospitals, healthcare systems, clinics) and their authorized users upload and store in our Services (Customer Data). POD Health processes Customer Data, which may include Protected Health Information (PHI), solely on behalf of our customers. Our processing of such information is governed exclusively by the terms of our agreements with those customers, including our Business Associate Agreements (BAAs) under HIPAA and Data Processing Agreements (DPAs) under GDPR.

If you are a patient whose healthcare provider uses our Services: Please refer to your provider’s Notice of Privacy Practices for information on how they handle your PHI. We are a ‘Business Associate’ to your provider and process your data solely on their instruction. If you wish to exercise data protection rights regarding your medical information, please contact your healthcare provider directly.

3. Regulatory Compliance Framework

This policy is designed to comply with applicable privacy and data protection laws, including:

  • the General Data Protection Regulation (GDPR) for individuals located in the European Economic Area (EEA) or United Kingdom,
  • the California Consumer Privacy Act (CCPA/CPRA) for California residents,
  • and relevant U.S. healthcare privacy and security standards including principles consistent with the Health Insurance Portability and Accountability Act (HIPAA) where applicable.

Where different laws apply based on location or relationship, additional rights and obligations may apply as described in this policy. If you are under the age of 18 (or other applicable age of majority in your jurisdiction) or unable to legally provide consent, a parent or legal guardian must provide authorization for the processing of your personal data.

4. Data Controller and Contact Information

For purposes of the GDPR and other applicable laws: POD Health, Inc. is the data controller for Platform operations, except where a healthcare provider or enterprise customer contractually designates themselves as controller for data they submit. Where POD Health processes ePHI on behalf of a covered entity or another controller, POD Health acts as a business associate / processor and will execute a Business Associate Agreement (BAA) or Data Processing Agreement (DPA).

Contact Information:

POD Health, Inc.
2748 Grand Oaks Loop
Cedar Park, TX 78613
United States

Privacy Office Email: privacy@podhealth.ai

General Contact: info@podhealth.ai

5. Key Definitions

Personal Data / Personal Information: Information that identifies, relates to, describes, or could reasonably be linked to an identifiable individual.

Sensitive Personal Data: Includes health data, genetic information, biometric information, precise geolocation, racial or ethnic origin, religious beliefs, and other data categories subject to heightened protection under applicable laws.

Protected Health Information (PHI): Individually identifiable health information transmitted or maintained in any form or medium by a covered entity or business associate, as defined under HIPAA.

Customer Data: Content that healthcare providers and organizations upload, store, or process through our Services, which POD Health processes as a business associate or processor on their behalf.

De-identified / Anonymized Data: Information that has been processed to remove or obscure identifying elements such that it cannot reasonably be used to identify an individual, in accordance with HIPAA de-identification standards or other applicable frameworks.

6. Categories of Personal Data We Collect

We collect only the personal information necessary to operate and improve the Platform and provide our Services. The categories of data collected depend on how you interact with POD Health.

6.1 Identity and Contact Information

  • Full name
  • Date of birth
  • Postal address
  • Phone number
  • Email address
  • Account username and password

6.2 Professional and Employment Information

  • Business email address and phone number
  • Medical specialty or professional role
  • Employer or healthcare facility information
  • National Provider Identifier (NPI) number
  • Professional credentials and licenses

6.3 Health and Medical Information

This may include sensitive health information such as:

  • Medical record numbers or patient identifiers
  • Clinical history and treatment records
  • Diagnostic reports and assessment results
  • Neurodevelopmental evaluations (ADHD, autism, anxiety, depression etc. assessments)
  • Medication histories and prescriptions
  • Therapy and behavioral health records
  • Educational records and IEP documentation
  • Family medical history
  • Vital signs (heart rate, oxygen saturation, activity levels)
  • Wearable device health metrics and real-world health data

6.4 Genetic and Laboratory Data

  • Genetic sequencing reports and results
  • Pharmacogenetic (PGx) test results and drug-gene interactions
  • Gene variants and metabolizer status
  • Blood test and pathology results
  • Specimen tracking and laboratory information

6.5 Healthcare Provider and Facility Information

  • Physician name and contact details
  • Healthcare facility or practice information
  • Referring provider information

6.6 Insurance and Billing Information

  • Insurance provider details and policy information
  • Billing records and payment information
  • Credit card information (for self-service purchases)
  • Claims processing and CPT/ICD code data

6.7 Technical and Usage Data

Automatically collected data may include:

  • IP address
  • Device identifiers and operating system
  • Browser type and version
  • Language settings
  • Mobile device carrier and radio/network information
  • General location information (city, state, or geographic area)
  • System logs and session activity
  • Access times and pages viewed
  • Search queries and clickstream data
  • User interactions with the Platform

6.8 Communications and Audio Data

  • Audio transcripts and recordings of clinical conversations
  • Communication content when you contact us or use our support
  • Call recordings and transcripts (with appropriate notice and consent)
  • Email, chat, and messaging communications

7. How We Collect Personal Data

7.1 Information You Provide Directly

When using the Sites: We collect information you provide when submitting inquiries, downloading materials, completing surveys, registering for events, or signing up for newsletters.

When using our Services: We collect personal and professional information, including name, contact details, specialty, employer, NPI number, and payment information for self-service purchases.

When ordering genetic testing: We collect saliva samples and patient information necessary for pharmacogenetic analysis through our NeuroPrecision service.

When communicating with us: We may collect your name, title, email, and other information you provide. We may create audio transcripts and recordings with appropriate notice and consent.

7.2 Information We Automatically Collect

We automatically collect information when you visit our Sites or use our Services through cookies and similar technologies:

Cookies: Text files that record browsing activities, preferences, and login status. Include session cookies, persistent cookies, first-party cookies, and third-party cookies.

Local Storage Technologies: Like HTML5, which store larger amounts of data outside your browser.

Web Beacons: Pixel tags or clear GIFs that demonstrate webpage or email access.

Session Replay: Technologies that record interactions to diagnose usability problems and improve user experience.

Cookie Management

Users may manage cookie preferences through:

  • Browser settings to block or delete cookies
  • Cookie preference center on our website footer
  • Privacy browsers and ad-blocking plug-ins
  • Global Privacy Control (GPC) or other browser-based opt-out preference signals (recognized per applicable law)

7.3 Information from Third Parties

We may obtain information from:

  • Public databases and data providers
  • Marketing partners and data analytics providers
  • Business partners for healthcare events or joint offerings
  • Security and fraud detection firms
  • Social media platforms
  • Healthcare providers who submit patient information (as authorized)

8. Legal Basis for Processing Personal Data

We process personal data only for documented, lawful purposes: providing the Platform, delivering clinical decision-support services to authorized providers, performing contract obligations, fulfilling explicit consented research use, billing, fraud prevention, legal compliance, and security. Sensitive health data is processed only with appropriate safeguards and explicit authorization where required. Where GDPR applies we rely on one or more legal bases (consent; contract; legal obligation; vital interests; legitimate interests) plus a separate Article 9 condition for processing health/genetic data (e.g., explicit consent, necessary for provision of healthcare).

California residents retain CCPA/CPRA rights (right to know, delete, correct, opt-out of sale/sharing, non-discrimination). POD Health does not sell personal information; where “sharing” or “sale” definitions apply, we will support consumer opt-out mechanisms (including GPC / Do-Not-Sell/Share functionality).

9. How We Use Personal Data

9.1 Healthcare Services and Platform Operations

  • Registering users and authenticating account access
  • Providing, operating, maintaining, and improving the Services
  • Facilitating clinical assessments, consultations, and care coordination
  • Enabling health monitoring, treatment recommendations, and precision medicine
  • Processing and analyzing genetic test results and pharmacogenetic data
  • Supporting healthcare providers in clinical decision-making
  • Generating clinical documentation, progress notes, and reports

9.2 AI and Data Analytics

The Platform uses AI models to analyze patient data. POD Health may:

  • De-identify or anonymize personal data per HIPAA standards
  • Aggregate anonymized datasets for research
  • Improve algorithms, analytical tools, and AI models
  • Conduct clinical research or publish aggregated findings

Where possible, AI training uses de-identified or anonymized data. We do not use identifiable PHI to train AI models without explicit authorization.

9.3 Communications and Customer Service

  • Sending technical notices, updates, security alerts, and administrative messages
  • Providing customer service and support
  • Responding to comments, questions, and requests
  • Communicating about new products, services, and events
  • Sending confirmations and invoices

Users may opt out of non-essential marketing communications (see Section 13).

9.4 Marketing and Advertising

  • Conducting marketing campaigns and delivering interest-based advertising
  • Personalizing content, features, and advertisements
  • Monitoring and analyzing trends for marketing purposes

9.5 Legal and Regulatory Compliance

  • Responding to lawful requests from government authorities
  • Meeting regulatory obligations under HIPAA, CLIA, GINA, and other laws
  • Enforcing contracts and policies
  • Protecting against legal liability

10. How We Share Your Personal Data

POD Health does not sell personal data to third parties for monetary consideration.

We may share your personal information with the following parties:

10.1 Healthcare Providers and Organizations

Information may be shared with physicians, hospitals, clinics, therapists, or laboratories involved in care. When acting as a Business Associate under HIPAA, we share Customer Data only as directed by the covered entity per our BAA.

10.2 Service Providers and Business Partners

We share data with vendors providing services such as:

  • Cloud infrastructure and data hosting providers
  • AI processing and machine learning tools
  • Analytics systems and CRM platforms
  • Customer support and communication systems
  • Payment processors and billing service providers
  • Laboratory services and genetic testing partners

All vendors are contractually obligated to maintain confidentiality. Vendors processing PHI execute Business Associate Agreements with HIPAA-compliant safeguards.

10.3 Advertising Partners

Partners that help with advertising and marketing, including:

  • Ad platforms, networks, and social media platforms
  • Partners for promotional opportunities
  • Third parties whose cookies and tracking tools we use

Important: We do not share PHI or identifiable patient health data with advertising partners. Only de-identified information or website visitor data may be used for marketing.

10.4 Research and Analytics

De-identified or anonymized datasets may be used for:

  • Clinical research studies
  • Academic and scientific publications
  • Healthcare innovation and medical research

10.5 Legal Authorities and Protection of Rights

We may disclose personal data where required by law:

  • To comply with legal obligations or court orders
  • To respond to lawful requests from regulatory authorities
  • To protect and defend our rights or property
  • To act in urgent circumstances to protect personal safety or public health
  • To protect against legal liability or prevent fraud

10.6 Corporate Transactions

If POD Health undergoes a merger, acquisition, bankruptcy, or asset sale, personal data may be transferred. Acquirers will be bound by confidentiality obligations and this Privacy Policy (or equivalent).

11. Targeted Online Advertisements and Interest-Based Advertising

We, our service providers, and third-party partners may collect and use your personal information for marketing purposes. These third parties may automatically collect information about your online activities, either on our Sites or other websites, such as your IP address, ISP, and browser. They collect this information using cookies, pixel tags, clear gifs, and similar tracking technologies.

We use the information collected, alone or in combination with other information, to deliver advertising targeted to your interests, serve ads when you access other websites, and better understand the usage of the Sites.

This Policy does not apply to cookies, pixel tags, or clear gifs in ads delivered by third parties on other websites. For more information about interest-based advertising practices, visit http://www.aboutads.info/choices/

12. Your Privacy Choices

12.1 Opt-Out of Marketing Communications

You may opt-out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us at privacy@podhealth.ai. Note: you may continue to receive service-related and other non-marketing emails.

12.2 Advertising Choices

You may limit use of your information for interest-based advertising through:

  • Browser settings: Block third-party cookies
  • Privacy browsers/plug-ins: Ad-blocking browser extensions
  • Platform settings: Google (https://adssettings.google.com/), LinkedIn (https://www.linkedin.com/legal/privacy-policy)
  • Industry opt-out tools: Network Advertising Initiative (http://www.networkadvertising.org/managing/opt_out.asp) and Digital Advertising Alliance (https://optout.aboutads.info/)
  • Cookie preferences: Manage cookies through our Cookie Preferences link at the website footer
  • Global Privacy Control (GPC): Legally-recognized browser-based opt-out preference signals (we recognize these per applicable law)

13. Your Privacy Rights

13.1 California Residents (CCPA/CPRA)

California residents have specific rights:

Right Description
Right to Know Request information about categories of personal information collected, sources, purposes, and third parties receiving data
Right to Delete Delete personal information we have collected from you (subject to legal exceptions)
Right to Correct Request correction of inaccurate personal information
Right to Opt Out Opt out of sale or sharing of personal data and targeted advertising
Right to Non-Discrimination We will not discriminate against users who exercise privacy rights

 

To exercise these rights, contact us at: privacy@podhealth.ai

13.2 Other U.S. State Residents

Residents of Colorado, Connecticut, Virginia, Utah, and other states with comprehensive privacy laws have similar rights to California residents, including rights to access, delete, correct, and opt-out of targeted advertising. Contact privacy@podhealth.ai to exercise these rights.

13.3 GDPR Data Subject Rights (EEA/UK Residents)

Individuals in the EEA/UK have the right to:

  • Access their personal data
  • Correct inaccurate data
  • Request deletion (right to be forgotten)
  • Restrict processing
  • Object to certain processing
  • Receive data portability
  • Withdraw consent
  • Lodge a complaint with a supervisory authority

Requests will be processed in accordance with GDPR requirements. Contact: privacy@podhealth.ai

13.4 Customer Data Rights

If you are a patient whose information was submitted by a healthcare provider acting as a covered entity, please contact your healthcare provider directly to exercise data protection rights regarding your medical information. We process such data as a Business Associate on their instruction.

14. Data Security

POD Health implements industry-standard safeguards including:

  • Encryption in transit (TLS)
  • Encryption at rest (AES-256)
  • Role-based access control
  • Multi-factor authentication
  • Vulnerability testing and security audits
  • Intrusion monitoring and incident response procedures
  • Business Associate Agreements with all vendors handling PHI

No system can guarantee absolute security; however, we take commercially reasonable measures to protect personal data. Keep your login details secure and report any suspected security incidents to privacy@podhealth.ai.

15. International Data Transfers

Personal data may be transferred to and processed in countries outside your jurisdiction, including the United States. Where required, POD Health implements safeguards such as:

  • Standard Contractual Clauses (SCCs)
  • Data processing agreements
  • Security controls consistent with GDPR requirements
  • Binding corporate rules where applicable

Data transfers outside the EEA/UK follow GDPR requirements and rely on explicit consent or another Article 9 condition plus appropriate safeguards.

16. Data Retention and Deletion

We retain personal data only as long as necessary to:

  • Provide services
  • Comply with legal obligations
  • Maintain medical records where required by law
  • Support research using anonymized datasets
  • Fulfill business and legal obligations

Retention periods vary depending on applicable healthcare regulations, HIPAA requirements, and the relationship with the data subject. When processing Customer Data as a Business Associate, we retain data as specified in our agreement with the covered entity.

When we have no ongoing legitimate business need to process your personal information, we will permanently delete or anonymize it, or if not possible, securely store and isolate it from further processing until deletion is possible.

17. Data Breach Notification

In the event of a confirmed data breach affecting personal data, POD Health will:

  • Investigate the incident promptly
  • Notify affected individuals where required by law
  • Report the breach to regulators when legally required
  • Take appropriate remedial measures

18. Automated Decision-Making and AI Processing

The Platform uses algorithmic analysis and AI-based systems to assist healthcare professionals. Key points:

  • AI outputs support clinical evaluation and do not independently diagnose
  • AI tools are intended solely as decision-support, not as replacement for medical judgment
  • Healthcare professionals remain responsible for all clinical decisions
  • AI systems do not make automated decisions with legal or similarly significant effects without human involvement

Under GDPR, you have the right to not be subject to decisions based solely on automated processing that produce legal or similarly significant effects. Our AI systems provide recommendations that healthcare professionals review and approve.

19. Children’s Privacy and Capacity

Our Sites are not intended for use by anyone under 18 years of age. We do not knowingly collect personal information from children without parental consent.

For individuals under applicable ages (16 in California unless state law provides otherwise; local law applies elsewhere), or individuals lacking legal capacity, authorized representatives (parents/guardians) must provide consent for sensitive data processing.

If you are a parent or guardian and believe we have collected personal information from a child in violation of law, please contact us at privacy@podhealth.ai and we will take appropriate action.

20. Third-Party Websites and Services

The Platform may contain links to third-party websites not operated or controlled by POD Health. The policies and procedures described here do not apply to third-party sites. We are not responsible for the privacy practices of those websites.

We suggest contacting those sites directly for information on their privacy policies. The links do not imply that POD Health endorses or has reviewed the third-party sites.

21. Changes to this Privacy Policy

POD Health may update this Privacy Policy periodically to reflect:

  • Regulatory changes
  • Operational improvements
  • Technology updates
  • New service offerings

Material changes will be communicated through the Platform, via email, or by updating the ‘Last Updated’ date at the top of this Policy. We encourage you to review this Policy periodically.

Your continued use of the Services after the effective date of any modified Privacy Policy indicates your acceptance of the modified Policy.

22. Contact Information and Questions

For privacy inquiries, to exercise privacy rights, or to submit complaints:

POD Health Privacy Office
Email: privacy@podhealth.ai

Mailing Address:
POD Health, Inc.
2748 Grand Oaks Loop
Cedar Park, TX 78613
United States

For general inquiries: info@podhealth.ai

23. Medical Disclaimer

The Platform is a health analytics and support tool and does not replace professional medical advice, diagnosis, or treatment. Users should always consult qualified healthcare professionals regarding medical decisions.

POD Health provides information and tools to support healthcare delivery but does not practice medicine or provide medical advice directly to patients.