Privacy Policy

Privacy Policy for Patients

POD Health, Inc.
Last Updated: 16 March 2026

  1. Introduction

POD Health, Inc. (“POD Health,” “we,” “our,” or “us”) is committed to protecting the privacy and security of individuals who use our digital health platform, applications, and website (collectively, the “Platform”).

The Platform provides digital health monitoring, clinical data analysis, and AI-powered insights as tools designed to help licensed healthcare professionals, including neurologists and psychiatrists, review patient health information and make more informed clinical decisions. It helps to reduce the administrative and mental load parents and caretakers carry when managing their child’s developmental, medical, and educational care.

This Privacy Policy describes how POD Health collects, uses, stores, shares, and protects personal information and health-related data when individuals access or use the Platform.

This policy is intended to comply with applicable privacy laws, including:

  • the General Data Protection Regulation (GDPR) for individuals located in the European Economic Area (EEA) or United Kingdom,
  • the California Consumer Privacy Act (CCPA/CPRA) for California residents,
  • and relevant U.S. healthcare privacy and security standards including principles consistent with the Health Insurance Portability and Accountability Act (HIPAA) where applicable.

Where different laws apply based on location, additional rights and obligations may apply as described in this policy.

  1. Scope of this Privacy Policy

This Privacy Policy applies to:

  • patients who access or use the Platform,
  • individuals whose information is submitted to the Platform for clinical analysis,
  • authorized representatives of patients (e.g., parents, guardians, or caregivers),
  • individuals who interact with POD Health through the Platform.

For purposes of this Privacy Policy:

Personal Data / Personal Information means information that identifies, relates to, describes, or could reasonably be linked to an identifiable individual.

Sensitive Personal Data includes health data, genetic information, biometric information, and other data categories subject to heightened protection under applicable laws.

If you are under the age of 18 or unable to legally provide consent, a parent or legal guardian must provide authorization for the processing of your personal data.

  1. Data Controller

For purposes of the GDPR and other applicable laws:

POD Health, Inc. is the data controller for platform operations, except where a healthcare provider or enterprise customer contractually designates themselves as controller for data they submit. Where POD Health processes ePHI on behalf of a covered entity or another controller, POD Health acts as a business associate / processor and will execute a Business Associate Agreement (BAA) or Data Processing Agreement (DPA).

Contact:
privacy@podhealth.ai

  1. Categories of Personal Data We Collect

We collect only the personal information necessary to operate and improve the Platform.

  1. Identity and Contact Information
  • Full name
  • Date of birth
  • Address
  • Phone number
  • Email address
  1. Health and Medical Information

This may include sensitive health information such as:

  • medical record numbers or patient identifiers
  • clinical history and treatment records
  • diagnostic reports and pathology results
  • genetic information and genomic test results
  • family medical history
  • vital signs (heart rate, oxygen saturation, activity levels)
  • wearable device health metrics
  1. Healthcare Provider Information
  • physician name
  • healthcare facility information
  • provider contact details
  1. Laboratory and Diagnostic Data
  • blood test results
  • pathology reports
  • genetic sequencing reports
  • specimen tracking information
  1. Insurance and Billing Information
  • insurance provider details
  • billing records
  • payment information where applicable
  1. Technical and Usage Data

Automatically collected data may include:

  • IP address
  • device identifiers
  • browser type
  • operating system
  • system logs
  • session activity
  1. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • authenticate users
  • maintain sessions
  • analyze platform performance
  • improve user experience

Users may manage cookie preferences through browser settings.

  1. Legal Basis for Processing Personal Data

We process personal data only for documented, lawful purposes: providing the Platform, delivering clinical decision-support services to authorized providers, performing contract obligations, fulfilling explicit consented research use, billing, fraud prevention, legal compliance, and security. Sensitive health data is processed only with appropriate safeguards and explicit authorization where required. Where GDPR applies we rely on one or more legal bases (consent; contract; legal obligation; vital interests; legitimate interests) plus a separate Article 9 condition for processing health/genetic data (e.g., explicit consent, necessary for provision of healthcare).

California residents retain CCPA/CPRA rights (right to know, delete, correct, opt-out of sale/sharing, non-discrimination). POD Health does not sell personal information; where “sharing” or “sale” definitions apply, we will support consumer opt-out mechanisms (including GPC / Do-Not-Sell/Share functionality).

  1. How We Use Personal Data

We use personal data for the following purposes:

Healthcare Services

  • registering users on the Platform
  • facilitating clinical assessments and consultations
  • enabling health monitoring and treatment recommendations
  • supporting physicians and healthcare providers

AI and Data Analytics

The Platform uses artificial intelligence models to analyze patient data.

POD Health may:

  • de-identify or anonymize personal data
  • aggregate anonymized datasets
  • improve algorithms and analytical tools
  • conduct clinical research or publish aggregated findings

Where possible, AI training datasets use de-identified or anonymized data.

Operational Purposes

  • system administration
  • customer support
  • service improvement
  • internal analytics
  • platform security

Legal and Regulatory Compliance

  • responding to lawful requests
  • meeting regulatory obligations
  • enforcing contracts and policies

Communications

We may communicate with users regarding:

  • service updates
  • account notifications
  • health-related services or features

Users may opt out of non-essential communications where required by law.

  1. Sharing and Disclosure of Personal Data

POD Health does not sell personal data to third parties.

We may share information in the following circumstances:

Healthcare Providers

Information may be shared with physicians, hospitals, or laboratories involved in a patient’s care.

Service Providers

We may share data with vendors who provide services such as:

  • cloud infrastructure
  • AI processing tools
  • analytics systems
  • customer support systems

All vendors are contractually obligated to maintain confidentiality and data protection safeguards.

Research and Analytics

De-identified or anonymized datasets may be used for:

  • research studies
  • clinical publications
  • healthcare innovation

Legal Requirements

We may disclose personal data where required to:

  • comply with legal obligations
  • respond to government requests
  • enforce our legal rights
  • protect public health or safety

Corporate Transactions

If POD Health undergoes a merger, acquisition, or asset sale, personal data may be transferred subject to confidentiality obligations.

  1. California Privacy Rights (CCPA / CPRA)

California residents have specific rights under the **California Consumer Privacy Act including:

Right to Know

You may request disclosure of:

  • categories of personal information collected
  • purposes for collection
  • categories of third parties receiving data

Right to Delete

You may request deletion of personal information subject to legal exceptions.

Right to Correct

You may request correction of inaccurate personal information.

Right to Opt Out of Sale or Sharing

POD Health does not sell personal information as defined by the CCPA.

Right to Non-Discrimination

We will not discriminate against users who exercise privacy rights.

Requests may be submitted to:

privacy@podhealth.ai

  1. GDPR Data Subject Rights

Individuals in the EEA/UK have the right to:

  • access their personal data
  • correct inaccurate data
  • request deletion (right to be forgotten)
  • restrict processing
  • object to certain processing
  • receive data portability
  • withdraw consent

Requests will be processed in accordance with applicable law.

  1. Data Retention

POD Health retains personal data only for as long as necessary to:

  • provide services
  • comply with legal obligations
  • maintain medical records where required
  • support research using anonymized datasets

Retention periods may vary depending on applicable healthcare regulations.

  1. Data Security

POD Health implements industry-standard safeguards including:

  • encryption in transit (TLS)
  • encryption at rest (AES-256)
  • role-based access control
  • multi-factor authentication
  • vulnerability testing and security audits
  • intrusion monitoring and incident response procedures

No system can guarantee absolute security; however, we take commercially reasonable measures to protect personal data.

  1. International Data Transfers

Personal data may be transferred to and processed in countries outside the user’s jurisdiction, including the United States.

Where required, POD Health implements safeguards such as:

  • Standard Contractual Clauses
  • data processing agreements
  • security controls consistent with GDPR requirements.

Data transfers outside the EEA/UK will use appropriate safeguards (Standard Contractual Clauses (SCCs), binding corporate rules where applicable, or other lawful mechanisms). Transfers of EEA/UK special category data follow GDPR requirements and rely on explicit consent or another Article 9 condition plus appropriate safeguards.

  1. Automated Decision-Making and AI Processing

The Platform uses algorithmic analysis and AI-based systems to assist healthcare professionals.

AI outputs:

  • support clinical evaluation
  • do not independently diagnose or replace medical judgment
  • are intended solely as decision-support tools.

Healthcare professionals remain responsible for all clinical decisions.

  1. Data Breach Notification

In the event of a confirmed data breach affecting personal data, POD Health will:

  • investigate the incident
  • notify affected individuals where required
  • report the breach to regulators when legally required

Notification will occur within applicable statutory timelines.

  1. Children and capacity

Minors under applicable ages (16 in California unless state law provides otherwise; local law applies elsewhere) require parental/guardian consent for sensitive data processing. For individuals lacking capacity, authorized representatives must provide consent consistent with applicable law.

  1. Third-Party Websites

The Platform may contain links to third-party websites.
POD Health is not responsible for the privacy practices of those websites.

Users should review third-party privacy policies independently.

  1. Updates to this Privacy Policy

POD Health may update this Privacy Policy periodically to reflect:

  • regulatory changes
  • operational improvements
  • technology updates

Material changes will be communicated through the Platform or via email.

  1. Contact Information

For privacy inquiries or requests:

POD Health Privacy Office
Email: privacy@podhealth.ai

  1. Disclaimer

The Platform is a health analytics and support tool and does not replace professional medical advice, diagnosis, or treatment.
Users should always consult qualified healthcare professionals regarding medical decisions.