Privacy Policy

Alpine Digital Health, Inc. ("Alpine," "we," "us," or "our") operates the Arc and Arc Care mobile applications and related services (collectively, the "Services"). We are committed to protecting your privacy and being transparent about how we collect, use, and share your information.

This Privacy Policy explains how we handle your personal information when you use our Services. By using Arc or Arc Care, you agree to the collection and use of information in accordance with this policy.

Information You Provide Directly

Account Information

When you create an account, we collect your name, email address, phone number, date of birth, and other registration information.

Health Information

Through your use of the Services, we collect health-related information including:

• Medical history and conditions
• Symptoms and health concerns
• Medications and treatment information
• Vital signs and biometric data
• Communications with your healthcare provider
• Care plans and health goals

Information Collected Automatically

Usage Data

We collect information about how you interact with the Services, including:

• Features you use and actions you take
• Time, frequency, and duration of your activities
• Device information (type, operating system, unique identifiers)
• IP address and general location information

Provide Healthcare Services:

• Enable communication between you and your healthcare provider
• Support clinical decision-making and care delivery
• Generate and maintain your digital health record
• Facilitate AI-assisted patient engagement and monitoring
• Schedule appointments and send reminders
• Process payments and manage billing

Improve Our Services:

• Analyze usage patterns and user feedback
• Develop new features and enhance existing functionality
• Train and improve our AI models and algorithms
• Conduct research and analytics (using de-identified data where possible)

We may share your information in the following circumstances:

With Your Healthcare Providers

We share your health information with the healthcare providers who are involved in your care through our Services. This is essential for providing you with medical care.

Service Providers

We engage third-party companies and individuals to perform services on our behalf, such as:

• Cloud hosting and data storage
• Analytics and performance monitoring
• Payment processing
• Customer support services

Alpine Digital Health, Inc. is committed to complying with the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations. For users whose healthcare providers are covered entities under HIPAA:

• We act as a Business Associate to your healthcare provider
• We maintain appropriate administrative, physical, and technical safeguards to protect your Protected Health Information (PHI)
• We have entered into Business Associate Agreements with covered entities
• We limit the use and disclosure of PHI as required by HIPAA

We implement reasonable administrative, technical, and physical security measures designed to protect your information against unauthorized access, loss, misuse, or alteration. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and audits
• Access controls and authentication measures
• Employee training on data protection
• Incident response procedures

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

We retain your information for as long as necessary to:

• Provide you with the Services
• Comply with legal obligations (including medical record retention requirements)
• Resolve disputes and enforce our agreements
• Support business operations and analytics

When we no longer need your information, we will securely delete or de-identify it.

Depending on your location, you may have certain rights regarding your personal information:

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.

California Residents

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to know what personal information we collect, use, and disclose
• Right to request deletion of your personal information
• Right to correct inaccurate information
• Right to opt out of the "sale" or "sharing" of personal information (we do not sell or share personal information)

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those of your country. We take measures to ensure that your information receives an adequate level of protection in the jurisdictions in which we process it.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated policy with a new "Last Updated" date
• Sending you a notification through the Services or via email
• Requesting your consent if required by law

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us: