Privacy Policy

Last Updated: November 26, 2025

Gesund Health Data, Inc. ("Gesund," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.gesundhealthdata.com (the "Site") or use our services.

Please read this Privacy Policy carefully. By accessing or using our Site or services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Site or use our services.

Important Note About PHI

This website does not collect, process, or store Protected Health Information (PHI) as defined under HIPAA. Our platform services, which do process PHI for our customers, are governed by separate Business Associate Agreements (BAAs) and are HIPAA-compliant. This Privacy Policy applies only to information collected through our public-facing website.

1. Information We Collect

1.1 Information You Provide to Us

We collect information that you voluntarily provide to us, including:

Contact Information: Name, email address, phone number, company name, and job title when you request a demo, sign up for our newsletter, or contact us
Communications: Information you provide when you communicate with us via email, contact forms, or other channels
Account Information: Username, password, and other registration information if you create an account
Professional Information: Information about your organization, role, and healthcare or insurance industry interests

1.2 Information Collected Automatically

When you visit our Site, we automatically collect certain information about your device and usage:

Device Information: IP address, browser type, operating system, device type, and unique device identifiers
Usage Data: Pages viewed, time spent on pages, links clicked, referring/exit pages, and other usage statistics
Location Data: General geographic location based on IP address
Cookies and Similar Technologies: Information collected through cookies, web beacons, and similar tracking technologies (see Section 7 below)

1.3 Information from Third Parties

We may receive information about you from third parties, including:

Business partners and service providers
Publicly available sources
Marketing and analytics providers

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Providing and Improving Our Services

Processing and responding to your inquiries and demo requests
Creating and managing your account
Providing customer support
Improving our Site and services
Developing new products and features

2.2 Communications

Sending you information about our services, updates, and promotional materials (with your consent where required)
Responding to your comments, questions, and requests
Sending administrative information, such as changes to our terms or policies

2.3 Analytics and Research

Analyzing how users interact with our Site
Understanding user preferences and trends
Conducting research and analytics to improve our services

2.4 Legal and Security

Complying with legal obligations and regulations
Protecting against fraud, security risks, and illegal activity
Enforcing our terms and policies
Protecting our rights, property, and safety, and that of our users and others

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

3.1 Service Providers

We share information with third-party service providers who perform services on our behalf, such as:

Hosting and infrastructure providers (e.g., Vercel, AWS, Google Cloud)
Analytics providers (e.g., Vercel Analytics, Plausible)
Email service providers
Customer relationship management (CRM) platforms
Marketing and advertising partners

These service providers are contractually required to protect your information and use it only for the purposes we specify.

3.2 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

3.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas, government agencies).

3.4 With Your Consent

We may share your information with third parties when you have given us your consent to do so.

4. Data Security

We implement appropriate technical and organizational security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption of data in transit using TLS 1.3
Encryption of data at rest using AES-256
Access controls and authentication mechanisms
Regular security assessments and audits
Employee training on data security and privacy
Incident response procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

5. HIPAA Compliance

Platform Services vs. Website

Important Distinction: This Privacy Policy applies to our public website only. When we provide our clinical intelligence platform services to healthcare organizations and life insurance carriers, those services are HIPAA-compliant and governed by separate agreements:

Business Associate Agreements (BAAs): We enter into BAAs with covered entities and business associates
HIPAA Safeguards: Our platform implements administrative, physical, and technical safeguards required by HIPAA
PHI Processing: Protected Health Information processed through our platform is handled in accordance with HIPAA Privacy and Security Rules
Audit Logging: All PHI access and modifications are logged and auditable
Security Certifications: Our platform maintains SOC 2 Type II certification (in progress)

For information about our HIPAA compliance and platform security, please visit our Security page or contact us directly.

6. Data Retention

We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Retention periods vary based on the type of information and how it is used:

Contact Information: Retained while you maintain an account or until you request deletion
Marketing Communications: Retained until you unsubscribe or request deletion
Analytics Data: Aggregated and anonymized data may be retained indefinitely
Legal Requirements: Some data may be retained longer to comply with legal obligations

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your browsing activities. Cookies are small data files stored on your device.

7.1 Types of Cookies We Use

Essential Cookies: Necessary for the Site to function properly
Analytics Cookies: Help us understand how visitors use our Site
Functional Cookies: Remember your preferences and settings
Marketing Cookies: Track your online activity to help deliver relevant advertising

7.2 Managing Cookies

Most web browsers are set to accept cookies by default. You can configure your browser to refuse cookies or alert you when cookies are being sent. However, some features of our Site may not function properly without cookies.

8. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

8.1 General Rights

Access: Request access to the personal information we hold about you
Correction: Request correction of inaccurate or incomplete information
Deletion: Request deletion of your personal information
Data Portability: Request a copy of your information in a structured, machine-readable format
Opt-Out: Opt out of receiving marketing communications from us
Restriction: Request restriction of processing in certain circumstances

8.2 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to know what personal information we collect, use, disclose, and sell
Right to request deletion of your personal information
Right to opt-out of the sale of personal information (we do not sell personal information)
Right to non-discrimination for exercising your CCPA rights

8.3 European Residents (GDPR)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

Right of access to your personal data
Right to rectification of inaccurate data
Right to erasure ("right to be forgotten")
Right to restrict processing
Right to data portability
Right to object to processing
Right to withdraw consent
Right to lodge a complaint with a supervisory authority

8.4 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@gesundhealthdata.com. We will respond to your request within 30 days (or as otherwise required by applicable law).

9. Children's Privacy

Our Site and services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information.

10. Third-Party Links

Our Site may contain links to third-party websites or services that are not operated by us. This Privacy Policy does not apply to third-party websites or services. We encourage you to review the privacy policies of any third-party sites you visit.

11. International Data Transfers

Your information may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ from those in your jurisdiction.

If you are located outside the United States and choose to provide information to us, we transfer your information to the United States and process it there. By using our Site or services, you consent to the transfer of your information to the United States.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last Updated" date at the top of this policy. If we make material changes, we will notify you by email (if you have provided your email address) or by posting a notice on our Site prior to the change becoming effective.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

13. Contact Us

If you have any questions, comments, or concerns about this Privacy Policy or our data practices, please contact us:

Gesund Health Data, Inc.
Email: privacy@gesundhealthdata.com
Alternative: scott.coller@multilith.ai

For security-related inquiries: security@gesundhealthdata.com