Privacy Policy
Last updated: April 2026
Leap 4 Health ("we," "us," or "our") is committed to protecting the privacy and security of your personal information and protected health information (PHI). This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our telehealth platform, website, mobile applications, and related services (collectively, the "Services").
By using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described here, please do not use our Services.
1. Information We Collect
Personal Information
When you create an account or use our Services, we may collect the following personal information:
- Full name, date of birth, and gender
- Email address, phone number, and mailing address
- Insurance information (if applicable)
- Payment and billing information
- Government-issued identification for identity verification
Protected Health Information (PHI)
In the course of providing telehealth services, we collect and maintain PHI including but not limited to:
- Medical history and current health conditions
- Symptoms, diagnoses, and treatment plans
- Prescription and medication information
- Laboratory results and diagnostic reports
- Communications between you and your care team
- Information provided through our AI symptom checker and care assistant
Technical Information
We automatically collect certain technical information when you use our Services, including device type and operating system, browser type and version, IP address and approximate location, pages visited and features used, and session duration and interaction data.
2. How We Use Your Information
We use the information we collect for the following purposes:
- To provide, maintain, and improve our telehealth services
- To facilitate consultations between you and your care team
- To process prescriptions and coordinate pharmacy services
- To communicate with you about your care, appointments, and account
- To process payments and manage your subscription
- To operate and improve our AI care assistant and symptom checker
- To comply with legal and regulatory obligations, including HIPAA
- To detect, prevent, and address fraud, security issues, and technical problems
- To conduct internal research and analytics to improve our Services
3. How We Share Your Information
We do not sell your personal information or PHI. We may share your information in the following limited circumstances:
Care Team and Providers
Your health information is shared with the providers involved in your care, including Dr. Tyra and supervised providers on our platform.
Business Associates
We share information with third-party service providers who assist in operating our platform (such as cloud hosting, payment processing, and pharmacy coordination). All business associates are bound by HIPAA-compliant Business Associate Agreements.
Legal Requirements
We may disclose information when required by law, regulation, legal process, or governmental request, including compliance with HIPAA, state health regulations, and court orders.
Public Health Activities
As permitted by HIPAA, we may disclose PHI for public health activities such as reporting communicable diseases, adverse medication reactions, or as otherwise required by public health authorities.
With Your Consent
We may share information for purposes not described in this policy with your explicit written consent.
4. Data Security
We implement administrative, technical, and physical safeguards designed to protect your information in accordance with HIPAA requirements and industry best practices. These measures include:
- End-to-end encryption for data in transit and at rest
- Role-based access controls limiting who can view your information
- Regular security audits and vulnerability assessments
- Secure cloud infrastructure with SOC 2 compliant hosting providers
- Employee training on HIPAA compliance and data handling
- Incident response and breach notification procedures
While we take all reasonable steps to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security of your data.
5. Your Rights
You have the following rights regarding your information:
- Access and obtain a copy of your health records
- Request corrections or amendments to your health information
- Request restrictions on certain uses and disclosures of your PHI
- Receive an accounting of disclosures of your PHI
- Request confidential communications through alternative means or locations
- Receive notification in the event of a breach of your unsecured PHI
- File a complaint if you believe your privacy rights have been violated
To exercise any of these rights, please contact us at support@leap4health.org.
6. HIPAA Notice
Leap 4 Health is a HIPAA-covered entity. We are required by law to maintain the privacy and security of your protected health information, provide you with this notice of our legal duties and privacy practices, and notify you in the event of a breach of unsecured PHI. For a complete description of your rights under HIPAA, please review our HIPAA Compliance page.
7. Cookies and Tracking Technologies
We use cookies and similar technologies to operate and improve our Services. These include:
- Essential cookies required for authentication, security, and basic platform functionality
- Analytics cookies that help us understand how users interact with our Services so we can improve them
- Preference cookies that remember your settings and display preferences
We do not use advertising or behavioral tracking cookies. You can manage cookie preferences through your browser settings, although disabling essential cookies may affect platform functionality.
8. Third-Party Services
Our platform integrates with third-party services to deliver care effectively. These may include cloud hosting providers, payment processors, pharmacy networks, laboratory service providers, and communication tools. Each third-party provider that handles PHI is bound by a Business Associate Agreement and is required to comply with applicable privacy and security regulations.
We are not responsible for the privacy practices of third-party websites or services linked from our platform. We encourage you to review their privacy policies independently.
9. Data Retention
We retain your personal information and PHI for as long as necessary to provide our Services, comply with legal obligations, resolve disputes, and enforce our agreements. Medical records are retained in accordance with applicable state and federal regulations, which generally require a minimum retention period of six to ten years after the last date of service.
If you request account deletion, we will remove your personal account information within a reasonable timeframe but may retain medical records as required by law.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, providing additional notice through email or an in-platform notification.
Your continued use of our Services after any changes to this Privacy Policy constitutes your acceptance of the updated terms.
11. Contact Us
If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about our data practices, please contact us:
Leap 4 Health Privacy Team
Email: support@leap4health.org
You also have the right to file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights if you believe your privacy rights have been violated.