Privacy Policy

Last updated: April 2026

Leap 4 Health ("we," "us," or "our") is committed to protecting the privacy and security of your personal information and protected health information (PHI). This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our telehealth platform, website, mobile applications, and related services (collectively, the "Services").

By using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described here, please do not use our Services.

1. Information We Collect

Personal Information

When you create an account or use our Services, we may collect the following personal information:

  • Full name, date of birth, and gender
  • Email address, phone number, and mailing address
  • Insurance information (if applicable)
  • Payment and billing information
  • Government-issued identification for identity verification

Protected Health Information (PHI)

In the course of providing telehealth services, we collect and maintain PHI including but not limited to:

  • Medical history and current health conditions
  • Symptoms, diagnoses, and treatment plans
  • Prescription and medication information
  • Laboratory results and diagnostic reports
  • Communications between you and your care team
  • Information provided through our AI symptom checker and care assistant

Technical Information

We automatically collect certain technical information when you use our Services, including device type and operating system, browser type and version, IP address and approximate location, pages visited and features used, and session duration and interaction data.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, maintain, and improve our telehealth services
  • To facilitate consultations between you and your care team
  • To process prescriptions and coordinate pharmacy services
  • To communicate with you about your care, appointments, and account
  • To process payments and manage your subscription
  • To operate and improve our AI care assistant and symptom checker
  • To comply with legal and regulatory obligations, including HIPAA
  • To detect, prevent, and address fraud, security issues, and technical problems
  • To conduct internal research and analytics to improve our Services

3. How We Share Your Information

We do not sell your personal information or PHI. We may share your information in the following limited circumstances:

  • Care Team and Providers

    Your health information is shared with the providers involved in your care, including Dr. Tyra and supervised providers on our platform.

  • Business Associates

    We share information with third-party service providers who assist in operating our platform (such as cloud hosting, payment processing, and pharmacy coordination). All business associates are bound by HIPAA-compliant Business Associate Agreements.

  • Legal Requirements

    We may disclose information when required by law, regulation, legal process, or governmental request, including compliance with HIPAA, state health regulations, and court orders.

  • Public Health Activities

    As permitted by HIPAA, we may disclose PHI for public health activities such as reporting communicable diseases, adverse medication reactions, or as otherwise required by public health authorities.

  • With Your Consent

    We may share information for purposes not described in this policy with your explicit written consent.

4. Data Security

We implement administrative, technical, and physical safeguards designed to protect your information in accordance with HIPAA requirements and industry best practices. These measures include:

  • End-to-end encryption for data in transit and at rest
  • Role-based access controls limiting who can view your information
  • Regular security audits and vulnerability assessments
  • Secure cloud infrastructure with SOC 2 compliant hosting providers
  • Employee training on HIPAA compliance and data handling
  • Incident response and breach notification procedures

While we take all reasonable steps to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security of your data.

5. Your Rights

You have the following rights regarding your information:

  • Access and obtain a copy of your health records
  • Request corrections or amendments to your health information
  • Request restrictions on certain uses and disclosures of your PHI
  • Receive an accounting of disclosures of your PHI
  • Request confidential communications through alternative means or locations
  • Receive notification in the event of a breach of your unsecured PHI
  • File a complaint if you believe your privacy rights have been violated

To exercise any of these rights, please contact us at support@leap4health.org.

6. HIPAA Notice

Leap 4 Health is a HIPAA-covered entity. We are required by law to maintain the privacy and security of your protected health information, provide you with this notice of our legal duties and privacy practices, and notify you in the event of a breach of unsecured PHI. For a complete description of your rights under HIPAA, please review our HIPAA Compliance page.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve our Services. These include:

  • Essential cookies required for authentication, security, and basic platform functionality
  • Analytics cookies that help us understand how users interact with our Services so we can improve them
  • Preference cookies that remember your settings and display preferences

We do not use advertising or behavioral tracking cookies. You can manage cookie preferences through your browser settings, although disabling essential cookies may affect platform functionality.

8. Third-Party Services

Our platform integrates with third-party services to deliver care effectively. These may include cloud hosting providers, payment processors, pharmacy networks, laboratory service providers, and communication tools. Each third-party provider that handles PHI is bound by a Business Associate Agreement and is required to comply with applicable privacy and security regulations.

We are not responsible for the privacy practices of third-party websites or services linked from our platform. We encourage you to review their privacy policies independently.

9. Data Retention

We retain your personal information and PHI for as long as necessary to provide our Services, comply with legal obligations, resolve disputes, and enforce our agreements. Medical records are retained in accordance with applicable state and federal regulations, which generally require a minimum retention period of six to ten years after the last date of service.

If you request account deletion, we will remove your personal account information within a reasonable timeframe but may retain medical records as required by law.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, providing additional notice through email or an in-platform notification.

Your continued use of our Services after any changes to this Privacy Policy constitutes your acceptance of the updated terms.

11. Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about our data practices, please contact us:

Leap 4 Health Privacy Team

Email: support@leap4health.org

You also have the right to file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights if you believe your privacy rights have been violated.