PRIVACY POLICY

VERSION 1.0

LAST REVISED ON: JANUARY 5, 2025

Shape Health LLC ("Shape", "Company", "us", "our", and "we") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our website, mobile application, and services (collectively, the "Services").

BY USING OUR SERVICES, YOU CONSENT TO THE PRACTICES DESCRIBED IN THIS PRIVACY POLICY.

1. INFORMATION WE COLLECT

1.1 Information You Provide to Us

We collect information you directly provide, including:

Account Information:

Name, email address, phone number, and date of birth
Username, password, and security questions
Profile information and preferences

Health and Medical Information:

Health history, symptoms, and medical conditions
Current medications and treatment information
Healthcare provider information
Health goals and progress data

Insurance and Eligibility Information:

Insurance carrier, policy number, and group ID
Member ID and coverage details
Employer or health plan information
Documentation required for eligibility verification

Payment Information:

Billing address and payment method details
Transaction history and payment records

1.2 Information We Collect Automatically

Usage Information:

Pages visited, features used, and time spent
Device information (IP address, browser type, operating system)
Location data (with your permission)

Cookies and Tracking Technologies:

We use cookies, web beacons, and similar technologies to enhance your experience and collect analytics data

2. ELIGIBILITY VERIFICATION AND DATA USE

2.1 Eligibility Verification Process

Shape conducts eligibility verification to ensure appropriate service delivery:

Initial Verification:

Insurance coverage and benefits verification
Medical necessity assessment
Provider network validation

Ongoing Verification:

Periodic insurance status checks
Medical condition reassessments
Continued eligibility reviews

2.2 Third-Party Verification Services

We may share your information with:

Insurance carriers and administrators
Healthcare providers and medical professionals
Third-party verification and clearinghouse services
Regulatory agencies as required by law

Data Shared for Verification:

Insurance information and coverage details
Medical history relevant to service eligibility
Contact and demographic information
Documentation supporting medical necessity

2.3 Verification Decision Communications

We will notify you of:

Eligibility determination results
Required additional documentation
Changes to your eligibility status
Appeal rights and processes

3. HOW WE USE YOUR INFORMATION

We use your information to:

Provide Services:

Deliver personalized health coaching and support
Connect you with appropriate healthcare providers
Process payments and manage billing
Verify insurance coverage and benefits

Improve Services:

Analyze usage patterns and service effectiveness
Develop new features and enhancements
Conduct research and analytics (in de-identified form)

Communications:

Send service-related notifications
Provide customer support
Share health education content
Deliver marketing communications (with your consent)

Legal and Safety:

Comply with legal obligations
Protect against fraud and abuse
Enforce our terms and policies

4. INFORMATION SHARING AND DISCLOSURE

4.1 With Your Consent

We share information with your explicit consent, including:

Healthcare providers involved in your care
Family members or caregivers you designate
Insurance carriers for claims processing

4.2 Service Providers

We share information with trusted partners who assist in:

Payment processing and billing
Insurance verification and claims
Technology infrastructure and security
Customer support and communications

4.3 Business Transfers

In connection with mergers, acquisitions, or asset sales, your information may be transferred to the acquiring entity.

4.4 Legal Requirements

We may disclose information when required by:

Court orders or legal process
Government investigations
Public health authorities
Emergency situations to protect safety

4.5 De-identified Information

We may use and share de-identified, aggregated information for research, analytics, and business purposes.

5. HIPAA COMPLIANCE

When Shape functions as a covered entity or business associate under HIPAA, we comply with all applicable requirements for protecting your health information. This includes:

Implementing appropriate safeguards
Limiting access to authorized personnel
Providing you with rights regarding your health information
Maintaining separate HIPAA policies where applicable

6. DATA SECURITY

We implement comprehensive security measures including:

Technical Safeguards:

Encryption in transit and at rest
Secure access controls and authentication
Regular security audits and monitoring
Industry-standard security protocols

Administrative Safeguards:

Employee training on privacy practices
Access controls and audit logs
Incident response procedures
Vendor security assessments

Physical Safeguards:

Secure data centers and facilities
Equipment disposal and sanitization
Environmental controls and monitoring

7. YOUR PRIVACY RIGHTS

7.1 Access and Control

You have the right to:

Access your personal information
Correct inaccurate or incomplete information
Request deletion of your information (subject to legal requirements)
Export your data in a portable format

7.2 Communication Preferences

You can:

Opt out of marketing communications
Manage notification preferences
Choose communication channels

7.3 Account Management

You may:

Update your profile information
Change privacy settings
Delete your account (subject to record retention requirements)

7.4 Exercising Your Rights

To exercise these rights, contact us at:

Email: privacy@shapehealth.io
Phone: (575) 339-1671
Mail: 6202 Alchemy Street, Las Cruces, New Mexico 88012

8. DATA RETENTION

We retain your information for as long as:

Your account is active
Needed to provide services
Required by law or regulation
Necessary for legitimate business purposes

Specific Retention Periods:

Health information: 7 years after last service
Insurance and billing records: 7 years
Account information: 3 years after account closure
Marketing communications: Until you unsubscribe

9. CHILDREN'S PRIVACY

Our Services are not intended for children under 13. We do not knowingly collect information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

10. CALIFORNIA PRIVACY RIGHTS

California residents have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know: Categories of information collected, sources, purposes, and third parties with whom it's shared

Right to Delete: Request deletion of personal information (subject to exceptions)

Right to Opt-Out: Opt out of "sale" of personal information (we do not sell personal information)

Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, use the contact information in Section 7.4.

11. INTERNATIONAL DATA TRANSFERS

Your information may be processed and stored in the United States. By using our Services, you consent to the transfer of your information to the United States, which may have different privacy laws than your jurisdiction.

12. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will:

Post the updated policy on our website
Send email notification for material changes
Update the "Last Revised" date

Your continued use of our Services after changes constitutes acceptance of the updated policy.

13. CONTACT INFORMATION

For privacy-related questions or concerns:

Privacy Officer
Shape Health LLC
6202 Alchemy Street
Las Cruces, New Mexico 88012
Phone: (575) 339-1671
Email: privacy@shapehealth.io

For general inquiries: Email: hello@shapehealth.io

14. EFFECTIVE DATE

This Privacy Policy is effective as of January 5, 2025.