top of page

Privacy Policy

Effective as of July 1, 2024.


This Privacy Policy explains how Brace Health, Inc. ("BH," "we," "us," or "our") handles personal information collected through our digital properties that link to this Privacy Policy, including our website (collectively, the “Service”). By using our Service, you agree to the terms outlined in this policy.

1. Healthcare Data and HIPAA Compliance

At Brace Health, we understand the sensitive nature of healthcare data and are committed to maintaining the privacy and security of your health information. As an AI-driven healthcare operations company serving many types of healthcare organizations, we handle various types of health-related data, including Protected Health Information (PHI) as defined by the Health Insurance Portability and Accountability Act (HIPAA).

​

Types of Health Data We Process

The health data we collect and process may include, but is not limited to:

  • Medical history and conditions

  • Treatment information

  • Billing and payment records

  • Insurance information

  • Demographic data related to healthcare services

​

HIPAA Compliance

Brace Health is fully committed to complying with HIPAA regulations. As a Business Associate to covered entities (healthcare providers), we implement all required safeguards to protect PHI:

  1. Administrative Safeguards: We have policies and procedures in place to manage the creation, access, use, and disclosure of PHI.

  2. Physical Safeguards: We maintain physical security measures to protect our systems and the PHI they contain from unauthorized access.

  3. Technical Safeguards: We use encryption, access controls, and audit trails to ensure the confidentiality, integrity, and availability of electronic PHI.

​

Use and Disclosure of Health Data

We only use and disclose health data, including PHI, as permitted by HIPAA and authorized by our healthcare provider clients. This typically includes uses and disclosures for:

  • Treatment, payment, and healthcare operations purposes

  • Purposes specified in our Business Associate Agreements

  • Other purposes as required or permitted by law

​

Patient Rights Regarding Their Health Data

Patients whose data we process on behalf of healthcare providers, have certain rights under HIPAA, including:

  • The right to access their health information

  • The right to request corrections to their health information

  • The right to know how their health information has been disclosed

  • The right to request restrictions on certain uses and disclosures

To exercise these rights, please contact your healthcare provider directly. As a Business Associate, we will work with your provider to fulfill any requests as required by HIPAA.

​

State-Specific Health Data Regulations

In addition to HIPAA, we comply with state-specific regulations regarding the privacy and security of health data. This includes, but is not limited to:

  • California Confidentiality of Medical Information Act (CMIA)

  • Texas Medical Records Privacy Act

  • New York Patient Bill of Rights

We continuously monitor and adapt our practices to comply with evolving state regulations.

​

Data Breach Notification

In the unlikely event of a breach involving unsecured PHI, we will notify affected individuals, healthcare providers, and regulatory authorities as required by HIPAA and state laws.

​

Contact Information

If you have any questions or concerns about how we handle health data or our HIPAA compliance practices, please contact our Privacy Officer at:

Email: legal@bracehealth.com

​

For more detailed information about our general data practices, please continue reading this Privacy Policy.

2. Personal Information We Collect

Information You Provide to Us

Personal information you may provide includes:

  • Contact Data: Such as your name, email, billing address, phone number, and professional affiliation.

  • Profile Data: Including your username, password, and preferences set for your online account.

  • Communications: Correspondence when you contact us with inquiries or feedback. Calls with BH may be recorded or monitored for training, quality assurance, customer service, and reference purposes

  • Payment and Transactional Data: Payment card details, bank account numbers, billing information, and records of services purchased.

  • Practice and Patient Data: Information related to medical practice operations, scheduling, and de-identified patient data.

  • Marketing Data: Preferences for receiving communications and engagement details.

  • Other Information: Any other information that we may collect which is not specifically listed here, but which we will use in accordance with this Privacy Policy or as otherwise disclosed at the time of collection.

​

Information We Obtain from Other Sources

We may augment personal information with data from:

  • Public Sources: Government agencies, public records, and social media platforms.

  • Data Providers: Services that offer demographic and other information.

  • Business Partners: Joint marketing partners and event co-sponsors.

  • Third-Party Services: Platforms like "Sign-in with Google" that you connect to our Service.

​

Automatic Data Collection

Our service providers and partners may log data about your interactions with our Service, such as:

  • Device Data: Including your device's OS type/version, browser type, screen resolution, IP address, and general location.

  • Online Activity Data: Pages viewed, time spent on pages, clicks, navigation paths, and access times and durations.  

  • Location Data: When authorized, we collect your device’s location information.

​

Cookies and Similar Technologies

We use cookies and similar technologies to:

  • Cookies: Store information to help navigate between pages, remember preferences, and facilitate analytics.

  • Web Beacons: Track webpage or email access and content engagement.

  • SDKs: Incorporate third-party code in our app to collect data for analytics and advertising.

For information about how we use these technologies and your choices regarding them, see the "Your Choices" section below.

3. How We Use Your Personal Information

We may use your personal information for the following purposes or as otherwise described at the time of collection:

​

Service Delivery

We use your personal information to:

  • Provide, operate, and improve the Service and our business;

  • Establish and maintain your user profile on the Service;

  • Enable security features of the Service, such as by sending you security codes via email or SMS, and remembering devices from which you have previously logged in;

  • Communicate with you about the Service, including by sending announcements, updates, security alerts, and support and administrative messages;

  • Understand your needs and interests, and personalize your experience with the Service and our communications;

  • Provide support for the Service, and respond to your requests, questions and feedback.

​

Research and Development

We may use your personal information for research and development purposes, including to analyze and improve the Service and our business. As part of these activities, we may create aggregated, de-identified or other anonymous data from personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business.

​

Marketing and Advertising

We, our service providers and our third-party partners may collect and use your personal information for marketing and advertising purposes:

  • Direct Marketing: We may send you BH-related or other marketing communications as permitted by law. You can opt out of these communications by following the instructions in the "Opt-out of Marketing" section.

  • Interest-Based Advertising: We may work with third-party advertising and social media companies to display ads on our Service and other sites. These companies may use cookies and similar technologies to collect information about your activities over time across our Service and other online services. This information helps them serve ads tailored to your interests. Learn more about limiting interest-based advertising in the "Advertising Choices" section.

​

Compliance and Protection

We may use your personal information to:

  • Comply with applicable laws, lawful requests, and legal processes, such as to respond to subpoenas or requests from government authorities;

  • Protect our, your or others' rights, privacy, safety, or property (including by making and defending legal claims);

  • Audit our internal processes for compliance with legal and contractual requirements and internal policies;

  • Enforce the terms and conditions that govern the Service;

  • Prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

4. How We Share Your Personal Information

We may share your personal information with the following parties and as otherwise described in this Privacy Policy or at the time of collection:

  • Affiliates: Our corporate parent, subsidiaries, and affiliates, for purposes consistent with this Privacy Policy.

  • Service Providers: Companies and individuals that provide services on our behalf or help us operate the Service or our business (such as hosting, information technology, customer support, email delivery, marketing, and website analytics).

  • Business Partners: Companies that have entered into joint ventures or partnerships with us, including healthcare technology providers and other entities that support clinical practices.

  • Professional Advisors: Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.

  • Authorities and Others: Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.

  • Business Transferees: Acquiring and other relevant parties to business transactions (or potential transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, BH or our affiliates (including, in connection with a bankruptcy or similar proceedings).

5. Your Choices

You have the following choices with respect to your personal information:

  • Access or Update Your Information: If you have registered for an account with us, you may review and update certain account information by logging into the account.

  • Opt-Out of Marketing Communications: You may opt-out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of marketing emails, or by contacting us. You may continue to receive service-related and other non-marketing emails.

  • Cookies: Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. If you do not accept cookies, however, you may not be able to use all functionality of the Service and it may not work properly.

  • Advertising Choices: You can limit use of your information for interest-based advertising by:

    • Browser Settings: Blocking third-party cookies in your browser settings.

    • Privacy Browsers/Plug-ins: Using privacy browsers or ad-blocking browser plug-ins that let you block tracking technologies.

    • Platform Settings: Google and Facebook offer opt-out features that let you opt-out of use of your information for interest-based advertising.

  • Mobile Settings: Using your mobile device settings to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.

  • Do Not Track: Some Internet browsers may be configured to send "Do Not Track" signals to the online services that you visit. We currently do not respond to "Do Not Track" signals.

6. Other Sites and Services

The Service may contain links to websites, mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or other online services that are not associated with us. We do not control websites, mobile applications, or online services operated by third parties, and we are not responsible for their actions. We encourage you to read the privacy policies of any third-party services you access.

7. Security Measures

We employ technical, organizational, and physical safeguards designed to protect the personal information we collect. However, we cannot guarantee the security of your personal information. We recommend that you take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private.

8. Data Retention

We will retain your personal data for as long as you maintain a user account and up to six years after the account is closed. The retention period depends on the type of personal data, our contractual obligations to you, and applicable laws. We keep your personal data only as long as necessary to fulfill the purpose for which it was collected unless a longer retention period is required for legitimate business purposes or legal reasons.

​

At the end of the retention period, we will delete your personal data from our databases and request that our business partners do the same. If we cannot delete some data for technical reasons, we will ensure it is not further processed. Anonymized data may be retained indefinitely.

9. International Data Transfers

We are headquartered in the United States and may use service providers that operate in other countries. Your personal information may be transferred to the United States or other locations where privacy laws may not be as protective as those in your state, province, or country. When we transfer personal information outside of the country in which you reside, we implement appropriate safeguards to protect your information in accordance with this Privacy Policy and applicable law.

10. Children's Privacy

The Service is not intended for use by children under 16 years of age. If we learn that we have collected personal information through the Service from a child under 16 without the consent of the child's parent or guardian as required by law, we will delete it. We do not knowingly collect, use, or disclose personal information from children under 13 without appropriate parental notice and consent.

11. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Service. If required by law, we will also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via email or another manner through the Service. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your continued use of the Service after the effective date of any modified Privacy Policy indicates your acceptance of the modified Privacy Policy.

​12. How to Contact Us

If you have any questions, comments, or concerns about this Privacy Policy or our privacy practices, please contact us at:

Email: legal@bracehealth.com

Address: Brace Health, Inc, 20 University Road, 5th Floor, Cambridge, MA 02138

13. Additional Information for Specific Jurisdictions

California Residents

The California Consumer Privacy Act (CCPA) requires us to provide the following information to California residents:

  • Categories of personal information we collect

  • Sources of personal information

  • Business or commercial purpose for collecting personal information

  • Categories of third parties with whom we share personal information

  • California residents' rights and choices regarding their personal information

bottom of page