1. Information We Collect

Information You Provide Directly

We collect information that you voluntarily provide to us, including:

• Contact Information: Name, email address, phone number, and mailing address
• Health Information: Medical history, symptoms, and other health-related information necessary for cardiac monitoring services
• Insurance Information: Insurance provider, policy number, and related coverage information
• Payment Information: Billing address and payment method details (processed securely through our payment processors)
• Communications: Information you provide when you contact us or respond to surveys

Information Collected Automatically

When you visit our website, we automatically collect certain information about your device and usage, including:

• Device Information: IP address, browser type and version, operating system, device type
• Usage Data: Pages visited, time spent on pages, click patterns, referring website addresses
• Cookies and Tracking Technologies: Information collected through cookies, pixel tags, and similar technologies

Information from Third Parties

We may receive information about you from:

• Healthcare providers who refer you to our services
• Our service partners, including iRhythm Technologies

2. How We Use Your Information

We use the information we collect to:

• Provide Services: Process orders for cardiac monitoring devices and coordinate with iRhythm for device fulfillment
• Communication: Send order confirmations, shipping updates, and important service notifications
• Customer Support: Respond to inquiries and provide technical assistance
• Marketing: Send promotional communications (with your consent where required)
• Analytics and Improvement: Analyze usage patterns to improve our website and services
• Legal Compliance: Comply with applicable laws, regulations, and legal processes
• Security and Fraud Prevention: Protect against unauthorized access and fraudulent activities

3. Information Sharing and Disclosure

Service Providers

We share your information with trusted third-party service providers who assist us in operating our business, including:

• iRhythm Technologies: As our primary fulfillment partner for Zio cardiac monitoring patches, we share necessary personal and health information with iRhythm to process and fulfill your orders. Your information will be subject to iRhythm's privacy policy once shared.
• Analytics Providers: Including Google Analytics, Vercel Analytics, and other analytics services to understand website usage
• Communication Providers: Email service providers and customer support platforms
• Payment Processors: Secure payment processing services
• Cloud Storage Providers: For secure data storage and backup

Healthcare Entities

We may share your health information with:

• Your referring physician or healthcare provider
• Other healthcare providers involved in your care (with your authorization)

Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities, including:

• Court orders or subpoenas
• Government or regulatory requests
• To protect our rights, privacy, safety, or property
• To enforce our terms of service

Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction.

Aggregated and De-identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you for research, marketing, or other purposes.

4. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Remember your preferences and settings
• Understand how you use our website
• Provide targeted advertising
• Improve website performance

Types of cookies we use:

• Essential Cookies: Required for website functionality
• Analytics Cookies: Help us understand website usage
• Marketing Cookies: Used to deliver relevant advertisements

You can control cookies through your browser settings. Note that disabling certain cookies may limit website functionality.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data
• Regular security assessments and updates
• Access controls and authentication measures

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as necessary to:

• Provide our services
• Comply with legal obligations
• Resolve disputes and enforce agreements
• Meet regulatory requirements for healthcare records

Health records are retained in accordance with applicable healthcare regulations and may be retained for several years after service completion.

7. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

Access and Portability

You may request a copy of the personal information we hold about you.

Correction

You may request that we correct inaccurate or incomplete information.

Deletion

You may request deletion of your personal information, subject to legal retention requirements.

Marketing Communications

You can opt out of marketing emails by clicking the "unsubscribe" link in any marketing email or contacting us directly.

8. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal information, please contact us.

9. International Data Transfers

If you access our services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located and our central database is operated.

10. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

11. California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA), including:

• The right to know what personal information we collect, use, disclose, and sell
• The right to request deletion of personal information
• The right to opt-out of the sale of personal information (we do not sell personal information)
• The right to non-discrimination for exercising privacy rights

To exercise these rights, please contact us using the information below.

12. Contact Information

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us: