Privacy Policy

Effective Date: March 17, 2026

HealthCura ("we," "our," or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our healthcare practice management platform and related services (collectively, the "Services").

1. Information We Collect

We may collect the following types of information:

• Personal Information: Name, email address, phone number, mailing address, date of birth, and other identifiers you provide when creating an account or using our Services.
• Health Information: Protected Health Information (PHI) as defined by HIPAA, including medical records, insurance information, treatment history, and other health-related data processed through our platform on behalf of healthcare providers.
• Usage Data: Information about how you interact with our Services, including IP address, browser type, device information, pages visited, and access times.
• Payment Information: Billing details necessary to process payments for our Services.

2. How We Use Information

We use the information we collect for the following purposes:

• Provide Services: To operate, maintain, and deliver the features and functionality of our platform, including patient management, scheduling, insurance verification, and billing.
• Improve Our Platform: To analyze usage patterns, troubleshoot issues, and enhance the performance and user experience of our Services.
• Communicate: To send you service-related notices, respond to your inquiries, and provide customer support.
• Compliance: To comply with applicable laws, regulations, and legal processes, including HIPAA and applicable U.S. federal and state data protection laws.

3. Use of Artificial Intelligence and Automation

We may use automated systems, including rules-based processing and, where applicable, artificial intelligence or machine learning technologies, to support healthcare operations such as scheduling, eligibility verification, claims processing, and workflow optimization.

These systems are designed to assist healthcare providers and are subject to appropriate safeguards. We do not use Protected Health Information to train generalized artificial intelligence models except as permitted by our contractual obligations and applicable law.

4. Communications and Messaging

We may send communications related to your use of the Services, including service notifications, support messages, and, where applicable, appointment or workflow-related communications.

Where required by law, we will obtain appropriate consent before sending communications such as SMS messages. You may opt out of non-essential communications at any time by following the instructions provided in the message (e.g., replying "STOP" for SMS).

We do not sell or share phone numbers or communication consent data with third parties for marketing purposes.

5. How We Share Information

We do not sell your personal information. We may share information in the following circumstances:

• With Healthcare Providers: We process PHI on behalf of healthcare providers who use our platform. Covered entities (healthcare providers) are responsible for obtaining any required patient consents or authorizations under applicable law.
• As Required by Law: We may disclose information when required by law, regulation, subpoena, court order, or other legal process.
• With Your Consent: We may share information with third parties when you have given us explicit consent to do so.
• Service Providers: We may share information with trusted third-party service providers who assist us in operating our platform, including cloud infrastructure providers, payment processors, analytics providers, and communication service providers. These providers are contractually obligated to safeguard information and, where applicable, comply with HIPAA requirements.

6. HIPAA Compliance

HealthCura operates as a Business Associate under HIPAA. We take our obligations seriously:

• PHI Handling: All Protected Health Information is processed, stored, and transmitted in accordance with HIPAA Privacy and Security Rules.
• Business Associate Agreements: We enter into Business Associate Agreements (BAAs) with all covered entity clients, and require BAAs from our own subcontractors who handle PHI.
• Minimum Necessary Standard: We limit the use and disclosure of PHI to the minimum necessary to accomplish the intended purpose.
• Breach Notification: In the event of a breach of unsecured PHI, we will notify affected covered entities in accordance with HIPAA Breach Notification Rules.

7. Data Security

We implement robust technical, administrative, and physical safeguards to protect your information:

• Encryption: All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption.
• Access Controls: Role-based access controls ensure that only authorized personnel can access sensitive information on a need-to-know basis.
• Audit Logging: We maintain comprehensive audit logs of all access to and modifications of PHI and other sensitive data.
• Regular Assessments: We conduct regular security risk assessments and vulnerability testing to identify and address potential threats.

8. Data Retention

We retain personal information and Protected Health Information (PHI) only for as long as necessary to provide our Services, fulfill the purposes outlined in this Privacy Policy, comply with legal and regulatory obligations, resolve disputes, and enforce our agreements.

Retention periods may vary depending on the nature of the data, contractual requirements with healthcare providers, and applicable laws, including HIPAA and state regulations.

9. Data Location

Our Services are operated in the United States. Your information may be stored and processed in the United States or other jurisdictions where our service providers operate, subject to appropriate safeguards and applicable law.

10. Your Rights

You have the following rights regarding your personal information:

• Access: You may request access to the personal information we hold about you.
• Correction: You may request that we correct inaccurate or incomplete information.
• Deletion: You may request the deletion of your personal information, subject to legal retention requirements.
• Portability: You may request a copy of your data in a commonly used, machine-readable format.
• Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time.

For rights related to PHI held by your healthcare provider, please contact your provider directly or refer to their Notice of Privacy Practices.

11. North Carolina Privacy Rights

If you are a resident of North Carolina, your personal and health information may be protected under applicable state privacy and data security laws.

While North Carolina does not currently provide a comprehensive consumer privacy law similar to California, we are committed to protecting your information in accordance with applicable state and federal requirements, including data security and breach notification obligations.

In the event of a data breach involving your personal information, we will provide notice in accordance with North Carolina General Statutes § 75-65 and other applicable laws.

North Carolina residents may contact us using the information above to:

• Request access to their personal information
• Request correction of inaccurate information
• Request deletion of personal information, subject to legal limitations

12. Cookies and Tracking

We use cookies and similar technologies to enhance your experience, analyze usage, and support the functionality of our Services. You can manage cookie preferences through your browser settings. Essential cookies required for platform operation cannot be disabled.

13. Children's Privacy

Our Services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of material changes by posting the updated policy on our website and updating the effective date. Your continued use of our Services after such changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

HealthCura Privacy Team
Email: privacy@healthcura.ai