Book a demo
Draft — pending legal review
Legal

Privacy Policy

Last updated: 2026-05-16

Ayureon, Inc. ("Ayureon, Inc.," "we," "us," or "our") is committed to protecting the privacy and security of your personal information and health information. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our services.

1. Who We Are

Ayureon, Inc. operates the Ayureon healthcare interoperability platform and its associated websites, applications, and services accessed through ayureon.com. This Privacy Policy applies to all surfaces operated by Ayureon, Inc.

2. Information We Collect

2.1 Information You Provide

  • Account information: name, email address, phone number, date of birth, mailing address.
  • Health information: medical history, current medications, allergies, symptoms, treatment preferences, lab results, and any other clinical information you choose to share through our platform.
  • Identity verification: government-issued identification (for IAL2 identity proofing) and facial biometric data, where applicable.
  • Payment information: credit/debit card numbers, billing address, and HSA/FSA eligibility, processed by our payment processors.
  • Communications: messages to providers, customer support inquiries, and feedback.

2.2 Information Collected Automatically

  • Device and usage data: IP address, browser type, device identifiers, pages visited, and referring URL.
  • Cookies and tracking technologies: session cookies, authentication tokens, and analytics signals. See Section 8 for details.
  • Wearable and connected-device data: if you connect a wearable device through our platform, we may receive health metrics such as heart rate, sleep, and activity levels.

2.3 Information from Third Parties

  • Healthcare providers: clinical records, lab results, and prescription data received through health information exchange networks (e.g., FHIR, CommonWell, TEFCA).
  • Lab partners: lab results from network lab providers.
  • Pharmacy records: prescription history and dispensing records from connected pharmacies.

3. How We Use Your Information

3.1 Treatment, Payment, and Healthcare Operations

  • Coordinating care between your healthcare providers via health information exchange.
  • Supporting prescription processing through connected pharmacies.
  • Processing payments for services and prescriptions.
  • Quality improvement, compliance audits, and workforce training.

3.2 With Your Consent

  • Sending engagement communications such as appointment reminders and refill notifications.
  • Marketing communications about health and wellness programs (opt-in only).
  • Sharing health data with connected wearable platforms.
  • Participating in health information exchange networks.

3.3 As Required or Permitted by Law

  • Responding to court orders, subpoenas, or other legal process.
  • Reporting to public health authorities (e.g., adverse events, communicable diseases).
  • Cooperating with law enforcement when required by law.
  • Responding to government audits or investigations (e.g., HHS OCR, state boards).

4. How We Share Your Information

Ayureon, Inc. does not sell your personal information or health information. We share information only as follows:

4.1 Service Providers (Business Associates)

We share information with vendors who perform services on our behalf, under written agreements (BAAs and DPAs) that require them to protect your information. Categories include payment processing, communications, telehealth video, lab services, CRM, platform infrastructure, wearable integration, and telehealth platform tooling.

4.2 Healthcare Providers and Pharmacies

Your health information is shared with the healthcare providers and pharmacists involved in your care via the connected systems that you authorize.

4.3 Health Information Exchange

With your consent, Ayureon, Inc. participates in health information exchange networks (e.g., CommonWell Health Alliance, TEFCA) that allow your providers to securely access your records across health systems.

4.4 Legal and Regulatory

We may disclose information as required by federal or state law, including HIPAA, or in response to valid legal process.

5. Your Rights

5.1 HIPAA Rights (Health Information)

If you are a patient, you have the following rights under HIPAA:

  • Right to Access: request a copy of your health records. We will respond within 30 days.
  • Right to Amend: request correction of inaccurate health information. We will respond within 60 days.
  • Right to Accounting of Disclosures: request a list of certain disclosures of your health information.
  • Right to Request Restrictions: ask Ayureon, Inc. to limit how we use or disclose your health information.
  • Right to Confidential Communications: request alternative means or locations for communications.
  • Right to Revoke Authorization: withdraw consent for uses of your health information that require authorization (prospective only).

To exercise these rights, contact us at the address in Section 11.

5.2 California Residents (CCPA/CPRA)

If you are a California resident, you also have:

  • Right to Know what personal information Ayureon, Inc. collects, uses, and discloses.
  • Right to Delete your personal information (subject to exceptions).
  • Right to Correct inaccurate personal information.
  • Right to Opt-Out of the sale or sharing of personal information. Ayureon, Inc. does not sell personal information.
  • Right to Non-Discrimination for exercising your rights.

Do Not Sell or Share My Personal Information. Ayureon, Inc. does not sell your personal information. To the extent any data sharing constitutes "sharing" under CCPA, you may opt out by contacting us.

Global Privacy Control (GPC). We honor GPC signals.

5.3 Other State Rights

Residents of states with consumer privacy laws (e.g., Virginia, Colorado, Connecticut, Utah) may have similar rights. Contact us to exercise your rights.

6. Data Retention

Ayureon, Inc. retains your information according to the following schedule:

  • Medical records: 10 years from last encounter (or until age 21 for minors, whichever is longer).
  • Pharmacy records: 7 years from date of dispensing.
  • Financial/billing records: 7 years.
  • Marketing data: 2 years from collection.
  • Consent records: 5 years from date of consent or last communication.

7. Data Security

Ayureon, Inc. implements administrative, physical, and technical safeguards to protect your information:

  • Encryption: data encrypted at rest (AES-256) and in transit (TLS 1.2+).
  • Access controls: role-based access with minimum-necessary standard enforcement.
  • Audit logging: access to health information is logged and retained per regulatory requirements.
  • Employee training: annual HIPAA and cybersecurity training for workforce members.
  • Incident response: dedicated incident response procedures and breach notification workflows.

8. Cookies and Tracking Technologies

We use cookies and similar technologies on our websites. Our approach:

  • Essential cookies (session management, authentication) are always active.
  • Analytics cookies with IP anonymization help us improve our services.
  • Marketing cookies are used only on non-patient pages and only with your consent.
  • No advertising pixels are permitted on any page where health information is present.

You can manage cookie preferences through our cookie consent banner.

9. Children's Privacy

Our services are not intended for individuals under the age of 18. Ayureon, Inc. does not knowingly collect personal information from children. If you believe we have collected information from a child, contact us immediately.

10. Changes to This Policy

Ayureon, Inc. may update this Privacy Policy periodically. Material changes will be communicated via email to active patients and posted on our website with the updated effective date. Continued use of our services after the effective date of changes constitutes acceptance of the updated policy.

11. Contact Us

Ayureon, Inc. 500 W 2nd Street, Suite 1900 Austin, TX 78701

Privacy inquiries: privacy@ayureon.com

To file a complaint with HHS: Office for Civil Rights, U.S. Department of Health and Human Services, 200 Independence Avenue SW, Washington, DC 20201 — https://www.hhs.gov/ocr/privacy/hipaa/complaints.

source: Notion Master Privacy Policy (Legal & Compliance Hub)