Privacy Policy

1. Introduction:

This Privacy Policy describes how we collect, access or use your Personal Information. All terms capitalized herein but not defined shall have the meaning ascribed under the Services Agreement or Terms of Use. By using or accessing the Services in any manner, you:

1.1.    accept this Privacy Policy; and;
1.2.    consent to and authorize us to collect, use, transmit, and share your Personal Information in the manner described herein, including without limitation from your healthcare services provider. (collectively referred to as the “Authorization”). If you do not agree with this Privacy Policy you may not use or access the Services.
2. Business Associate:

If you are a Provider, you may have signed a Business Associate Agreement (‘BAA’) with us. The BAA is hereby incorporated as part of the Privacy Policy.

3. Types of Personal Information
We use, collect and store certain types of Personal Information that we obtain either directly from you or from third-party sources. The Personal Information that we collect includes the following:
3.1.      PHI. Under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), some of the collected Personal Information may be considered “protected health information” (“PHI”). HIPAA restricts the purposes and uses of PHI. Upon your request or with your consent, your Provider may share your PHI with us in our capacity as a Business Associate. We as Business Associate will need to use and disclose the PHI in a manner consistent and permitted by HIPAA in order to perform the Services.
3.2.      Information Provided. This includes without limitation information that you provide, when you (i) create an account, (ii) use interactive tools and services, (ii) search for appointments and Services, (iii) complete general forms; (iv) voluntarily provide information in surveys, and questionnaires; (v) post reviews; (vi); call support services, (vii) send us email or (viii) use the Services.
3.3.      Information Collected. We automatically collect your information when you use the Services for the purpose of: (i) providing you the Services; (ii) improve our Services; (iii) promote patient wellbeing, enhance patient safety and ensure that patients are being provided the best Services possible. Your information is collected, without limitation, through:
  1. cookies, web-beacons, use of applications, website and software
  2. your use or access of Services;
  3. enabling updates or notifications;
  4. recording of relevant interactions and communication between Customers and Providers (including but not limited to transcriptions of said communications);
  5. third party vendors and with whom we or you interact with respect to any services, including without limitation, the health information exchanges, electronic health records vendors, healthcare service providers, analytics partners, data aggregators;
  6. third-party sources, such as business partners that offer co-branded services or help us sell or distribute our products or services;
  7. encrypted identifiers to identify recipients for applications or tools including but not limited to Google Fit, HealthKit by Apple; and
  8. camera and microphone for choosing to add/capture pictures, videos or for making calls subject to prior permission.
3.4.      Examples of Personal Information. Personal Information may include, without limitation:
  1. payment information
  2. device/IP information
  3. web analytics
  4. geolocation data
  5. other identifying information that you voluntarily choose to provide
  6. contact information
  7. email address
  8. user demographic data
  9. medical data
  10. mobile device data
  11. insurance information
  12. appointment data
  13. social network data;
  14. interaction and use;
  15. transactions;
  16. ad impressions to unique visitors;
  17. positioning;
  18. billing information (card details, etc.);
  19. commercial information;
  20. educational information;
  21. professional or employer-related information;
  22. audio, electronic, visual, or other sensory information; and
  23. inferences.
3.4.      Instances where personal data is not collected. Tracking or collection of data through internet search history, social media activity, purchase patterns or other information you input into other unrelated websites.
3.5.      Our Values. We are committed to empowering you with personalized Content to engage actively in your care, and advocate for your needs. We provide health materials and Content aligned with these goals. Your preferences guide us in delivering this content. We use your personal data to provide personalized health information only with your consent, and we cease to do so at your request.

4. De-Identified Information

4.1.      Authorization. You agree, and authorize us to de-identify your Personal Information, (including PHI in conformity with HIPAA) (‘De-Identified Information’). De-identification means that your Personal Information shall be anonymized and shall no longer be personally identifiable. You authorize us to de-identify your Personal Information, and use it to:
  1. Provide, enable, improve and customize Services, third party services and your user experience of Services;
  2. Notify and market services, products or resources about which we think that you may be interested in;
  3. Provide you updates and information about our products and services;
  4. Conduct analysis and support development for improving or developing Services or products;
  5. Disclose it in any way permitted by law, including to third parties in connection with their commercial and marketing efforts.
4.2.      Ownership. You acknowledge and agree that such information will be reviewed and approved by you or someone authorized by you at the time of your appointment to ensure its accuracy. You also acknowledge that Leap may use the data or information you provide in medical history form in accordance with our Privacy Policy.
The Leap acknowledges and agrees that your Personal Information that is provided by you through the Services, specifically relating to you, and all rights, title and interest therein, is and shall remain your exclusive property. Notwithstanding the aforesaid, to the extent permitted by the Privacy Policy and any other applicable laws and regulations, you agree to grant the Leap an irrevocable, perpetual license to use your data, ad any de-identified information for research and development purposes and to improve the Services. You warrant and represent that the information you provide on the Services is up to date, complete and accurate. The De-Identified Information shall form the sole and exclusive ownership of Leap.

5. Purposes of Personal Information Collection or Disclosure.

We disclose Your Personal Information to certain categories of third-parties.
5.1.      Categories of Third Parties. In certain circumstances, We may share Your Personal Information with the following categories of Service Providers, Advertising Partners, Government and other third parties for the purposes detailed under Section 5.2:

  1. Service Providers. Including without limitation:
    • Insurance providers
    • Health information exchanges
    • Parties You authorize, access or authenticate
    • Security and Fraud Prevention Consultants
    • Payment Processors
    • Fulfillment Providers;
    • Hosting, Technology and Communications Providers;
    • Data Storage Providers;
    • Analytics Providers;
    • Insurance Verification Providers;
    • Staff Augmentation Personnel;
    • Health Information Organizations


  2. Advertising Partners (“Advertising partners”). We may disclose Your De-Identified Information to our advertising partners or service providers. We may serve advertisements, and also allow third-party ad networks, including third-party ad servers, ad agencies, ad technology vendors and research firms, to serve advertisements through the Services. These advertisements may be targeted to users who fit certain general profile categories or display certain preferences or behavior.


  3. Parties You Authorize, Access or Authenticate. We may share Your Personal Information with third-party business partners You access through the Services, if You choose to use any Service to log in to the Services to meet or fulfill the reason You provided the information to us.


  4. Government or Public Records (“Government”). We may use government or other public records for onboarding or verifying Providers. We may disclose Your Personal Information when We believe in good faith that such disclosure is reasonably necessary to: (i) comply with applicable law or legal process; (ii) investigate and prevent measures against suspected or actual illegal activities or to cooperate with public and government authorities; (2) enforce our contractual requirements; (3) protect and defend ourselves against any third-party claims or allegations; (4) maintain the security or integrity of our Services; or (5) safeguard the rights and safety of our Services, our workforce and others. We will undertake good faith efforts to notify You about any legal demands for Your Personal Data when appropriate in our judgment, unless restricted by law or court order or when the request is an emergency. We may dispute such demands when we believe, in our discretion, that the requests are overbroad, vague or lack proper authority, but we do not promise to challenge every demand.

5.2.      Purposes. Your Personal Information shall be shared with the entities detailed under Section 5.1. for the following purposes (‘Purposes’):

  • Providing, customizing, and improving the Services
  • Marketing the Services
  • Corresponding with You
  • Complying with legal requirements
  • Health information exchanges
  • Onboarding verification
  • Maintaining or servicing accounts,
  • Providing customer service,
  • Processing or fulfilling orders and transactions,
  • Verifying customer information,
  • Processing payments,
  • Providing financing,
  • Providing advertising or marketing services,
  • Providing analytic services, or providing similar services on behalf of the business or service provider.
  • Undertaking internal research for technological development and demonstration.
  • Undertaking activities to verify or maintain the quality or safety of our Services.
  • Advertisement and Marketing
  • Auditing;
  • and other relevant standards and rules compliance.
5.3.      Financial Incentives. We may offer financial incentives for completing onboarding assessments, surveys, or other programs that require sharing your feedback or Personal Information. Details and incentives will be specified in each program. The value of your Personal Information is estimated based on our operating expenses against the benefit provided. Participation is optional and can be terminated anytime as per program terms. To unsubscribe or cancel your participation, please contact us using the information provided below. For more details, please refer to our Optional Health Information Authorization, which outlines how we use and share your Data for personalized health-related content and services.
5.4.      Principles of Collecting Personal Data. In addition to the principles, practices, and policies detailed in this Privacy Policy, we adhere to the following principles for collecting and processing Personal Data:
  1. Personal Data will be handled lawfully, fairly, and with transparency.
  2. We will collect only the Personal Data necessary to provide our service.
  3. Personal Data will be sufficient, relevant, and limited to what is required for the purposes for which it is collected and processed. You have the right to request access to, correction, or deletion of your Personal Data, to object to or request restriction of its processing, or to request data portability. All such requests must be made in writing to us.
We prioritize the security of your personal information. Our applications use various technical safeguards, including Transport Layer Security (TLS) and Secure Sockets Layer (SSL) encryption, to protect the confidentiality, integrity, and availability of your data. We implement appropriate physical, technical, organizational, and administrative security measures to protect against unauthorized access, use, and disclosure of your personal data.

While we strive to follow industry standards for data protection during transmission and storage, please note that no method of data transmission or storage is completely secure. Therefore, we cannot guarantee absolute security, loss, misuse, or alteration of your information. It is important that you also take steps to protect your data, such as choosing strong passwords, limiting access to your devices, and logging off after accessing your account.

In the event of a security breach, we will notify you as required by applicable law. If you become aware of any security issues, please contact us immediately.
5.5.      Security Measures. To a reasonable extent, we ensure the security of your Personal Information through:
  1. Verification of activity;
  2. Anti-virus and malware protection;
  3. Network security;
  4. Physical security;
  5. Firewall;
  6. Software updates; and
  7. Investigation of suspicious activities.

6. Your Rights.

You have the right to delete, access or seek clarity regarding the use and disclose of Your Personal Information.

6.1.      Right to Deletion. You can ask us to delete Your Personal Information maintained by us subject to the provision of a verifiable request. However, we may retain Your Personal Information for as long as necessary to (i) comply with federal or state data retention requirements or other applicable laws, and (ii)enable Your use of the Services. We may also retain non-PHI and De-Identified Information upon such verifiable request, if we determine that We are not legally obligated to delete. However, please note that many features of our website or our Services will not be able to function without Your Personal information.

6.2.    Right to Access. You can ask us for access to Your Personal Information maintained by us subject to the provision of a verifiable request.

6.3.    Other Rights. You can ask Us to enumerate the different categories of Your Personal Information. You can also ask us to provide You with a list of third parties (if any) to whom Your Personal Information has been disclosed.

7. Privacy Notice for California Residents.
This notice describes the rights of Californian residents under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, “CCPA”), updated 2023.

7.1.      Categories of Personal Information, purposes for collection and third-parties with whom We share Personal Information. Please refer to Section 3 and Section 5 of this Privacy Policy.

7.2.      Your Rights. Under Californian law, You may have the following rights with regards to the Personal Information:

  1. To request information regarding (i) the categories of Personal Information We have collected about You, (ii) categories of sources from which We collected the Personal Information, (iii) purposes for collection/disclose of Your Personal Information, (iv) categories of third-parties with whom We share Your Personal Information with.
  2. To request deletion of Your Personal Information
  3. To request correction of Your Personal Information.
  4. We do not sell Your Personal Information; therefore, We don’t provide the right to opt out of the sale of Your Personal Information.
7.3.      How can You exercise Your rights? . You can exercise Your rights by sending us a request to the contact details detailed under Section 14. Someone legally authorized to act on Your behalf may submit a request pertaining to Your Personal Information. This shall include any guardian or parent acting on Your behalf if You are a minor. We may require You to reasonably verify Your identity before accepting Your request. Certain Personal Information may be exempt from such exercise. Any denial, in whole or in part, may be appealed. We may review our decision to accept your request. In accordance with California Civil Code Sections 1798.83-1798.84, residents of California have the right to request that we do not disclose their Personal Information to third parties for direct marketing purposes. To make such a request, please contact us at support@leaphealth.ai. All requests can only be made in respect of Personal Information collected, used and disclosed over the duration of 12 months.

7.4.      Response Times. We shall use our best efforts to response to Your requests within forty-five (45) days of its receipt. We shall inform You in advance if We require up to ninety (90) days to respond to Your request. All disclosures shall only cover the 12-month period preceding the date of Your request.

7.5.    Under Civil Code Section§ 1798.83.  You may request certain information concerning our disclose of Personal Information to third-parties for their direct marketing purposes. In such case, You may request (i) a list of categories of Personal Information disclosed to third-parties during the immediately preceding calendar year, and (ii) a lsit of categories of third parties to whom We disclose such Personal Information. 

8. Business Transfers.

All Personal Information may be transferred to a third party if We undergo a merger, acquisition, bankruptcy or other transaction in which that third party assumes control of our business (in whole or in part). Should one of these events occur, We will make reasonable efforts to notify You before Your information becomes subject to different privacy and security policies and practices.

9. Non-Discrimination.

Unless permitted by applicable law, and to the extent reasonably practicable, We will not discriminate against You for exercising any of Your rights under this Privacy Policy, such as:

  • Deny You products, goods or Services;
  • Charge You different prices or rates for goods, products or Services, including through granting discounts or other benefits, or imposing penalties;
  • Provide You a different level or quality of goods, products or services.
10. Cross-Border Export of Personal Information.

We may transfer Your Personal Information to Leap, or to third parties described under Section 5.1. You consent to the transfer, processing, and storage of Your Personal Information outside of Your country of residence.

11. Correcting & Updating Personal Information.

 You may update or correct Personal Information maintained by Leap, either by logging into Your account or by sending us a request. Upon receipt of Your request, Leap will either (a) provide You with reasonable access to the Personal Information or (b) forward Your request to the relevant Provider. It is at our discretion whether to directly update or correct the Personal Information or forward it to the Provider for correction.

12. Sale of Information.

We do not sell any of Your Protected Health Information.

13. Termination.
This Authorization shall remain in effect until You provide a written notice of revocation to Leap. YOU MAY REVOKE THIS AUTHORIZATION AT ANY TIME AND FOR ANY OR NO REASON. SUCH REVOCATION SHOULD BE COMMUNICATED TO USTHROUGH support@leap.health . THE REVOCATION SHALL ONLY BE EFFECTIVE AFTER RECEIPT BY LEAP; PRIOR USES OF YOURPERSONAL INFORMATION SHALL NOT BE EFFFECTED BY THE REVOCATION. SUCH REVOCATION SHALL NOT EFFECT OUR USE OF YOUR NON-PHI INFORMATION AND DE-IDENTIFIED INFORMATION
14. Contact Information.
If You have questions or complaints regarding this Privacy Policy You can reach out to our Data Protection Officer at:
legal@leap.health
934-888-5327
80 Pine St, 21st Floor New York, NY 10005, United States
Scroll to Top