Privacy Policy

SnapShot Health Inc ("SnapShot," "we," "us," or "our") is committed to protecting the privacy and security of personal information and Protected Health Information ("PHI"). This Privacy Policy explains how we collect, use, disclose, and safeguard information when you access or use our website, patient-facing applications, or related services (collectively, the "Service").

By using the Service, you acknowledge and agree to this Privacy Policy.

1. Our Role

SnapShot Health Inc is a healthcare technology company that provides a software and administrative services platform to Healthcare Providers.

SnapShot is not a healthcare provider and does not provide medical advice, diagnosis, or treatment.

For purposes of the Health Insurance Portability and Accountability Act of 1996, as amended ("HIPAA"), SnapShot acts as a Business Associate to certain Healthcare Providers and processes PHI solely on their behalf and in accordance with applicable Business Associate Agreements ("BAAs").

2. Information We Collect

a. Personal Information

We may collect personal information such as:

• Name
• Email address
• Phone number
• Mailing address
• Account credentials
• Device and browser information

When you set up an account on our Website, you are creating a direct customer relationship with us that enables you to access and/or utilize the various functions of the Website and the Service as a user.

b. Patient-Generated Health Data

When authorized by a Healthcare Provider, patients may view or submit health-related information through the Service. Such information may constitute PHI under HIPAA.

c. Usage and Technical Data

We automatically collect certain technical data, including:

• IP address
• Browser type and version
• Device identifiers
• Access timestamps
• Pages viewed
• Diagnostic and performance data
• Patient vital information (when using medical devices)

3. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track the activity on our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.

Cookies and tracking technologies are not used to collect or store PHI.

We use both Session and Persistent Cookies for the following purposes:

• Necessary / Essential Cookies: These Cookies are essential to provide you with services available through the Website and to enable you to use some of its features.
• Cookies Policy / Notice Acceptance Cookies: These Cookies identify if users have accepted the use of cookies on the Website.
• Functionality Cookies: These Cookies allow us to remember choices you make when you use the Website, such as remembering your login details or language preference.
• Tracking and Performance Cookies: These Cookies are used to track information about traffic to the Website and how users use the Website.

You may control cookie settings through your browser preferences.

4. How We Use Information

We use information to:

• Operate, maintain, and secure the Service
• Provide access to authorized features and manage your account
• Communicate administrative or service-related information
• Improve platform performance and reliability
• Comply with legal and regulatory obligations
• Provide you with news, special offers and general information about other goods, services and events which we offer
• Manage your requests and attend to inquiries
• Evaluate or conduct a merger, divestiture, restructuring, or other business transfer
• Data analysis, identifying usage trends, and determining the effectiveness of promotional campaigns

Use of Protected Health Information

To the extent we receive or process PHI, such PHI is used solely to perform services on behalf of Healthcare Providers, as permitted by HIPAA and applicable BAAs.

5. De-Identified Data

SnapShot may de-identify PHI in accordance with 45 C.F.R. §164.514(a)–(c).

Once de-identified, data is no longer PHI and may be used for:

• Analytics
• Benchmarking
• Security
• Platform improvement
• Other lawful business purposes

6. Disclosure of Information

We may share your personal information in the following situations:

• With Healthcare Providers: To Healthcare Providers and authorized users as part of the Service.
• With Service Providers: We may share your personal information with Service Providers to monitor and analyze the use of our Service, for payment processing, to contact you.
• For business transfers: We may share or transfer your personal information in connection with any merger, sale of Company assets, financing, or acquisition of all or a portion of our business.
• With Affiliates: We may share your information with our affiliates, in which case we will require those affiliates to honor this Privacy Policy.
• With business partners: We may share your information with our business partners to offer you certain products, services or promotions.
• To comply with legal process: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
• With your consent: We may disclose your personal information for any other purpose with your consent.

7. Data Retention

We retain information only as long as necessary to:

• Provide the Service
• Comply with legal obligations
• Resolve disputes
• Enforce agreements

PHI is retained and disposed of in accordance with HIPAA and applicable BAAs.

8. Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

9. Data Security

We implement reasonable administrative, technical, and physical safeguards designed to protect information against unauthorized access, disclosure, or misuse.

The security of your Personal Data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

10. California Privacy Rights (CCPA/CPRA)

California residents may have rights under the California Consumer Privacy Act (CCPA), as amended by the CPRA, including:

• The right to notice: You have the right to be notified which categories of Personal Data are being collected and the purposes for which the Personal Data is being used.
• The right to request: You have the right to request that we disclose information about our collection, use, sale, and disclosure of your personal information.
• The right to say no to the sale of Personal Data: You have the right to direct us to not sell your personal information.
• The right to delete Personal Data: You have the right to request the deletion of your Personal Data, subject to certain exceptions.
• The right not to be discriminated against: You have the right not to be discriminated against for exercising any of your consumer's rights.

SnapShot does not sell personal information or PHI.

Requests may be submitted to: support@snapshothealth.io

11. Texas Residents

SnapShot complies with applicable Texas privacy and data protection laws, including the Texas Medical Privacy Act, the Texas Identity Theft Enforcement and Protection Act, and the Texas Data Privacy and Security Act (TDPSA), to the extent applicable.

12. Children's Privacy

The Service is not intended for children under the age of 18 without parental or guardian involvement. We do not knowingly collect personal information from children without appropriate consent.

13. Third-Party Links

Our Service may contain links to other websites that are not operated by us. If you click on a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective for material changes.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.