Italic - Privacy Policy

Overview

This Privacy Policy explains how Italic collects, uses, discloses, and protects information about users of our websites, applications, and services, including the provider-facing Portal and the patient Health ID product (together, the "Services"). It covers both consumer use and use by healthcare provider customers. Separate business associate agreements ("BAAs") may apply to specific provider relationships.

Scope and roles

Consumer Services.

When patients use Italic directly, Italic acts as an independent controller of personal data. Italic is not a healthcare provider and does not offer medical advice.

Provider Services.

When a healthcare provider customer uses Italic and Italic receives protected health information ("PHI") on the provider's behalf, Italic acts as a HIPAA Business Associate under a BAA and processes PHI only as permitted by that BAA and applicable law.

TEFCA and QHIN connectivity.

Italic participates in health information exchange as permitted by TEFCA rules and the applicable purposes of use. Patient-mediated access uses identity proofing consistent with IAS requirements.

Information we collect

Account and identity data.

Name, contact details, date of birth, sex, address, identity documents, insurance information, photo, government ID tokens, and identity-proofing artifacts.

Health information.

Visit summaries, lab results, medications, allergies, immunizations, problem lists, vitals, imaging reports, devices and wearables data, genomics, SDoH information, and other medical records.

Payment data.

Partial payment card details, tokenized payment methods, billing address, transaction history. Italic does not store full card numbers; a certified processor stores them.

Connected apps and devices.

Data from Apple, Google, Fitbit, Peloton, 8Sleep, WHOOP, Withings, Polar, 23andMe, Ancestry, and others when you connect accounts.

Usage and technical data.

Log files, device identifiers, IP address, browser and OS, app telemetry, crash reports.

Communications.

Emails, text messages, push notifications, support tickets, and call recordings with notice.

Inferences.

Derived attributes such as deduplicated identities, record linkages, and timeline correlations.

Sources of data

You, your authorized representatives, and your connected accounts.
Your healthcare providers, their EHRs, HIEs, and QHIN networks, subject to purpose and consent.
Claims clearinghouses, pharmacies, labs, and imaging centers.
Public or commercially available datasets used for identity matching and quality assurance.

How we use data

Provide the Services.

Account creation, authentication, intake, scheduling, insurance eligibility checks, payments, provider portal features, and clinical document retrieval.

AI-supported summaries and organization.

Generate patient-specific summaries, deltas, timelines, and correlation charts with record-level provenance. No diagnosis or treatment recommendations.

Security, fraud prevention, and abuse detection.

Identity proofing, auditing, and incident response.

Compliance.

HIPAA, TEFCA, and other legal obligations, including audit logging and access controls.

Product improvement and analytics.

De-identified or aggregated analyses to improve accuracy, speed, and reliability.

Research and Real-World Evidence (RWE).

Only with a separate, explicit patient authorization or in a de-identified form consistent with law and contracts.

Communications.

Service notices, product updates, transactional messages, and, where permitted, marketing.

RWE and de-identification

De-identified data.

Italic may create de-identified data using expert determination or safe harbor methods. Italic may use and disclose de-identified data for analytics and RWE.

Identifiable RWE.

Only with a separate, explicit, revocable authorization describing the scope, recipients, and purpose. Opt-in is off by default.

TEFCA safeguard.

TEFCA-sourced data is not repurposed for RWE or recruitment without that distinct authorization or use as de-identified data consistent with law and contract.

Clinical research recruitment

We may offer opt-in clinical research recruitment services. Participation requires a separate, explicit authorization describing purpose, scope, recipients, and retention. You can withdraw at any time. We may contact you about studies only after you opt in, and we will limit use of your information to the recruitment purpose described.

Legal bases (GDPR/UK GDPR)

For users in the EEA/UK, Italic relies on one or more of: performance of a contract, legitimate interests such as product security and improvement, compliance with legal obligations, vital interests in limited cases, and consent where required.

Disclosure of data

With your providers.

To supply intake data, updates, and records, and to write back to the EHR with provenance.

With processors.

Cloud hosting, identity proofing, payment processing, analytics, communication tools, and security vendors acting under contract.

With exchange networks.

QHINs, HIEs, and other exchange partners consistent with purpose and consent.

For legal reasons.

To comply with law, respond to lawful requests, or defend rights.

Corporate events.

In connection with a merger, acquisition, or asset transfer with safeguards.

With your consent.

When you ask us to share with a third party or connect an app.

HIPAA, 42 CFR Part 2, and sensitive data

Italic limits use and disclosure of PHI to permitted purposes and minimum necessary standards when applicable. Italic maintains audit logs, access controls, encryption in transit and at rest, and role-based access. Substance use disorder, genetic, and other special categories receive handling aligned to federal and state rules, including 42 CFR Part 2 where applicable.

Biometric data (Face ID, selfie, liveness)

Purpose is identity verification and re-authentication only. No sale or sharing for advertising. Stored securely and destroyed at the earlier of: three years after last interaction or when the initial purpose is satisfied. Written consent obtained where required. You may withdraw consent; alternative authentication may apply.

Security

Italic uses a layered security program: encryption, secrets management, least-privilege access, vulnerability management, vendor reviews, annual penetration tests, and incident response plans. No method is perfectly secure. Users should protect accounts and credentials.

Incident and breach notice

If a breach of unsecured personal data or PHI occurs, Italic will notify without unreasonable delay and no later than 60 days after confirmation, or sooner if state law sets a shorter clock. Notices include what happened, data types, steps taken, and contact points.

Data retention

Italic keeps personal data as long as needed for the purposes described, to comply with legal obligations, resolve disputes, and enforce agreements. Representative schedule: PHI under BAA per BAA (audit logs 6 years); identity proofing artifacts 2 years after last use; app telemetry 90 days; access logs 1 year; billing records 7 years; de-identified datasets retained as allowed.

International transfers and residency

Primary storage regions may be in the U.S. Cross-border transfers use SCCs or other lawful mechanisms. Regional caching/CDNs may be used.

Cookies and tracking

Italic uses cookies and similar technologies for authentication, security, and analytics. Browser settings may limit certain cookies. Essential cookies are required for the Services to function. Global Privacy Control (GPC): honored for sale/share opt-outs.

Advertising

We may, in the future, display advertising in our Services. We do not use PHI to target ads. We may use contextual information, limited device data, and non-sensitive signals. We honor Global Privacy Control for any sale or sharing opt-outs. You can opt out of non-essential ad cookies in settings.

Communications (email, SMS/MMS, calls)

We may send emails, text messages (SMS/MMS), push notifications, and phone calls to deliver transactional and service communications, such as verification codes, appointment updates, intake reminders, and security alerts. With your separate opt-in, we may send promotional messages. For SMS, reply STOP to opt out; for email, use the unsubscribe link; you may request to be added to our internal do-not-call list. Message and data rates may apply. Frequency varies. Your consent to receive communications is not a condition of purchase. Certain essential communications are necessary for the Services and may not be disabled. For messages that may include PHI, we limit content to what is reasonably necessary and prefer secure links into the Portal.

Third-party links

External sites have their own privacy practices. Italic is not responsible for those sites.

State privacy disclosures

California (CPRA).

Rights to know, delete, correct, opt out of sale/share, limit use of sensitive personal information, and non-discrimination. Italic does not sell personal information for money. Financial incentives are described in the "Financial Incentives Notice."

Virginia/Colorado/Connecticut/Utah.

Sensitive data treatments align to state law; opt-out signals honored where applicable.

Washington MHMD.

No geofencing of health-care facilities for advertising; consent where required for processing consumer health data.

Changes to this Policy

Italic will post updates with a new effective date. Material changes will include notice by email or in-product when appropriate.

DSAR process

Submit requests to legal@italichealth.com or via the DSAR webform (once live). Italic may request identity verification. Response target 45 days; one 45-day extension if needed with notice.

Subprocessors and DPA

A current subprocessor list will be posted at /legal/subprocessors. EU/UK users receive a DPA with SCCs/UK IDTA at /legal/dpa or on request.

Contact

Privacy requests, questions, or complaints: legal@italichealth.com.
Customer support: hello@italichealth.com.

Financial Incentives Notice

Referral or promotional credits may be offered. Categories of personal information involved, the value of the incentive, and the right to withdraw at any time are described in program terms.