Privacy Policy

Effective Date: March 9, 2026 | Last Updated: March 9, 2026

Orella Health, Inc. ("Orella," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Platform.

By accessing or using the Platform, you agree to the practices described in this Privacy Policy.

1. Information We Collect

Account Information: Name, email address, phone number, date of birth, and login credentials.

Health Information: Symptoms, medical history, allergies, medications, family health history, social and lifestyle information, insurance details, photographs, voice recordings, and written descriptions.

Device Information: Device type, operating system, browser type, unique device identifiers, and usage data.

Provider Information: For healthcare providers, professional credentials, practice information, specialty, and contact details.

2. How We Use Your Information

We use your information to provide and operate the Platform, facilitate communication between patients and healthcare providers, generate AI-assisted clinical documentation (always reviewed by your physician), send transactional notifications including appointment confirmations and care plan updates, process appointments and follow-up care, improve and personalize your experience, ensure security, and comply with legal obligations.

3. Health Information and HIPAA

Orella Health acts as a business associate to healthcare providers. We implement administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of your health information. All data is transmitted using TLS encryption and stored on secure, HIPAA-compliant infrastructure. AI services operate under our Business Associate Agreements.

4. How We Share Your Information

We do not sell your personal information to third parties. We may share your information with healthcare providers you explicitly authorize, service providers who perform services on our behalf (including Supabase, Resend, Twilio, Anthropic, and Amazon Web Services), as required by law, and in connection with business transfers. We may use de-identified data for analytics and improvement.

5. SMS and Email Communications

You consent to receive transactional SMS messages and emails related to your healthcare. Message frequency varies. Reply STOP to opt out of SMS. Opting out does not affect in-app notifications.

6. Data Security

We employ TLS encryption for all data in transit, encryption at rest, role-based access controls, and regular security assessments. No method of transmission is completely secure, and you transmit information at your own risk.

7. Your Rights

You may request access to, correction of, deletion of, or portability of your personal information. To exercise these rights, contact privacy@orellahealth.com.

California residents may have additional rights under the CCPA and CPRA. We do not sell your personal information.

8. Children's Privacy

The Platform is not intended for individuals under 18. We do not knowingly collect information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time and will notify you of material changes.

10. Contact Us

Orella Health, Inc.

700 S. Flower Street, Suite 1000

Los Angeles, CA 90017

Email: admin@orellahealth.com

Phone: (323) 655-6222