Book a meeting
Privacy

Privacy Policy

This Privacy Policy explains how Itera Health, Corp. handles personal information across its website, mobile app, and other touchpoints. We process (collect, store, use, or share) personal data and are responsible for it.

Last updated June 8, 2026

Quick summary

This policy covers what data we collect, including sensitive information like health records, and notes that we may obtain information from external sources. Data usage focuses on service delivery, communication, safety, fraud prevention, and legal compliance. Information sharing happens only in specific situations. We implement security measures, though no system is completely breach-proof. User rights vary by location, and we address dormant accounts.

1. What information do we collect?

Information you give us

You provide information through various interactions, which may include names, phone numbers, email addresses, mailing addresses, usernames, passwords, and contact preferences.

Sensitive information. With your permission and legal authorization, we collect health data, biometric information (fingerprints, voiceprints), race and ethnicity details, government ID numbers, and medical records from connected health sources including claims, prescriptions, diagnoses, procedures, and lab results.

App information. The app may request location tracking and device access (camera, microphone, contacts, notifications) and push-notification permissions. You can change these settings anytime through your device.

Information collected automatically

We automatically gather non-identifying information including IP addresses, browser details, operating system info, language settings, referral sources, device names, countries, location data, and usage patterns. This includes log and usage data, device data, and location data ranging from precise GPS coordinates to approximate areas. You can disable location, though certain features may become unavailable.

Google API

Information from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements.

Information from other sources

To enhance marketing and maintain current records, we obtain information from public records, marketing partners, data providers, and other external companies. This may include mailing addresses, job titles, email addresses, phone numbers, behavioral data, IP addresses, and social media profiles.

2. How do we use your information?

We use personal information to:

  • Deliver requested services
  • Respond to inquiries and resolve service problems
  • Send account messages and policy updates
  • Process orders, payments, returns, and exchanges
  • Enable user-to-user communication features
  • Identify trends and improve services and marketing
  • Analyze service usage patterns
  • Meet legal obligations and respond to requests
  • Protect our legal interests

3. When and with whom do we share your information?

Information sharing occurs during:

  • Business transfers — mergers, asset sales, financing, or business acquisitions
  • Affiliates — parent companies and commonly-owned entities, which must follow this policy
  • Business partners — to offer specific products, services, or deals
  • Other users — public postings and shared information remain accessible to other users

4. Do we use cookies and other tracking tools?

We use cookies, web beacons, and pixels to collect information, maintain security, prevent crashes, fix bugs, save settings, and enable basic functions. External companies and service providers use tracking tools for analysis and advertising. This tracking may constitute a “sale” or “sharing” under state laws, with opt-out options available.

Google Analytics. Information is shared with Google Analytics to study service usage. You can opt out at tools.google.com/dlpage/gaoptout. More information is available through Google's Privacy & Terms page. See our Cookies Policy for details.

5. How long do we keep your information?

We retain personal information only as long as necessary for the purposes set out here, unless law requires longer retention (tax, accounting, or audit reasons). When no business reason exists, data is deleted or anonymized. If immediate deletion isn't possible (backup storage), information is secured and usage stopped until deletion occurs.

6. How do we keep your information safe?

Reasonable security tools and practices protect personal information. However, no system on the internet or any storage method is 100% safe, so we cannot guarantee against unauthorized access. You assume risk when sending information through the services and should use them only in secure settings.

7. Security and data breaches

Data breaches (unauthorized access, loss, theft, or accidental sharing) are addressed through rapid investigation, containment, weakness remediation, and documentation. Affected users are notified without undue delay through registered email addresses or website/app notices if direct contact fails. Government agencies are notified when required.

After a breach, you should change passwords, enable multi-factor authentication, monitor accounts, be cautious with suspicious emails and calls, and contact us at [email protected] with any concerns.

8. What happens if our company is sold?

If we are sold, merge, or transfer assets: the new owner must continue following this Privacy Policy until you are notified otherwise; if usage changes materially, you are notified via email or website/app notice beforehand; and where legally required, you receive choices (opt-out or consent) before new usage begins.

9. Do we collect information from minors?

We do not knowingly collect information from, request information from, or market to individuals under 18, nor do we knowingly sell their information. You confirm you are at least 18 or are a parent or guardian authorizing a minor's use. Accounts with collected minor information are closed and the data deleted. Report concerns to [email protected].

10. What are your privacy rights?

Withdrawing consent.If you granted consent, you can withdraw it anytime. Withdrawal doesn't reverse previously lawful uses or affect uses based on other legal grounds.

Cookies. Most browsers accept cookies automatically. You can configure your browser to remove or block cookies, though this may affect service functionality. Details are in our Cookies Policy. Questions can be directed to [email protected].

11. Controls for “Do-Not-Track” features

Most browsers and some mobile systems have Do-Not-Track (DNT) features. No agreed standard currently exists, so we do not respond to DNT signals at this time.

Global Privacy Control. We recognize and honor Global Privacy Control (GPC) signals. Browsers or extensions supporting GPC trigger automatic opt-outs from targeted-ad sales/sharing under state privacy laws, including the CCPA. No additional action is needed. More information is available at globalprivacycontrol.org.

12. Do United States residents have special privacy rights?

Residents of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia may have rights regarding personal information, including viewing, correcting, copying, deleting, and consent withdrawal. These rights have limitations in some cases.

Categories of personal information collected (past 12 months)

CategoryExamplesCollected
A. IdentifiersNames, addresses, phone numbers, IP addresses, emails, account namesYes
B. Customer recordsContact info, education, employment, financial informationYes
C. Protected classificationsGender, age, race, ethnicity, national origin, marital statusYes
D. Commercial informationTransactions, purchase history, financial details, paymentsNo
E. Biometric informationFingerprints, voiceprintsYes
F. Internet activityBrowsing, search history, online behavior, ad interactionsYes
G. Geolocation dataDevice locationNo
H. Audio/sensory informationImages, audio, video, call recordingsNo
I. Professional informationBusiness contact details, job titles, work historyNo
J. Education informationStudent records, directory informationNo
K. InferencesProfile summaries about preferences and characteristicsNo
L. Sensitive personal informationLogin info, health data, ethnicity, biometrics, SSNsYes

Sensitive information is collected only when permitted or with consent. No personal information has been sold to third parties in the past 12 months, and none will be in the future. Under state privacy laws you may have the right to know whether your data is used, view it, correct mistakes, request deletion, receive copies, be treated fairly for exercising rights, and opt out of targeted ads, selling, or profiling. To exercise these rights, email [email protected].

13. Consent and how it affects other people

We obtain consent through account creation (acceptance is recorded with date and time), operating-system health platforms, connected outside health sources, device permissions, and in-app screens for other sensitive categories. Any consent can be withdrawn anytime per Section 10.

Some information may reveal facts about other people — family medical history, household or caregiver information, or shared devices and accounts. Consider these effects before sharing. We apply the same protections to information revealing facts about relatives as we do for your own sensitive information, and we do not contact or identify those other people based on it.

14. Dormant and closed accounts

Accounts inactive for twenty-four (24) months are considered dormant. We attempt email notification and provide an opportunity to reactivate before closure. If an account remains dormant after notice or you choose closure, the account is closed, connections to outside data sources are cancelled (including active access tokens), account personal information is deleted or anonymized within 90 days, and information is removed from backups during the next scheduled cycle. Account closure is permanent; deleted data cannot be recovered.

15. More about our security

Beyond general measures, we employ:

  • TLS 1.2 or higher encryption for data in transit
  • AES-256 or similar encryption for stored data
  • Role-based access controls limiting staff access to business need
  • Multi-factor authentication for administrative access
  • Safe encryption key and API credential storage and rotation
  • Audit logs tracking system access
  • Regular weakness scanning, security testing, and patching
  • Safe software practices including code review and dependency scanning
  • Separation of background data-processing from user-facing systems

16. What happens when you take back your consent

Withdrawal effects depend on scope. Withdrawing consent for a single connection or a single sensitive-information category stops new collection immediately and deletes already-collected information from active systems within 30 days (unless law permits longer retention). Complete withdrawal and account closure trigger the dormant-account procedures in Section 14. In all cases, backups are purged per the Section 14 schedule and data sharing with service providers ceases.

17. Do we update this policy?

We update this policy as needed for legal compliance. Changes are marked with new revised dates, and major changes are communicated through notices or direct messages. Please review the policy regularly.

18. How can you contact us about this policy?

Questions or comments can be directed to our Data Protection Officer:

Itera Health, Corp. — Data Protection Officer
5901 SW 74th St, Suite 400
Miami, FL 33143, United States
Email: [email protected]
Phone: 305-394-8070

19. How can you review, update, or delete your information?

Depending on your country or state laws, you may have rights to view collected personal information, understand usage details, correct mistakes, delete information, or withdraw consent. These rights have limitations. To exercise them, submit a data subject access request to [email protected].

Questions? [email protected]