Privacy Policy

Transparent Health, Inc. ("Transparent Health," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website, use our platform, or interact with our products and services (collectively, the "Services").

By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our Services.

We use the information we collect to:

• Provide, operate, and maintain our Services.
• Process your requests, including access requests and account creation.
• Improve, personalize, and develop new features and products.
• Communicate with you about updates, security alerts, and support messages.
• Send marketing communications where you have opted in (you can unsubscribe at any time).
• Detect, investigate, and prevent fraudulent or unauthorized activity.
• Comply with legal obligations and enforce our agreements.

Transparent Health processes publicly available, machine-readable hospital pricing files mandated by the Centers for Medicare & Medicaid Services (CMS). These files contain institutional pricing information and do not include personal health information or individually identifiable patient data. Our AI normalization pipeline operates exclusively on this public, non-personal data.

Where applicable (including under the EU General Data Protection Regulation), we process personal data on the following legal bases:

• Contractual necessity: to perform our obligations under our Terms of Service.
• Legitimate interests: to operate, improve, and secure our Services, provided these interests are not overridden by your rights.
• Consent: where you have given explicit consent, such as for marketing emails.
• Legal obligation: to comply with applicable law, regulation, or legal process.

We do not sell your personal information. We may share your information only in the following circumstances:

• Service providers: with trusted vendors who perform services on our behalf (hosting, analytics, payment processing, email delivery), bound by contractual obligations to protect your data.
• Business transfers: in connection with a merger, acquisition, reorganization, or sale of assets, with notice provided to you.
• Legal requirements: when required by law, subpoena, or government request, or to protect the rights, safety, or property of Transparent Health, our users, or the public.
• With your consent: in any other case where you have provided explicit authorization.

We use the following categories of cookies:

• Strictly necessary cookies: required for the Services to function (e.g., session management, authentication).
• Analytics cookies: help us understand usage patterns and improve the Services. We use privacy-focused analytics that do not track users across sites.

We do not use advertising or third-party tracking cookies. You can manage cookie preferences through your browser settings. Disabling strictly necessary cookies may affect the functionality of our Services.

We implement industry-standard technical and organizational measures to protect your information, including:

• Encryption of data in transit (TLS 1.2+) and at rest.
• Access controls with role-based permissions and multi-factor authentication for internal systems.
• Regular security assessments, vulnerability scanning, and penetration testing.
• Incident response procedures with prompt notification in the event of a breach.

While we strive to protect your data, no method of transmission or storage is completely secure. We cannot guarantee absolute security.

We retain your personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. When data is no longer needed, we securely delete or anonymize it.

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: request a copy of the personal data we hold about you.
• Correction: request correction of inaccurate or incomplete data.
• Deletion: request deletion of your personal data, subject to legal exceptions.
• Portability: request your data in a structured, machine-readable format.
• Restriction: request that we limit processing of your data in certain circumstances.
• Objection: object to processing based on legitimate interests or for direct marketing.
• Withdraw consent: where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at privacy@transparenthealth.care. We will respond within 30 days (or as required by applicable law).

Residents of California, Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws may have additional rights, including:

• The right to know what personal information is collected and how it is used.
• The right to opt out of the sale or sharing of personal information. Note: we do not sell personal information.
• The right to non-discrimination for exercising privacy rights.

California residents: under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), you may submit a verifiable consumer request by contacting us at the email below. We do not use or disclose sensitive personal information for purposes beyond what is necessary to provide our Services.

Your information may be transferred to and processed in countries other than the one in which you reside. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or other approved transfer mechanisms, to protect your data in accordance with this Privacy Policy and applicable law.

Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will take steps to delete it promptly. If you believe a child has provided us with personal information, please contact us.

Our Services may contain links to third-party websites or services not operated by us. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any information.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the effective date at the top of this page and, where appropriate, by email or in-product notification. Your continued use of the Services after the effective date constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us: