Privacy Policy

Sphere Health Inc. ("Sphere Health," "we," "us," or "our") is a US-based company committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

By accessing or using our services, you agree to the practices described in this policy. If you do not agree, please do not use our services.

We collect the following categories of information when you use our services:

We use the information we collect to:

• Provide, operate, and improve our health assessment and care services
• Generate personalized health insights and treatment recommendations
• Communicate with you about your results, appointments, and account
• Process payments for consultations and subscription plans
• Send service-related notifications, including appointment reminders and care plan updates
• Analyze usage patterns to improve our platform and user experience
• Comply with legal obligations and enforce our terms of service

We do not sell your personal information. We share your data only with the following service providers, as necessary to operate our platform:

• Stripe — Processes payment transactions securely. Stripe receives your payment card details directly and is PCI-DSS compliant.
• Resend — Delivers transactional emails such as appointment confirmations, care plan summaries, and account notifications.
• Supabase — Provides our database and authentication infrastructure. Your account data and health records are stored securely with encryption at rest.
• Anthropic — Powers our AI-assisted health analysis. Health data sent to Anthropic is anonymized and stripped of personally identifiable information before processing.

We may also disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights, safety, or property of Sphere Health, our users, or the public.

We retain your personal information for as long as your account is active or as needed to provide you with our services. Specifically:

• Account data is retained for the duration of your account and for 30 days after account deletion to allow for recovery.
• Health records are retained for seven years after your last interaction with our services, consistent with medical record-keeping best practices.
• Payment records are retained for seven years to comply with tax and financial reporting obligations.
• Usage data is retained in anonymized form for analytics purposes and is not linked to your identity after 12 months.

You have the following rights with respect to your personal information:

• Access — Request a copy of the personal information we hold about you.
• Correction — Request that we correct any inaccurate or incomplete information.
• Deletion — Request that we delete your personal information, subject to legal retention requirements.
• Data portability — Request a machine-readable export of your data.
• Opt-out — Opt out of non-essential communications at any time.

To exercise any of these rights, contact us at privacy@spherehealth.com. We will respond to your request within 30 days.

Sphere Health takes reasonable steps to protect your health information. While we are not a HIPAA-covered entity, we follow industry best practices for health data security. These measures include:

• Encryption of data in transit (TLS) and at rest
• Access controls limiting data access to authorized personnel only
• Regular security assessments and vulnerability testing
• Anonymization of health data before AI processing
• Secure, SOC 2-compliant infrastructure providers

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information:

• Right to know — You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collecting it, and the categories of third parties with whom we share it.
• Right to delete — You may request that we delete the personal information we have collected from you, subject to certain exceptions.
• Right to opt out — We do not sell personal information. If this changes, we will provide a clear opt-out mechanism.
• Non-discrimination — We will not discriminate against you for exercising any of your CCPA rights.

To submit a CCPA request, contact us at privacy@spherehealth.com. We will verify your identity before processing your request.

Sphere Health is based in the United States and our services are intended for US residents. If you access our services from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.

If you are located in the European Economic Area (EEA), United Kingdom, or other regions with data protection laws, you may have additional rights under the General Data Protection Regulation (GDPR) or equivalent legislation. Contact us at privacy@spherehealth.com to exercise these rights.

We use cookies and similar technologies to operate our platform, remember your preferences, and analyze usage. For full details on the cookies we use and how to manage them, please see our Cookie Policy.

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected information from a person under 18, we will take steps to delete that information promptly. If you believe we may have collected information from a minor, please contact us at privacy@spherehealth.com.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, by sending you an email notification. We encourage you to review this policy periodically.

If you have questions or concerns about this Privacy Policy or our data practices, contact us at: