Consumer Health Data Privacy Policy

Ellipsis Health Inc. (“Ellipsis,” “we,” “our,” or “us”) respects your privacy. This Policy supplements our main Privacy Policy and governs the collection, use, disclosure, and protection of Consumer Health Data as defined by state laws including Washington’s My Health My Data Act, Nevada’s Health Data Privacy Act, and Connecticut’s Data Privacy Act (collectively “U.S. Health Privacy Laws”).

What is “Consumer Health Data”?

“Consumer Health Data” means any information linked or reasonably linkable to an individual that reveals past, present, or future physical or mental health status—such as:

• Medical conditions, symptoms, diagnoses, treatments, medications.
• Bodily functions, vital signs, biometric information.
• Reproductive or sexual health.
• Location data when seeking health services (e.g. visit to a clinic).
• Inferred health data drawn from usage patterns or non-health data.

What is “Consumer Health Data”?

“Consumer Health Data” means any information linked or reasonably linkable to an individual that reveals past, present, or future physical or mental health status—such as:

• Medical conditions, symptoms, diagnoses, treatments, medications.
• Bodily functions, vital signs, biometric information.
• Reproductive or sexual health.
• Location data when seeking health services (e.g. visit to a clinic).
• Inferred health data drawn from usage patterns or non-health data.

What Consumer Health Data We Collect

We collect only the health information necessary to operate our services:

• Directly from you: e.g. through intake forms, surveys, or interaction with our systems.
• Automatically: The content of your speech, the sound of your voice, trailing vital signs, voice/emotion analytics, health assessments.
• From third-party sources: like health partners, insurers, or wellness apps (with your consent).
• Derived data: inferences or extrapolations based on collected data.

 Why We Collect and How We Use It

We potentially use Consumer Health Data for:

1. Delivery of services utilizing analysis of voice and agentic AI case management calls.
2. Account management.
3. Product development & R&D: improving accuracy, performing internal analysis.
4. Security & compliance: fraud prevention, legal obligations, safety monitoring.
5. Marketing (optional): only with your consent, for promotions or newsletters.
6. Customer, partner and client support.

How We Share Consumer Health Data

We do not sell your Consumer Health Data. We may disclose it to:

• Service providers & processors: under contract and only for the purposes above.
• Affiliates and partners, where required to fulfill services and with contractual safeguards.
• Legal or emergency disclosures: when required by law or to protect vital interests.
• Corporate transactions: e.g. merger or sale, with protections in place.

Your Rights Over Your Consumer Health Data

You may:

• Access the data we hold.
• Correct inaccuracies.
• Delete your data.
• Withdraw consent to processing.
• Receive information about disclosures.
• Appeal any denial of your request.

To exercise these rights, please contact us at Privacy@EllipsisHealth.com. We will respond within the timeframe required by law. We will not discriminate based on your exercise of these rights.

Security & Data Retention

We employ strong safeguards, including encryption and access controls, and securely delete data when required to do so by our internal policies.

Policy Changes

We may update this Policy to reflect legal or business changes. If materially revised, and where required, we will notify you via an update to our webpage. The effective date will be updated.