Privacy Policy

Ethicos Health, Inc.

Introduction

Ethicos Health, Inc. ("Ethicos," "we," "us," or "our") provides technology and services that help health plans and other healthcare organizations manage clinical guidelines and prior authorization workflows. This Privacy Policy explains what information we collect, how we use it, and the rights you have regarding your information.

If you are a health plan or healthcare organization using our platform, please note that your use of Ethicos services is also governed by your agreement with us, including any applicable Business Associate Agreement (BAA).

Information We Collect

Business and Contact Information. When you or your organization contacts us, requests a demo, or creates an account, we collect information such as your name, job title, employer name, work email address, and phone number.

Usage Data. When you use our web application or marketing site, we automatically collect certain technical data — including IP addresses, browser type, referring pages, and pages visited. This information helps us maintain and improve our services.

Cookies and Similar Technologies. Our marketing website (ethicoshealth.com) uses cookies to understand how visitors engage with our content. You may disable cookies in your browser settings; doing so will not affect your ability to access our application.

We do not sell personal information and do not use it for targeted advertising.

How We Use Information

We use the information we collect to:

  • Respond to inquiries and provide customer support
  • Deliver, operate, and improve our services
  • Communicate about product updates, security notices, and contractual matters
  • Meet our legal and compliance obligations
  • Maintain the security and integrity of our platform

Protected Health Information and Business Associate Obligations

Ethicos acts solely as a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA). We do not independently collect or use Protected Health Information (PHI). Any PHI we access or process is received from our health plan customers for the specific purpose of providing the services described in our agreements.

Our handling of PHI is governed by individual Business Associate Agreements (BAAs) entered into with each customer. Under those BAAs, we are contractually and legally obligated to:

  • Use PHI only as permitted or required by the BAA and applicable law
  • Safeguard PHI using administrative, physical, and technical protections
  • Report any breach of unsecured PHI to the covered entity without unreasonable delay
  • Return or destroy PHI upon termination of the agreement, as directed

Individuals seeking to exercise rights over their PHI (such as access, amendment, or restriction) should contact their health plan directly. Ethicos is not the appropriate contact for individual patient requests.

Data Security

We take the security of all information seriously. Ethicos maintains a comprehensive information security program that includes:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
  • Role-based access controls and least-privilege principles
  • Multi-factor authentication for all internal systems
  • Annual penetration testing and continuous vulnerability monitoring

No transmission over the internet is completely secure. If you have reason to believe your interaction with us has been compromised, please contact us immediately.

Data Retention

We retain business contact and account information for as long as necessary to maintain our business relationship and meet our legal obligations, typically no longer than three years after the end of a business relationship.

PHI received under a BAA is retained for a minimum of seven (7) years from the last date of service, consistent with HIPAA requirements, unless a shorter or longer period is specified in the applicable BAA or required by state law.

Your Rights (California Residents — CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides certain rights regarding personal information we hold about you in a business context (not PHI, which is separately governed by HIPAA):

  • Right to Know: You may request a summary of the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To submit a request, email us at privacy@ethicoshealth.com with "California Privacy Request" in the subject line. We will respond within 45 days as required by law.

Contact Us

For questions about this Privacy Policy, to report a privacy concern, or to submit a data rights request, please contact:

Ethicos Health, Inc.
Privacy Office
privacy@ethicoshealth.com

Effective Date

This Privacy Policy is effective as of June 9, 2026 and was last updated on June 9, 2026.

We may update this policy from time to time. Material changes will be posted here with an updated "Last Updated" date. Continued use of our services after changes are posted constitutes acceptance of the revised policy.