Privacy Policy

Effective Date: April 21, 2025

XanthosHealth, Inc. (“XanthosHealth,” “we,” “our” or “us”) values transparency and privacy. In this Privacy Policy, we describe how we collect, use, and disclose information that we obtain through our website (https://xanthoshealth.com/), our software application(s), including your user account, our ConnectedNest® mobile application, or any chat function connected therewith (collectively the “Application”). By accessing or using our Application, you agree that we will collect and handle information as described in this Privacy Policy.

This Privacy Policy specifies:

What personal information we collect about you through our Application.
How personal information is used and with whom it may be shared.
What choices are available to you regarding the use of your personal information.
What our security practices are to protect the misuse of your personal information.
How to correct any inaccuracies in your personal information.

BY ACCESSING AND USING OUR APPLICATION, YOU AGREE TO THE INFORMATION USE AND COLLECTION TERMS OF THIS PRIVACY POLICY. WE HAVE THE RIGHT TO REVISE THIS PRIVACY POLICY AT ANY TIME. WE MAY NOT NOTIFY USERS INDIVIDUALLY IF WE CHANGE THIS PRIVACY POLICY. ANY CHANGES WILL BE EFFECTIVE WHEN POSTED. WE ENCOURAGE YOU TO CHECK THIS PRIVACY POLICY FREQUENTLY FOR CHANGES.

DISCLAIMER: OUR APPLICATION IS NOT INTENDED TO CREATE ANY DOCTOR-PATIENT RELATIONSHIP, OR DOCTOR-PATIENT RELATIONSHIP BETWEEN YOU AND ANOTHER PERSON. THE CONTENT PROVIDED THROUGH OUR APPLICATION IS NOT INTENDED TO CONSTITUTE MEDICAL ADVICE.

Information We Collect

For purposes of this Privacy Policy, “Personal Information” will include all personally identifiable information that is specific to you which meets the definition of applicable data protection laws as “personal information,” “personal data,” or “personally identifiable information” (e.g. name, address, phone number, email address, etc.). We primarily have access to and/or collect information that you voluntarily provide us with, including any email you send us, or other direct contact from you. We may collect the following Personal Information from your use of our Application:

Contact Information and Identifiers. We collect certain Personal Information when you contact us, including your first and last name, residential address, email address, and phone number.
Registration Information. Certain areas or features of our Application may require registration. To register you may need to provide your email address, first and last name, phone number, and other contact information.
Sensitive Personal Information. We may have you specify a username and password for your account and to register with our Application.
Geolocation Information and Internet or Other Network Activity. We may automatically collect the following information about your use of the Application through cookies, web beacons, log files, and other technologies: domain name; browser type and operating system; pages viewed, links clicked and other activities on the Application; IP address [Note: we are aware that some data protection laws consider an IP address to be Personal Information, and will protect it as such to comply with such laws]; the length of time using our Application; access time; device ID or other identifier; location and language information. We may combine this information with other information that we have collected, including where applicable, Personal Information. Please see the “Cookies and Other Tracking Mechanisms” section below for more information.
Inferences. We may collect inferences about your preferences and traits through your use of the Application.
Sensory Information. We may collect sensory information such as audio recordings if you call our customer service line.
Protected Health Information. We are not a covered entity subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and the information we collect, or that you provide to us may not be deemed protected health information (PHI) as defined under HIPAA. However, if we collect or you provide to us any information that is deemed PHI, we will protect the privacy of any PHI as necessary to comply with applicable law and in accordance with HIPAA.

We collect the categories of Personal Information identified above from the following sources: (1) directly from you; (2) through your use of the Application; and (3) Third-Party Providers.

Cookies and Other Tracking Mechanisms

We use cookies and other tracking mechanisms to track information about the use of our Application.

Do Not Track. Currently, our systems do not recognize browser “do-not-track” requests. You may, however, disable certain tracking as discussed in this section (e.g., by disabling cookies), and opt out of certain ad networks.
Cookies. Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our Application, while others are used to enable a faster log-in process or to allow us to track activities on our Application. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. Certain features of the Application may not function if you disable cookies.
Clear GIFs, pixel tags and other technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web pages. We may use clear GIFs (a.k.a. web beacons, web bugs or pixel tags), in connection with our Application to, among other things, track activities on the Application, help us manage Content, and compile statistics about usage of the Application. We also use clear GIFs in HTML e-mails to help us track e-mail response rates, identify when our e-mails are viewed, and track whether our e-mails are forwarded.
Analytics Information. We may use various technologies to learn more about how visitors use the Application and to collect information about your interaction with our features and other users for analytics purposes. We may also use analytics services and technologies to monitor your activities on our Application, for better understanding of how our Application is used, and ways to improve it.

How We Use Your Information

We use your Personal Information as necessary to operate our Application. In addition, we may use the information we collect about you, including any Personal Information you may provide to us and other information we collect, in order to:

Provide our Application.
Update and improve our Application.
Communicate with customers and visitors, to respond to requests and inquiries, and for other customer service purposes.
Tailor the Content and other information that we send or display, to offer location customization, and personalized help and instructions, and to otherwise personalize experiences using the Application. Analyze your use of our Application.
Prevent, detect, investigate, and respond to fraud, unauthorized access/use of our Application, breaches or potential breaches of terms and policies.
Train our internal personnel.
Market and promote our services, products, and applications. For example, we may send you news and newsletters, special offers, and promotions, or otherwise contact you about products or information we think may interest you. We also may use the information that we collect to assist us in advertising our Application on third party websites.
Better understand how users access and use our Application, both on an aggregated and individualized basis, in order to improve our Application and respond to user desires and preferences, and for other research and analytical purposes.
Track use of our Application, investigate suspicious activity, and enforce our terms and policies, to measure and improve the operation and security of our Application, and your Personal Information.
Allow us to disclose your Personal Information to the extent permitted or required by law.

We do not sell Personal Information.

Your Rights

You may opt out of any future contact from us at any time. Depending on where you live, you may have certain legal rights under applicable law. For example, you may have the following rights:

Your right to Access – means that you can ask us for a copy of any Personal Information we hold about you.
Your right to Correct – if you believe that any of the Personal Information we hold about you is incorrect or out of date, you have the right to correct such Personal Information by providing us with the correct up-to-date Personal Information.
Right to Erasure – you can ask us to delete the incorrect or out-of-date Personal Information, and we will be happy to do so unless we are prevented from doing so by law or regulation. In certain circumstances you may also have the right to ask us to erase your Personal Information.
Right to Portability – you have the right to request a copy of your Personal Information in a commonly used and machine readable format to be provided to you or to such other third party as you specify.
Right to Limit – you have the right to opt out of any ancillary use of your Personal Information (e.g., for marketing purposes).

Please contact us (as specified below) to request any of the above rights. You will be required to verify your identity before we are able to fulfill your request. Upon confirmation that you are making a lawful request, we will confirm our obligations under applicable law. You can also designate an authorized agent to make a request on your behalf. To do so, you must provide us with written authorization or a power of attorney, signed by you, for the agent to act on your behalf. You will still need to verify your identity directly with us. Please note that even if a request is made to delete your Personal Information, we may be permitted or required to retain a copy for our business and legal obligations as permitted or required under applicable law.

Who We Share Information With

We may share Personal Information we collect via our Application with the third parties listed below (collectively, “Third Party Providers”):

Affiliates. We may disclose Personal Information we collect from you to our affiliates or subsidiaries; however, if we do so, their use and disclosure of your Personal Information will be subject to this Privacy Policy.
Service Providers. Your Personal Information may also be provided to certain third party service providers as necessary to provide our Application, including third party vendors, service providers, contractors, or agents who perform functions on our behalf and who are under contract with us. We are responsible for assuring that these service providers comply with the terms of this Privacy Policy.
Other Third Parties. We may partner with third parties to make certain programs or offers available to you. If you elect to participate in such programs, we may share certain of your Personal Information with these third parties. We do not share Personal Information with third parties for their direct marketing use.

In the previous twelve months, we may have shared certain categories of Personal Information with Third Party Providers for business purposes. The information shared may include the following categories of Personal Information: (1) identifiers; (2) commercial information; (3) location information; (4) usage information; and (5) other information that can be associated with you.

Except for the Third Party Providers listed in this section, we will not share Personal Information with an unaffiliated third party without your prior authorization, unless doing so is necessary (1) to enforce this Privacy Policy, to comply with law, regulation or other legal processes or to protect the rights, property, or safety of us or others, (2) to comply with a valid order or process from a public authority, (3) to protect against misuse or unauthorized use of our Application, (4) to detect or prevent criminal activity or fraud, or (5) in the event that XanthosHealth or substantially all of our assets are acquired by one or more third parties as a result of an acquisition, merger, sale, reorganization, consolidation, or liquidation, in which case such information may be one of the transferred assets.

Marketing Choices

We do not sell, lease, or otherwise disclose your Personal Information to unaffiliated third parties to market their products and services to you. While we may provide Personal Information to Third Party Providers in order to communicate with you, we require all Third Party Providers to comply with this Privacy Policy and to take appropriate steps to secure your Personal Information. We may send periodic promotional or informational emails to you. You may opt-out of such communications by following the opt-out instructions contained in any such e-mail. If you opt-out of receiving emails about recommendations or other information we think may interest you, we may still send you e-mails about your account or any Application you for which you are a user.

Third-Party Sites

Our Application may contain links to or appear on third-party websites. Any access to and use of such third party websites is not governed by this Privacy Policy, but instead is governed by the privacy policies of those third party websites, and we are not responsible for the information practices of such third party websites.

Security of Personal Information

We have implemented precautions to protect the Personal Information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. We restrict access to your Personal Information in our database to our authorized employees, agents, certain of our authorized business partners and/or Third Party Providers as appropriate or necessary to provide the Application. Please be aware that despite our best efforts, no data security measures can guarantee 100% security, and no website, database or system is completely secure or “hacker proof.” You are also responsible for taking reasonable steps to protect your Personal Information against unauthorized disclosure or misuse and the security of any user account.

Data Retention

We keep your Personal Information as long as needed to process your requests, to operate our business, and provide our Application, and as long as we are legally obligated to keep it. You have the right to ask us to delete your Personal Information at any time. Please note that deletion of your Personal Information may affect your right to use our Application. While we will use reasonable efforts delete your Personal Information, we may be required to retain such Personal Information as required by our systems or our legal requirements. Until we have deleted all of your Personal Information, we will continue to honor our privacy and security obligations related to your Personal Information.

Please note that in the event that we elect to de-identify your Personal Information, such de-identified information is no longer your Personal Information, and we may use such de-identified information, alone or in an aggregated basis to analyze our Application, or as we deem appropriate.

Children Under 13

In compliance with the Children’s Online Privacy Protection Act, 15 U.S.C. § 6501.06 and 16 C.F.R. §§ 312.1 – 312.12, we do not knowingly collect information from children under the age of 13, nor do our website(s), applications, or products target children under the age of 13. By using our Application, you represent that you are not younger than 13. Please contact us if you know or suspect that we have collected information from children under the age of 13, and we will take prompt measures to remove such information.

Contact Us

If you have questions about the privacy aspects of our Application, or would like to make a complaint, please contact us at support@xanthoshealth.com.

Specific Laws

GDPR: If you are an individual resident in EEA or the UK, you have the data protection rights regarding personal data as specified in the General Data Protection Regulation (GDPR) as enacted in the EU, UK or Switzerland.

US Data Protection Laws: The US states which have enacted data protection laws, similar to the California Consumer Privacy Act (CCPA) as amended by the Consumer Privacy Act Regulations (CPRA) include: California (as of January 1, 2023), Colorado (as of July 1, 2023), Connecticut (as of July 1, 2023), Delaware (as of January 1, 2025), Florida (as of July 1, 2024), Indiana (as of January 1, 2026), Iowa (as of January 1, 2025), Kentucky (as of January 1, 2026), Maryland (as of October 1, 2025), Minnesota (as of July 31, 2025), Montana (as of October 1, 2024), New Hampshire (as of January 1, 2025), Nebraska (as of January 1, 2025), New Jersey (as of January 15, 2025), Oregon (as of July 1, 2024), Rhode Island (as of January 1, 2026), Tennessee (as of July 1, 2025), Texas (as of July 1, 2024), Utah (as of December 31, 2023), and Virginia (as of January 1, 2023). Some or part of the rights specified in the section above on Rights to Access and Control Your Personal Information may apply to you under these various state laws (for example, we will acknowledge your request and respond to your request (upon verification) in accordance with the response time required by applicable law, under CCPA this would include acknowledging within 10 days and responding within 45 days if verified).

Notice to Nevada Residents: Nevada also has a right of consumers to opt-out of the sale of Personal Information. We do not sell your Personal Information, which is why we do not have an opt-out of such sale / sharing, (i.e., “Do Not Sell or Share My Personal Information” link).

Notice to Illinois Residents: Residents of Illinois may have certain rights under the Biometric Information Privacy Act. Please note that while we may record customer service calls, we do not digitally analyze any data for any biometric identification purposes.

Notice to California Residents: Under California Civil Code sections 1798.83-1798.84, California residents who have an established business relationship with us are entitled to ask us once a year for information regarding the personal data we have shared, if any, with third parties for their direct marketing purposes. If you are a California resident and would like to submit such a request, please submit your request in writing to the address listed in the Contact Us section and include the words “Shine the Light” in your correspondence. The request must include your name, street address, city, state, and ZIP code and an attestation that you are a California resident. We are not responsible for requests that are not labeled or sent properly, or that do not have complete information.

You may have the right to receive information about the financial incentives that we offer to you, if any. You also have the right not to be discriminated against (as provided for in applicable law) for exercising certain of your rights referenced herein.

We are committed to providing you with meaningful choices about the information collected on our Application for third party purposes. However, we do not currently recognize or respond to browser-initiated Do-Not-Track signals, as the Internet industry is currently still working on Do-Not-Track standards, implementations, and solutions.

California also has a right of consumers to opt-out of the sale of Personal Information. We do not sell your Personal Information, which is why we do not have an opt-out of such sale / sharing, (i.e., “Do Not Sell or Share My Personal Information” link).