Privacy Policy

Effective date: March 26, 2026

This draft is written to address Google Play’s privacy-policy requirement for TailorPath by explicitly disclosing health-related and personal data categories, their uses, sharing practices, security safeguards, and retention/deletion practices.

1. Scope of this Privacy Policy

This Privacy Policy describes how TailorPath collects, uses, stores, shares, protects, retains, and deletes personal information and health-related information when individuals visit the TailorPath website, use the TailorPath mobile application, use the TailorPath web platform, communicate with TailorPath, or otherwise interact with TailorPath services.

TailorPath is an AI-enabled care coordination and intervention support platform intended to support hospitals, care teams, caregivers, patients, and authorized family members or guardians.

Some features may be enabled only for certain organizations or workflows.

Where a feature is not enabled, the related data will not be collected for that feature.

2. Information We Collect

We may collect the following categories of information:

Account and profile information:

name, email address, phone number, password or authentication credentials, role, organization or hospital affiliation, department, professional details, and related profile information

Patient profile and identification information:

full name, date of birth, age, gender, nationality, address, medical record number, patient type, assigned department, assigned care team members, guardian or caretaker details, emergency contact details, and patient photo where provided

Health-related and care information:

medical history summaries, diagnoses, questionnaire assignments and questionnaire responses, intervention plans, goals, Goal Attainment Scale (GAS) progress updates, treatment or therapy logs, follow-up reports, meeting documentation, confidential clinical notes created by authorized care professionals, reminders, and appointment information

Files and records uploaded to the platform:

medical records, PDFs, lab results, images, documents, attachments, and other files uploaded by authorized users or submitted through the platform

Communications data:

messages exchanged through the TailorPath platform, message attachments, communication metadata such as timestamps and sender-recipient details, support requests, and notification history

Accessibility and assistive feature information:

accessibility questionnaire responses, language preferences, assistive feature preferences, and where enabled, audio, image, symbol, text-to-speech, or speech-to-text related inputs needed to provide accessibility features

Technical, security, and usage information:

IP address, browser type, device type, operating system, app version, log data, audit trail data, session data, security events, and cookie or similar website usage data

Information you voluntarily provide:

any additional information you choose to submit in forms, questionnaires, messages, files, support communications, or other interactions with TailorPath

3. How We Use Information

We use the information we collect to:

Provide and operate the TailorPath services:

create and manage accounts, onboard users, enable platform features, maintain records, and support organization-specific workflows

Deliver care coordination and intervention support:

manage patient assignments, questionnaires, intervention plans, reminders, appointments, reports, and related care processes

Enable secure communication:

support messaging, file sharing, notifications, support interactions, and service communications

Support accessibility and personalization:

apply accessibility settings, language preferences, assistive features, and user-specific configuration choices

Protect security and integrity:

authenticate users, prevent fraud and abuse, monitor access, investigate incidents, maintain audit trails, and enforce legal or contractual requirements

Improve and maintain the service:

troubleshoot issues, perform quality assurance, maintain backups, perform analytics on de-identified or aggregated information where appropriate, and improve performance and usability

Comply with law:

meet legal, regulatory, contractual, clinical, security, and record-keeping obligations

4. How We Share Information

We do not sell personal information or health data.

We may share information only as needed for the purposes described in this Privacy Policy, including:

With the relevant organization and authorized users:

such as the hospital, clinic, provider, therapist, caregiver, patient, guardian, or authorized administrator involved in the applicable care workflow and permitted to access the information

With service providers acting on our behalf:

such as hosting, storage, security, authentication, logging, messaging, email, push notification, support, maintenance, and similar vendors that process information under contractual obligations and only as necessary to provide the service

With your direction or consent:

when you or the organization using TailorPath asks us to share information or enables a workflow that requires sharing

For legal, safety, and compliance reasons:

when required by law, regulation, subpoena, court order, or lawful government request, or when necessary to protect rights, safety, security, or the integrity of the platform

In a business transfer:

if TailorPath is involved in a merger, acquisition, financing, reorganization, or sale of assets, subject to applicable confidentiality and legal protections

We do not use health-related information for unrelated advertising purposes, and we do not share health-related information with advertisers or data brokers.

5. Legal Bases for Processing

Depending on the jurisdiction and the context in which TailorPath is used, we may process information based on consent, performance of a contract, compliance with legal obligations, protection of vital interests, provision of health or social care services, or legitimate interests such as maintaining and securing our services, provided such interests do not override applicable rights and protections.

6. Data Retention and Deletion

We retain personal information and health-related information for as long as needed to provide the TailorPath services, maintain active customer relationships, support care workflows, comply with legal, regulatory, contractual, and record-keeping obligations, resolve disputes, enforce agreements, and maintain appropriate backups and security logs.

When a user requests account deletion, the organization administrator reviews the request and deactivates (soft deletes) the account. At this point, the user can no longer access the system. To comply with legal and audit obligations, these medical records and associated data are retained for a period of 7 years. After 7 years, the records are automatically and permanently deleted.

Users or authorized organizations may request access, correction, deletion, or account closure by contacting us using the details in the Contact Us section below.

We will review requests in accordance with applicable law, contractual obligations, patient safety considerations, and any records we are required or permitted to retain.

Copies of information may remain in backups or archives for a limited period until deleted in the ordinary course of our retention and backup practices.

7. Security

TailorPath uses administrative, technical, and organizational safeguards designed to protect personal information and health-related information.

These measures may include encryption in transit, encryption at rest, role-based access controls, multi-factor authentication where enabled, secure session management, logging and audit trails, access monitoring, secure backups, vulnerability management, and incident response processes.

No system can guarantee absolute security. However, we take reasonable steps designed to reduce the risk of unauthorized access, disclosure, alteration, or destruction.

8. International Transfers

TailorPath may process information in countries other than the country where the user is located, subject to appropriate safeguards and applicable legal requirements.

9. Children and Minors

TailorPath may be used in workflows involving minors, including pediatric or special-needs patients, when the service is configured and used by authorized organizations, providers, parents, guardians, or caretakers.

Where information relating to minors is collected, it is collected only as needed for the relevant authorized service or care workflow and handled in accordance with applicable law and organizational permissions.

10. Cookies and Similar Technologies

When you use the TailorPath website, we may use cookies and similar technologies to support basic website functionality, security, analytics, and performance.

You can manage cookies through your browser settings. Disabling some cookies may affect website functionality.

11. Your Rights and Choices

Depending on applicable law, you may have rights to request access to, correction of, deletion of, or restriction of processing of certain personal information, and to object to certain processing activities or request data portability.

You may also have the right to withdraw consent where processing is based on consent.

To exercise applicable rights, contact us using the details below.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

If we make material changes, we will post the updated version on this page and update the effective date above.

13. Contact Us

If you have questions, requests, or complaints regarding this Privacy Policy or TailorPath’s data handling practices, contact us at daniela@tailor-path.com or through the contact details published on the TailorPath website.