Privacy policy.

Effective Date: March 9, 2026 Last Updated: March 9, 2026

Orella Health, Inc. ("Orella," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at www.orellahealth.com, our patient mobile application, our physician panel, and all related services (collectively, the "Platform").

By accessing or using the Platform, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Platform.

1. Information We Collect

Information You Provide

  • Account Information: Name, email address, phone number, date of birth, and login credentials when you create an account.

  • Health Information: Symptoms, medical history, allergies, medications, family health history, social and lifestyle information, insurance details, and any other health-related information you choose to share through the Platform. This may include photographs, voice recordings, and written descriptions of your symptoms.

  • Demographic Information: Preferred language, gender, and location.

  • Provider Information: For healthcare providers, we collect professional credentials, practice information, specialty, and contact details.

  • Communications: Messages, feedback, and correspondence you send to us or through the Platform.

  • Payment Information: If applicable, billing and payment details processed through our third-party payment processors.

Information Collected Automatically

  • Device Information: Device type, operating system, browser type, unique device identifiers, and mobile network information.

  • Usage Data: Pages visited, features used, time spent on the Platform, and interaction patterns.

  • Log Data: IP address, access times, referring URLs, and error logs.

Information from Third Parties

We may receive information from healthcare providers who use the Platform to manage your care, including clinical notes, examination findings, and care plans.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Platform and its features.

  • Facilitate communication between patients and healthcare providers.

  • Generate AI-assisted clinical documentation, pre-visit summaries, and care plans to support your healthcare provider. AI-generated content is always reviewed and approved by your physician before it becomes part of your care record.

  • Send you transactional notifications, including appointment confirmations, care plan updates, observation check-in reminders, and account verification codes via email, SMS, and in-app notifications.

  • Process and manage appointments, referrals, and follow-up care.

  • Improve and personalize your experience on the Platform.

  • Ensure the security and integrity of the Platform.

  • Comply with legal obligations, including healthcare regulations.

  • Conduct internal analytics using de-identified or aggregated data.

3. Health Information and HIPAA

Orella Health acts as a business associate to healthcare providers who use the Platform. We are committed to protecting your Protected Health Information (PHI) in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations.

  • We implement administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of your health information.

  • All data is transmitted using TLS encryption and stored on secure, HIPAA-compliant infrastructure.

  • We only use and disclose PHI as permitted by HIPAA, our Business Associate Agreements with healthcare providers, and applicable law.

  • AI services used to assist in clinical documentation operate under our Business Associate Agreements and are subject to the same data protection requirements.

4. How We Share Your Information

We do not sell your personal information to third parties.

We may share your information in the following circumstances:

  • Healthcare Providers: We share your health information with the healthcare providers you explicitly authorize through the Platform, including physicians, specialists, and their clinical staff.

  • Service Providers: We engage third-party vendors who perform services on our behalf, including cloud hosting (Supabase), email delivery (Resend), SMS messaging (Twilio), AI-assisted documentation (Anthropic), and voice transcription (Amazon Web Services). These providers are bound by contractual obligations to protect your information and use it only for the purposes we specify.

  • Legal Compliance: We may disclose your information when required by law, court order, or governmental regulation, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

  • Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change.

  • De-identified Data: We may use and share de-identified or aggregated data that cannot reasonably be used to identify you for research, analytics, and Platform improvement.

5. SMS and Email Communications

When you create an account and provide your phone number, you consent to receive transactional SMS messages and emails related to your healthcare, including:

  • Appointment confirmations and reminders

  • Care plan and diagnosis readiness notifications

  • Observation check-in reminders

  • Follow-up scheduling notifications

  • Account verification codes

Message frequency varies based on your care activity. Message and data rates may apply. SMS messages are sent via Twilio's messaging service.

To opt out of SMS notifications: Reply STOP to any message. You will receive a single confirmation message. After opting out, you will continue to receive in-app notifications but will no longer receive SMS messages.

For help: Reply HELP to any message, or contact us at support@orellahealth.com.

Opting out of SMS does not affect transactional emails or in-app notifications necessary for the delivery of healthcare services.

6. Cookies and Tracking Technologies

Our website may use cookies and similar technologies to improve your browsing experience, analyze usage patterns, and remember your preferences. You can manage cookie preferences through your browser settings. Disabling cookies may affect the functionality of certain features.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with services. We also retain information as necessary to comply with legal obligations (including HIPAA record retention requirements), resolve disputes, and enforce our agreements.

When your data is no longer required, it is securely deleted or de-identified in accordance with applicable law and our data retention policies.

8. Data Security

We take the security of your information seriously. We employ industry-standard measures to protect your data, including:

  • TLS encryption for all data in transit.

  • Encryption at rest for stored data.

  • Role-based access controls limiting who can view your information.

  • Regular security assessments and monitoring.

While we strive to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, and you transmit information to us at your own risk.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.

  • Correction: Request that we correct inaccurate or incomplete information.

  • Deletion: Request that we delete your personal information, subject to legal retention requirements.

  • Portability: Request your data in a structured, commonly used format.

  • Opt-Out: Opt out of marketing communications and SMS notifications.

  • Restrict Processing: Request that we limit how we use your information in certain circumstances.

To exercise any of these rights, please contact us at privacy@orellahealth.com. We will respond to your request within the timeframe required by applicable law.

California Residents

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal information we collect and share, the right to delete, and the right to opt out of the sale of personal information. We do not sell your personal information.

10. Children's Privacy

The Platform is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@orellahealth.com and we will promptly delete such information.

11. Third-Party Links

The Platform may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any personal information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by posting the updated policy on our website and, where appropriate, through the Platform or by email. The "Last Updated" date at the top of this page indicates when the policy was most recently revised.

Your continued use of the Platform after any changes constitutes your acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us at:

Orella Health, Inc. 700 S. Flower Street, Suite 1000 Los Angeles, CA 90017

Email: admin@orellahealth.com Phone: (323) 655-6222