Privacy policy.
Privacy Policy
Effective Date: March 26, 2026 Last Updated: March 26, 2026
Orella Health, Inc. ("Orella Health," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, share, and safeguard your personal information when you use our website at www.orellahealth.com, the Orella patient application, the Orella MD Panel, and all related services (collectively, the "Platform").
By creating an account or using the Platform, you agree to this Privacy Policy. If you do not agree, please do not use the Platform.
1. Information We Collect
We collect the following categories of information:
Account Information: Name, email address, phone number, date of birth, and account credentials provided during registration.
Health Information: Symptom descriptions, medical history, insurance information, clinical documents, care plans, and other health-related data you submit through the Platform. This information is treated as Protected Health Information (PHI) under HIPAA where applicable.
Device and Usage Information: Browser type, operating system, IP address, device identifiers, pages visited, features used, and referring URLs. This information is collected automatically when you use the Platform.
Communication Records: Records of messages, notifications, and interactions between patients and healthcare providers conducted through the Platform.
2. How We Use Your Information
We use your information to provide, operate, and improve the Platform and its features; facilitate communication between patients and healthcare providers; send transactional notifications related to your healthcare, including appointment confirmations, care plan alerts, observation reminders, and account verification codes via SMS, email, and in-app messaging; generate AI-assisted clinical documentation for healthcare provider review and approval; process payments and manage subscriptions; respond to your inquiries and provide customer support; comply with legal obligations, including HIPAA requirements; and detect, prevent, and address technical issues, fraud, or security concerns.
We do not use your personal information or health information for advertising or marketing purposes. All communications from Orella Health are transactional and related to your healthcare or account activity.
3. How We Share Your Information
We may share your information with the following parties, solely as necessary to operate the Platform:
Healthcare Providers: Your health information is shared with the licensed healthcare providers you are connected with through the Platform, as necessary to facilitate your care.
Service Providers: We use third-party service providers to help operate the Platform, including cloud hosting, database management, AI processing, email delivery, SMS delivery, and payment processing. These providers are bound by contractual obligations to keep your information confidential and secure, and where applicable, are subject to Business Associate Agreements (BAAs) as required by HIPAA.
Legal Requirements: We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or to protect the rights, safety, or property of Orella Health, our users, or the public.
We do not sell your personal information. We do not share your information with third-party advertisers.
4. SMS/Mobile Information
Orella Health collects mobile phone numbers during account registration to send transactional SMS messages related to your healthcare, including account verification codes, appointment confirmations, care plan and diagnosis alerts, and observation check-in reminders.
We do not sell, share, or provide your mobile phone number, SMS opt-in data, or SMS consent information to any third parties or affiliates for marketing or promotional purposes. Mobile information collected as part of our SMS messaging program is used exclusively to deliver the transactional healthcare notifications described in this policy and to operate the Orella Health platform. Information sharing with service providers (such as our SMS delivery partner) is permitted solely for the purpose of delivering these messages on our behalf.
Message frequency varies based on your healthcare activity, typically 1–5 messages per week. Message and data rates may apply. You may opt out of SMS messages at any time by replying STOP to any message. Reply HELP for assistance. For more details, visit https://www.orellahealth.com/smsoptin.
5. Data Security
We implement administrative, technical, and physical safeguards to protect your personal and health information, including encryption of data in transit (TLS) and at rest (AES-256), access controls and authentication requirements for all users, regular security reviews and monitoring, and compliance with HIPAA security requirements where applicable.
While we take reasonable measures to protect your information, no method of transmission over the Internet or electronic storage is completely secure.
6. Data Retention
We retain your personal and health information for as long as your account is active, and for a period afterward as required by applicable law. Health records are retained for a minimum of six years in compliance with HIPAA requirements. You may request deletion of your account and personal information at any time through the Platform's settings, subject to our legal retention obligations.
7. Your Rights and Choices
You have the right to access and review the personal information we hold about you; request correction of inaccurate information; request deletion of your account and personal information, subject to legal retention requirements; opt out of SMS notifications by replying STOP to any message; and contact us with questions or concerns about your information.
California residents may have additional rights under the California Consumer Privacy Act (CCPA). To exercise any of these rights, contact us at admin@orellahealth.com.
8. Children's Privacy
The Platform is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you believe a child has provided us with personal information, please contact us and we will delete it from our records.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you through the Platform or by email. Your continued use of the Platform after any changes constitutes your acceptance of the updated Privacy Policy.
10. Contact Us
If you have questions about this Privacy Policy or our privacy practices, please contact us at:
Orella Health, Inc.
700 S. Flower Street, Suite 1000
Los Angeles, CA 90017
Email: admin@orellahealth.com
Phone: (323) 655-6222