Home / Privacy Policy

Privacy Policy

Last updated May 2026  ·  Applies to outfoxhealth.com and the Outfox Health mobile apps.

We do not sell or rent Personal Data to marketers or unaffiliated third parties.

Outfox Health is a platform available at outfoxhealth.com (the "Site") and as mobile applications on the Google Play and Apple stores (the "Apps"). We've developed this Privacy Policy to tell our users ("user(s)," "you," or "your") how we collect data through our Services, how we use it, and what rights you have with respect to it.

Please read this Privacy Policy carefully. By accessing or using the Services, you accept and agree to be bound by this Privacy Policy and our Terms of Use, which are hereby incorporated by reference. For questions, contact us at info@outfoxhealth.com or use the contact information at the end of this page.

1. Data We Collect

Outfox Health collects personal data such as demographics, interests, preferences, insurance policy details, and health-related information (e.g., lab tests, prescriptions) to provide a tailored healthcare guidance experience. This data helps with price comparison, insurance integration, and personalized suggestions.

Information We Collect about You

  • Non-Personal Data — information about your internet connection, equipment, web browsers, and pages visited before, during, and after using our Site.
  • Cookies & Web Beacons — used to deliver, communicate, track, and measure performance of our Services.
  • Log Data — IP address, browser, operating system, pages browsed, time spent, search terms, and links clicked.
  • Push notifications — if you opt in, we may collect IP and a persistent device identifier. You can toggle this off in device settings at any time.

Non-Personal Data may become linked to you and your account only after you submit certain Personal Data — for example, by logging into your Site account.

Information You Provide

When you register, set up an account, respond to communications, or contact us, we collect Personal Data such as your first and last name(s), mailing address, email, phone, and organization.

Other types we may receive. Geolocation Data when you grant permission (changeable in device settings); and information from third-party social networking services if you choose to access them through our Services.

2. Use of Data

We do not sell or rent Personal Data to any third parties. We use information collected via clickstream data, web pixels, and cookies to store your preferences, improve site navigation, make personalized features available, generate statistical information, monitor usage, prevent fraud, investigate complaints, and improve our content and Services.

Where you provide registration information, cookies may also identify you when you log in. Except as otherwise stated, we may use information for legitimate business purposes including:

  • Respond to requests and provide user support
  • Evaluate and improve content of our Services
  • Customize the Services to your preferences
  • Establish accounts to use the Services
  • Communicate information and promotional materials (where you haven't opted out)
  • Maintain account-status records and activity logs
  • Notify you of changes to relevant agreements or policies
  • Conduct research and analysis
  • Enforce our agreements, terms, conditions, and policies
  • Work with service providers bound by contractual obligations consistent with this Policy
  • Prevent or investigate fraud, comply with legal obligations, or defend legal claims
  • Conduct aggregate analysis and develop business intelligence
  • Describe our Services to current and prospective business partners
  • Other purposes identified to and requested by you (you can withdraw consent at any time)

Performance of a contract

If you've created an account, we may also use your information to establish your account, validate your login credentials, respond to your requests, and notify you of changes to relevant agreements or policies. We may use third-party email providers to deliver these communications. This is an opt-in email program; you can opt out at any time. From time to time, we may invite you to participate in online surveys and use the responses to research market trends and community needs.

De-identified & aggregated data

We may anonymize or aggregate data we collect — including de-identified demographic and location data, device information, and market trends — for analysis. If you provide Personal Data, we may aggregate it with other data unless we specify otherwise at the point of collection.

3. How We Share Data

We do not sell or rent Personal Data to marketers or unaffiliated third parties. We may share aggregated, de-identified data with our partners. Third-party service providers — such as cloud hosting, payment gateways, and analytics tools — may have access to user data to support our Services. We will not share Personal Data we collect from or about you except as described below:

  • Corporate affiliates — including parents, subsidiaries, and other affiliated entities, all required to treat the information per this Policy.
  • Service providers — for hosting, infrastructure, and similar functions. They have access only to perform services on our behalf, are contractually required to comply with applicable data privacy laws, and may not use the data for any other purpose.
  • Authorized third parties — parties you've directly authorized to receive applicable data. Their use is governed by their own privacy policy.
  • Business transfers — in any reorganization, merger, sale, joint venture, assignment, or transfer of all or part of our business or assets (including bankruptcy). The recipient must use the information consistently with this Policy.
  • Legal & safety — as we believe necessary under applicable law; to enforce our terms; to protect our rights, privacy, safety, or property; to address fraud or security issues; or to respond to courts and regulators.
  • With your explicit approval — prior to disclosure.
  • Aggregated, de-identified data — shared with partners to show how many users viewed or interacted with their materials. This does not identify any individual.

4. Third-Party Service Providers

We use third-party service providers to help us operate our Services, including hosting, analytics, marketing platforms, and others. These providers may collect, store, or process information detailed herein. We use commercially reasonable efforts to engage only with third parties that post a privacy policy governing their use of Personal and Non-Personal Data, and we require them to follow appropriate privacy practices. You agree that we do not bear responsibility for the actions or policies of third parties.

Amazon Web ServicesHosting
Hosts our website and associated services.
AptibleInfrastructure
Helps manage our technology infrastructure and security practices.
BeehiivEmail marketing
Delivers promotional emails. All include an opt-out / unsubscribe link.
DocuSignContracts
Sends contracts to our partners.
DropboxDocument storage
Stores and shares documents, some of which include user information.
eFaxFax delivery
Sends documents to partners that don't have other communication methods.
FacebookConversion tracking
Tracks ad effectiveness and serves retargeted ads using cookies.
Google AnalyticsWeb analytics
Compiles traffic data. You can opt out via Google's browser add-on.
PostHogProduct analytics & session recording
Collects page-view events, button clicks, and anonymized session recordings to help us understand how visitors use the site. Data is stored in the US. See posthog.com/privacy.
Google AdsAdvertising
Displays brief ads, offerings, and remarketing tailored to our content.
Google G SuiteProductivity
Stores and shares documents, some of which include user information.
Google Places APIMaps
Provides maps and driving distances for searches on our website.
LinkedIn InsightsB2B targeting
Identifies potential business partners visiting marketing pages (no medical-provider pages).
RedditConversion tracking
Tracks ad effectiveness and serves retargeted ads.
RedoxEHR integration
API platform that lets us exchange health data with healthcare organizations.
Ribbon HealthHealthcare data
APIs for provider ratings and insurance deductibles.
SendGridTransactional email
Sends transactional emails (e.g., order confirmations); tracks opens and clicks.
SlackTeam messaging
Internal and partner communication; some messages include user information.
TwilioSMS
Facilitates SMS messaging. Standard message and data rates may apply.
ZapierAutomation
Automates business processes and notifications. Some incidental data may be available via the connection.

When you use the Internet, unaffiliated parties (ad networks, web analytics companies, social platforms) may collect information about your online activities over time. We do not track your activity across different websites or online services. Learn more or opt out at networkadvertising.org/choices or aboutads.info/choices.

5. Data Security

We take reasonable steps online and offline to safeguard the Personal Data you provide:

  • SSL-encrypted connections (HTTPS) to web sites in our Services
  • Secure multi-tiered firewalls
  • Encryption of portions of your data on our storage server
  • Secure cloud-based environments with server authentication and industry-standard firewalls
  • Unique account identifiers, usernames, and passwords required at login

Transmission of information via the internet is not wholly secure. Any transmission of Personal Data is at your own risk. By using our Services, you acknowledge and accept these risks. We cannot guarantee or warrant the security of any information you disclose to us, and we cannot be responsible for theft, destruction, or inadvertent disclosure of information.

If you have any questions about security, become aware of unauthorized account use, lose your credentials, or suspect a breach, notify us immediately at info@outfoxhealth.com. If our security system is breached, we will notify you only if and to the extent required under applicable law.

6. Your Choices & Rights

You can change, edit, update, or delete information you provided when setting up your account through your account settings. You can also request deletion by emailing info@outfoxhealth.com.

If you reside in certain jurisdictions (such as the EEA or California), you may have additional rights with respect to your Personal Data:

  • Access — request access to your Personal Data as it exists in our records.
  • Rectify — request correction or amendment of inaccurate or incomplete data.
  • Erase — request deletion of your data, subject to legal exceptions.
  • Object & restrict — object to processing or request restriction of how we process your data.
  • Portability — request a copy of your data in a commonly-used format.
  • Withdraw consent — withdraw consent to processing at any time, where given.

Exceptions may apply — for example, where processing is necessary for a task carried out in the public interest. To exercise any right, contact us at info@outfoxhealth.com.

7. Data Retention

Unless otherwise described or requested by you, we retain your data only for the period necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law.

You may request deletion of your account at any time by emailing info@outfoxhealth.com. Once deleted, your account cannot be recovered. We do retain Non-Personal Data, including aggregated, de-identified data, for the purposes described in "Use of Data" above.

8. Outfox Health as a Data Processor

When acting as a service provider to other organizations, Outfox Health processes Personal Data per the terms agreed with the organization and its lawful instructions.

We may collect, use, and disclose certain Personal Data about you when acting as a service provider to an organization that uses or provides our Site or Services. These organizations are responsible for ensuring your privacy rights are respected, and should provide information to help you understand how third parties collect and use your Personal Data.

9. Privacy Contact

For inquiries regarding your Personal Data, contact our Privacy Contact, Beth Ann Lopez, at info@outfoxhealth.com.

10. Links to Third-Party Sites

Our Services may contain links to other sites that are not operated by us. Such links do not constitute endorsement, and this Privacy Policy does not apply to third-party websites.

We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policies and terms of any third-party websites or services you visit.

11. Children's Privacy

The Services are not intended for children under 13. Outfox Health does not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete it promptly. If you believe a child under 13 has provided us with personal information, please contact us at info@outfoxhealth.com.

12. Your California Privacy Rights

California Civil Code Section 1798.100-199 — the California Consumer Privacy Act ("CCPA") — confers additional responsibilities towards California residents. Before collection of Personal Data, we will notify California residents as to the categories of data that will be collected.

In the last 12 months, Outfox Health collected:

  • Identifiers
  • Personal information categories listed in the California Customer Records statute (Cal. Civ. Code §1798.80(e))
  • Protected classification characteristics under California or federal law
  • Commercial information
  • Internet or other similar network activity
  • Geolocation data

In the last twelve (12) months, Outfox Health has not sold personal information. Outfox Health has disclosed the same categories above to service providers for a business purpose in the last twelve (12) months. Outfox Health may disclose deidentified patient information using the HIPAA safe harbor method under 45 C.F.R. § 164.514(b)(2).

California residents may request the list of Personal Data and related information collected (Cal. Civ. Code §§1798.110(a) and 1798.115), and may request that we delete Personal Data so long as it is not necessary to our business or service-provider functions (Cal. Civ. Code §1798.105(d)). California residents will not receive discriminatory treatment for the exercise of their CCPA rights, and may designate an authorized agent to make a request on their behalf.

California Civil Code §1798.83 also permits California residents to request a list of Personal Data (if any) we disclosed to third parties for direct marketing in the preceding calendar year, and the names and addresses of those third parties. Requests may be made up to twice per year, free of charge. Email info@outfoxhealth.com to make a request.

13. Virginia Resident Rights and Disclosures

If you are a Virginia resident, you have the rights set forth under the Virginia Consumer Data Protection Act ("VCDPA"). See "Your Choices & Rights" above for instructions.

If we are processing your Personal Data as a service provider to one of our customers, contact the entity that originally collected your data. These rights are subject to certain conditions and exceptions which may permit or require us to deny your request. If there are conflicts between this section and any other provision, the more protective portion controls. Contact info@outfoxhealth.com with "Virginia Rights" in the subject line.

14. Colorado Rights and Disclosure

If you are a Colorado resident, you have the rights set forth under the Colorado Privacy Act ("CPA"). See "Your Choices & Rights" above for instructions.

If we are processing your Personal Data as a processor to one of our customers, contact the entity that originally collected your data. These rights are subject to certain conditions and exceptions which may permit or require us to deny your request. If there are conflicts between this section and any other provision, the more protective portion controls. Contact info@outfoxhealth.com with "Colorado Rights" in the subject line.

15. Changes in the Privacy Policy

We reserve the right to modify and update this Privacy Policy at any time by posting an amended version on our Site. Please refer to this policy regularly. If we decide to use Personal Data in a manner different from that stated at the time of collection, we will notify you either on the panel home page of our Site or via email.

16. How to Contact Us

For any concerns or questions about our Privacy Policy, please contact us:

Contact
OutFox Health, Inc.
10 Skylark Dr., Apt 8
Larkspur, CA 94939