Privacy Policy

Version 3.0.0 · Effective 2026-04-13

Stealth Health Privacy Policy

Effective Date: April 13, 2026 — Last Updated: April 13, 2026

At Stealth Health, we are committed to protecting the privacy, confidentiality, and security of your personal information and personal health information. This Privacy Policy ("Policy") explains how we collect, use, disclose, store, and protect your information when you access or use our telemedicine platform, websites, mobile applications, and related services (collectively, the "Services").

This Policy also describes your rights regarding your information under applicable Canadian and United States privacy laws. Please read this Policy carefully. By accessing or using the Services, you acknowledge that you have read and understood this Policy.

1. Who We Are

Stealth Health operates in both Canada and the United States through the following entities:

  • Stealth Health Inc. (Canada): A corporation incorporated under the laws of the Province of Ontario, Canada.
  • Stealth Health Holdco, LLC (United States): A limited liability company organized under the laws of the State of Delaware, USA.

The entity responsible for processing your information depends on your location. References to "Stealth Health," "we," "us," or "our" refer to the applicable entity.

2. Information We Collect

We collect the following categories of information:

2.1 Personal Information

Information that identifies you as an individual, including:

  • Full name, date of birth, gender, and contact information (mailing address, email address, phone number).
  • Government-issued identification numbers where required for identity verification or regulatory compliance.
  • Payment and billing information (credit/debit card details, billing address), which is processed and stored by our PCI-compliant third-party payment processors.
  • Account credentials (username and password).

2.2 Personal Health Information (PHI)

Health-related information provided by you or generated through the Services, including:

  • Medical history, symptoms, diagnoses, treatment plans, and clinical notes.
  • Prescription information, medication history, and pharmacy details.
  • Lab results, diagnostic imaging, and other test results.
  • Allergies, adverse reactions, and contraindications.
  • Information related to compounded medications, supplements, or wellness products prescribed or recommended through the Services.
  • Audio, video, and text recordings of telemedicine consultations (where permitted and disclosed).

2.3 Technical and Usage Information

Information collected automatically when you access the Services:

  • IP address, device type, operating system, browser type and version.
  • Pages visited, features used, clickstream data, session duration, and referral sources.
  • Cookies, pixels, and similar tracking technologies (see Section 9 below).
  • Crash reports, error logs, and performance diagnostics.

2.4 Information from Third Parties

We may receive information about you from:

  • Healthcare providers, pharmacies, and laboratories involved in your care.
  • White-label or enterprise partners through whose platforms you access the Services.
  • Identity verification and fraud prevention services.
  • Payment processors and financial institutions.

3. How We Use Your Information

We use your information for the following purposes:

  • 3.1 Providing Healthcare Services: Facilitating telemedicine consultations between you and licensed Providers. Processing prescriptions and coordinating with pharmacies (including compounding pharmacies) for medication fulfillment. Managing your health record within the platform. Communicating with you about appointments, treatment plans, follow-up care, and test results.
  • 3.2 Account and Platform Administration: Creating and managing your account. Processing payments, billing, and invoicing. Providing customer support and responding to inquiries. Sending transactional communications (appointment confirmations, billing receipts, account alerts).
  • 3.3 Improvement and Development: Analyzing usage patterns to improve the Services, develop new features, and enhance user experience. Conducting internal research and analytics (using de-identified or aggregated data where possible). Performing quality assurance and clinical outcome monitoring.
  • 3.4 Safety, Security, and Legal Compliance: Detecting and preventing fraud, unauthorized access, and other security threats. Complying with applicable legal, regulatory, and professional obligations. Responding to lawful requests from law enforcement, regulatory bodies, or courts. Enforcing our Terms of Use and other agreements.
  • 3.5 Marketing and Communications (with Consent): Sending promotional materials about our Services, where you have opted in or where permitted by applicable law. You may opt out of marketing communications at any time (see Section 8).

We only use your information for the purposes for which it was collected or as otherwise permitted or required by applicable law. We will not use your personal health information for marketing purposes without your express consent.

4. How We Share Your Information

No Sale of Data

We do not sell, rent, or trade your personal information or personal health information. We may share your information in the following circumstances:

  • 4.1 Healthcare Providers and Care Coordination: With your treating Provider(s) to deliver care through the Services. With external healthcare providers, specialists, pharmacies, or laboratories for purposes of care coordination, prescription fulfillment, and referrals, with your consent or as permitted by law.
  • 4.2 Service Providers and Processors: With trusted third-party service providers who assist us in operating the Services (e.g., cloud hosting, payment processing, customer support, analytics, IT security). These providers are bound by contractual obligations of confidentiality and are prohibited from using your information for any purpose other than providing services to Stealth Health.
  • 4.3 White-Label and Enterprise Partners: If you access the Services through a third-party partner's platform, we may share limited information with that partner as necessary to administer your account and coordinate care, subject to applicable data sharing agreements and privacy law requirements.
  • 4.4 Legal and Regulatory Disclosures: When required by law, regulation, legal process, or enforceable governmental request (e.g., court orders, subpoenas, mandatory public health reporting). To protect the rights, property, or safety of Stealth Health, our users, or the public. To regulatory bodies, professional licensing authorities, or law enforcement as required by applicable law.
  • 4.5 Business Transactions: In connection with a merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred to a successor entity, subject to applicable privacy law requirements and, where required, your consent.
  • 4.6 De-Identified and Aggregated Data: We may use and share de-identified or aggregated data that cannot reasonably identify you for research, analytics, benchmarking, and other lawful purposes.

5. Cross-Border Data Transfers

Stealth Health operates in both Canada and the United States. Your personal information and personal health information may be transferred to, stored in, and processed in a jurisdiction other than the one in which you reside.

  • Canadian Users: Your information may be transferred to and processed in the United States. By using the Services, you consent to such transfer. We take reasonable steps to ensure that your information receives an equivalent level of protection in accordance with PIPEDA, PHIPA (Ontario), and other applicable Canadian privacy legislation.
  • U.S. Users: Your information may be transferred to and processed in Canada. Such transfers are conducted in compliance with HIPAA and applicable state privacy laws.

We implement appropriate contractual, technical, and organizational safeguards to protect your information during cross-border transfers.

6. How We Protect Your Information

Stealth Health implements administrative, technical, and physical safeguards designed to protect your information from unauthorized access, use, disclosure, alteration, or destruction. These measures include:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Role-based access controls limiting access to authorized personnel on a need-to-know basis
  • Multi-factor authentication for administrative and provider access
  • Regular security assessments, vulnerability testing, and penetration testing
  • Incident response procedures and breach notification protocols
  • Employee training on privacy, confidentiality, and security obligations
  • Hosting on cloud infrastructure with SOC 2, ISO 27001, or equivalent security certifications

While we strive to protect your information using commercially reasonable measures, no method of transmission or storage is completely secure. In the event of a data breach that poses a significant risk of harm, we will notify you and the applicable regulatory authorities as required by law.

7. Data Retention

We retain your information only as long as necessary to fulfill the purposes outlined in this Policy, to comply with legal obligations, and to resolve disputes. Specific retention periods include:

  • Health Records (Canada): Retained in accordance with applicable provincial healthcare record retention requirements (typically 10 years after the last patient interaction in Ontario; varies by province).
  • Health Records (United States): Retained in accordance with applicable federal and state medical record retention requirements (typically 6–10 years depending on the state; longer for minors).
  • Billing and Financial Records: Retained for 7 years to comply with tax and financial reporting obligations.
  • Technical and Usage Data: Generally retained for up to 3 years, unless a longer period is required for security or legal purposes.
  • Marketing Consent Records: Retained for the duration of the consent and for a reasonable period thereafter for compliance purposes.

When retention periods expire, we securely destroy or de-identify your information using industry-standard methods.

8. Your Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal information and personal health information:

8.1 Rights Under Canadian Law (PIPEDA / PHIPA / Provincial Legislation)

  • Access — You may request a copy of the personal and health information we hold about you
  • Correction — You may request that we correct inaccurate or incomplete information
  • Withdraw Consent — You may withdraw your consent to certain uses of your information, subject to legal or contractual restrictions. Withdrawal of consent may affect our ability to provide certain Services
  • Complaint — You may file a complaint with our Privacy Officer or with the Office of the Privacy Commissioner of Canada, or the applicable provincial privacy commissioner

8.2 Rights Under U.S. Law (HIPAA / State Privacy Laws)

  • Access — You have the right to access and obtain a copy of your protected health information maintained by Stealth Health or your Provider
  • Amendment — You may request an amendment to your health information if you believe it is inaccurate or incomplete
  • Accounting of Disclosures — You may request an accounting of certain disclosures of your health information made by Stealth Health
  • Request Restrictions — You may request restrictions on certain uses and disclosures of your health information, though we are not required to agree to all requests
  • Confidential Communications — You may request that we communicate with you through a specific method or at a specific location
  • Breach Notification — You have the right to be notified in the event of a breach of your unsecured protected health information

8.3 Additional State-Specific Rights

If you are a resident of a state with comprehensive privacy legislation (e.g., California, Colorado, Connecticut, Virginia, or other states with enacted consumer privacy laws), you may have additional rights, including the right to know what personal information is collected, the right to delete personal information, the right to opt out of the sale or sharing of personal information, and the right to non-discrimination for exercising your rights. Please contact us to exercise any state-specific rights.

To exercise any of your rights, please contact our Privacy Officer at privacy@stealth.health.

9. Cookies and Tracking Technologies

We use cookies, pixels, web beacons, and similar technologies to:

  • Essential Cookies: Enable core platform functionality, session management, and security features. These are necessary for the Services to function and cannot be disabled.
  • Performance and Analytics Cookies: Collect aggregated usage data to help us understand how users interact with the Services and to improve performance.
  • Functional Cookies: Remember your preferences and settings to enhance your experience.
  • Marketing Cookies: Used with your consent to deliver relevant advertising and measure campaign effectiveness. These may be set by third-party advertising partners.

You can manage your cookie preferences through your browser settings or through any cookie consent mechanism provided on our website. Please note that disabling certain cookies may affect the functionality of the Services.

We do not respond to "Do Not Track" browser signals at this time, but we honour opt-out preferences communicated through applicable mechanisms (e.g., Global Privacy Control where required by state law).

10. Children's Privacy

The Services are not intended for use by individuals under the age of 18 (or the age of majority in their jurisdiction) without the involvement of a parent or legal guardian. We do not knowingly collect personal information from children under 13 (or the applicable age in your jurisdiction) without verifiable parental consent. If we become aware that we have collected personal information from a child without appropriate consent, we will take steps to delete such information promptly. If you believe we have collected information from a child inappropriately, please contact us at privacy@stealth.health.

11. Third-Party Links and Integrations

The Services may contain links to third-party websites, applications, or services (e.g., pharmacies, payment processors, partner platforms). We are not responsible for the privacy practices, content, or security of third-party services. We encourage you to review the privacy policies of any third-party services you access through or in connection with the Services.

12. Telehealth-Specific Privacy Considerations

Telemedicine consultations involve the electronic transmission of personal health information. You should be aware that:

  • Video, audio, and text-based consultations may be recorded for quality assurance, clinical documentation, and legal compliance purposes. You will be informed when recordings are being made.
  • Electronic communications (including email and messaging) carry inherent privacy risks. We use encryption and secure platforms, but no system is completely immune to interception.
  • Prescriptions transmitted electronically to pharmacies involve the sharing of your health information with those pharmacies in accordance with applicable law.
  • If you access the Services from a shared or public device, your information may be visible to others. You are responsible for taking appropriate precautions.

13. Changes to This Privacy Policy

We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. Material changes will be communicated to you by email, in-app notification, or by posting a prominent notice on our website, at least thirty (30) days prior to the effective date of the change. The "Last Updated" date at the top of this Policy will be revised accordingly.

Your continued use of the Services after the effective date of any changes constitutes your acceptance of the updated Policy. If you do not agree with the changes, you should discontinue your use of the Services.

14. Contact Our Privacy Officer

If you have questions, concerns, complaints, or requests regarding this Privacy Policy or our privacy practices, please contact:

We aim to respond to all inquiries within thirty (30) days, as required by PIPEDA and applicable law. If you are not satisfied with our response, you have the right to escalate your complaint to the applicable privacy regulatory authority:

  • Canada: Office of the Privacy Commissioner of Canada (www.priv.gc.ca) or your provincial privacy commissioner.
  • United States: U.S. Department of Health and Human Services, Office for Civil Rights (www.hhs.gov/ocr) for HIPAA-related complaints.

By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy.

If you have any questions about this policy, please contact support.