Privacy Policy

Updated January 24, 2022

This Privacy Policy governs the use of information collected by Exponential Healthcare (“Exponential Healthcare,” the “Company,” “we,” “us,” and “our” which terms shall include affiliates of Exponential Healthcare through the use of the Exponential Healthcare websites (the “Exponential Healthcare sites”), software applications (the “Exponential Healthcare Apps”), and all Exponential Healthcare products and services (collectively the “Services”) that direct you to this Privacy Policy.

Be advised that our processing of data obtained as a result of Exponential Healthcare Customer and service provider relationships shall be governed by our Data Processing Amendment (a separate Data Processing Addendum to address jurisdiction-specific data protection laws may be executed at Customer’s request).

We provide this Privacy Policy to let you know what information we collect, how we use it, share it and protect it. Please read the Privacy Policy carefully.


Information Gathering and Usage

When you register any account with any of the Exponential Healthcare Apps or Services, we may ask for information such as your name and email address. We will also ask you to create a secure password. We will store all of this information.

We will not collect your credit card information (but our payment processor will collect your credit card information and that information is subject to our payment processor’s terms, conditions and privacy policies).

We use collected information for the following general purposes: products and services provision, billing, identification and authentication, services improvement, contact and research.

For users of Exponential Healthcare Apps that support reading health data from Bluetooth peripherals, the Android and Apple operating system requires that foreground and background location permissions be granted before the application can scan for and read from said Bluetooth peripherals. We do not store or transmit any of location data. These permissions are only requested for the purpose of scanning and reading from Bluetooth peripherals while the app is backgrounded.

We do not share your personal information with unrelated third parties unless explicitly approved by you. 

We reserve the right to aggregate and redistribute data entered on the Website in accordance with our Terms of Service. The aggregated data we redistribute will never contain or be attached to Personal Data of any kind.

User Accounts and Data Privacy

Users of the Exponential Healthcare Apps can share personal information with other users voluntarily and at their own risk by posting comments in Exponential Healthcare “Communities.”

Please be advised that we do not perform any background searches on our users and that it is your responsibility to take care when sharing your information by posting in Exponential Healthcare Communities. For your security, your Personal Information is not discoverable by any other user until you choose to post a comment in a Community or opt-in to a Leaderboard.

At no time will Exponential Healthcare or any employee of Exponential Healthcare share, sell or otherwise distribute individual user data or personally identifiable information without the prior consent of the individual user.

We may choose to aggregate and redistribute data without providing information identifying specific subscribing organizations, companies or individual users without prior consent.

Sharing Your Data With A Exponential Healthcare Practitioner

A Exponential Healthcare Practitioner is an authorized Representative of a Customer of Exponential Healthcare who provides services on behalf of that organization.

If you accept an invitation to connect with a Exponential Healthcare Practitioner, you grant them access to all personal and health-related data in your account. This includes data that may be manually entered by you, or data that you choose to sync into the Exponential Healthcare Apps by enabling one of our integrations.

Your data provides Exponential Healthcare Practitioners the up-to-date information they require in order to deliver their services effectively.

If you accept an invitation from a Exponential Healthcare Practitioners, the Exponential Healthcare Practitioners will also be able to send private messages to you. The Exponential Healthcare Practitioners has agreed to keep your data and information confidential and not use it for any purpose other than to provide you individualized advice and services, but we cannot provide any assurances that any Exponential Healthcare Practitioners will in fact do so.

We are not required to litigate or otherwise pursue any wrongful disclosure of your data and information. To the extent that any of your data or information contains protected health information, you hereby expressly consent to the disclosure of such protected health information when you accept an invitation from a Exponential Healthcare Practitioners.

Use of Contact Information

We may use your email address to send you information about our Services or to market to you. You may unsubscribe from these messages by following the instructions contained within the messages, or the instructions on the Exponential Healthcare Sites.

If you email us with a request or question or have provided us with your email address, we may keep your message, email address and contact information to respond to your request or otherwise follow up with you.

No Public Sharing of Your Data

We do not allow the public to see your personal information.

Log Data and Links

When you visit our Website, our servers automatically record information (“Log Data”) created by your visit to, and use of the Exponential Healthcare Sites and the Services. Log Data may include information such as your IP address, browser type, the referring domain, pages visited and order of visit, search terms used and other historical data.

We may keep track of how you interact with links across the Exponential Healthcare Sites and the Services. We do this to help improve our Website and the Services, including the advertising on our Website and through our Services.

We may share the Log Data in the form of aggregate click statistics, such as how many times a particular link was clicked on, without any personally identifiable information, with third parties.

Device Information

In addition to Log Data, we may also collect information about the device you are using when accessing the Products, including what type of device it is, what operating system you are using, device settings, unique device identifiers, and crash data.

Whether we collect some or all of this information often depends on what type of device you are using and its settings. To learn more about what information your device makes available to us, please also check the policies of your device manufacturer or software provider.

Data Storage

We use third party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to run our services.

We do not transfer ownership of any code, databases, Website rights or data to any third party vendors or hosting partners.

Third Party Services (Subprocessors)

We may use a variety of services offered by third parties to help maintain and improve our Website, to help us understand the use of our Website and Services, or simply to provide the Services.

These services may store both personally identifiable information about you which we collect and the information sent by your browser as part of a web page request, such as cookies or your IP address.

If any third parties are given access to your personally identifiable information, we will limit the use of such personally identifiable information only to provide the services to us which we have requested.

Minimum Age 16

Neither the Exponential Healthcare Sites nor the Services are directed to people under the age of 16. If you become aware that your child has provided personally identifiable information, please contact us at [email protected].

We do not knowingly permit children under 16 to use our Website or Services or collect personally identifiable information from children under 16.

If we become aware that a child under 16 has provided us with personally identifiable information, we will take steps to remove such information and terminate the child’s account.

Information Security and Data Integrity

We take reasonable security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data.

These include firewalls and encryption, internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorized access to systems.

Our software code and all data and information reside on servers that comply with the requirements of the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Act (GDPR).

In addition, our software code resides on one set of servers and all data and information reside on a separate set of servers.

We restrict access to personal information to our employees, contractors and agents who need to know that information in order to operate, develop or improve our Services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination, if they fail to meet these obligations.

Data Retention

How long we retain your Personal Data depends on the type of data and the purpose for which we process the data. We will retain your Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law.

Right To Access, Amend & Delete Personal Data / Choice

You retain the right to access, amend, correct or delete your Personal Data at any time. To do so, use the controls available to you within our Services, or contact our support team via email.

You may request to cancel your account at any time. Keep in mind, however, that even if you request to cancel your account, we may retain your personal information in conformance with our data retention policy, under which we may retain such information to comply with laws such as HIPAA, prevent fraud, resolve disputes, troubleshoot problems, assist with any investigations, enforce our Terms of Service, perform research, and take other actions otherwise permitted by law.

There may be residual personal information that remains within our databases, access logs, and other records. In addition, we are not responsible for updating or removing your personal information already disclosed to third parties who have been provided information as permitted by this Privacy Policy.

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized.  To request to limit the use and disclosure of your personal information, please submit a written request to [email protected].

Transfer of Information on Sale and for Legal Compliance

Notwithstanding anything to the contrary in this Privacy Policy:

(a) upon a sale of Exponential Healthcare or all or substantially all of its assets, we reserve the right to transfer to the purchaser of Exponential Healthcare all data it has, including without limitation all Log Data and all personally identifiable data concerning you and any user of the Exponential Healthcare Sites and the Services and

(b) we will share your personal information if we have a good faith belief that:

  • Access, use, preservation or disclosure of such information is reasonably necessary to satisfy any applicable law, regulation, legal process, such as a court order or subpoena, or a request by law enforcement or governmental authorities,
  • Such action is appropriate (A) to enforce the Terms of Service, including any investigation of potential violations thereof, or (B) to detect, prevent, or otherwise address fraud, security or technical issues associated with the Exponential Healthcare Sites and the Services, or
  • Such action is appropriate to protect the rights, property or safety of Exponential Healthcare, its employees, users of the Exponential Healthcare Sites and the Services.

International Data Transfers

The Website and Services are hosted in the United States.

If you access the Exponential Healthcare Sites or Services from the European Union, Asia, or any other region with laws or regulations governing personal data collection, use, and disclosure that differ from United States laws, please be advised that through your continued use of the Exponential Healthcare Sites or Services, you are transferring your personal information to the United States and you consent to that transfer, as well as authorized Subprocessors which may be located elsewhere in the world.

Additionally, you understand that your personal information may be processed in countries (including the United States) where laws regarding processing personal information may be less stringent than in your country.

General Terms

We reserve the right to change this Privacy Policy from time to time at our sole discretion. Any such change, update or modification will be effective immediately upon posting the revised Privacy Policy on the Exponential Healthcare Sites.

We will provide no other notice to you. It is your responsibility to review this page from time to time to ensure that you continue to agree with all of its terms. If you no longer agree to this Privacy Policy after a change, you must cease using the Exponential Healthcare Sites and the Services.

This Privacy Policy shall be governed by the laws of the Commonwealth of Virginia, USA without respect to its conflict of laws principles.

Our failure to exercise or enforce any right or provision of this Privacy Policy shall not constitute a waiver of such right or provision. This Privacy Policy is hereby incorporated into the Terms of Service.

You may not assign this Privacy Policy to any party. If any provision of this Privacy Policy is deemed invalid, then that provision will be limited or eliminated to the minimum extent necessary, and the remaining provisions of this Privacy Policy will remain in full force and effect.


Any questions regarding this Privacy Policy should be sent to [email protected].

Get Started On Your Exponential Healthcare Journey!

Field with * are required

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.