Privacy at Cardon Health

This Privacy Policy explains how Cardon Health handles information collected through our public website, demo and sales conversations, account administration, and product workflows.

When a customer uses Cardon Health under an order form, pilot agreement, master services agreement, data processing agreement, business associate agreement, or similar written agreement, those documents govern the customer relationship and control if they conflict with this public policy.

• Public website channels are for general inquiries and should not be used to send patient information.
• Product environments may process protected health information only under the applicable customer agreement and BAA.
• Patients who want access to medical records should contact their home-health agency or provider directly.

We collect information you provide directly, such as your name, work email, agency, role, phone number, demo request details, support messages, and other business contact information.

For authorized product users, we may process account and security information such as name, email, role, organization membership, session metadata, user agent, IP address, authentication events, passkey or two-factor settings, and invitation status.

In product deployments, Cardon Health may process visit, patient, chart, evidence, QA, consent, audit, delivery, and integration data that customers submit or direct us to process. Depending on the configured workflow, that may include home-visit audio, clinical notes, OASIS answers, evidence spans, wound or medication images, signatures, EHR references, and related operational metadata.

The public website uses Google Analytics with IP anonymization, Vercel Analytics, and Vercel Speed Insights to understand traffic, page performance, and reliability. These tools may collect page views, approximate location inferred from network information, browser and device details, referrer, performance metrics, and similar usage data.

Website analytics are separate from product audit logs. Product audit logs exist to support security, access review, chart review, delivery workflows, and customer administration.

We use information to provide, secure, maintain, and improve Cardon Health; respond to inquiries; schedule demos; administer accounts and organizations; authenticate users; deliver product notifications; support customer workflows; investigate security events; comply with legal obligations; and enforce applicable agreements.

Product data is used to operate the contracted service, including drafting chart content, linking answers to evidence, supporting clinician and QA review, delivering charts to approved destinations, and maintaining auditability. Model improvement or secondary use of customer data, if any, is handled only as allowed by the applicable customer agreement and BAA.

Cardon Health is designed for home-health workflows that can involve protected health information. To the extent Cardon Health acts as a business associate for a covered entity or another business associate, we process protected health information according to the applicable BAA, customer instructions, and applicable law.

Cardon Health does not ask visitors to send protected health information through public forms, ordinary email, or other non-approved channels. Customers should use approved product and support channels after the appropriate agreements are in place.

• Customer administrators control authorized users and organization access.
• Clinicians and agencies remain responsible for patient consent, chart review, and signed clinical documentation.
• Breach, security incident, retention, and deletion obligations for protected health information are handled under the applicable BAA and customer agreement.

We share information with service providers and subprocessors that help us host, secure, analyze, support, and deliver Cardon Health. These providers are bound by contractual obligations appropriate to the information they handle.

We may share information with customer-authorized systems, such as EHR integrations or export destinations; with professional advisors; in connection with a financing, merger, acquisition, or corporate transaction; or when required to comply with law, protect rights, prevent abuse, or respond to valid legal process.

We do not sell protected health information. We do not use protected health information for cross-context behavioral advertising.

Cardon Health uses administrative, technical, and physical safeguards intended to protect information against unauthorized access, disclosure, alteration, and destruction. These safeguards include role-based access, authentication controls, encryption, audit logging, access review, and security monitoring appropriate to the deployment.

No internet-connected system can be guaranteed to be perfectly secure. If we identify a security incident affecting customer data, we will investigate and provide notices as required by applicable agreements and law.

We retain website, account, support, and business contact information for as long as needed to provide the service, manage the relationship, comply with legal obligations, resolve disputes, maintain security, and enforce agreements.

Retention and deletion of customer product data, including protected health information, are governed by the applicable customer agreement, BAA, customer configuration, legal requirements, backup practices, and approved deletion workflows.

You may contact us to request access, correction, deletion, or restriction of personal information we maintain about you, subject to identity verification, legal limits, and customer agreement obligations.

Authorized product users should contact their customer administrator for account access changes. Patients and caregivers should contact the relevant home-health agency or provider for medical-record requests, treatment questions, or HIPAA individual-rights requests.

We may update this Privacy Policy as Cardon Health, our subprocessors, or legal requirements change. The effective date above reflects the latest version posted on this site.

Privacy, security, and contracting questions can be sent to hello@cardonhealth.ai.