Privacy Policy

Effective Date: 2/28/2026 · Last Updated: 5/29/2026

Welcome to Ace Health (“Company,” “we,” “our,” or “us”). We are committed to protecting your privacy and safeguarding your health information.

This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our mobile application and related services (the “Services”).

1. Information We Collect

A. Personal Information

We may collect:

  • Full name
  • Date of birth
  • Email address
  • Phone number
  • Address
  • Insurance information (if applicable)
  • Emergency contact information

B. Health Information (Protected Health Information - PHI)

Because we operate as a healthcare technology platform, we may collect:

  • Medical history
  • Symptoms
  • Diagnoses
  • Prescriptions
  • Lab reports
  • Audio messages and AI voice call transcripts
  • Messages between you and healthcare providers
  • Uploaded medical files and documents

This information may qualify as Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

C. Technical Information

We may collect:

  • Device type
  • Operating system
  • IP address
  • Log data
  • App usage data
  • Push notification tokens

D. Device permissions (mobile apps)

With your permission, our mobile apps may access device features only when needed for care-related features:

  • Microphone — to record voice messages in secure chat and for AI-assisted voice calls (for example, when you tap the microphone in a conversation).
  • Camera — to take a photo and attach it to a message (for example, a clinical image sent to a patient’s care team).
  • Photo library — to choose an existing image or document to attach to a message.
  • Notifications — to alert you about new messages and care updates.
  • Face ID / biometrics (optional) — to unlock the app on your device instead of entering your password each time.

You can change these permissions at any time in your device Settings. The apps request each permission through the system prompt before access is used.

2. How We Use Your Information

We use your information to:

  • Connect you with licensed healthcare providers
  • Facilitate AI-assisted voice and messaging features
  • Provide medical consultations and communication
  • Store and manage your medical records
  • Improve app functionality and user experience
  • Send appointment reminders and notifications
  • Comply with legal and regulatory obligations

We do not sell your personal or health information.

3. HIPAA Compliance

If we qualify as a Covered Entity or Business Associate under HIPAA, we comply with applicable HIPAA regulations, including:

  • Administrative safeguards
  • Technical safeguards
  • Physical safeguards
  • Encryption of PHI in transit and at rest
  • Access controls and audit logs

Healthcare providers using the platform may also be subject to HIPAA and may have separate Notices of Privacy Practices.

For more information about HIPAA, visit the U.S. Department of Health & Human Services website.

4. How We Share Information

A. Healthcare Providers

Doctors, clinics, and authorized medical professionals involved in your care.

B. Service Providers

Cloud hosting providers (e.g., AWS), analytics and error-monitoring services, notification delivery (e.g., push providers), and technical vendors who support our operations under strict confidentiality agreements.

When you use AI-assisted features, we also share certain information with OpenAI, Inc. as described in Section 10 (Third-Party AI). OpenAI processes data only to provide the AI capabilities we enable—not for their own marketing—and in accordance with our instructions and agreements.

C. Legal Compliance

If required by:

  • Court order
  • Subpoena
  • Government request
  • Public health reporting obligations

D. Business Transfers

In the event of a merger, acquisition, or asset sale.

We do not share PHI for marketing without your explicit authorization.

5. Data Security

We implement reasonable and industry-standard safeguards, including:

  • End-to-end encryption (where applicable)
  • TLS encryption
  • Role-based access control
  • Multi-factor authentication for providers
  • Secure cloud infrastructure
  • Regular security audits

However, no method of transmission over the internet is 100% secure.

6. Your Rights (U.S. Residents)

Depending on applicable laws, you may have the right to:

  • Access your personal information
  • Request correction of inaccurate data
  • Request deletion (subject to medical record retention laws)
  • Receive a copy of your medical records
  • Restrict certain processing
  • Withdraw consent where applicable

If HIPAA applies, you may also:

  • Request an accounting of disclosures
  • Request restrictions on certain disclosures

To exercise your rights, contact us at: contact@ace78.tech

7. Data Retention

We retain health and personal data as required by:

  • HIPAA
  • State medical record retention laws
  • Federal and state healthcare regulations

When no longer required, data will be securely deleted or de-identified.

8. Children’s Privacy

Our Services are not intended for children under 13 without parental consent.

If we become aware that we have collected personal information from a child without verified parental consent, we will take steps to delete such information.

9. Third-Party Services

The Services may rely on third parties, including:

  • Cloud infrastructure (e.g., AWS)
  • Push notification delivery
  • Error monitoring and diagnostics
  • Third-party AI — OpenAI, Inc. (see Section 10) when you use AI-assisted chat, voice, or transcription features

These providers process information according to their privacy policies and our contracts with them. We choose vendors that support healthcare-appropriate security practices where applicable.

10. Third-Party AI and Automated Processing

Ace Health uses third-party artificial intelligence operated by OpenAI, Inc. (“OpenAI”) when you choose or engage AI-assisted features. Data is sent from our secure servers to OpenAI over encrypted connections (TLS). We do not sell your personal or health information to OpenAI.

A. When third-party AI is used

OpenAI may process your information only when you use features such as:

  • AI-assisted text chat — to generate conversational replies in the patient–clinic messaging flow
  • AI voice calls — real-time audio and transcription during an optional voice session
  • Voice message transcription — converting voice messages to text
  • Summaries and triage signals for your care team — generating conversation summaries and priority indicators for clinicians to review (not for autonomous medical decisions)

B. Types of data sent to OpenAI

Depending on the feature you use, we may transmit:

  • Messages and conversation content — text you send in chat, and limited prior messages in the same thread needed for context
  • Voice audio — audio during AI voice calls or from voice messages submitted for transcription
  • Transcripts — text transcriptions of voice calls or voice messages
  • Limited profile context — such as your first name (for voice sessions), date of birth, and chart information your clinic maintains (e.g. known conditions or allergies) when needed to produce summaries for your care team
  • Instructions and configuration — system prompts that require the AI not to diagnose, prescribe, or give medical advice

We limit what is sent to what is reasonably necessary for each feature. Audio and messages may also be stored on our systems as described elsewhere in this policy.

C. OpenAI services we use

Our backend may call OpenAI APIs including language models (e.g., GPT family), the Realtime API for voice sessions, and audio transcription (e.g., Whisper). The specific models may change as we improve the Services.

D. Not medical advice — human oversight

Ace Health is a communication platform between patients and their clinic’s care team—not a replacement for professional medical care.

The AI assistant is designed to:

  • Help gather information and facilitate communication
  • Set expectations that a licensed clinician will review the conversation
  • Not diagnose conditions, prescribe medication, or provide medical advice
  • Encourage you to seek immediate emergency care when symptoms may be urgent (e.g., chest pain, severe difficulty breathing)

AI-generated text, audio replies, and summaries are reviewed by your clinic’s care team where applicable. Clinical decisions are made by licensed professionals, not by the AI alone.

E. Your choices

You can avoid AI features by not initiating AI voice calls and by messaging your care team in ways that do not trigger AI replies (where your clinic configures the product accordingly). If you have questions about how your clinic uses Ace Health, contact them directly or email us at contact@ace78.tech.

For OpenAI’s own practices, see OpenAI’s Privacy Policy .

11. State-Specific Privacy Rights

Residents of certain states (e.g., California) may have additional rights under state privacy laws such as the California Consumer Privacy Act (CCPA), where applicable.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Updates will be posted within the app and updated with a new “Last Updated” date.

13. Contact Us

If you have questions about this Privacy Policy, please contact:

ACE 78 TECHNOLOGIES LLC
525 Randall Ave Ste 100
Cheyenne, WY 82001
contact@ace78.tech