Privacy Policy

Effective Date: February 9, 2026 · Last Updated: February 9, 2026

TrueTime Health, Inc. (“TrueTime Health,” “we,” “us,” or “our”) is committed to protecting the privacy and security of individuals who use our platform at https://truetime.health (the “Platform”). This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website, submit information, or interact with the Platform in any capacity.

TrueTime Health provides healthcare-at-home eligibility verification and clearance services connecting patients, family members, healthcare consultants, referral sources, and home health agencies. Because our services involve health-related information, we take our privacy obligations seriously and comply with applicable federal and state privacy laws, including the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), applicable state consumer privacy and data protection laws, and other relevant regulations in the jurisdictions where we operate.

By accessing or using the Platform, you consent to the practices described in this Privacy Policy.

Information We Collect

Information You Provide Directly

We collect information that you voluntarily provide through the Platform, including:

  • Account Information: Name, email address, phone number, and login credentials when creating or managing an account.
  • Patient Information: Date of birth, insurance details, physician information, and demographic information submitted during the eligibility verification process.
  • Medical Documentation: Documents uploaded for eligibility determination, including physician orders, insurance cards, referral forms, clinical notes, and related materials.
  • Family and Caregiver Information: Names and contact details of family members, caregivers, or authorized representatives you choose to associate with a case.
  • Communications: Messages, phone numbers, and other information you provide when contacting us, requesting assistance, or using Platform support features (including the “May we help?” option).

Information Collected Automatically

When you access or use the Platform, we may automatically collect:

  • Device and Browser Information: IP address, browser type, operating system, device identifiers, and similar technical information.
  • Usage Data: Pages visited, features used, timestamps, clickstream data, and referring URLs.
  • Cookies and Similar Technologies: Cookies and related technologies used to maintain sessions, support security, remember preferences, and improve Platform functionality.

Information from Third Parties

We may receive information from home health agencies, referral sources, healthcare providers, or consultants who participate in your eligibility case, but only as necessary to facilitate eligibility verification, clearance generation, and care coordination.

How We Use Your Information

We use the information we collect for the following purposes:

  • Eligibility Verification: To review submitted information and documentation, apply TrueTime Extraction technology, and support human-verified eligibility determinations.
  • Care Coordination: To generate clearance records, facilitate patient consent, and route eligible cases to appropriate home health agencies when authorized.
  • Communication: To respond to inquiries, provide case updates, and contact you or your designated representatives regarding eligibility status.
  • Platform Operations: To operate, maintain, secure, and improve the Platform, including monitoring performance, troubleshooting, and internal analytics.
  • Compliance and Protection: To comply with legal obligations, enforce our terms, prevent misuse, and protect the rights, safety, and property of TrueTime Health, our users, and others.

How We Share Your Information

We do not sell your personal information. We share information only in the circumstances described below.

With Your Consent

When you provide explicit authorization during the eligibility process, we share your case information — including clearance records and supporting documentation — with home health agencies for the purpose of arranging care. You may withdraw consent at any time by contacting us, although withdrawal may affect our ability to complete care routing.

With Service Providers

We engage trusted third-party service providers to support Platform operations, including cloud infrastructure, data processing, and communications. These providers are contractually obligated to protect your information and use it only for authorized purposes.

Our Platform infrastructure is hosted on HIPAA-eligible Google Cloud Platform services configured under executed Business Associate Agreements (BAAs) where required.

With Healthcare Consultants

Licensed healthcare consultants who participate in eligibility review may access submitted documentation and extracted data solely to perform or verify eligibility determinations within the Platform.

For Legal and Compliance Purposes

We may disclose information if required by law, subpoena, court order, or governmental request, or if we believe disclosure is reasonably necessary to protect our rights, prevent fraud, ensure safety, or respond to legal obligations.

In Connection with Business Transfers

If TrueTime Health is involved in a merger, acquisition, reorganization, or sale of assets, information may be transferred as part of that transaction. We will notify users of any material change and applicable choices regarding their information.

HIPAA Compliance

When processing Protected Health Information (“PHI”) on behalf of covered entities such as home health agencies or healthcare providers, TrueTime Health operates as a Business Associate under HIPAA.

In this capacity, we:

  • Maintain Business Associate Agreements with covered entities and applicable subcontractors.
  • Implement administrative, physical, and technical safeguards in accordance with the HIPAA Security Rule.
  • Limit use and disclosure of PHI to the minimum necessary for the intended purpose.
  • Maintain audit logs of access to and actions taken on PHI.
  • Report breaches of unsecured PHI in accordance with the HIPAA Breach Notification Rule.
  • Designate a Privacy Officer — currently Sumit Arora, Founder & CEO — responsible for overseeing HIPAA privacy compliance, handling privacy-related inquiries, and managing breach notification procedures.

In certain contexts — such as when individuals submit information directly without involvement of a covered entity — TrueTime Health may act as an independent service provider rather than as a Business Associate.

Data Security

We use industry-standard safeguards to protect information, including:

  • Encryption of data in transit (TLS/SSL) and at rest.
  • Role-based access controls aligned with user roles (patient, consultant, agency, administrator).
  • Comprehensive audit logging of document access, eligibility actions, and routing events.
  • Continuous infrastructure monitoring and regular security assessments.
  • Secure authentication mechanisms for all accounts.

No system can guarantee absolute security, but we are committed to promptly addressing and mitigating any security incidents.

Data Retention

We retain information only as long as necessary to fulfill the purposes described in this Privacy Policy and to comply with legal obligations.

  • Eligibility and clearance records: Retained for a minimum of six (6) years from the final eligibility determination, consistent with HIPAA requirements.
  • Account information: Retained while the account remains active and for a reasonable period thereafter.
  • Usage and technical data: May be retained in aggregated or de-identified form for analytics and Platform improvement.

You may request deletion of your account and associated data. Deletion requests will be honored to the extent permitted by law and do not apply to records we are required to retain under HIPAA or other legal obligations.

Your Rights and Choices

Depending on your jurisdiction, you may have the right to:

  • Request access to your personal information.
  • Request correction of inaccurate or incomplete data.
  • Request deletion of personal information (subject to legal retention requirements).
  • Request a portable copy of your data.
  • Opt out of non-essential communications.
  • Withdraw consent for information sharing.

For HIPAA-covered information, you may also request an accounting of disclosures and request restrictions on certain uses of your PHI.

To exercise these rights, contact us using the information below.

State-Specific Privacy Rights

TrueTime Health operates nationally and is committed to complying with applicable state privacy and data protection laws. Depending on where you reside, you may have additional rights under state law. Below is a summary of key state frameworks and the rights they provide.

California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA/CPRA”), may provide you with additional rights, including:

  • Right to Know: You may request the categories and specific pieces of personal information we have collected, the sources of collection, the business purposes for collection, and the categories of third parties with whom we share information.
  • Right to Delete: You may request deletion of your personal information, subject to certain legal exceptions.
  • Right to Correct: You may request correction of inaccurate personal information.
  • Right to Opt Out of Sale or Sharing: We do not sell personal information or share it for cross-context behavioral advertising. No opt-out action is required.
  • Right to Limit Use of Sensitive Personal Information: You may request that we limit the use of sensitive personal information to purposes necessary to provide the services you have requested.
  • Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To the extent TrueTime Health processes information that is governed by HIPAA, such information may be exempt from certain CCPA/CPRA requirements. We will clearly inform you which framework applies to your information upon request.

Texas Residents (TDPSA)

If you are a Texas resident, the Texas Data Privacy and Security Act (“TDPSA”) may provide you with additional rights, including:

  • Right to Access: You may confirm whether we are processing your personal data and access that data.
  • Right to Correct: You may request correction of inaccurate personal data.
  • Right to Delete: You may request deletion of personal data you have provided to us or that we have obtained about you.
  • Right to Data Portability: You may request a copy of your personal data in a portable, readily usable format.
  • Right to Opt Out: You may opt out of the processing of personal data for targeted advertising, the sale of personal data, or profiling that produces legal or similarly significant effects.
  • Right to Appeal: If we deny your request, you have the right to appeal the decision.

New York Residents (SHIELD Act)

The New York Stop Hacks and Improve Electronic Data Security Act (“SHIELD Act”) requires businesses that hold private information of New York residents to implement reasonable data security safeguards. TrueTime Health maintains the administrative, technical, and physical safeguards described in this Privacy Policy to comply with SHIELD Act requirements. In the event of a data breach involving your private information, we will notify you in accordance with New York notification requirements.

Virginia Residents (VCDPA)

If you are a Virginia resident, the Virginia Consumer Data Protection Act (“VCDPA”) may provide you with additional rights, including:

  • Right to Access: You may confirm whether we are processing your personal data and access that data.
  • Right to Correct: You may request correction of inaccuracies in your personal data.
  • Right to Delete: You may request deletion of personal data you have provided or that we have obtained.
  • Right to Data Portability: You may request a copy of your personal data in a portable format.
  • Right to Opt Out: You may opt out of the processing of personal data for targeted advertising, sale, or profiling.
  • Right to Appeal: If we decline your request, you may appeal the decision, and we will respond within sixty (60) days.

Colorado Residents (CPA)

If you are a Colorado resident, the Colorado Privacy Act (“CPA”) may provide you with additional rights, including:

  • Right to Access: You may confirm whether we are processing your personal data and access that data.
  • Right to Correct: You may request correction of inaccuracies.
  • Right to Delete: You may request deletion of personal data.
  • Right to Data Portability: You may obtain a copy of your personal data in a portable format.
  • Right to Opt Out: You may opt out of targeted advertising, sale of personal data, or certain profiling.

Connecticut Residents (CTDPA)

If you are a Connecticut resident, the Connecticut Data Privacy Act (“CTDPA”) provides rights similar to those described above for Virginia and Colorado residents, including rights to access, correct, delete, and obtain a portable copy of your personal data, as well as the right to opt out of targeted advertising, sale, and profiling.

Other States

Additional states have enacted or may enact consumer privacy legislation, including but not limited to Oregon, Montana, Iowa, Indiana, Tennessee, Delaware, New Hampshire, New Jersey, Nebraska, Kentucky, Maryland, Minnesota, and Rhode Island. TrueTime Health is committed to monitoring and complying with emerging state privacy laws as they take effect.

If you are a resident of any state with applicable privacy legislation and wish to exercise your rights, please contact us at the address below. We will respond to verified requests within the timeframes required by applicable law.

Exercising State-Specific Rights

To submit a request under any applicable state privacy law:

  • Email us at admin@truetime.health with the subject line “State Privacy Request.”
  • Include your full name, state of residence, and a description of the right you wish to exercise.
  • We may ask you to verify your identity before fulfilling a request to protect your information.
  • We will respond to verified requests within the timeframes required by applicable state law (generally 30 to 45 days, with extensions where permitted).

We do not charge a fee for processing privacy requests unless a request is manifestly unfounded, excessive, or repetitive, as permitted by applicable law.

Cookies and Tracking Technologies

We use cookies and similar technologies to support Platform functionality and performance:

  • Essential Cookies: Required for security, authentication, and core functionality.
  • Analytics Cookies: Used to understand usage patterns and improve the Platform.

We do not use cookies for behavioral advertising or cross-site tracking. You may control cookie preferences through your browser settings, though disabling essential cookies may limit functionality.

Children's Privacy

Accounts must be created by individuals aged 18 or older. Patient information submitted through the Platform may relate to minors when provided by a parent, legal guardian, or authorized caregiver. We do not knowingly collect personal information directly from children without appropriate authorization.

Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. When material changes occur, we will update the “Last Updated” date and provide notice through the Platform or by email where appropriate.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact:

TrueTime Health, Inc.

Privacy Officer: Sumit Arora, Founder & CEO

Email: admin@truetime.health

Website: https://truetime.health

For HIPAA-related inquiries, breach notifications, or to exercise rights regarding Protected Health Information, please contact our Privacy Officer at the email address above.

© 2026 TrueTime Health, Inc. All rights reserved.