Ir al contenido

Política de privacidad

IntroductionInformation We CollectInformation You Provide DirectlyInformation Collected AutomaticallyInformation from Third PartiesHow We Use Your InformationHIPAA and Protected Health InformationHow We Share Your InformationData SecurityData RetentionYour Rights and ChoicesAll UsersCalifornia Residents (CCPA/CPRA)HIPAA RightsChildren’s PrivacyInternational Data TransfersChanges to This Privacy PolicyContact UsTalos Health Corp — Privacy Office

Introduction

Talos Health Corp (“Talos Health,” “we,” “us,” or “our”) is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use our Rezilia platform, mobile applications, websites (including taloshealth.com and rezilia.app), and related services (collectively, the “Services”).

Rezilia is an AI-powered caregiver support platform designed to help family caregivers, employers, hospitals, and healthcare systems. Given the sensitive nature of the information involved in caregiving, we take special care to ensure your data is protected in accordance with applicable laws, including the Health Insurance Portability and Accountability Act (“HIPAA”), the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”), and other applicable federal and state privacy laws.

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please do not use our Services. 

Information We Collect

Information You Provide Directly

  • Account Information: Name, email address, phone number, and login credentials when you create an account.
  • Profile Information: Caregiving role, relationship to care recipient, geographic location, employer (if applicable), and communication preferences.
  • Conversational Data: Information you share during interactions with Rezilia’s AI-powered conversational features, including caregiving challenges, emotional state, and support needs.
  • Health-Related Information: Information about caregiving situations that may include health-related details about you or the person you care for. This information may be considered Protected Health Information (PHI) under HIPAA when provided in connection with healthcare services.
  • Support and Communication Data: Information you provide when contacting us for support, submitting feedback, or participating in surveys or research. 

Information Collected Automatically

  • Device and Usage Data: Device type, operating system, browser type, IP address, unique device identifiers, and usage patterns.
  • Cookies and Similar Technologies: We use cookies, web beacons, local storage, and similar technologies as described in our Cookie Notice.
  • Behavioral and Interaction Data: Engagement patterns, feature usage, session duration, navigation paths, and interaction frequency.
  • Analytics Data: Aggregated and de-identified data derived from platform usage to improve our Services and generate insights (e.g., Talos Analytics reports for employers and healthcare systems).

Information from Third Parties

  • Employer-Provided Information: If your employer offers Rezilia as a benefit, they may provide us with basic enrollment information such as your name and work email.
  • Healthcare System Integration: When Rezilia is integrated with a hospital or healthcare system, we may receive referral or discharge information subject to applicable HIPAA authorizations and Business Associate Agreements.
  • Community and Partner Referrals: Information provided through partner organizations when you are referred to our Services.

How We Use Your Information

We use the information we collect for the following purposes:

  • Providing and personalizing our Services, including AI-driven caregiver support, resource recommendations, and behavioral pattern insights.
  • Detecting and responding to conversational distress signals to connect caregivers with appropriate resources.
  • Generating aggregated, de-identified analytics for employers (via Talos Analytics) and healthcare systems to support caregiver workforce programs.
  • Improving the accuracy, safety, and effectiveness of our AI models and platform features.
  • Communicating with you about your account, service updates, and support inquiries.
  • Complying with legal obligations, including HIPAA and applicable state and federal privacy laws.
  • Conducting research and development to enhance caregiver support methodologies, subject to appropriate de-identification and consent.


HIPAA and Protected Health Information

When Talos Health acts as a Business Associate under HIPAA, we are bound by Business Associate Agreements (BAAs) with our Covered Entity partners (such as hospitals, health plans, and healthcare providers). In such cases:

  • We use and disclose PHI only as permitted or required by our BAA and applicable law.
  • We implement administrative, physical, and technical safeguards to protect PHI, including encryption at rest and in transit, role-based access controls, and audit logging.
  • We will report any breach of unsecured PHI in accordance with the HIPAA Breach Notification Rule.
  • We require our subcontractors who access PHI to enter into BAAs and comply with applicable HIPAA requirements.
  • Our infrastructure is hosted on Microsoft Azure with HIPAA-compliant configurations across US-based data centers.

How We Share Your Information

We do not sell your personal information. We may share your information only in the following limited circumstances:

  • With Your Employer (B2B Context): When Rezilia is offered as an employer benefit, we provide aggregated, de-identified analytics to employers. We never share individual employee conversations, health details, or personally identifiable information with employers.
  • With Healthcare Partners: When integrated with hospitals and healthcare systems, we share information only as authorized under HIPAA and applicable BAAs.
  • Service Providers: We use trusted service providers (e.g., Microsoft Azure for cloud hosting) who process data on our behalf under strict contractual obligations.
  • Legal Requirements: We may disclose information when required by law, regulation, legal process, or governmental request.
  • Safety and Protection: We may disclose information when we believe in good faith that disclosure is necessary to protect the safety of any person or address fraud or security issues.
  • Research (De-Identified Only): We may share aggregated, de-identified data for research purposes. Such data cannot reasonably be used to identify any individual.

Data Security

We implement industry-standard security measures to protect your information, including:

  • Encryption of data at rest and in transit (TLS 1.2+, AES-256).
  • Role-based access controls with least-privilege principles.
  • Multi-factor authentication for all administrative access.
  • Regular security assessments and vulnerability scanning.
  • Comprehensive audit logging and monitoring.
  • HIPAA-compliant cloud infrastructure on Microsoft Azure (US-based data centers).
  • Incident response and breach notification procedures in accordance with HIPAA and applicable state breach notification laws.


Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce our agreements.

  • Account Data: Retained for the duration of your active account plus 30 days following account deletion.
  • Conversational Data: Retained for the duration of active service. You may request deletion at any time.
  • HIPAA-Covered Data: Retained for a minimum of six (6) years from the date of creation or last effective date, as required by HIPAA.
  • Analytics Data: De-identified analytics data may be retained indefinitely for research and product improvement.
  • Cookie Data: Session cookies are deleted when you close your browser; persistent cookies are retained for no longer than 13 months.

Your Rights and Choices

All Users

  • Access and review your personal information through your account settings.
  • Update or correct inaccurate information.
  • Delete your account and associated data (subject to legal retention requirements).
  • Opt out of non-essential communications.
  • Manage cookie preferences through our Cookie Notice settings.

California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the CCPA/CPRA, including the right to know what personal information we collect and how it is used, the right to request deletion, the right to opt out of the sale or sharing of personal information (note: we do not sell personal information), and the right to non-discrimination for exercising your privacy rights.

HIPAA Rights

If your information constitutes PHI under HIPAA, you may have additional rights, including the right to access your PHI, request amendments, receive an accounting of disclosures, request restrictions on certain uses, and file a complaint with the U.S. Department of Health and Human Services. Please contact the applicable Covered Entity (e.g., your hospital or health plan) to exercise these rights.


Children’s Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe we have inadvertently collected such information, please contact us immediately.


International Data Transfers

Our Services are primarily hosted in the United States on Microsoft Azure infrastructure. If you access our Services from outside the United States, your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. As we expand into additional jurisdictions, we will implement appropriate data transfer mechanisms (such as Standard Contractual Clauses) to ensure adequate protection.


Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated policy on our website and updating the effective date. Your continued use of our Services after any changes constitutes your acceptance of the updated policy.


Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:


Talos Health Corp — Privacy Office

UCF Business Incubator, Orlando, Florida
1055 AAA Drive, Suite 113
Heathrow FL 32746

Email: privacy@taloshealth.ai
Web: www.taloshealth.ai

For HIPAA-related inquiries, please include “HIPAA Inquiry” in the subject line.