CIELD — ONLINE

· 10,000+ patients treated· 94% satisfaction rate· Doctor review within 48 hrs· Licensed U.S. providers· FDA-registered pharmacy· 10,000+ patients treated· 94% satisfaction rate· Doctor review within 48 hrs· Licensed U.S. providers· FDA-registered pharmacy

Privacy Policy & Notice of Privacy Practices

Effective date: May 8, 2026

1. Our Commitment to Your Privacy

Cield is committed to protecting the privacy and security of your health information. This Notice describes how we collect, use, and disclose your Protected Health Information (PHI) as required by the Health Insurance Portability and Accountability Act (HIPAA) and applicable state laws. We are required by law to maintain the privacy of your PHI, provide you with this Notice, and follow the terms described herein.

2. Information We Collect

We collect information you provide to deliver telehealth services, including:

Identity information: Name, date of birth, gender, contact details (email, phone, address)
Health information: Medical history, symptoms, current medications, height, weight, BMI, and responses to clinical intake questionnaires
Payment information: Billing address and payment method details (processed securely by Stripe — we do not store card numbers)
Usage information: Pages visited, referral sources, and interactions with our platform for service improvement
Device information: Browser type, IP address, and operating system for security and fraud prevention

3. How We Use Your Health Information

We may use and disclose your PHI for the following purposes:

Treatment: Sharing information with licensed clinicians who review your intake and manage your care
Payment: Processing payments, verifying insurance eligibility, and billing for services rendered
Healthcare operations: Quality improvement, staff training, audits, compliance monitoring, and business operations necessary to deliver care
Required by law: Responding to legally required disclosures, such as court orders, subpoenas, or public health reporting obligations
Health oversight: Cooperating with government health agencies conducting audits, investigations, or inspections
Safety: Reporting suspected abuse or in situations where there is a serious threat to health or safety

We will not use or disclose your PHI for marketing purposes without your written authorization. We will not sell your PHI.

4. Business Associates

We share your PHI only with third-party service providers ("Business Associates") who have signed Business Associate Agreements (BAAs) and are contractually required to protect your information. Our key Business Associates include Supabase (secure database hosting) and Stripe (payment processing). These vendors are prohibited from using your information for any purpose other than providing services to us.

5. How We Protect Your Information

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
Access to PHI is role-based and limited to authorized personnel
All access and changes to health records are logged in a tamper-evident audit trail
We implement rate limiting, intrusion detection, and regular security assessments
Payment card data is never stored on our servers — Stripe handles all card processing in a PCI-DSS compliant environment

6. Your HIPAA Rights

As a patient, you have the following rights regarding your PHI:

Right to Access: You may request a copy of your health records and other PHI we maintain. We will provide access within 30 days of your request. A reasonable fee may apply for copies.
Right to Amendment: If you believe your PHI is inaccurate or incomplete, you may request that we correct or add to your records. We may deny your request if we determine the information is accurate.
Right to Accounting of Disclosures: You may request a list of disclosures of your PHI we have made in the past six years, other than for treatment, payment, or healthcare operations.
Right to Restrict Disclosures: You may request restrictions on how we use or disclose your PHI. We are not required to agree to all requests, but we will consider them in good faith.
Right to Confidential Communications: You may request that we communicate with you about health matters in a specific way or at a specific location (e.g., only by email, not by phone).
Right to a Paper Copy: You may request a paper copy of this Notice at any time, even if you have agreed to receive it electronically.
Right to Data Portability: You may request your health information in an electronic format compatible with common health record systems.

To exercise any of these rights, contact us at care@cield.com.

7. Changes to This Notice

We reserve the right to change this Notice and our privacy practices. Material changes will be posted on this page with a new effective date. Continued use of our services after changes are posted constitutes acceptance of the revised Notice.

8. How to File a Complaint

If you believe your privacy rights have been violated, you may file a complaint with us or with the U.S. Department of Health and Human Services (HHS). We will not retaliate against you for filing a complaint.

Cield Privacy Officer: care@cield.com
HHS Office for Civil Rights: www.hhs.gov/ocr/privacy/hipaa/complaints

9. Contact Us

For questions about this Notice or our privacy practices, contact our Privacy Officer at care@cield.com.