Biome

Privacy Policy

Last Updated: July 12, 2025

1. Introduction

Biome Health, Inc. (“we,” “our,” or “us”) is committed to protecting your privacy and maintaining the confidentiality of your personal and health information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our healthcare technology platform and services (“Service”). We comply with the Health Insurance Portability and Accountability Act (HIPAA) and all applicable privacy laws.

2. HIPAA Compliance

We are fully HIPAA compliant. As a covered entity and/or business associate under HIPAA, we maintain appropriate physical, technical, and administrative safeguards to protect your Protected Health Information (PHI). We use and disclose PHI only as permitted by HIPAA and as described in this Privacy Policy.

3. Information We Collect

We collect information you provide directly to us, including:

  • Personal Information: Name, email address, phone number, date of birth, and other contact information
  • Health Information: Medical history, current health conditions, medications, allergies, past surgeries, symptoms, and other health-related data you provide
  • Account Information: Username, password, and other information used to authenticate your account
  • Usage Data and Analytics: Information about how you interact with our Service, including access times, pages viewed, features used, and other usage patterns
  • Device Information: Information about your mobile device or computer, including IP address, browser type, and operating system

4. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Service
  • Facilitate connections between you and healthcare providers
  • Process appointments and administrative tasks
  • Communicate with you about our Service
  • Ensure the security and integrity of our Service
  • Comply with legal obligations
  • Analyze usage patterns to improve user experience

5. How We Share Your Information

Your health information is only shared with your healthcare provider(s). We do not sell, rent, or share your personal or health information with third parties for their marketing purposes.

We may share your information in the following circumstances:

  • With Your Healthcare Providers: We share relevant health information with the healthcare providers you choose to connect with through our Service
  • With Your Consent: We may share information when you give us explicit permission to do so
  • For Legal Compliance: We may disclose information if required by law, court order, or government regulation
  • To Protect Rights and Safety: We may share information when we believe disclosure is necessary to protect the rights, property, or safety of Biome Health, Inc., our users, or others
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity

6. Data Retention

We retain your personal and health information only for as long as required by HIPAA and other applicable laws. Generally, this means:

  • Health records are retained for a minimum of six (6) years from the date of creation or the date when they were last in effect, whichever is later
  • Some records may be retained longer if required by state law or ongoing legal proceedings
  • Account information is retained for as long as your account is active and for a reasonable period thereafter

When retention periods expire, we securely destroy or de-identify your information in accordance with industry best practices.

7. Your Rights

Under HIPAA and applicable privacy laws, you have the right to:

  • Access: Request access to your personal and health information
  • Amendment: Request corrections to inaccurate or incomplete information
  • Accounting of Disclosures: Request a list of certain disclosures of your health information
  • Restriction: Request restrictions on certain uses and disclosures of your information
  • Confidential Communications: Request that we communicate with you in a certain way or at a certain location
  • Data Portability: Request a copy of your health information in a structured, machine-readable format
  • Deletion: Request deletion of your personal information, subject to legal retention requirements

To exercise any of these rights, please contact us at hello@biome.you.

8. Data Security

We implement appropriate technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and audits
  • Access controls and authentication mechanisms
  • Employee training on privacy and security practices
  • Physical security measures for our facilities and equipment

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

9. Children's Privacy

Our Service is not directed to children under 18. We do not knowingly collect personal information from children under 18 without parental consent. If you are a parent or guardian and believe we have collected information from your child without consent, please contact us.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last Updated” date. For material changes, we will provide additional notice, such as via email or through the Service.

11. Contact Us

If you have questions about this Privacy Policy, your rights, or our privacy practices, please contact us at:

Biome Health, Inc.
Privacy Officer
Email: hello@biome.you

You also have the right to file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights if you believe your privacy rights have been violated.