Privacy Policy

Effective Date: March 26, 2026

Last Updated: March 26, 2026

BloomPath Health, Inc. ("BloomPath," "we," "us," or "our") is committed to protecting the privacy of our website visitors, patients, families, and healthcare partners. This Privacy Policy describes how we collect, use, disclose, and protect your information when you visit our website at bloompathhealth.com (the "Site") or interact with our services.

If you are a patient or parent/caregiver enrolled in our clinical program, our collection and use of your Protected Health Information ("PHI") is also governed by our HIPAA Notice of Privacy Practices, which takes precedence over this Privacy Policy where applicable.

Contents

  1. Information We Collect
  2. How We Use Your Information
  3. Cookies and Analytics
  4. How We Share Your Information
  5. Data Security
  6. Data Retention
  7. Your Rights
  8. Children's Privacy
  9. California Privacy Rights
  10. Third-Party Services
  11. Changes to This Policy
  12. Contact Us

1. Information We Collect

Information You Provide Directly

We collect information you voluntarily provide when you:

  • Join our waitlist: name, email address, state, and role (parent, clinician, payer, etc.)
  • Submit a provider referral: provider name, practice name, provider email and phone, patient first name, patient age, parent/caregiver contact information, and reason for referral
  • Submit a family enrollment form: parent/caregiver name, email, phone, state, child's first name, child's age, pediatrician name, insurance information, referral source, and any additional notes
  • Contact us by email: your name, email address, and the content of your message

Information Collected Automatically

When you visit our Site, we automatically collect certain information through cookies and analytics tools, including:

  • IP address (anonymized where possible)
  • Browser type and version
  • Operating system
  • Pages visited, time spent on pages, and navigation patterns
  • Referring URL (how you arrived at our Site)
  • Device type (desktop, mobile, tablet)
  • Approximate geographic location (city/region level, derived from IP)

Information We Do Not Collect on This Site

Our website does not collect Protected Health Information (PHI) such as medical diagnoses, treatment records, lab results, or detailed health histories. If you enroll in our clinical program, PHI will be collected through our secure clinical platform, governed by our HIPAA Notice of Privacy Practices.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • To respond to your inquiries: processing waitlist signups, referrals, and enrollment requests
  • To provide our services: connecting families with our clinical care team, coordinating with referring providers
  • To communicate with you: sending confirmations, updates about our program, and responding to questions
  • To improve our Site: understanding how visitors use our website, identifying technical issues, and improving user experience
  • To ensure security: detecting and preventing fraud, spam, and unauthorized access
  • To comply with legal obligations: responding to lawful requests from government authorities and meeting regulatory requirements

We do not sell your personal information. We do not use your information for targeted advertising.

3. Cookies and Analytics

What Are Cookies

Cookies are small text files stored on your device when you visit a website. They help us understand how you interact with our Site and improve your experience.

Cookies We Use

Type Purpose Duration
Essential Required for basic site functionality (e.g., form submission state) Session
Analytics Help us understand site usage patterns via PostHog Up to 1 year

PostHog Analytics

We use PostHog, Inc., a product analytics platform, to understand how visitors use our Site. PostHog collects information such as pages visited, clicks, scroll depth, session duration, and device information. This data is processed on PostHog's US-based cloud infrastructure.

PostHog does not collect personally identifiable information unless you provide it through a form. Analytics data is used solely to improve our website and user experience.

You can learn more about PostHog's privacy practices at posthog.com/privacy.

Google Fonts

Our Site loads typefaces (Playfair Display and DM Sans) from Google Fonts. When you visit our Site, your browser makes a request to Google's servers, which may log your IP address. Google's privacy policy governs this data collection. We do not receive any personal data from Google Fonts.

Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to block or delete cookies. Note that disabling cookies may affect the functionality of our Site.

  • Chrome: Settings > Privacy and Security > Cookies
  • Firefox: Settings > Privacy & Security > Cookies
  • Safari: Preferences > Privacy > Manage Website Data
  • Edge: Settings > Cookies and Site Permissions

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share your information in the following limited circumstances:

  • Service providers: We work with trusted third-party service providers who assist us in operating our Site and delivering our services (e.g., PostHog for analytics, email service providers). These providers are contractually obligated to protect your information and use it only for the purposes we specify.
  • Healthcare providers: If you are referred to us by a pediatrician or other healthcare provider, we may share information about your enrollment status and care progress with that referring provider, subject to your consent and applicable law (including HIPAA).
  • Legal requirements: We may disclose your information if required by law, regulation, legal process, or governmental request.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change.
  • With your consent: We may share your information for other purposes with your explicit consent.

5. Data Security

We implement administrative, technical, and physical safeguards to protect your information, including:

  • Encryption of data in transit (TLS/HTTPS on all pages)
  • Access controls limiting who within our organization can access your information
  • Regular review of our data collection, storage, and processing practices
  • Use of HIPAA-compliant systems for any Protected Health Information

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially reasonable means to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

  • Waitlist and inquiry data: retained until you request removal or for up to 3 years from the date of collection
  • Referral and enrollment data: retained for as long as necessary to provide services, plus any period required by healthcare regulations
  • Analytics data: retained in accordance with PostHog's data retention policies
  • Clinical records (PHI): retained in accordance with applicable state and federal healthcare record retention requirements (typically 7-10 years)

7. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: request a copy of the personal information we hold about you
  • Correction: request that we correct inaccurate or incomplete information
  • Deletion: request that we delete your personal information, subject to legal and regulatory exceptions
  • Opt-out of analytics: disable cookies in your browser or use a browser extension to block tracking
  • Withdraw consent: where processing is based on consent, you may withdraw that consent at any time

To exercise any of these rights, contact us at privacy@bloompathhealth.com. We will respond within 30 days.

For rights related to your Protected Health Information, please see our HIPAA Notice of Privacy Practices.

8. Children's Privacy

Our website is not directed to children under 13. We do not knowingly collect personal information from children under 13 through our website. Our clinical services serve children ages 6-17, but enrollment and data submission is performed by parents or legal guardians.

If we learn that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information promptly. If you believe we have inadvertently collected such information, please contact us at privacy@bloompathhealth.com.

9. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with additional rights, including:

  • The right to know what personal information we collect, use, and disclose
  • The right to request deletion of your personal information
  • The right to opt out of the sale or sharing of your personal information (we do not sell or share your personal information for cross-context behavioral advertising)
  • The right to non-discrimination for exercising your privacy rights

To exercise these rights, contact us at privacy@bloompathhealth.com or write to us at the address below.

Note: HIPAA-covered medical information is exempt from the CCPA/CPRA. For rights related to your health information, see our HIPAA Notice of Privacy Practices.

10. Third-Party Services

Our Site may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

Third-party services currently used on our Site:

Service Purpose Data Shared
PostHog Product analytics Page views, clicks, device info, anonymized IP
Google Fonts Typography IP address (via font request)

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. When we make material changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this page periodically.

If we make material changes that affect how we handle PHI, we will also update our HIPAA Notice of Privacy Practices.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

BloomPath Health, Inc.

Email: privacy@bloompathhealth.com

General inquiries: support@bloompathhealth.com

Note: This Privacy Policy is provided for informational purposes and was drafted as a starting point for BloomPath Health, Inc. It should be reviewed by a qualified attorney to ensure compliance with all applicable federal and state laws before being relied upon as a legal document.