⚖ Legal & Privacy

Privacy Policy &
Your Data Rights

Your privacy is our priority. Learn how we collect, use, and protect your data.

Effective Date: January 1, 2026 Last Updated: May 30, 2026 Contact: [email protected]
← Back to Home
01

Introduction

Continuum Health AI, LLC ("Company," "we," "us," or "our") is committed to protecting your privacy and ensuring transparent data practices. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile application, and services (collectively, the "Platform").

The Platform is designed for professional mentorship, career development, and networking among healthcare professionals. It is not intended to collect, store, or transmit Protected Health Information (PHI). Users agree not to post patient-identifying information through the Platform. Where we engage with institutional customers whose use cases may involve PHI (for example, enterprise deployments), we will execute a Business Associate Agreement (BAA) before any such data is exchanged.

Please read this policy carefully. If you do not agree with our data practices, please discontinue use of the Platform and contact us at [email protected].

02

Information We Collect

2.1 Information You Provide Directly

Account Registration: Name, email address, professional role and discipline (e.g., physician, nurse, pharmacist), specialty, career stage, and institutional affiliation.

Professional Profile: Bio, career goals, mentorship preferences, areas of interest, and optional details such as years of experience and credentials (e.g., MD, DO, RN, NP, PA, PharmD, PT, OT) that you choose to share.

CV / Resume (Optional): If you choose to upload a CV, we process it using our AI provider (see Section 3) to extract a structured summary — specialty, experience, research topics, strengths, and development areas — that powers the matching algorithm.

Messages and Content: Messages you send through the Platform, opportunities you post, and feedback you provide on matches.

2.2 Information Collected Automatically

  • Device Information: Browser type, operating system, and IP address.
  • Usage Information: Pages visited, features used, matches viewed, and time spent on the Platform.

2.3 What We Do Not Collect

We do not collect Social Security numbers, DEA numbers, background check results, drug screening results, patient records, or any Protected Health Information (PHI). The Platform is a mentorship and career-development tool, not a credentialing, employment screening, or clinical system.

03

How We Use Your Information

  • Service Delivery: Create and maintain your account and facilitate mentorship connections.
  • Matching and Recommendations: Our algorithm analyzes your profile, goals, and (if provided) CV to match you with mentors, mentees, and opportunities aligned to your career stage and interests.
  • Communication: Service-related notifications (match activity, messages, account security) and, with your consent, product updates.
  • Platform Improvement: Analyzing usage patterns and match outcomes to improve our algorithms, user experience, and product offerings. Where personal information is used for this purpose, we apply de-identification and aggregation techniques described in Section 5a.
  • Legal and Security: Meeting applicable legal obligations, enforcing our Terms, and monitoring for fraud, abuse, and unauthorized access.

3.1 AI Processing and Model Training

We use Anthropic's Claude API to analyze uploaded CVs and support matching features. Per Anthropic's commercial API terms, content submitted through the API is not used to train Anthropic's foundation models. Content is processed for the specific request and returned to us, and we then store only the structured summary (specialty, experience level, keywords, strengths, research topics) in your profile.

Continuum Health AI does not sell your personal information, and we do not use your personal information to train third-party AI models. We may use de-identified and aggregated data to train or improve our own proprietary algorithms, as described in Section 5a.

04

Information Sharing and Disclosure

We share your information only in the limited circumstances described below.

4.1 Other Platform Users

Information you include in your profile (name, role, specialty, career stage, bio, goals) is visible to other verified users for mentorship matching purposes. Messages you send are visible only to the recipient. You control what you share in your profile and can edit or remove it at any time.

4.2 Service Providers (Subprocessors)

We rely on a small set of vetted subprocessors to operate the Platform. Each is contractually obligated to maintain confidentiality and appropriate security safeguards:

  • Supabase — database, authentication, and file storage (US-hosted infrastructure).
  • Netlify — website hosting and serverless function execution.
  • Anthropic — AI model API used to analyze CVs and support matching features (see Section 3.1).
  • Cloudflare — edge delivery and email-address obfuscation.

A current list of subprocessors is available upon request. We will notify affected users of material changes to our subprocessor list with reasonable advance notice.

4.3 Institutional Customers

If you access the Platform through an employer or institutional subscription, that institution may receive limited administrative information (e.g., active users, aggregate engagement metrics) as described in its agreement with us. We will execute a Business Associate Agreement with an institutional customer before any use case that may involve PHI.

4.4 Legal, Safety, and Business Transfers

  • Legal Requirements: When required by law, court order, subpoena, or valid government request.
  • Safety: To protect the rights, property, or safety of our users, the public, or Continuum Health AI.
  • Business Transfers: In connection with a merger, acquisition, financing, or sale of assets, with prior notice to affected users.

4.5 No Sale of Personal Information

We do not sell or rent personal information to third parties for marketing or advertising purposes.

4.6 Data Location

Personal information is stored and processed on US-based infrastructure. If you access the Platform from outside the United States, you consent to the transfer of your information to the US for processing in accordance with this Policy.

05

Data Retention

We retain personal information for as long as your account is active and as needed to provide the Platform. When you close your account, we delete or anonymize personal information within 90 days, except where longer retention is required for legal, tax, accounting, or legitimate-business purposes (for example, records of transactions, dispute resolution, or compliance with subpoenas).

Encrypted backups may persist for up to 90 additional days before being rotated out.

You may request deletion of your account at any time by contacting [email protected].

05a

De-Identified and Aggregated Data

We may create de-identified or aggregated data from information collected through the Platform — meaning data that has been stripped of direct and indirect identifiers in accordance with the HIPAA Safe Harbor method (where applicable) or otherwise processed so that it no longer reasonably identifies any individual.

We may use, retain, share, publish, sublicense, and commercialize such de-identified or aggregated data for any lawful purpose, on a perpetual and irrevocable basis, including:

  • Improving and training our matching algorithms and proprietary AI systems.
  • Developing new products, features, and analytics.
  • Publishing aggregated research, benchmarks, or industry insights (e.g., trends in healthcare mentorship, career transitions, or research interests).
  • Collaborating with academic, clinical, or commercial research partners.

Because de-identified and aggregated data does not identify any individual, it is not subject to the access, correction, or deletion rights described in Section 6. We will not attempt to re-identify de-identified data, and we contractually prohibit any third party with whom we share it from doing so.

06

Your Privacy Rights (CCPA & GDPR)

6.1 California Privacy Rights (CCPA)

  • Right to Know: Request what personal information we collect, use, share, and sell.
  • Right to Delete: Request deletion of personal information, subject to limited exceptions.
  • Right to Opt-Out: Opt out of the sale or sharing of your personal information.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights.

Submit requests to [email protected]. We respond within 45 days.

6.2 European Privacy Rights (GDPR)

  • Right of Access: Request a copy of your personal data.
  • Right to Rectification: Request correction of inaccurate data.
  • Right to Erasure: Request deletion in certain circumstances.
  • Right to Restrict Processing: Restrict how we use your information.
  • Right to Data Portability: Request your data in a portable format.
  • Right to Object: Object to processing for marketing or profiling.
07

Cookies and Tracking Technologies

  • Essential Cookies: Required for platform functionality and authentication.
  • Analytics Cookies: Help us understand user behavior to improve the Platform.
  • Marketing Cookies: Enable targeted advertising only with your explicit consent.

Most browsers allow you to control cookies through settings. We respect "Do Not Track" signals and do not employ third-party tracking for advertising without explicit consent.

08

Data Security

We take commercially reasonable steps to protect the information entrusted to us. Our current safeguards include:

  • Encryption: Data is encrypted in transit using TLS and at rest using AES-256 through our infrastructure providers.
  • Enterprise-Grade Infrastructure: We rely on Supabase and Netlify, both of which maintain SOC 2 Type II certification and operate on AWS-backed, redundant, geographically distributed infrastructure.
  • Access Controls: Role-based access controls and row-level security policies restrict personal information to the user it belongs to and to a small number of authorized administrators.
  • Authentication: Secure password hashing and session token management provided by Supabase Auth. We are actively working toward adding multi-factor authentication for user accounts.

No security program is perfect. As the Platform matures, we are committed to implementing a formal information-security program that includes independent security assessments, penetration testing, a documented incident-response plan, and workforce security training.

8.1 Breach Notification

If we become aware of a confirmed data breach that affects your personal information, we will notify affected users without undue delay — in any case within 72 hours of confirmation where feasible, consistent with GDPR Article 33 — and comply with all applicable US state breach-notification laws. Notifications will describe what happened, the information involved, and steps you can take to protect yourself.

If you believe your information has been compromised, contact [email protected] immediately.

09

Children's Privacy

Our Platform is not intended for users under 18. We do not knowingly collect personal information from minors. If we learn we have collected information from a child under 18, we will promptly delete it and terminate the account. Parents or guardians should contact [email protected] immediately if they believe this has occurred.

10

Changes to This Privacy Policy

We may update this Privacy Policy as our practices evolve or legal requirements change. Material changes will be communicated by posting the updated policy and revising the "Last Updated" date. Continued use of the Platform after changes constitutes acceptance of the updated policy.

11

Contact Information

Continuum Health AI Privacy Office

📧 [email protected]

📍 Durham, North Carolina

We respond to all privacy inquiries within 10 business days. For GDPR requests include "GDPR Request" in the subject line. For CCPA requests include "CCPA Request."

12

Terms of Service

Our Terms of Service live on a dedicated page so they're easier to read, version, and reference. They cover acceptance, permitted use, user content, intellectual property, subscription billing, disclaimers, limitation of liability, governing law (North Carolina), arbitration, and changes to the terms.

Read the full Terms of Service →

If anything in the Terms conflicts with this Privacy Policy on how we handle personal data, the Privacy Policy controls.