Cerewell respects your privacy and is committed to protecting your health information.
This Privacy Policy explains how we collect, use, share, and protect your information when you use the Cerewell website, mobile application, and related services (collectively, the “Services”). By using the Services, you agree to the terms of this Privacy Policy. If you do not agree, do not use the Services.
1. Introduction
We are committed to safeguarding your information and providing clear choices and control over your data.
2. Information We Collect
- Personal Information: Name, email, date of birth, phone number, account credentials.
- Health Data: Symptoms, medications, diagnoses, lab results, test reports, health notes, doctors, and any other health-related information you enter or upload.
- Device & Technical Data: Device type, operating system, Services usage logs, crash reports.
- Provider Information: Names and contact details of healthcare providers you choose to add.
3. How We Use Your Information
- Provide the Services’ core features (symptom tracking, charting, sharing with providers).
- Facilitate secure communication of health information between you and your chosen healthcare providers.
- Securely store your health data for your use.
- Generate anonymized and aggregated insights for research, analytics, product development, marketing, and other lawful purposes, which may include providing, licensing, or selling such data, or granting access to third parties such as research institutions, healthcare providers, public health organizations, pharmaceutical companies, or other industry partners, in compliance with HIPAA de-identification standards.
- Facilitate AI-generated informational content such as responses, reports, summaries, or suggestions (for example, “Questions to ask your doctor”) powered by OpenAI, LLC (“OpenAI”). Such content is for informational purposes only and may be inaccurate or incomplete and is not a substitute for professional medical advice, diagnosis, or treatment.
- Communicate with you about service updates, security alerts, and support requests.
4. Data Ownership & Control
- You own your identifiable Health Data.
- You control whether and with whom you share your data.
- You may export your health data at any time through the App’s reporting tools.
5. Sharing Your Information
We will only share identifiable Health Data with:
- Providers you explicitly authorize through the Services.
- Our service providers who assist with hosting, analytics, AI services, and secure integrations (all bound by contractual agreements and, where applicable, HIPAA Business Associate Agreements).
- Legal authorities when required by law.
Anonymized Data: We may use and share anonymized, aggregated data for research, analytics, product development, marketing, and other lawful purposes. This may include providing, licensing, or selling such data, or granting access to third parties such as research institutions, healthcare providers, public health organizations, pharmaceutical companies, or other industry partners. This data cannot reasonably be used to identify you and is handled in compliance with HIPAA de-identification standards.
6. HIPAA Compliance
Cerewell implements administrative, physical, and technical safeguards that meet or exceed HIPAA requirements to protect patient health information. This includes encryption in transit and at rest, access controls, and regular security reviews. We will sign a HIPAA Business Associate Agreement (“BAA”) with healthcare providers who use the Doctor Portal upon request.
7. AI-Generated Content
When you use our AI feature, your questions and relevant context are sent to OpenAI, LLC (“OpenAI”) to generate responses. OpenAI uses this information to provide the requested content but does not use it to build or train public models. The AI may produce responses, reports, summaries, or suggestions (for example, “Questions to ask your doctor”). This content is for informational purposes only, may be inaccurate or incomplete, and is not a substitute for professional medical advice, diagnosis, or treatment.
- May be inaccurate or incomplete.
- Are for informational purposes only and are not a substitute for professional medical advice, diagnosis, or treatment.
8. Data Retention & Deletion
- Your identifiable Health Data is retained for as long as your account is active.
- When you close your account, identifiable data is permanently deleted and cannot be recovered.
- Anonymized data is retained for research and analytics purposes.
- You are responsible for exporting any data you wish to keep before deletion.
9. Security Measures
- Encryption in transit and at rest.
- Role-based access controls.
- Regular vulnerability assessments.
10. Children’s Privacy
The Services are not intended for children under 18 without parental or guardian supervision. If a parent or guardian adds a minor’s information, they affirm they have the legal authority to consent to the collection and use of that minor’s data.
11. Payments & Refunds
All patient subscriptions are processed through Apple Services Store or Google Play. Refunds are handled according to their respective policies. Cerewell does not issue refunds for purchases made through Apple or Google.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make significant changes, we will notify you by email and/or require acceptance upon your next login.
13. Contact Us
For questions about this Privacy Policy or your data, email: support@agentbrigade.ai