Privacy Policy

Last updated: May 2026

Karpa Health LLC ("Karpa Health," "Karpa," "we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect information when you visit our websites, use our platform, submit information through our forms, communicate with us, or otherwise interact with our services.

Karpa Health provides telehealth infrastructure, software, operational support, intake technology, provider coordination workflows, pharmacy partner workflow coordination, payment workflow support, and related business services. Karpa Health does not provide medical services, prescribe medications, dispense medications, compound medications, manufacture medications, or ship medications.

Clinical services, medical consultations, treatment decisions, prescriptions, and patient care decisions are made solely by independent licensed healthcare providers. Pharmacy services, when applicable, are provided by independent licensed pharmacy partners.

This Privacy Policy applies to information collected through our public website, sales forms, onboarding workflows, customer communications, and platform services. Certain patient information collected through designated healthcare workflows may be subject to additional protections under HIPAA and applicable Business Associate Agreements.

1. Information We Collect

We may collect the following categories of information.

Information You Provide Directly

We may collect information you provide when you fill out a form, request information, book a call, create an account, use our platform, communicate with us, or participate in onboarding. This may include:

  • Name
  • Email address
  • Phone number
  • Business name
  • Website URL
  • Business address
  • Role or title
  • Program interests
  • Payment and billing information
  • Communications with our team
  • Information submitted through intake, onboarding, support, or operational workflows

Business and Partner Information

If you are a customer, partner, brand operator, clinic, provider group, or other business user, we may collect information about your business, including:

  • Business entity information
  • Contact information for authorized users
  • Branding assets
  • Program preferences
  • Service configuration details
  • Provider, pharmacy, or operational workflow preferences
  • Marketing or customer acquisition information you provide to us
  • Information needed to configure your services

Patient or End User Information

Where our platform is used to support healthcare-related workflows, we may collect or process information submitted by or about patients or prospective patients on behalf of our customers, providers, or other authorized parties. This may include:

  • Contact information
  • Date of birth
  • Address
  • Health history
  • Medical questionnaire responses
  • Medication interests
  • Eligibility information
  • Identification information where required
  • Payment-related information
  • Provider review status
  • Pharmacy workflow information
  • Communications and support requests
  • Other information submitted through intake or healthcare workflows

Some of this information may be considered protected health information ("PHI") under HIPAA when collected or processed on behalf of a covered entity or business associate under an applicable Business Associate Agreement.

Payment Information

We may collect billing and transaction information related to setup fees, platform fees, subscriptions, consultations, administrative services, or other eligible services.

Payment information may be processed by third-party payment processors. We do not store full payment card numbers unless expressly stated and supported by a compliant payment processor. Payment availability may vary based on program structure, processor approval, applicable law, and third-party requirements.

Automatically Collected Information

When you visit our website or use our services, we may automatically collect certain information, including:

  • IP address
  • Device type
  • Browser type
  • Operating system
  • Referring URLs
  • Pages viewed
  • Time spent on pages
  • Clickstream data
  • Approximate location derived from IP address
  • Cookies, pixels, and similar tracking technologies

Cookies and Tracking Technologies

We may use cookies, pixels, tags, scripts, and similar technologies to operate our website, analyze traffic, improve our services, remember preferences, measure advertising performance, and support marketing campaigns.

These technologies may be provided by third parties such as analytics providers, advertising platforms, customer relationship management tools, scheduling tools, and website hosting providers.

You can control cookies through your browser settings. Disabling cookies may affect website functionality.

2. Website Information vs. Healthcare Workflow Information

Information collected through our public marketing website, sales forms, newsletter forms, demo requests, advertising campaigns, or general business communications is generally treated as business or marketing information.

Information submitted through designated patient intake, provider review, pharmacy workflow, or healthcare-related platform workflows may be treated differently and may be subject to HIPAA, applicable Business Associate Agreements, healthcare privacy laws, and additional contractual requirements.

Submitting information through a general website form does not automatically mean that the information is protected health information under HIPAA. HIPAA protections generally apply when information is collected, created, received, maintained, or transmitted by or on behalf of a covered entity or business associate in connection with healthcare services.

3. How We Use Information

We may use information for the following purposes:

  • To provide, operate, maintain, and improve our website and services
  • To respond to inquiries and demo requests
  • To evaluate potential customers, partners, providers, pharmacies, or vendors
  • To onboard customers and configure services
  • To provide platform access and administrative support
  • To coordinate provider review workflows where applicable
  • To coordinate pharmacy partner workflows where applicable
  • To process payments and manage billing
  • To communicate service updates, operational notices, and support messages
  • To send marketing communications where permitted
  • To personalize website and service experiences
  • To analyze usage and improve performance
  • To monitor security and prevent fraud
  • To comply with legal, regulatory, contractual, and payment processor requirements
  • To enforce our Terms of Service and other agreements
  • To protect the rights, safety, and property of Karpa Health, our users, customers, providers, pharmacy partners, and others

4. How We Share Information

We may share information with the following categories of recipients.

Customers and Authorized Business Users

If our services are provided for a business customer or partner, information submitted through that customer's workflows may be shared with that customer and its authorized users, subject to applicable agreements and permissions.

Licensed Healthcare Providers

Where applicable, patient or prospective patient information may be shared with independent licensed healthcare providers for intake review, eligibility review, consultation, treatment decisions, prescription decisions, follow-up, documentation, and related healthcare services.

Karpa Health does not make clinical decisions.

Pharmacy Partners

Where applicable, information may be shared with independent licensed pharmacy partners as necessary to support pharmacy review, prescription fulfillment, dispensing, shipping, patient support, adverse event handling, compliance, and related operational requirements.

Karpa Health does not dispense, compound, manufacture, or ship medications.

Service Providers

We may share information with vendors and service providers that help us operate our business, including:

  • Website hosting providers
  • Cloud infrastructure providers
  • CRM and sales tools
  • Email and communication platforms
  • Scheduling tools
  • Payment processors
  • Analytics providers
  • Advertising platforms
  • Customer support tools
  • Security and fraud prevention providers
  • Legal, accounting, compliance, and professional advisors
  • Data storage and workflow automation providers

These service providers may only use information as permitted by our agreements with them and applicable law.

Payment Processors

We may share information with payment processors to process payments, prevent fraud, manage subscriptions, comply with processor rules, and support billing operations.

Payment processing is subject to the terms and privacy practices of the applicable payment processor.

Legal and Compliance Disclosures

We may disclose information when we believe disclosure is necessary or appropriate to:

  • Comply with applicable law, regulation, legal process, subpoena, or government request
  • Enforce our agreements
  • Respond to claims or disputes
  • Protect our rights, safety, or property
  • Protect the rights, safety, or property of others
  • Detect, prevent, or address fraud, security, or technical issues
  • Comply with healthcare, privacy, payment processing, tax, or corporate obligations

Business Transfers

We may disclose or transfer information in connection with a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar business transaction.

5. HIPAA and Protected Health Information

Karpa Health may act as a business associate or subcontractor business associate when it creates, receives, maintains, or transmits protected health information on behalf of a covered entity or another business associate.

When required, Karpa Health enters into Business Associate Agreements that govern our use and disclosure of PHI. In those cases, our use and disclosure of PHI is governed by the applicable Business Associate Agreement, HIPAA, and other applicable healthcare privacy laws.

To the extent there is a conflict between this Privacy Policy and an applicable Business Associate Agreement with respect to PHI, the Business Associate Agreement will control.

Karpa Health is designed to support HIPAA-compliant workflows when used by covered entities and business associates under an applicable Business Associate Agreement. However, customers are responsible for using the services in accordance with applicable laws, professional obligations, and contractual requirements.

6. Marketing Communications

We may use contact information to send marketing emails, newsletters, product updates, educational content, offers, and other business communications.

You may unsubscribe from marketing emails by using the unsubscribe link in the email or by contacting us. Even if you opt out of marketing communications, we may still send transactional, legal, security, billing, or service-related messages.

7. SMS and Phone Communications

If you provide your phone number, we may contact you by phone or text message for sales, onboarding, support, operational updates, or other service-related purposes.

Where required by law, we will obtain appropriate consent before sending marketing text messages. Message and data rates may apply. You may opt out of text messages by replying STOP or following other instructions provided in the message.

8. Advertising and Analytics

We may use third-party analytics and advertising tools to understand website traffic, improve our services, measure advertising performance, and market our services.

These tools may collect information through cookies, pixels, tags, and similar technologies. This information may be used to provide measurement services, targeted advertising, retargeting, and analytics.

Depending on your location, you may have the right to opt out of certain targeted advertising or data sharing practices.

9. Do Not Sell or Share Personal Information

Karpa Health does not sell personal information for money.

Certain privacy laws define "sale" or "sharing" broadly to include some advertising, analytics, or retargeting activities involving third-party cookies or pixels. To the extent our use of these technologies is considered a "sale" or "sharing" under applicable law, eligible users may have the right to opt out.

You may submit an opt-out request by contacting us at [email protected] or using any "Do Not Sell or Share My Personal Information" link we make available where required.

10. Data Retention

We retain information for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention periods may vary depending on the type of information, the context in which it was collected, legal and regulatory requirements, contractual obligations, business needs, dispute resolution, security requirements, and backup practices.

Healthcare-related information may be retained in accordance with applicable provider, customer, legal, regulatory, contractual, or Business Associate Agreement requirements.

11. Security

We use administrative, technical, and physical safeguards designed to protect information against unauthorized access, loss, misuse, disclosure, alteration, or destruction.

These safeguards may include access controls, encryption, logging, authentication, vendor review, data minimization, and other security measures.

No system or method of transmission is completely secure. We cannot guarantee absolute security of information.

12. Your Privacy Choices

Depending on your location and applicable law, you may have rights to:

  • Access the personal information we maintain about you
  • Request correction of inaccurate information
  • Request deletion of information
  • Request a copy of your information
  • Opt out of certain marketing communications
  • Opt out of certain targeted advertising, sale, or sharing activities
  • Limit certain uses of sensitive personal information where applicable
  • Appeal certain decisions where required by law

To exercise these rights, contact us at [email protected].

We may need to verify your identity before processing your request. We will not discriminate against you for exercising privacy rights.

Some requests may be limited by legal, regulatory, contractual, security, healthcare, or operational requirements.

13. California Privacy Notice

This section applies to California residents to the extent the California Consumer Privacy Act, as amended by the California Privacy Rights Act, applies to Karpa Health.

Categories of Personal Information We May Collect

We may collect the following categories of personal information:

  • Identifiers, such as name, email address, phone number, IP address, business contact information, and account information
  • Commercial information, such as services requested, billing information, transaction history, and program interests
  • Internet or network activity, such as website usage, device information, browser information, and interaction with our website
  • Geolocation information, such as approximate location derived from IP address
  • Professional or employment-related information, such as job title, company name, and business role
  • Sensitive personal information, where submitted through healthcare-related workflows or otherwise provided, such as health-related information, date of birth, identification information, or payment information
  • Inferences, such as service interests, lead scoring, or marketing preferences
  • Other information you provide to us

Sources of Personal Information

We may collect personal information from:

  • You directly
  • Your business or organization
  • Patients or prospective patients using customer workflows
  • Providers, pharmacies, vendors, or partners
  • Website analytics tools
  • Advertising platforms
  • CRM, scheduling, and communication tools
  • Payment processors
  • Publicly available sources
  • Other third parties where permitted

Purposes for Collection, Use, and Disclosure

We collect, use, and disclose personal information for the business and commercial purposes described in this Privacy Policy, including providing services, responding to inquiries, onboarding customers, supporting healthcare-related workflows, processing payments, marketing, analytics, security, compliance, and legal obligations.

Categories of Third Parties to Whom We Disclose Personal Information

We may disclose personal information to:

  • Customers and authorized users
  • Licensed healthcare providers
  • Pharmacy partners
  • Payment processors
  • Cloud hosting and technology providers
  • Analytics and advertising providers
  • CRM, support, and communication vendors
  • Professional advisors
  • Government authorities or other parties when required by law
  • Parties involved in a business transfer

Sale or Sharing

We do not sell personal information for money. We may use advertising or analytics technologies that could be considered "sharing" or "sale" under California law. California residents may opt out of such sale or sharing by contacting us at [email protected] or using any required opt-out mechanism made available on our website.

Sensitive Personal Information

We do not use or disclose sensitive personal information for purposes other than those permitted by applicable law, such as providing requested services, security, fraud prevention, legal compliance, or healthcare-related workflows where applicable.

California Rights

California residents may have the right to:

  • Know what personal information we collect, use, disclose, sell, or share
  • Access personal information
  • Correct inaccurate personal information
  • Delete personal information
  • Opt out of sale or sharing
  • Limit certain uses of sensitive personal information
  • Not be discriminated against for exercising privacy rights

To exercise these rights, contact us at [email protected].

Authorized agents may submit requests on behalf of California residents where permitted by law. We may require verification of the resident's identity and the agent's authority.

14. Other State Privacy Rights

Residents of certain states may have additional privacy rights under applicable state privacy laws. These rights may include access, correction, deletion, portability, opt-out of targeted advertising, opt-out of sale, and appeal rights.

To exercise applicable state privacy rights, contact us at [email protected].

15. Children's Privacy

Our website and services are not directed to children under 13, and we do not knowingly collect personal information from children under 13.

If you believe a child has provided personal information to us, contact us at [email protected], and we will take appropriate steps to delete the information where required.

Healthcare-related services involving minors, if any, must be handled by licensed healthcare providers and in accordance with applicable law, consent requirements, and customer/provider workflows.

16. Third-Party Websites and Services

Our website and services may link to third-party websites, platforms, providers, pharmacies, payment processors, scheduling tools, or other services.

We are not responsible for the privacy practices, content, policies, or security of third-party websites or services. Your use of third-party services is subject to their terms and privacy policies.

17. International Users

Karpa Health is based in the United States and our services are intended primarily for users located in the United States.

If you access our services from outside the United States, your information may be transferred to, stored in, and processed in the United States or other jurisdictions where our service providers operate.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last Updated" date above.

If we make material changes, we may provide additional notice where required by law, such as by posting a notice on our website or contacting you directly.

Your continued use of our website or services after an updated Privacy Policy is posted means you acknowledge the updated Privacy Policy.

19. Contact Us

If you have questions about this Privacy Policy or want to exercise privacy rights, contact us at:

Karpa Health LLC
Email: [email protected]
Website: https://karpahealth.com

For healthcare-related privacy requests involving a provider, clinic, customer, or pharmacy partner, we may direct you to the applicable covered entity, provider, customer, or pharmacy partner as required by law or contract.