Privacy Policy

1) Who we are

This Privacy Policy explains how Ambulant+ and its affiliated entities (collectively, “Cloven Technology,” “we,” “us”) collect, use, disclose, transfer, store, and protect your personal information when you use our websites, mobile applications, patient and clinician portals, connected device integrations (IoMT), and related services (collectively, the “Services”).

Ambulant+ is a healthcare technology platform supporting virtual consultations, care coordination, integrated logistics (e.g., e-prescription fulfillment and delivery; lab logistics), and optional connected device data streaming for remote monitoring.

Important: Ambulant+ is not an emergency service. If you believe you are experiencing a medical emergency, contact your local emergency number immediately.

2) Scope and roles (Controller / Operator)

Depending on how you use the Services, we may act as a data controller / responsible party (deciding why and how data is processed) or as an operator / processor (processing data on behalf of a clinic, clinician, employer program, insurer, or partner). Where we act as a processor/operator, the relevant partner’s privacy notices may also apply.

Clinicians on Ambulant+ may operate as independent healthcare providers or under clinics/practices. They may have their own recordkeeping and privacy obligations under applicable healthcare regulations and professional rules. We encourage you to review any provider or clinic notices presented to you in the Services.

3) Information we collect

4) Sensitive health data

Health information is generally considered sensitive or “special category” data. We handle it with heightened safeguards and only process it when a lawful basis applies (for example: to provide healthcare services you request, with your consent, to comply with legal obligations, or as permitted by applicable health laws).

5) How we use information

• To provide the Services: create accounts, authenticate users, enable virtual visits, manage scheduling, support messaging, store and display your health records and documents, and enable connected device features you activate.
• Clinical safety & care continuity: support clinician workflows, documentation, clinical reconciliation, and continuity across visits.
• Operations: customer support, quality assurance, incident response, platform reliability, performance monitoring, and capacity planning.
• Security & fraud prevention: detect suspicious activity, prevent abuse, protect accounts, and maintain audit logs.
• Billing & finance: process payments, generate invoices/receipts, manage refunds/chargebacks, perform accounting and financial reporting.
• Compliance & legal: meet regulatory obligations, respond to lawful requests, enforce terms, and handle disputes.
• Product improvement: improve features and usability; where feasible, we use aggregated or de-identified data for analytics and research-like insights.
• InsightCore / AI-assisted features: generate wellness/clinical insights, surface trends, and support clinician review and feedback loops. We do not intend for AI output to replace clinician judgement.

6) Legal bases (high-level)

Depending on your location and how you use the Services, our processing is based on one or more of the following: performance of a contract (providing the Services), your consent (for optional features and sensitive data where required), compliance with legal obligations, protection of vital interests, legitimate interests (security, fraud prevention, service improvement), and where applicable, health-related lawful bases permitted by healthcare regulations.

7) When we share information

We do not sell your personal information. We may share information in the following situations:

• With clinicians and care teams you choose to engage with, to deliver consultations and continuity of care.
• With logistics and care services (e.g., eRx delivery, lab collection/logistics) when you request or authorize such services.
• With service providers who help operate our platform (hosting, databases, monitoring, communications, support tools) under contractual confidentiality and security requirements.
• With payment processors to complete transactions, manage fraud, and issue refunds.
• With legal/regulatory authorities when required by law, court order, or to protect rights, safety, and security.
• Business transfers (merger, acquisition, financing, reorganization) subject to appropriate protections.
• With your consent or at your direction (for example, exporting records to another provider).

8) Data integrity, audit trails, and “ledger” concepts

To support trust, integrity, and clinical-grade traceability, we may use tamper-evident logging or ledger-like mechanisms. Where used, we aim to minimize what is written to such systems (for example, storing references, hashes, or audit metadata rather than raw medical content). Certain audit records may be difficult or impossible to delete without compromising integrity; in such cases we restrict access, expire keys, and/or de-identify records where appropriate and lawful.

9) Retention

We keep information only as long as necessary for the purposes described in this policy, including providing the Services, maintaining security and auditability, meeting clinical documentation needs, billing, dispute resolution, and complying with legal obligations. Retention periods can vary by jurisdiction and the type of record (for example: clinical records may be subject to minimum retention periods).

10) Security (Tech + Ops)

We implement administrative, technical, and physical safeguards designed to protect your information, including:

• Encryption in transit (TLS) and encryption at rest where appropriate.
• Role-based access controls and least-privilege permissions.
• Security logging, monitoring, rate limiting, and anomaly detection.
• Environment separation (development/staging/production) and secure secret management.
• Regular patching, dependency management, and secure SDLC practices.
• Incident response processes and operational runbooks.

No system can be guaranteed 100% secure. You play a role too: use a strong password, enable available security features, and keep devices updated.

11) International transfers

We may process and store information in countries where we or our providers operate. Where required, we use appropriate safeguards for cross-border transfers (such as contractual protections and equivalent security measures) consistent with applicable law.

12) Your rights and choices

Depending on your location, you may have rights to:

• Access and obtain a copy of your personal information.
• Correct inaccurate or incomplete information.
• Delete information (where legally permissible) or request de-identification.
• Object to certain processing or request restriction.
• Withdraw consent for optional processing (where applicable).
• Data portability (where applicable).

You can typically update profile details in-app. For other requests, contact us using the details below.

13) Cookies and analytics

We use cookies/local storage and similar technologies to keep you signed in, remember preferences, secure the platform, and understand usage patterns. Where required, we provide controls for consent and opt-out. Some cookies are strictly necessary for the Services to function.

14) Children and dependent profiles

Ambulant+ is generally intended for users who can consent to healthcare services under applicable law. Where dependent profiles are supported (for example, a parent/guardian managing a child), we require appropriate authority and may request additional verification. If you believe a minor has provided information without proper authorization, contact us.

15) Changes to this policy

We may update this policy from time to time. We will post the updated version and revise the “Last updated” date. If changes are material, we may provide additional notice within the Services.

16) Contact

For privacy questions, requests, or complaints, contact: