This policy does not contradict our Data Oath. Every commitment made on that page is a legally binding obligation reflected in this document. If you find a conflict, tell us immediately.
InPursuit Health, LLC ("InPursuit Health," "we," "us," or "our") is a veteran-owned health data orchestration company. We build our platform — infrastructure that unifies, protects, and puts health data to work for the people and organizations that generate it. We are not a data company that happens to offer software. We are an infrastructure company whose revenue comes from delivering outcomes — not from monetizing the information that flows through our systems.
This Privacy Policy governs how we collect, handle, protect, and limit the use of personal information and protected health information (PHI) across our websites, our platform, our health data exchange, our care conductor, our AI governance layer, our security monitoring system, the InPursuit consumer application, and all related services (collectively, the "Services").
These commitments are not aspirational language. They are legally binding obligations. They do not have carve-outs. They cannot be overridden by a future policy update. They are the foundation everything else in this document is built on.
We will never sell your data. Your health information will never be sold, traded, brokered, or transferred to any third party for profit — not to advertisers, data brokers, pharmaceutical companies, insurers, or anyone else. No exceptions. No loopholes.
You own your data — always. Every provider and patient retains full intellectual property ownership of their data at all times. InPursuit Health is a custodian and a tool. If you leave, your data leaves with you, in full, in standard formats, at no cost.
Your data trains only your insights. We do not aggregate, anonymize, pool, or repurpose your clinical data to train AI models, build commercial products, or develop benchmarks sold to or shared with any other organization. Your patient population is yours.
Full transparency — always. You will always know exactly what data we hold, how it is used, and who has accessed it. There are no hidden processes, no shadow analytics, and no secondary uses you have not explicitly approved.
Data is never our product. Our revenue comes from infrastructure subscriptions and outcome-based arrangements. We have no financial interest in the content of the data that flows through our platform. Data monetization does not supplement our fees — it is prohibited.
Security is ongoing, not a checkbox. We continuously invest in penetration testing, vulnerability assessments, compliance audits, and emerging threat intelligence. Your data protection does not expire.
"We built InPursuit Health on a simple, unbreakable rule: the people who generate health data are the people who own it. No exceptions. No loopholes. No fine print." — InPursuit Health Leadership. Read the full Data Oath →
When you are a healthcare provider, health plan, or other HIPAA-covered entity using our platform, or a patient whose records are orchestrated through our health data exchange, we handle PHI as a Business Associate under a signed Business Associate Agreement (BAA). See Section 5 and Section 6 for how PHI is governed and protected within the secure data vault architecture.
If you use our health data exchange — either as a provider connecting to health information exchanges or as an individual exercising your data rights — we access clinical records, lab results, medications, claims, and other health information from connected systems solely on your direction and with your explicit authorization. We are the pipe, not the destination. This data lives in your secure data vault and is governed by your permissions.
We use the information we collect only for the following purposes:
We do not use your information for: advertising, behavioral profiling, commercial data analytics, AI model training on behalf of third parties, or any purpose not listed above.
When InPursuit Health handles PHI on behalf of a HIPAA-covered entity, we act as a Business Associate under 45 C.F.R. § 160.103. A signed Business Associate Agreement (BAA) must be in place before any PHI is processed through our platform. We do not treat HIPAA compliance as a badge or a marketing claim — it is a legal obligation that is operationally enforced at every layer of our architecture.
To request a BAA: privacy@InPursuitHealth.com.
As a Business Associate, we use or disclose PHI only: (a) as directed by the covered entity in the BAA; (b) as required for the proper management and administration of our services to that covered entity; or (c) as required by law. We do not use PHI for any commercial purpose, AI training, or analytics that benefit InPursuit Health commercially.
Role-based access controls (RBAC) are enforced across every component of our platform. Access to PHI is granted only to personnel and systems with a documented need. Audit logs record every access event with full provenance.
Individuals have rights to access, amend, and obtain an accounting of disclosures of their PHI under 45 C.F.R. §§ 164.524–164.528. For PHI handled on behalf of a covered entity, requests should be directed first to that covered entity, who will coordinate with us. For PHI held in your personal secure data vault through the consumer application, you may exercise these rights directly by contacting privacy@InPursuitHealth.com.
Your secure data vault is the architectural model by which your data is stored and governed within our platform. It is not a marketing concept — it is how the system is built.
We share information in only the following limited circumstances, and we do not share beyond what is necessary for each purpose.
Through our health data exchange, we transmit PHI and clinical data to providers, systems, and networks that you have explicitly authorized to receive it. This is the core function of the platform — bidirectional exchange at your direction. We are executing your instructions, not making independent sharing decisions.
We engage a limited set of vetted infrastructure providers (cloud compute, storage, security monitoring) to operate our platform. All subprocessors are bound by:
Our current subprocessor list is publicly available at privacy@InPursuitHealth.com. We update this list before adding any new subprocessor with access to PHI and notify affected customers.
We may disclose information when required by law, court order, or government authority. Where legally permitted, we will notify you before disclosure and cooperate with any efforts to obtain a protective order. We will not disclose PHI in response to a voluntary government request without a BAA or court order.
In the event of a merger, acquisition, or sale of substantially all assets, we will provide at least 60 days' advance notice to affected customers. Any successor entity will be required to honor all existing Data Oath commitments and BAAs as a condition of the transfer. You may terminate your agreement and export your data before any transfer takes effect.
InPursuit Health uses SMS messaging solely to deliver one-time verification codes for two-factor authentication when you log in to your account. We do not use SMS for marketing or promotional communications.
Mobile information, including phone numbers, SMS opt-in data, and text messaging consent, is not shared with any third parties or affiliates for marketing or promotional purposes. The above exclusions regarding data sharing apply specifically to text messaging originator opt-in data and consent — this information will not be shared with any third parties under any circumstance.
Service providers that assist in delivering SMS services (such as our messaging carrier) receive only the data necessary to deliver the message. They are bound by contractual obligations prohibiting any other use of this data.
You may opt out of SMS verification codes at any time by replying STOP to any message received from InPursuit Health. Reply HELP for help. Message frequency varies. Message and data rates may apply.
AI capabilities within our platform exist for one purpose: to improve health outcomes for patients and reduce administrative burden for providers. Our care conductor routes clinical AI interactions to the appropriate model. Our AI governance layer and our security monitoring system ensure those interactions are safe, auditable, and confined to your authorized data scope.
Your data trains only your insights. When AI learns from your patient population, those insights stay within your secure data vault. We never pool clinical data across customers to build, fine-tune, or benchmark AI models — for ourselves or for any third party. This applies equally to anonymized, de-identified, or aggregated derivatives of your data. The only exception is internal platform improvements that use technical (non-clinical) performance data — never PHI, never patient-level records.
Every AI-generated recommendation produced through our platform includes the reasoning behind it. No black boxes. Every AI interaction — input, classification, risk score, decision, output — is captured in your immutable audit log. You can review any AI decision at any time.
Our AI governance layer is the supervisory control layer between your users and any AI model. It intercepts every prompt, classifies the sensitivity of the content, scores the interaction for risk, and either passes, mediates, or blocks the interaction — all in under 200ms, before any data leaves your organization. Our security monitoring system is the intelligence inside that layer — the AI that watches AI — providing continuous behavioral surveillance, hallucination detection, and anomaly monitoring across all AI interactions in your environment.
Our platform supports clinical decision-making. It does not replace it. AI-generated outputs are informational. All clinical decisions remain the exclusive responsibility of licensed healthcare providers. InPursuit Health does not assume liability for clinical outcomes based on AI-generated recommendations.
We retain data for the shortest period consistent with our legal obligations and your business needs. We do not retain data to build commercial value from it.
Upon request or account termination, we will provide a full export of your data in standard formats and confirm in writing when destruction is complete.
Our platform was built to meet Department of Defense security standards — forged in the U.S. Military Health System and the Department of Veterans Affairs before entering the commercial market. Security is not a feature we added — it is the foundation the platform was built on.
Our security program includes:
If you believe your account has been compromised or you have identified a security vulnerability, contact us immediately at security@InPursuitHealth.com.
These rights apply to personal information we hold about you directly. For PHI handled on behalf of a covered entity, coordinate requests through that entity.
To exercise any right, contact privacy@InPursuitHealth.com. We respond within 30 days, or sooner as required by applicable law, and at no charge.
Our Services are not directed to individuals under 18. We do not knowingly collect personal information from minors under 18. If we become aware of such a collection, we will delete it promptly. Contact privacy@InPursuitHealth.com if you believe a minor's information has been collected.
For minor patients whose PHI flows through our platform as part of authorized care coordination, access and authorization rights are governed by HIPAA and applicable state law regarding parental and guardian rights.
On our marketing website (InPursuitHealth.com):
On the clinical platform, there are no third-party tracking scripts of any kind. All logging is internal, audit-purpose only, and accessible to you.
California residents have rights to know, delete, correct, and opt out of sale or sharing of personal information. We do not sell personal information. We do not share personal information for cross-context behavioral advertising. California residents may submit requests to privacy@InPursuitHealth.com. We will not discriminate against you for exercising your rights.
Residents of these states have rights to access, correct, delete, and port personal data, and to opt out of targeted advertising and profiling. Submit requests to our Privacy Officer. We respond within the timeframes required by each applicable state law.
We extend the same rights to residents of all states with comprehensive privacy legislation and will continue to update our practices as new state laws take effect.
In the event of a confirmed breach of unsecured PHI or personal information, InPursuit Health commits to:
We will not minimize, delay, or obscure the nature or scope of any breach. Transparency after an incident is an extension of the same commitment we make before one.
We will not retroactively change this policy to enable uses of your data that were not permitted when you signed up. Any material change to this Privacy Policy requires:
The "Last Updated" date at the top of this page reflects the most recent revision. Prior versions are available upon request.
For privacy inquiries, rights requests, BAA execution, or breach reports:
HIPAA Privacy Officer
InPursuit Health, LLC
privacy@InPursuitHealth.com
Security incidents: security@InPursuitHealth.com
General: info@InPursuitHealth.com
To file a complaint with HHS Office for Civil Rights: hhs.gov/ocr/complaints