Template — for demonstration; not legal advice.
Privacy & HIPAA Notice
Last updated 2026. How Allostatic collects, uses, and protects your health information.
1. Protected health information
Allostatic is a HIPAA-covered practice. Information you share — your history, messages, and any records you connect — is Protected Health Information (PHI) and is handled under HIPAA and applicable state law.
2. What we collect
Account details (name, email), the content of your intake and care conversations, information you choose to connect from health records, and basic technical/usage data needed to run the service securely.
3. How we use it
To provide your care, support our clinicians' decisions, screen for safety, operate and improve the service, and meet legal and professional obligations. We do not sell your data, and we do not run advertising.
4. AI processing
We use third-party foundation models to power intake, drafting, and triage. These are accessed under agreements intended to protect PHI; model providers do not use your PHI to train their models. We do not train our own foundation models on identifiable data.
5. Security
Data is encrypted in transit and at rest and held in HIPAA-aligned infrastructure with access controls. We pursue SOC 2 as the practice scales. No system is perfectly secure; we work continuously to protect your information.
6. Your rights
You may access, correct, or request deletion of your information, subject to records-retention obligations for clinical care. Contact us to exercise these rights.
7. Sharing
We share PHI only as needed to deliver care, with service providers under business-associate agreements, or where required by law. We notify you of breaches as required.
8. Contact
Questions or requests: care@allostatichealth.com.