Privacy Policy

Last Updated: May 7, 2025

Above Health – Privacy Policy

Effective Date: January 4, 2025

Above Health is committed to protecting your privacy and handling your personal health information in compliance with all applicable federal and state laws, including the Health Insurance Portability and Accountability Act (HIPAA), the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and other U.S. state-specific privacy laws. This Privacy Policy describes how we collect, use, store, and disclose your data across our telehealth services, over-the-counter (OTC) devices, software applications, and digital platforms.


1. Information We Collect

We collect the following categories of information:

  • Personal Identifiers: Name, date of birth, address, email, phone number, insurance details.
  • Protected Health Information (PHI): Medical history, diagnosis, treatment notes, lab results, device data.
  • Technical Data: IP address, device ID, browser details, access logs, geolocation data.
  • Sensitive Information: Demographic details, emergency contacts, and consent records as required by law.

2. How We Use Your Information

Your data is used to:

  • Provide clinical care, telehealth consultations, and medical advice.
  • Operate and improve our medical devices and technology platforms.
  • Ensure compliance with HIPAA, CCPA, CPRA, and other legal obligations.
  • Communicate with you regarding appointments, account management, and service updates.
  • Fulfill legal and regulatory reporting requirements.

3. Legal Basis for Processing

We process data based on: (a) your consent; (b) performance of a contract; (c) compliance with legal obligations; (d) legitimate interests for improving patient safety and service quality.


4. Data Sharing and Disclosure

Your data may be shared with:

  • Healthcare professionals within Saba Haq Above Medical Group.
  • Third-party processors (e.g., cloud hosting, billing partners) under binding legal agreements.
  • Government authorities, law enforcement, or regulators when required by law.
  • Authorized parties with your explicit written consent (e.g., research studies).

5. Your California Privacy Rights

If you are a California resident, you have specific rights under the CCPA/CPRA, including:

  • The right to know what personal information we collect, use, disclose, and sell.
  • The right to request deletion of your personal information (with certain exceptions).
  • The right to opt out of the sale or sharing of personal information.
  • The right to correct inaccurate personal information.
  • The right to limit the use and disclosure of sensitive personal information.
  • The right to non-discrimination for exercising these rights.

To exercise these rights, please contact us as outlined below.


6. Data Retention

We retain your personal data only as long as necessary for medical, legal, and business purposes, in accordance with HIPAA, state law retention mandates, and industry best practices.


7. Data Security Measures

We employ advanced safeguards including encryption, access controls, audit trails, and incident response protocols to protect your data from unauthorized access and breaches. Our security practices are regularly reviewed and updated.


8. International Data Transfers

If you are accessing our services outside the U.S., your data may be processed in the U.S. We implement standard contractual clauses and other safeguards to ensure your privacy rights are respected internationally.


9. Cookies and Tracking Technologies

We use cookies, analytics tools, and similar technologies to enhance user experience, monitor system performance, and serve personalized content. You may opt out through your browser settings or via our cookie banner settings where applicable.


10. Children’s Privacy

Our Services are designed for adults and require parental consent for minors under the age of 18 where applicable. We do not knowingly collect information from children under 13 without verified parental consent as required by the Children’s Online Privacy Protection Act (COPPA).


11. Your Data Rights and How to Exercise Them

You may have rights under HIPAA, CCPA, CPRA, and other applicable laws to:

  • Access your data and obtain a copy.
  • Request corrections or updates.
  • Request deletion where applicable.
  • Withdraw consent for non-essential processing.
  • File complaints with the relevant authority.

We will respond to verifiable requests in accordance with legal requirements.


12. Updates to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Material changes will be communicated via our platforms or directly to users where appropriate.


13. Contact Information

For privacy-related inquiries or to exercise your rights, contact:
Above Health Privacy Officer
Email: support@above.health


By using Above Health’s Services, you acknowledge that you have read and understood this Privacy Policy and consent to its terms.