← Back to home

Privacy Policy

Effective Date: August 1, 2025

Atherton Health
135 Madison Ave., New York, NY 10016
Website: www.athertonhealth.co

1. Introduction

Atherton Health (“Atherton Health,” “we,” “our,” or “us”) provides AI software that automates back-office operations for healthcare providers, revenue cycle management (RCM) companies, and digital health organizations. This Privacy Policy explains how we collect, use, store, and protect Personal Information and Protected Health Information (“PHI”) in the United States.

By using our website or services, you agree to the practices described in this Privacy Policy.

2. Scope

This Privacy Policy applies to:

  • www.athertonhealth.co
  • Atherton Health's AI automation products
  • Customer support and communications
  • Marketing communications (opt-in only)

This Policy does not apply to third-party websites or services accessed via links from our site.

3. HIPAA Compliance & Business Associate Status

Because Atherton Health may access, process, or store data on behalf of healthcare providers and RCM organizations, we act as a Business Associate under the Health Insurance Portability and Accountability Act (“HIPAA”).

  • We enter into Business Associate Agreements (BAAs) with customers and vendors as required.
  • We protect all PHI according to HIPAA's Privacy, Security, and Breach Notification Rules.
  • We access PHI only as instructed by our customers.

4. Information We Collect

4.1 Personal Information

We collect the following personal information from customers, prospective customers, and users:

  • Full name
  • Email address
  • Phone number

We collect this information when you:

  • Request product information
  • Schedule demos
  • Create an account
  • Communicate with us
  • Subscribe to marketing emails (opt-in)

4.2 Protected Health Information (PHI)

While performing automated workflows for healthcare providers and RCM companies, Atherton Health may access or store PHI, including:

  • Patient medical records
  • Insurance information
  • Information contained in phone calls or automated workflows

This data is handled solely to perform services on behalf of our customers and in accordance with executed BAAs.

4.3 Payment Information

We do not collect or store credit or debit card numbers. All payments are processed by Stripe, which independently collects and processes billing information in accordance with its own Privacy Policy.

4.4 Automatically Collected Information

Atherton Health does not use analytics services, tracking pixels, remarketing tools, or behavior-tracking cookies. We may use strictly necessary technical cookies for site functionality only.

5. How We Use Information

We use Personal Information and PHI to:

  • Provide and improve our AI automation services
  • Perform operations on behalf of healthcare organizations
  • Respond to inquiries and support requests
  • Communicate about updates, product changes, or service notices
  • Send opt-in marketing emails
  • Maintain security and prevent fraud
  • Fulfill legal or regulatory obligations

We do not sell Personal Information or PHI.

6. How We Share Information

We share information only as necessary to provide services and comply with legal obligations.

6.1 Service Providers (with BAAs where applicable)

We use third-party vendors to support our operations, including:

  • Google Cloud Platform (GCP) – hosting and storage
  • Vercel – frontend hosting
  • Railway – infrastructure services
  • Stripe – payment processing

Where vendors may access PHI, we maintain Business Associate Agreements with them.

6.2 Customers (Covered Entities / RCM companies)

We may share PHI back with our customers as part of automated workflows (e.g., results of insurance-related tasks).

6.3 Legal Compliance

We may disclose information when required to:

  • Comply with U.S. federal or state laws
  • Respond to subpoenas or lawful requests
  • Protect rights, safety, or property

7. Data Storage & Security

We implement administrative, physical, and technical safeguards that meet or exceed HIPAA requirements, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication
  • Audit logging
  • Secure hosting
  • Regular security reviews

We store PHI only for as long as necessary to perform contracted services, unless otherwise required by law or contract.

8. Marketing Communications

We send marketing emails only to users who opt in. Users may unsubscribe at any time using the link included in each email. We comply with the CAN-SPAM Act.

9. U.S. State Privacy Rights (including CCPA/CPRA)

If you are a resident of California or any U.S. state with similar privacy laws, you may have the right to:

  • Know what personal information we collect
  • Request access to your personal information
  • Request deletion of personal information
  • Correct inaccuracies
  • Opt out of data sharing (we do not share data for advertising)

Because we do not sell personal information, the “Do Not Sell” requirement does not apply.

To exercise these rights, email: saleh@athertonhealth.co

10. Data of Minors

Atherton Health does not offer services to minors and does not knowingly collect Personal Information from anyone under 18. If you believe a minor's information has been collected, contact us immediately at saleh@athertonhealth.co.

11. Your Choices

You may:

  • Opt out of marketing emails
  • Request deletion or access to your personal information
  • Request corrections
  • Limit PHI use by contacting your healthcare provider (the Covered Entity)

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will post the updated version with a new “Effective Date.”

13. SMS Communications

Atherton Health offers SMS notifications related to shift availability and scheduling through our platform (“Atherton Health Shift Alerts”).

When users create an account at https://app.athertonhealth.co and provide their mobile phone number, they may opt in to receive SMS notifications regarding available shifts and scheduling links.

By checking the SMS consent checkbox during account registration, users expressly consent to receive recurring SMS messages from Atherton Health. Consent is not a condition of employment or purchase. Users must actively provide their phone number and check an unchecked consent box to receive SMS messages.

  • Message frequency varies and messages are recurring based on shift availability.
  • Message and data rates may apply.
  • Users may opt out at any time by replying STOP to any SMS message. Users may reply HELP for assistance or contact saleh@athertonhealth.co.
  • Mobile information will not be shared with third parties/affiliates for marketing/promotional purposes. All other categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.
  • We may use service providers, such as Twilio, to deliver SMS messages on our behalf.

14. Contact Us

For questions about this Privacy Policy, HIPAA compliance, or data privacy:

Atherton Health
135 Madison Ave.
New York, NY 10016
Email: saleh@athertonhealth.co