Privacy Policy

1. Introduction

Unity Population Health ("Unity," "we," "us," or "our") provides an Agentic AI population health management platform to healthcare organizations, including ACOs, health systems, FQHCs, and health plans. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit unityhealth.ai (the "Site") or use our services (the "Services"). It does not modify the terms of any written agreement between Unity and a customer organization.

2. Scope & Our Role

When Unity processes protected health information (PHI) on behalf of a covered entity or another business associate, and where an executed BAA is in place, Unity acts as a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA). That processing is governed by a Business Associate Agreement (BAA) and our HIPAA Notice, which control in the event of any conflict with this Policy. This Policy primarily addresses information we handle as a controller — for example, Site visitors and business contacts.

3. Information We Collect

Information you provide

• Contact and business details you submit through forms (name, email, phone, organization, role).
• Communications you send to us, including demo requests and support inquiries.

Information collected automatically

• Device and usage data such as IP address, browser type, pages viewed, and referring URLs.
• Cookies and similar technologies used to operate and improve the Site.

Customer data

When a customer uses the Services, we process clinical, operational, and administrative data — which may include PHI — solely to provide the Services under the applicable agreement and BAA, and not for our own purposes.

4. How We Use Information

• To provide, maintain, secure, and improve the Site and Services.
• To respond to inquiries, schedule demos, and provide customer support.
• To send administrative and, where permitted, marketing communications (you may opt out at any time).
• To comply with legal obligations and enforce our agreements.

We do not sell personal information, and we do not use PHI for advertising.

5. How We Share Information

We share information only as needed to operate our business: with service providers and subprocessors bound by confidentiality and data-protection obligations; with a customer organization in connection with its use of the Services; in connection with a corporate transaction; and when required by law or to protect rights and safety. Any sharing of PHI is limited to what the BAA and HIPAA permit.

6. Data Security

Unity maintains administrative, physical, and technical safeguards designed to protect information, including encryption in transit and at rest, access controls, logging and monitoring, and a formal incident-response program. Unity's platform is built for HIPAA and aligned with SOC 2-type controls, and supports FHIR R4 and HL7 standards. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

7. Data Retention

We retain information for as long as necessary to provide the Services, comply with legal and contractual obligations, resolve disputes, and enforce our agreements. Customer data is retained and returned or destroyed in accordance with the applicable agreement and BAA.

8. Cookies & Tracking

The Site uses cookies and similar technologies to enable core functionality and understand usage. You can control cookies through your browser settings; disabling some cookies may affect Site functionality.

9. Your Privacy Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or restrict the processing of your personal information, and to object to certain processing. To exercise a right, contact us using the details below. Individuals seeking to exercise rights regarding PHI should contact the relevant healthcare provider (the covered entity), and Unity will support that provider as its Business Associate.

10. Children's Privacy

The Site and Services are intended for healthcare organizations and business users and are not directed to children. We do not knowingly collect personal information from children through the Site.

11. Changes to This Policy

We may update this Policy from time to time. Material changes will be reflected by updating the "Last updated" date above and, where appropriate, through additional notice.

12. Contact Us

Questions about this Policy or our privacy practices? Contact our Privacy Office at contact@unityhealth.ai or 614-787-7550, Unity Population Health, Dublin, OH.