Qoncier, Inc., an Illinois S-Corporation ("Qoncier," "we," "our," or "us"), is committed to protecting your privacy and safeguarding your health information. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our services.
As a healthcare-focused platform, we implement safeguards designed to protect sensitive health-related information and comply with applicable federal and state privacy laws, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA) where applicable.
1. Information We Collect
For All Users
Account Information
Name, email address, login credentials, authentication tokens, and account identifiers.
Profile & Health Data
Information you choose to provide about yourself or members of your household, which may include demographics, health goals, symptoms, medications, nutrition, activity, sleep, stress, allergies, lifestyle metrics, and other wellness-related data.
Connected Data Sources
Information from connected services or devices such as wearable devices and health platforms (for example Apple Health, Fitbit, Oura, Garmin, and similar services) or authorized health system integrations (for example Epic, Cerner, MyChart, or similar systems where available).
Device & Usage Data
Device identifiers, IP addresses, device type, operating system, app logs, crash reports, usage analytics, and other technical data used to operate and improve the service.
Communications
Messages exchanged with the Qoncier AI Assistant, support interactions, communications with healthcare professionals through the platform, and other information you choose to share.
Profile & Health Data — Additional Details
Qoncier may also allow users to create profiles for household members and family pets.
Pet-related information may include species, breed, age, weight, symptoms, diet, medications, activity patterns, veterinary notes, and other wellness information provided by the user.
Pet health information is not considered human medical information and is not Protected Health Information (PHI) under HIPAA, but it is still handled with the same privacy and security practices applied throughout the platform.
For Professionals
Professional Information We Collect
In addition to the information collected for all users, the following applies to healthcare and wellness professionals using the platform.
Professional Profile Information
Full name, professional title, specialty, professional license information, NPI number (if applicable), and practice or organizational affiliation.
Compliance Records
HIPAA acknowledgments, Data Sharing Compliance Statement acceptance, credential verification documentation, and related compliance logs.
Connection Data
Invitations sent, accepted, or revoked between professionals and users, and activity logs associated with those connections.
Usage Data
Professional dashboard activity, access logs, audit trails, and system activity associated with professional accounts.
2. How We Use Your Information
We use the information we collect to:
Provide personalized health insights, tools, and recommendations.
Enable secure communication between users and their chosen healthcare or wellness professionals.
Allow users to track health and wellness progress for themselves, household members, and pets.
Authenticate identity and maintain account security.
Improve our services, features, and platform performance.
Maintain compliance with applicable legal and regulatory obligations.
Process and display activity-related information, including sharing access, modifying permissions, sending, resending, accepting, expiring, or revoking invitations, and adding notes, updates, or other contributed data.
Generate in-app notifications based on account activity to inform users of relevant changes, such as permission updates, invitation status changes, and contributions made by others.
For Professionals
Verify professional credentials and licensing where applicable.
Maintain audit logs of data access for compliance and security.
Restrict professional access to only the information that users explicitly choose to share.
We never sell your personal, health, pet, or professional information.
3. How We Share Your Information
We share information only in limited circumstances:
With Your Permission
Users control which healthcare professionals, caregivers, family members, or others may access specific information within their profile.
Professional Access
Healthcare professionals may only access information that has been explicitly shared with them by the user. Access is role-based and permission-driven. Professionals may only view data within the scope of user-defined permissions and may not access information beyond what has been explicitly shared.
For Treatment, Payment, or Operations
Where applicable, information may be used or disclosed for healthcare operations as permitted under HIPAA.
With Service Providers
We may share information with vendors who help operate our platform (such as cloud infrastructure, analytics, communications, or technical services). Where applicable, these vendors operate under contractual confidentiality and security obligations, including Business Associate Agreements (BAAs) where required.
When Required by Law
We may disclose information when required to comply with legal obligations, court orders, or regulatory requirements.
User-Directed Access and Sharing Controls
Users may share information with individuals outside their plan through Care Circle. Users control what is shared and may modify or revoke access at any time. Access is granted via invitation and may expire if not accepted within a designated timeframe.
We do not share Protected Health Information (PHI) with advertisers.
Contributions & Attribution
When users allow others to contribute information to their profile or household, Qoncier stores those contributions along with attribution data — including the contributor's identity (where available) and a timestamp. This supports transparency, data integrity, and user awareness of who has added or modified information within their account.
Activity Records & Timeline
Qoncier may maintain activity records related to sharing events, permission changes, invitations, and contributions made within the platform. These records may be displayed in-app as activity history, notifications, or account awareness features, helping users stay informed about changes to their account and shared data.
4. Your Rights Under HIPAA
Where applicable under HIPAA, users have the right to:
Access
Access their health information.
Correct
Request corrections or amendments.
Restrict
Request restrictions on certain disclosures.
Accounting
Receive an accounting of disclosures.
Revoke
Revoke previously granted permissions or consents.
Users may revoke access granted to healthcare professionals at any time within the platform.
Professionals acknowledge that users may revoke permissions at any time and agree to respect and comply with such changes.
5. Data Security
We use administrative, technical, and physical safeguards designed to protect information within the Qoncier platform, including:
Secure Cloud Hosting
Secure cloud hosting infrastructure.
Encryption
Encryption in transit (TLS) and encryption at rest (AES-256).
Access Controls
Role-based access controls.
Monitoring
Continuous monitoring and audit logging.
Professionals agree to access sensitive information only through authorized methods within the Qoncier platform.
6. Data Retention
We retain information only as long as necessary to provide services, maintain account functionality, or comply with legal obligations.
Users may request deletion of their data, subject to applicable legal requirements and regulatory obligations.
Professional credential records and compliance logs may be retained for as long as necessary to satisfy regulatory or legal requirements, even after account termination.
Qoncier may also retain activity and access records, including sharing events, invitation events, permission changes, in-app notifications, and contributions made by users or their authorized contacts. These records are retained for purposes of security, system integrity, transparency, and compliance where applicable.
7. Children's Privacy
Parents or legal guardians may manage accounts for children under the age of 18 through family or household profiles.
Minors may not create independent accounts without parental or guardian involvement.
8. Changes to This Privacy Policy
We may update this Privacy Policy from time to time.
Material changes will be communicated through the application or by email before taking effect.
9. Communications (Email & SMS)
Qoncier may send transactional communications via email or SMS (text message) for account-related purposes.
Types of Communications
Account verification (one-time passcodes)
Login authentication
Password recovery
Security alerts
Important service notifications
Support responses
Consent to Receive Communications
By creating an account with Qoncier and providing your contact information (such as email address or mobile phone number), you consent to receive account-related communications necessary to operate your account.
Message Frequency
Message frequency varies based on user activity and account events. Messages are typically sent only in response to user-initiated actions or important account notifications.
Message & Data Rates
Message and data rates may apply depending on your mobile carrier plan. Qoncier is not responsible for carrier charges.
Opt-Out (SMS)
You may opt out of SMS messages at any time by replying STOP to any message. After opting out, you will no longer receive SMS messages unless you reinitiate verification or authentication actions.