Privacy Statement

Effective Date: September 25, 2025
Last Updated: May 7, 2026

 

Introduction

At itonic.health (“we,” “our,” or “us”), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Statement explains how we collect, use, disclose, and safeguard your information when you visit our website at itonic.health (the “Website”) and use our AI platform SAVi (the “Platform”).

 

Information We Collect

Website Usage Information

When you visit our Website, we may collect:

  • Device Information: IP address, browser type, operating system, device identifiers
  • Usage Data: Pages visited, time spent on pages, click-through rates, referral sources
  • Cookies and Tracking Technologies: Session cookies, persistent cookies, web beacons, and similar technologies
  • Contact Information: Name, email address, phone number when voluntarily provided through forms

 

SAVi AI Platform Information

When you use our SAVi AI platform, we may collect:

  • Account Information: Username, email address, profile information
  • Health-Related Data: Medical queries, symptoms described, health information you choose to share
  • Interaction Data: Conversations with SAVi, response preferences, usage patterns
  • Technical Data: Log files, API calls, system performance metrics

 

Information from Third Parties

We may receive information about you from:

  • Healthcare providers (with your consent)
  • Integration partners and APIs
  • Public databases and research institutions
  • Analytics service providers

 

Website Requirements

It is important to have a functioning website (websites under construction are not compliant) in order to proceed with the TCR process. These websites should contain as much information as possible to avoid being categorized as invalid. While it is not strictly necessary, it is recommended to include details such as: what the company does, what services it offers, its background, location, values, achievements, goals, mission, vision, and so on.
 

Privacy Policy

A. A privacy policy needs to inform customers about how the company collects, uses, and shares their customer’s information.
B. The privacy policy should be easy to find and linked to all pages (footer or header).
C. The privacy policy needs to be on a single page or pop-up window.
D. The privacy policy’s sharing section must explicitly state: “Mobile Opt in, SMS Consent,  and phone numbers collected for SMS communication purposes will not be shared with any third party and affiliates for marketing purposes.”
 
Structure:
Below is a sample outline of a basic privacy policy that may serve as a useful reference point as you develop or refine your own policy. Please note that this is not an exhaustive list, and your specific needs may vary depending on your industry, location, and the nature of your data collection practices:
 
  • How we collect your personal information: This section should detail the various methods through which you gather data, such as website forms, cookies, email correspondence, or offline interactions.
  • What personal information we collect: Here, you should provide a clear and specific list of the types of data you collect, which may include names, email addresses, phone numbers, IP addresses, or more sensitive information like financial details or health data.
  • How we use your personal information: This crucial section should explain in detail the purposes for which you collect and process personal data, such as providing services, improving user experience, or marketing communications.
  • How, why, and what personal information do we share with third parties: Transparency is key in this section. Explain any data-sharing practices, including the types of third parties you work with (e.g., service providers, affiliates) and the reasons for sharing data.
  • Add the statement: “Mobile Opt in, SMS Consent,  and phone numbers collected for SMS communication purposes will not be shared with any third party and affiliates for marketing purposes.”
 
Additional Considerations:
  • Please refrain from providing examples of full privacy policies.
  • The privacy policy cannot be vague or simple; it needs to take all aspects of use, collection, and sharing into consideration.
  • A company can share information as long as it does not share SMS consent or phone numbers for SMS by providing the disclaimer; it will be compliant.
  • PDF files are generally acceptable for privacy policies when they are easily accessible and include the required SMS statement.
 
 

SMS Terms & Conditions

The Terms of Service related to SMS communication must either be included in the privacy policy or be a stand-alone document. Note: If you have a Terms and Conditions page, this information should be included there, and not in the privacy policy.  The document must include the following:
 

SMS Terms & Conditions

1- SMS Consent Communication: The information (Phone Numbers) obtained as part of the SMS consent process will not be shared with third parties for marketing purposes.
 
2- Types of SMS Communications: If you have consented to receive text messages from [Company Name], you may receive messages related to the following (provide specific examples):
  • Appointment reminders
  • Follow-up messages
  • Billing inquiries
  • Promotions or offers (if applicable) {If you see the customer selected a conversational use case, do not add this reference to your email thread, instead, make sure the customer adds the matching use cases to this portion of the Terms info}.
 
Example: “Hello, this is a friendly reminder of your upcoming appointment with Dr. [Name] at [Location] on [Date] at [Time]. You can reply STOP to opt out of SMS messaging from (Brand Name) at any time.”
 
3- Message Frequency: Message frequency may vary depending on the type of communication. For example, you may receive up to [X] SMS messages per week related to your [appointments/billing, etc.].
 
Example:
“Message frequency may vary. You may receive up to 2 SMS messages per week regarding your appointments or account status.”
 
4- Potential Fees for SMS Messaging: Please note that standard message and data rates may apply, depending on your carrier’s pricing plan. These fees may vary if the message is sent domestically or internationally.
 
5- Opt-In Method: You may opt-in to receive SMS messages from [Company Name] in the following ways (This is an example. Please include the method used.)
  • Verbally, during a conversation
  • By submitting an online form
  • By filling out a paper form
 
6- Opt-Out Method: You can opt out of receiving SMS messages at any time. To do so, simply reply “STOP” to any SMS message you receive.
 
Alternatively, you can contact us directly to request removal from our messaging list.
 
7- Help: If you are experiencing any issues, you can reply with the keyword HELP. Or, you can get help directly from us at (insert the link)
 
Additional Options:
  • If you do not wish to receive SMS messages, you can choose not to check the SMS consent box on our forms.
 
8- Standard Messaging Disclosures:
  • Message and data rates may apply.
  • You can opt out at any time by texting “STOP.”
  • For assistance, text “HELP” or visit our [Privacy Policy] and [Terms and Conditions] pages.
  • Message frequency may vary

 

How We Use Your Information

Website Operations

  • Provide and maintain website functionality
  • Improve user experience and website performance
  • Respond to inquiries and provide customer support
  • Send administrative communications
  • Analyze website traffic and usage patterns

SAVi AI Platform Services

  • Provide AI-powered health information and insights
  • Personalize your experience and recommendations
  • Improve SAVi’s accuracy and capabilities through machine learning
  • Conduct research to advance healthcare AI (in aggregated, de-identified form)
  • Ensure platform security and prevent misuse

Legal and Safety Purposes

  • Comply with applicable laws and regulations
  • Protect against fraud, abuse, and security threats
  • Enforce our terms of service
  • Respond to legal requests and court orders

Information Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information in the following circumstances:

Service Providers

We may share information with trusted third-party service providers who assist us in:

  • Website hosting and maintenance
  • Data analytics and performance monitoring
  • Customer support services
  • Payment processing (if applicable)
  • Cloud storage and computing services

Healthcare Integration Partners

With your explicit consent, we may share relevant health information with:

  • Your healthcare providers
  • Electronic health record systems
  • Healthcare analytics platforms
  • Research institutions for approved studies

Legal Requirements

We may disclose information when required by law or to:

  • Comply with legal process, regulations, or government requests
  • Protect the rights, property, or safety of itonic.health, our users, or others
  • Investigate potential violations of our terms of service
  • Respond to emergency situations involving potential harm

Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred to the acquiring entity, subject to the same privacy protections.

Data Security

We implement comprehensive security measures to protect your information:

  • Encryption: Data is encrypted in transit and at rest using industry-standard protocols
  • Access Controls: Strict authentication and authorization procedures
  • Regular Audits: Ongoing security assessments and vulnerability testing
  • Employee Training: Staff education on privacy and security best practices
  • Incident Response: Procedures for detecting and responding to security breaches

Data Retention

We retain your information for as long as necessary to:

  • Provide our services to you
  • Comply with legal obligations
  • Resolve disputes and enforce agreements
  • Improve our services and AI capabilities

Website Data: Typically retained for 2-3 years unless deletion is requested SAVi Platform Data: Retained while your account is active plus 7 years for health-related information, or as required by applicable healthcare regulations

Your Privacy Rights

Depending on your location, you may have the following rights:

  • Access: Request copies of your personal information
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your personal information
  • Portability: Request transfer of your data to another service
  • Opt-out: Decline certain uses of your information
  • Consent Withdrawal: Withdraw previously given consent

To exercise these rights, contact us at [privacy@itonic.health].

Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Remember your preferences and settings
  • Analyze website performance and user behavior
  • Provide personalized content and recommendations
  • Enable certain website features and functionality

You can control cookie settings through your browser preferences. Note that disabling cookies may limit website functionality.

Children’s Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete it promptly.

International Data Transfers

Your information may be processed and stored in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including:

  • Adequacy decisions by relevant authorities
  • Standard contractual clauses
  • Binding corporate rules
  • Your explicit consent when required

Changes to This Privacy Statement

We may update this Privacy Statement periodically to reflect changes in our practices or applicable laws. We will notify you of material changes by:

  • Posting the updated statement on our Website
  • Sending email notifications to registered users
  • Displaying prominent notices on the SAVi platform

Healthcare-Specific Considerations

HIPAA Compliance

While we are not a covered entity under HIPAA, we implement HIPAA-compatible privacy practices where applicable and work with healthcare partners to ensure compliance.

Medical Disclaimer

SAVi is designed to provide health information and insights but does not replace professional medical advice, diagnosis, or treatment. Always consult with qualified healthcare providers for medical decisions.

Research and Development

We may use de-identified, aggregated data to:

  • Improve AI algorithms and healthcare insights
  • Contribute to medical research and public health initiatives
  • Develop new features and services
  • Publish research findings in academic or professional contexts

Contact Information

For questions about this Privacy Statement or our privacy practices, contact us at:

Email: support@itonic.health
Address:4415 Harrison St., Suite 247, Hillside, IL 60162

Data Protection Officer:
Dr. Muhammad Ahmad

muhammad.ahmad@itonic.health

For SAVi platform-specific privacy questions: savi-privacy@itonic.health

This Privacy Statement was last updated on May 7, 2026, and is effective immediately. Please review it regularly for any updates or changes.