Skip to content
Arctic Health

Legal

Privacy Policy

Last Updated: April 3, 2026

Contents

01

Introduction

Arctic Health ("we," "us," or "our") operates the website at arctic.health (the "Website"). We are committed to protecting your privacy and being transparent about how we collect, use, and share your information.

This Privacy Policy applies to information collected through our Website, including any contact forms, email communications, and analytics data. It does not govern the use of our AI-powered credentialing and contracting platform, which is subject to separate agreements including a Business Associate Agreement ("BAA") for entities handling Protected Health Information ("PHI").

By accessing or using our Website, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our practices, please do not use our Website.

02

Information We Collect

Information You Provide Directly

When you interact with our Website, you may voluntarily provide us with personal information, including:

  • Your name and email address when you contact us or schedule a call
  • Your organization name, role, and professional details when requesting information about our services
  • Any additional information you choose to include in communications with us

Information Collected Automatically

When you visit our Website, we may automatically collect certain information about your device and usage, including:

  • IP address and approximate geographic location
  • Browser type, operating system, and device information
  • Pages visited, time spent on pages, and navigation paths
  • Referring website or source that directed you to our Website
  • Date and time of your visit

Information from Third Parties

We may receive information about you from third-party services we use, such as scheduling platforms (e.g., when you book a call through our calendar link) and analytics providers.

03

How We Use Your Information

We use the information we collect for the following purposes:

  • Communications: To respond to your inquiries, schedule calls, and provide information about our services
  • Service Improvement: To understand how visitors use our Website and improve its functionality, content, and user experience
  • Analytics: To analyze Website traffic and usage patterns to optimize performance
  • Marketing: To send you information about our services, if you have opted in to receive such communications
  • Security: To detect, prevent, and address technical issues, fraud, or security threats
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes

04

AI and Automated Processing

Arctic Health provides AI-powered credentialing and contracting services. We believe in transparency about how artificial intelligence is used in our business:

Website Interactions

Our Website does not currently use AI-powered chatbots or automated decision-making that affects visitors. Standard analytics tools are used to understand Website usage patterns.

Platform Services

Our AI-powered platform services for credentialing, contracting, rate negotiations, and compliance monitoring are governed by separate service agreements. When you become a customer:

  • AI is used to automate workflow processes such as application assembly, data validation, and status monitoring
  • Human oversight is maintained for critical credentialing and contracting decisions
  • We do not use customer data, including Protected Health Information, to train general AI models without explicit written authorization
  • AI outputs are supplementary and do not replace professional judgment in credentialing determinations

Data and Model Training

We do not use Website visitor data to train AI models. Any data used for AI model development is either publicly available, synthetically generated, or provided under explicit agreements with appropriate de-identification safeguards.

05

Information Sharing

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers: With third-party vendors who assist us in operating our Website, conducting our business, or providing services to you. These providers are contractually obligated to protect your information.
  • Legal Requirements: When required by law, regulation, legal process, or governmental request.
  • Protection of Rights: When we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets.

06

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected.

  • Contact inquiries: Retained for up to 3 years from your last interaction, or until you request deletion
  • Email communications: Retained until you unsubscribe or request deletion
  • Website analytics data: Retained for up to 24 months
  • Server logs: Retained for up to 12 months

When information is no longer needed, we will securely delete or anonymize it.

07

Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

General Rights (All Users)

  • Access the personal information we hold about you
  • Request correction of inaccurate personal information
  • Request deletion of your personal information
  • Opt out of marketing communications at any time
  • Request a copy of your personal information in a portable format

California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act:

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information held by us
  • Right to opt out of the sale or sharing of personal information (we do not sell your personal information)
  • Right to correct inaccurate personal information
  • Right to limit use and disclosure of sensitive personal information
  • Right to non-discrimination for exercising your privacy rights

European Residents (GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation:

  • Right of access to your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent at any time
  • Right to lodge a complaint with a supervisory authority

Exercising Your Rights

To exercise any of these rights, please contact us at michael@arctic.health. We will respond to your request within 30 days.

08

Cookies and Tracking Technologies

Our Website may use cookies and similar tracking technologies:

  • Essential Cookies: Required for the Website to function properly
  • Analytics Cookies: Help us understand how visitors interact with our Website

You can control cookies through your browser settings. We do not use advertising cookies or tracking pixels for targeted advertising purposes.

09

Security

We implement appropriate technical and organizational measures to protect your personal information:

  • Encryption of data in transit using TLS/HTTPS
  • Access controls limiting data access to authorized personnel
  • Regular security assessments and monitoring
  • Employee training on data protection practices

While we strive to protect your personal information, no method of transmission over the Internet is completely secure.

10

HIPAA and Protected Health Information

Arctic Health provides AI-powered services to healthcare organizations that may handle Protected Health Information ("PHI").

This Website does not collect or process PHI. This Privacy Policy governs the personal information of Website visitors only.

When healthcare organizations engage Arctic Health's platform services:

  • A separate Business Associate Agreement ("BAA") is executed before any PHI is processed
  • PHI is handled in accordance with HIPAA Privacy and Security Rules
  • Technical safeguards include encryption at rest and in transit, access controls, and audit logging
  • Breach notification procedures comply with the HIPAA Breach Notification Rule
  • All subcontractors with access to PHI are bound by appropriate agreements

11

Children's Privacy

Our Website and services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe your child has provided us with personal information, please contact us at michael@arctic.health.

12

International Data Transfers

Arctic Health is based in the United States. If you access our Website from outside the United States, your information may be transferred to, stored, and processed in the United States.

If you are located in the European Economic Area, the United Kingdom, or Switzerland, we will ensure that any transfer of your personal data is carried out in accordance with applicable data protection laws.

13

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page.

Your continued use of the Website after any changes constitutes your acceptance of the updated policy.

14

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us:

Arctic Health

New York & San Francisco

Email: michael@arctic.health