Privacy Policy

This Privacy Policy explains how TalkDoc, Inc. (“TalkDoc,” “we,” “us,” or “our”) collects, uses, and shares information when you use the websites at talkdoc.com and related pages, our web or mobile applications, and any services we provide (collectively, the “Platform”).

TalkDoc operates the Platform. Clinical services are delivered by independently owned professional entities and licensed clinicians (“Providers”), sometimes referred to as “Talkdoc Health.” If you receive care from a Provider, that Provider’s HIPAA Notice of Privacy Practices (“NPP”) describes how your protected health information (“PHI”) is used and disclosed in the clinical context. This Privacy Policy covers our handling of information when we act outside of the Provider’s HIPAA role (for example, on our public website, in product analytics, or for your account administration).

For emergencies, do not use the Platform. Call 911 or use crisis resources listed on the site.

We collect the following categories of information, depending on how you use the Platform:

• Account & Identity Data (e.g., name, email or phone, date of birth, gender, address, emergency contact, and—if applicable—health plan or member ID).
• Eligibility & Payor Data (Medi-Cal/Medicaid or other payor details needed to verify benefits, coverage, authorizations, referrals, and claims).
• Care-Related Data (e.g., intake forms, clinical assessments, scheduling details, messages you send through the Platform). When used or kept by your Provider, this may be PHI governed by the Provider’s HIPAA NPP.
• TalkDoc AI Interactions (prompts and outputs you exchange with “TalkDoc AI”). TalkDoc AI offers general support and is not a substitute for professional care. Do not enter emergency information here.
• Device & Usage Data (e.g., IP address, approximate location, browser/device info, pages viewed, time/date, diagnostics, and logs).
• Communications Data (your preferences and the content of email/SMS/app notifications and support requests).
• Payment Data (limited billing details where applicable; most financial processing is handled by our payment processors).
• Third-Party Sources (e.g., payors verifying eligibility; service providers supporting identity, fraud, or security; or analytics processors).

• Provide, maintain, and improve the Platform; operate telehealth logistics; and support your account.
• Match you with Providers, verify eligibility/benefits, process claims or copays, and coordinate care.
• Operate safety, security, fraud prevention, and integrity programs.
• Conduct analytics and quality improvement, including de-identifying or aggregating data and publishing non-identifiable insights (e.g., outcomes trends).
• Develop and improve TalkDoc AI. We may use de-identified/aggregated AI interaction data to train and evaluate features, but not in a way intended to re-identify you.
• Comply with law, respond to lawful requests, and enforce our Terms and policies.
• Provide limited marketing about our services (e.g., service updates or new availability), consistent with your preferences and applicable law. We do not use or disclose your health information for targeted advertising.

We use cookies and similar technologies to operate core features, remember preferences, measure site usage, and improve performance. Your browser may let you block or delete cookies; some features may not work without them.

To protect sensitive health information, we do not allow third-party advertising pixels on pages or flows where you submit health information and we do not disclose PHI or sensitive mental-health details to third parties for advertising. You may also opt out of certain analytics where available.

“Do Not Track” signals: we currently do not respond to DNT signals. You can use the controls described above (and our state privacy choices below) to manage certain data uses.

• With Providers to enable care delivery, scheduling, documentation, and coordination. Provider use of PHI is governed by the Provider’s HIPAA NPP.
• With Payors (e.g., Medicaid/Medi-Cal) for eligibility, authorizations, billing, case management, and quality programs.
• With Service Providers (Processors) that host, support, and secure our systems; provide analytics; process payments; send communications; or support customer service—under contracts restricting their use to our instructions.
• For Safety, Security, and Legal Reasons (e.g., to comply with law, respond to lawful requests, or protect rights).
• Business Transfers (e.g., merger, acquisition). We will require the successor to honor this Policy or notify you of changes.

We do not sell your Personal Information and do not share it for cross-context behavioral advertising. We prohibit disclosure of health information for targeted advertising.

Depending on where you live, you may have the right to request access, correction, deletion, portability, to opt out of sale/sharing/targeted advertising, and to appeal a denied request. These rights generally apply to data we control in a non-HIPAA context (they do not apply to PHI held by Providers under HIPAA).

• California (CCPA/CPRA) and other U.S. comprehensive privacy states (e.g., CO, CT, VA, UT, OR, TX, MT, IA, DE, NJ): you may submit a request via the contact options below. We will verify and respond as required by law.
• Washington “My Health My Data” (MHMDA) and Nevada SB370 (Consumer Health Data): we obtain consent where required to collect, use, or disclose consumer health data; we do not geofence health facilities for advertising; and you may request access/deletion of consumer health data we control, subject to legal exceptions.

To exercise rights, please contact us using the methods below. If your request pertains to PHI in your clinical record, contact your Provider (their HIPAA NPP applies).

The Platform is not directed to children under 13, and we do not knowingly collect personal information from children under 13 without verifiable parental consent. Minors may use the Platform only with a parent or legal guardian’s consent and as permitted by law.

We retain information for as long as necessary to provide the Platform and for legitimate business needs (e.g., security, fraud prevention, accounting) and to comply with legal obligations. Providers may retain clinical records for the periods required by applicable law (often several years).

We implement administrative, technical, and physical safeguards designed to protect information (e.g., encryption in transit, access controls, and monitoring). No system can be guaranteed 100% secure. Where required, we will notify you of certain security incidents or breaches and take steps consistent with applicable law.

We operate in the United States and store data in the U.S. If you access the Platform from outside the U.S., you understand your information may be transferred to, stored, and processed in the U.S.

We may update this Policy from time to time. Material changes will be posted on this page with an updated “Last updated” date. If we intend to use your information in materially new ways, we will provide appropriate notice and choices.

Questions or requests about this Policy (or your privacy rights) can be submitted through your account or via the contact options on talkdoc.com. For clinical records (PHI), please contact your Provider directly.

For emergencies or immediate risks of harm, call 911. Do not use the Platform for emergencies.