Skip to main content
Black Sheep Health logoblacksheephealth.ai
Join Waitlist

Privacy Policy

Last Updated: January 2025

1. Our Commitment to Privacy and HIPAA Compliance

Black Sheep Health ("we," "us," or "our") is committed to protecting your privacy and health information. The MyHealthTwin platform is designed for HIPAA compliance with privacy as a core principle. This Privacy Policy explains how we collect, use, disclose, and safeguard your information.

Important Distinction: This policy covers both (1) marketing and waitlist information collected through our website, and (2) Protected Health Information (PHI) collected through the MyHealthTwin platform, which is subject to strict HIPAA regulations.

2. HIPAA Compliance for MyHealthTwin Platform

The MyHealthTwin platform is designed to meet HIPAA requirements for protecting health information. When you use MyHealthTwin as a patient or authorized user:

  • Protected Health Information (PHI): All health and medical data you provide is treated as PHI under HIPAA regulations
  • Encryption: Your PHI is encrypted both in transit (using TLS 1.3+) and at rest (using AES-256 encryption)
  • Access Controls: Strict role-based access controls ensure only authorized individuals can access your health information
  • Audit Logging: All access to PHI is logged and monitored for security and compliance purposes
  • Business Associate Agreements: All third-party service providers who handle PHI have signed HIPAA Business Associate Agreements
  • Minimum Necessary: We follow the principle of using only the minimum necessary PHI for each purpose

Your health information will never be sold or used for marketing purposes. You maintain full control over your health data and can request access, corrections, or deletion at any time.

3. Website and Marketing Data Collection

Waitlist and Contact Forms

When you sign up for our waitlist or contact us through our website, we collect:

  • Name, email address, phone number, and organization
  • Your areas of interest (e.g., children's health, aging parent care, wellness)
  • How you heard about us
  • Any additional information you choose to provide

This information is standard CRM (Customer Relationship Management) data and is NOT subject to HIPAA regulations. It is used solely for marketing communications, product updates, and waitlist management.

Website Analytics and Cookies

When you visit our website, we may automatically collect:

  • Device information and browser type
  • IP address and general location
  • Pages visited and usage patterns
  • Cookies for website functionality and analytics

You can control cookies through your browser settings. This website analytics data is separate from the MyHealthTwin platform.

4. How We Use Your Information

Protected Health Information (MyHealthTwin Platform)

PHI collected through the MyHealthTwin platform is used only for:

  • Providing you with health record management and insights
  • Sharing your health information with providers you authorize
  • Generating your personalized health analytics and recommendations
  • Complying with legal and regulatory requirements

Marketing and Website Data

Waitlist and website data is used to:

  • Send you product updates and early access information
  • Communicate about features relevant to your interests
  • Respond to your inquiries and provide support
  • Improve our website and services
  • Analyze marketing effectiveness

You can opt out of marketing communications at any time by clicking the unsubscribe link in any email or contacting us at privacy@blacksheephealth.ai.

5. Information Sharing and Disclosure

Protected Health Information

We will NEVER sell your health information. We only share PHI:

  • With Your Authorization: When you explicitly direct us to share your health information with specific providers, family members, or other authorized parties
  • For Treatment, Payment, and Healthcare Operations: As permitted under HIPAA for healthcare purposes
  • Service Providers Under BAA: With vendors who have signed Business Associate Agreements and handle PHI only as directed
  • Legal Requirements: When required by law, such as court orders or public health reporting

Marketing and Website Data

We do not sell your contact information. We may share marketing data with:

  • Email service providers for sending communications
  • Analytics providers to understand website usage
  • Customer support tools to respond to inquiries

6. Data Security

We implement comprehensive security measures to protect your information:

  • Encryption: Industry-standard encryption for data in transit and at rest
  • Security Assessments: Regular security testing and vulnerability assessments
  • Multi-Factor Authentication: Available for all user accounts
  • Access Controls: Strict limitations on who can access your information
  • Network Security: Firewalls and intrusion detection systems
  • Employee Training: Regular privacy and security training for all staff
  • Incident Response: Documented procedures for responding to security incidents
  • Data Backups: Regular encrypted backups to prevent data loss

We are committed to achieving SOC 2 Type II certification as we scale. In the unlikely event of a security incident affecting PHI, we will notify you and relevant authorities as required by HIPAA breach notification rules.

7. Your Privacy Rights

HIPAA Rights for MyHealthTwin Users

Under HIPAA, you have the right to:

  • Access: Obtain a copy of your health records within 30 days of your request
  • Amendment: Request corrections to your health information
  • Accounting of Disclosures: Receive a list of certain disclosures we have made of your PHI
  • Restrictions: Request restrictions on how we use or share your PHI
  • Confidential Communications: Request to receive communications in a specific way or location
  • Breach Notification: Be notified of any breach of your unsecured PHI

General Privacy Rights

For all users, including waitlist subscribers, you have the right to:

  • Access: Request access to the personal information we hold about you
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your personal information
  • Data Portability: Request a copy of your data in a portable format
  • Opt-Out: Unsubscribe from marketing communications at any time

To exercise any of these rights, contact us at privacy@blacksheephealth.ai.

8. Data Retention

Protected Health Information: We retain your health records in accordance with HIPAA requirements and applicable state laws, typically for a minimum of 6 years from the date of creation or last use, whichever is later. You may request deletion of your account and PHI at any time, subject to legal retention requirements.

Marketing Data: We retain waitlist and contact information until you request removal or unsubscribe from our communications.

9. Children's Health Information

MyHealthTwin can be used by parents and guardians to manage their children's health information. When used for children under 18, the parent or legal guardian maintains control over the child's health records and must provide authorization for any sharing or access. We comply with both HIPAA and COPPA (Children's Online Privacy Protection Act) requirements for children's information.

10. International Users and Data Transfers

MyHealthTwin is based in the United States and is designed to comply with U.S. healthcare privacy laws, including HIPAA. If you are accessing our services from outside the U.S., your information will be transferred to and stored in the United States. We implement appropriate safeguards to protect your information in accordance with this Privacy Policy and applicable law.

11. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the new Privacy Policy on this page with an updated "Last Updated" date. For material changes affecting how we handle PHI, we will provide direct notice to MyHealthTwin users as required by HIPAA.

12. Contact Us

If you have questions about this Privacy Policy, want to exercise your privacy rights, or need to report a concern:

  • Privacy Officer: privacy@blacksheephealth.ai
  • HIPAA Compliance: hipaa@blacksheephealth.ai
  • Website: blacksheephealth.ai

Notice of Privacy Practices: MyHealthTwin users will receive a detailed Notice of Privacy Practices upon registration, as required by HIPAA, which provides additional information about how we use and protect your health information.