Privacy Policy

Your Privacy Matters

We're committed to protecting your personal health information and being transparent about how we collect, use, and safeguard your data.

Last updated: January 15, 2026

Our Privacy Commitment

Distal is HIPAA-compliant and SOC 2 Type II certified. We never sell your personal health information.

HIPAA Compliant
SOC 2 Type II
No Data Selling

Contents

Information We Collect

We collect information you provide directly, including: - Personal identification information (name, email, phone number) - Health information related to your recovery journey - Device information and usage data - Communication preferences

We also automatically collect certain information when you use our services, including device type, operating system, and usage patterns to improve our service.

How We Use Your Information

Your information is used to:

  • Provide and personalize your recovery experience
  • Enable communication with caregivers and healthcare providers
  • Send important alerts and reminders
  • Improve our services and develop new features
  • Comply with legal obligations and healthcare regulations
  • Generate anonymized, aggregate analytics (never selling individual data)

Information Sharing

We share your information only with:

  • Healthcare providers involved in your care (with your consent)
  • Designated caregivers you authorize
  • Service providers who help us operate (bound by strict confidentiality)
  • When required by law or to protect safety

We never sell your personal health information to third parties for marketing purposes.

Data Security

We protect your data with:

  • 256-bit AES encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • Regular security audits and penetration testing
  • SOC 2 Type II certified infrastructure
  • HIPAA-compliant data handling procedures
  • Multi-factor authentication options

Data Retention

We retain your data for:

  • Active accounts: As long as your account remains active
  • Inactive accounts: 7 years after last activity (healthcare compliance)
  • Anonymized analytics: Indefinitely for service improvement

You can request data deletion at any time, subject to legal retention requirements.

Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate information
  • Request deletion of your data
  • Export your data in a portable format
  • Opt out of non-essential communications
  • Revoke caregiver or provider access at any time

Exercise these rights through your account settings or by contacting privacy@distal.health

Questions About Privacy?

Our Privacy Team is here to help. Contact us at privacy@distal.health

View Security OverviewCompliance Certifications