Gyde Health Privacy Policy

Effective Date: October 1, 2025

Last Updated: October 1, 2025

Gyde Health, Inc. ("Gyde Health," "we," "our," or "us") is committed to protecting the privacy and security of your information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, including our website, mobile tools, AI virtual assistant (“Gyde"), and communications with licensed brokers affiliated with Gyde Health. By using our services, you acknowledge and agree to the privacy practices described in this policy.

1. Information We Collect

We may collect the following categories of information:
- Personal Information / PII: Name, address, date of birth, phone number, email address, Social Security number, Medicare ID, and other identifiers.
- Protected Health Information / PHI: Information about your health coverage, eligibility, and enrollment through Medicare, Medicaid, ACA Exchanges, or private health plans.
- Usage Information: Device information, browser type, IP address, and interaction data with our website or digital tools.
- Communications Data: Emails, calls, texts, or chats with Gyde Health brokers or our AI assistant.

2. How We Use Your Information

We use your information to:
- Help you apply for, renew, or manage health coverage through Medicare, ACA Exchanges, or other health plans.
- Provide reminders, scheduling, and support services.
- Comply with CMS, HIPAA, and state law requirements.
- Improve our services, including our AI assistant.
- Communicate with you about your account, benefits, or required notices.
- Send educational or marketing communications (with required consent).

We will not use your information for any purpose not permitted by law.

3. Legal Basis and Compliance

Gyde Health complies with:
- HIPAA & HITECH: As a Business Associate, we safeguard PHI as required under 45 C.F.R. §§164.308, 164.310, 164.312.
- CMS Requirements: We follow Medicare Marketing Guidelines, ACA Exchange rules, and maintain records for 10 years as required under 42 C.F.R. §§422.504(d), 423.505(d).
- State Privacy Laws: Including but not limited to CA CPRA, CO CPA, CTDPA, VA VCDPA, UT UCPA, NV NRS 603A, WA My Health My Data Act, MA 201 CMR 17.00, NY DFS 23 NYCRR 500, and IL PIPA.

In addition to the rights described elsewhere in this Privacy Policy, residents of certain U.S. states have specific privacy rights under state law. These rights generally apply to personal information that is not regulated as Protected Health Information (PHI) under HIPAA.
Depending on your state of residence, you may have the right to:

Access: Request confirmation that we process your personal information and access a copy of it.
Correction: Request that we correct inaccuracies in your personal information.
Deletion: Request that we delete personal information we have collected, subject to certain legal exceptions.
Portability: Obtain a copy of your personal information in a portable format.
Opt-Out: Direct us not to process your personal information for targeted advertising, the sale of personal information, or profiling that produces legal or similarly significant effects.
Limit Use of Sensitive Data: Where required by law, request that we limit our use of sensitive personal information.

Appeals

Some states (including Virginia, Colorado, Connecticut, and others) give you the right to appeal our decision if we decline to take action on your request. Instructions for how to appeal will be provided in our response.

No Discrimination

We will not discriminate against you for exercising your privacy rights under state law. Residents of these states may exercise their rights as described in Section 8 below.

4. How We Share Information

We may share information only as permitted by law:
- With licensed brokers and agents to help you review and enroll in coverage.
- With CMS, state Exchanges, or carriers as part of your enrollment.
- With service providers and subcontractors under Business Associate Agreements (BAAs) or Data Processing Agreements (DPAs).
- When required by law, regulation, or legal process.
- With your consent.

We do not sell your personal information.

5. Your Choices

- Marketing Communications:
You may opt-out of non-essential emails by clicking “unsubscribe" at the bottom of any message.
- Text Messages (TCPA Compliance): By providing your phone number, you consent to receive texts about your enrollment. You may opt-out at any time by replying STOP. Message and data rates may apply.
- Cookies/Tracking: You can manage cookies through your browser settings.

6. Your Rights

Depending on your state of residence, you may have the right to:
- Access a copy of the personal information we hold about you.
- Access and update your information securely through authenticated access to our systems.
- Request correction or deletion of your personal information
- Opt-out of the sale or sharing of personal information (we do not sell data, but honor these rights).
- Limit the use of sensitive personal information.
- Receive information about how we collect and use your data.

Privacy inquiries and rights requests are logged, tracked, and retained to ensure compliance. To exercise your rights, see Section 8.

7. Security

We use administrative, technical, and physical safeguards to protect your information, including:
- Encryption in transit (TLS 1.2/1.3) and at rest.
- Role-based access controls and MFA.
- Continuous monitoring and logging.
- Vendor oversight under BAAs/DPAs.

While no system can be guaranteed 100% secure, Gyde Health is committed to meeting HIPAA, CMS, and state cybersecurity requirements.

8. How to Exercise Your Rights

To exercise privacy rights under HIPAA, CMS, or state laws (CCPA, CPA, CTDPA, VCDPA, UCPA, etc.):
- Email: privacy@gydehealth.ai
- Mail: Privacy Officer, Gyde Health, 3920 Greystone Dr, Austin, TX 78731
- Phone: (855) 512-9128

All privacy inquiries and requests are tracked to ensure compliance and timely responses. We will verify your identity before processing requests. California residents may designate an authorized agent. The Privacy Officer is the designated point of contact for all privacy-related concerns.

9. Retention

We retain personal and health information for as long as required by law. For Medicare and ACA broker records, retention is 10 years from the date of creation or the date last in effect, whichever is later.

10. Children’s Privacy

We do not knowingly collect information from children under 13 without parental consent.

11. Changes to this Policy

We may update this Privacy Policy from time to time. Updates will be posted on this page with a new effective date. Continued use of our services after updates constitutes acknowledgment of the revised practices.

12. Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or our privacy practices, please contact:
Privacy Officer
Gyde Health
Email: privacy@gydehealth.ai
Phone: (855) 512-9128
Mail: 3920 Greystone Dr, Austin, TX 78731

You may also contact:
- U.S. Department of Health & Human Services, Office for Civil Rights (OCR) for HIPAA complaints.
- CMS for Medicare or ACA Exchange data complaints.
- Your state Attorney General for state privacy rights.

California Residents: Your Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), gives you specific rights regarding your personal information that is not otherwise protected health information (PHI) under HIPAA.

Categories of Personal Information We May Collect (non-PHI):

Identifiers: name, email, phone number, IP address, device ID.
Internet or network activity: browsing history, interactions with our website or tools.
Commercial information: records of services you considered or requested.
Geolocation data: if enabled by your device or browser.
Inferences drawn from the above to improve our services.

Purposes of Collection and Use:

To provide services you request (such as scheduling or enrollment assistance).
To improve our website and digital tools.
To send communications (with your consent).
To comply with applicable laws and regulations.

Disclosure of Personal Information:

We may share personal information with service providers and contractors (such as cloud hosting, scheduling, or analytics providers) under written agreements that limit their use of the data. We do not sell personal information.

Your Rights Under CCPA/CPRA:

California residents have the right to:
Know what categories of personal information we collect, use, and disclose.
Access and request a copy of your personal information.
Correct inaccurate personal information.
Request deletion of your personal information, subject to certain exceptions.
Opt-out of the sale or sharing of personal information (Gyde Health does not sell data).
Limit the use of sensitive personal information.
Not be discriminated against for exercising these rights.

How to Exercise Your Rights:

You or your authorized agent may submit a request by contacting us:
Email: privacy@gydehealth.ai
Phone: (855) 512-9128
Mail: Privacy Officer, Gyde Health, 3920 Greystone Dr, Austin, TX 78731

We will verify your identity before processing requests and respond within the timeframes required by law.

Notice at Collection (California Residents)

When you submit your information on our website or to our brokers, we collect the personal information described above for the purposes disclosed in this Privacy Policy.

By providing your information, you acknowledge that it may be used for scheduling, enrollment, renewal, or customer service purposes, and in compliance with HIPAA, CMS, and state privacy laws.

You can read the full Privacy Policy above.

We’re building the first AI-native health insurance brokerage. Our approach pairs a world class team with agentic AI technology and capital investment to create radical upside that leaves a legacy for future generations.

Results and performance outcomes vary by organization and implementation. Actual results may differ.

Privacy PolicyFor California ResidentsTerms of ServiceContact us

© 2025 Gyde. All rights reserved.