Legal

Privacy Policy

Last updated: 28 April 2026

Introduction

Compound Health, Inc. ("Compound Health", "we", "us", or "our") is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, who we share it with, and the rights you hold in relation to that data.

By using our website, platform, or services (collectively, the "Services"), you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of our Services.

Information we collect

We collect information you provide directly, information generated through your use of the Services, and information received from third parties.

Information you provide:

  • Identity data: full name, date of birth, gender
  • Contact data: email address, telephone number, postal address
  • Health and medical data: biomarker results, diagnostic reports, clinical assessments, wearable data, medical history, and health goals
  • Financial relationship data: name of your wealth advisor or advisory firm and the nature of that advisory relationship
  • Communications: inquiries, support requests, and correspondence with us

Information collected automatically:

  • Device and browser identifiers, IP address, operating system, and browser type
  • Usage data: pages visited, features used, time spent, and interaction logs
  • Cookies and similar tracking technologies (see our Cookie section below)

How we use your information

We process your personal data for the following purposes:

  • To provide, maintain, and improve our Services and clinical coordination
  • To communicate with you about your membership, appointments, and health protocols
  • To facilitate secure data sharing with your authorized clinical partners and advisory firm
  • To comply with applicable legal and regulatory obligations
  • To detect, prevent, and address fraud, security incidents, or technical issues
  • To conduct anonymized or aggregated analysis for service improvement

We do not use your health data for advertising, and we do not sell your personal information to any third party.

Health data and sensitive information

Health and medical data is classified as sensitive personal information under applicable privacy law. We apply heightened protections to this data, including encryption at rest and in transit, strict access controls, and contractual obligations on all third parties who may process it on our behalf.

We will only share your health data with your designated clinical partners, your wealth advisor or advisory firm (to the extent you have authorized this in your membership agreement), and any party required by law.

Sharing and disclosure

We do not sell, rent, or trade your personal information. We may share data in the following limited circumstances:

  • Clinical partners: Vetted clinical facilities receive only the data necessary to deliver your care
  • Wealth advisors: With your explicit consent, relevant health summary data may be shared with your advisory firm to support integrated financial and health planning
  • Service providers: Trusted sub-processors who support our infrastructure (cloud hosting, payment processing, communications) under binding data processing agreements
  • Legal obligations: Regulatory authorities, law enforcement, or courts where required by applicable law
  • Business transfers: In the context of a merger, acquisition, or sale of assets, subject to the same privacy protections

Data retention

We retain your personal data for as long as your membership is active and for a reasonable period thereafter, or as required by applicable law. Health records are retained in accordance with applicable medical record retention obligations in your jurisdiction. You may request deletion of your data at any time, subject to any legal retention obligations.

Your rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data ("right to erasure")
  • Restrict or object to certain processing activities
  • Data portability: receive a copy of your data in a structured, machine-readable format
  • Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at privacy@compoundhealth.io. We will respond within 30 days.

Cookies

We use essential cookies to operate the Services, and optional analytical cookies to understand how users interact with our platform. You may disable non-essential cookies through your browser settings. Doing so will not affect core functionality.

International transfers

Your data may be processed in countries outside your own. Where we transfer data internationally, we ensure appropriate safeguards are in place, including standard contractual clauses approved by relevant regulators, to protect your information to the same standard as required in your jurisdiction.

Security

We implement industry-standard technical and organizational measures to protect your personal information against unauthorized access, loss, or disclosure. These include end-to-end encryption, role-based access controls, regular security audits, and staff training. No method of transmission over the internet is entirely secure; we cannot guarantee absolute security, but we are committed to minimizing risk.

Children

Our Services are not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected such information, please contact us immediately.

Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated to members via email or a prominent notice within the platform. Continued use of the Services after any update constitutes your acceptance of the revised policy.

Contact us

For questions about this policy or to exercise your rights, please contact our Privacy Team at privacy@compoundhealth.io.