TeleCurbMD Privacy Policy

Last Updated: June 16, 2026

1. Introduction

This Privacy Policy describes how TeleCurbMD Management LLC, a Delaware limited liability company ("TeleCurbMD," "we," "us," or "our"), collects, uses, discloses, and protects personal information in connection with our websites, including telecurbmd.com (the "Site"), and our physician-to-physician consultation platform and related services (collectively, the "Services").

This Privacy Policy applies to personal information we collect from visitors to the Site and from authorized users of the Services. By accessing or using the Site or the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this Privacy Policy, do not use the Site or the Services. This Privacy Policy is incorporated into our Terms of Service.

2. Protected Health Information

This section describes the most important thing to understand about our privacy practices.

The Services are used by healthcare professionals to exchange clinical information about their patients. Patient information processed through the Services is protected health information ("PHI") governed by the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations, as amended ("HIPAA"). We process PHI on behalf of participating healthcare organizations under HIPAA and executed business associate agreements ("BAAs").

The use and disclosure of PHI are governed by HIPAA and the applicable BAAs, not by this Privacy Policy. This Privacy Policy governs the other categories of personal information described below, such as account information, professional information, website visitor information, and usage data. If you are a patient and have questions about how your health information is handled, please contact your healthcare provider, who maintains your medical record.

3. A Platform for Healthcare Professionals

The Services are designed for licensed healthcare professionals and authorized personnel of participating healthcare organizations. Patients are not users of the Services, and the Services provide no patient-facing features. We do not collect health information from individuals about themselves, and we do not offer consumer-facing health tools, assessments, or trackers. Patient information is processed exclusively as PHI under HIPAA and the applicable BAAs as described in Section 2.

4. Information We Collect

4.1 Information You Provide to Us

• Account and registration information: name, email address, telephone number, professional role, and login credentials.
• Professional information: specialty, board certification, licensure information, and organizational affiliation, where applicable to your role.
• Communications: information you provide when you contact us, request information through the Site, or submit a support request. Support requests submitted through the Services are handled within our compliance framework and may contain PHI; PHI in support communications is governed by HIPAA and the applicable BAAs as described in Section 2.

4.2 Information We Receive from Participating Organizations

If you access the Services through a participating healthcare organization, we may receive information about you from that organization, such as your name, email address, professional role, and authorization to use the Services.

4.3 Information We Collect Automatically

When you use the Site or the Services, we automatically collect certain information about your device and activity, such as IP address, browser type, operating system, access times, pages viewed, and actions taken within the Services. Activity within the Services is logged for security, compliance, and quality assurance purposes. We do not collect precise geolocation data.

4.4 Mobile Image Capture

Where the Services support capturing images from a mobile device, images are encrypted in transit immediately upon capture and are not stored on the device or in the device's photo library by the Services.

5. Cookies and Tracking Technologies

5.1 Marketing Website

Our public marketing website uses cookies and analytics services, such as Google Analytics, to understand how visitors use the Site. We do not use advertising or remarketing pixels on the Site. You can manage cookie preferences through the cookie banner presented on the Site and through your browser settings. The use of information collected by third-party analytics providers is governed by their respective privacy policies.

5.2 The Platform

The authenticated platform contains no third-party advertising or marketing tracking technologies.

Within the authenticated Services, we use only the cookies and similar technologies necessary to operate the Services, such as session management, authentication, and security. We do not permit third-party advertising or analytics trackers within the authenticated Services.

5.3 Do Not Track

Some browsers transmit "Do Not Track" signals. We do not currently respond to Do Not Track signals. We do not sell personal information or share it for cross-context behavioral advertising, as described in Section 7.

6. How We Use Information

• To provide, operate, secure, and maintain the Site and the Services;
• To create and administer accounts and authenticate users;
• To send transactional communications, including account-related notices, consultation activity notifications, and operational reminders, by email and text message in accordance with your notification preferences and our Terms of Service;
• To respond to inquiries and provide support;
• To monitor, audit, and log activity for security, compliance, and quality assurance purposes;
• To analyze usage and improve the Site and the Services, including through the use of aggregated or de-identified information;
• To send marketing communications about our services to business contacts, with the ability to opt out at any time;
• To comply with legal obligations and enforce our agreements; and
• For any other purpose disclosed to you at the time of collection or with your consent.

Information that has been de-identified in accordance with applicable law, including HIPAA where applicable, may be used for product improvement, analytics, research, and development. We do not use PHI to train artificial intelligence models; model development uses only information that has been de-identified in accordance with HIPAA.

7. How We Share Information

We do not sell personal information, and we do not share personal information with third parties for cross-context behavioral advertising. We may share personal information in the following circumstances:

• Service providers: vendors that perform services on our behalf, such as cloud infrastructure providers (including Google Cloud), communications providers that deliver email and text messages, analytics providers for the marketing website, artificial intelligence service providers operating under BAAs where their services involve PHI, and support ticketing providers operating under BAAs. Service providers are permitted to use personal information only to perform services for us;
• Affiliated professional entity and participating organizations: our affiliated professional entity in connection with the Services, and, if you access the Services through a participating healthcare organization, that organization and its authorized administrators, who can see information about your account and activity within the organization;
• Other authorized users: certain information, such as the name, specialty, and credentials of responding specialists, is displayed to authorized users as part of the Services;
• Corporate transactions: in connection with a merger, acquisition, financing, reorganization, or sale of all or part of our business or assets, personal information may be among the transferred assets;
• Legal requirements: to comply with applicable law, legal process, or governmental requests; to enforce our agreements; or to protect the rights, property, safety, or security of TeleCurbMD, our users, or others; and
• With your consent or at your direction.

We may disclose aggregated or de-identified information that does not identify any individual without restriction, in accordance with applicable law.

8. Text Messaging

If you opt in to receive text messages, we use your mobile telephone number to send the transactional messages described in our Terms of Service. We do not send marketing text messages; SMS is used solely for transactional and operational platform notifications. All the above categories of sharing exclude text messaging originator opt-in data and consent; this information will not be shared with, sold to, or purchased by any third parties or affiliates for marketing or promotional purposes. You may opt out of text messages at any time by replying STOP, and you may reply HELP or contact support@telecurbmd.com for assistance. Message and data rates may apply.

9. Data Security

We maintain administrative, technical, and physical safeguards designed to protect personal information, including encryption of data in transit and at rest, role-based access controls, audit logging, and session management. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your login credentials and for promptly notifying us of any suspected unauthorized use of your account.

10. Data Retention

We retain personal information for as long as necessary to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements. Account and usage information is retained for the duration of your account and for a reasonable period thereafter as required for the purposes described above.

Clinical consultation records created through the Services are clinical records that form part of the patient's medical record maintained by the relevant healthcare organization. These records are retained in accordance with applicable law, professional record retention obligations, and our agreements with participating organizations, and they cannot be deleted at the request of an individual user.

11. Your Choices

• Account information: you may review and update your account information through your account settings. Changes to your account email address require verification;
• Notification preferences: you may manage email and text notification preferences in your account settings, subject to the operational notification requirements described in our Terms of Service;
• Marketing communications: you may opt out of marketing emails at any time by using the unsubscribe link in those communications or by contacting privacy@telecurbmd.com. We will continue to send transactional and operational communications as needed to provide the Services; and
• Cookies: you may manage cookie preferences on the marketing website through the cookie banner and your browser settings.

12. State Privacy Rights

12.1 California

This section applies to California residents and is provided in accordance with the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA"), to the extent applicable. This section serves as our Notice at Collection for California residents to the extent applicable. In the preceding 12 months, we have collected the categories of personal information identified in the table below. We collect personal information from the sources described in Section 4 and use it for the purposes described in Section 6. We disclose personal information for business purposes to the categories of recipients described in Section 7. We do not sell personal information and have not sold personal information in the preceding 12 months. We do not share personal information for cross-context behavioral advertising. We do not use or disclose sensitive personal information for purposes other than those permitted under the CCPA. We do not knowingly collect or sell the personal information of minors.

Category of Personal Information

Collected

Identifiers (e.g., name, email address, telephone number, IP address, account username) - Yes

Personal information described in Cal. Civ. Code Section 1798.80(e) (e.g., name, contact information) - Yes

Characteristics of protected classifications under California or federal law - No

Commercial information (e.g., purchasing histories) - No

Biometric information - No

Internet or other electronic network activity information (e.g., log data, usage data, interactions with the Services) - Yes

Geolocation data (general location inferred from IP address only; no precise geolocation) - Yes (general only)

Audio, electronic, visual, or similar information - No

Professional or employment-related information (e.g., professional role, specialty, credentials, organizational affiliation) - Yes

Education information (as defined in FERPA) - No

Inferences drawn from the above to create a profile - No

Sensitive personal information (account log-in credentials, used solely to authenticate and secure your account) - Yes (credentials only)

Subject to certain exceptions, California residents have the right to: (a) know the categories and specific pieces of personal information we have collected about them, the categories of sources, the purposes for collection, and the categories of third parties to whom personal information is disclosed; (b) request deletion of personal information; (c) request correction of inaccurate personal information; (d) opt out of the sale or sharing of personal information (we do not sell or share personal information as defined by the CCPA); (e) limit the use of sensitive personal information (we use sensitive personal information only for purposes permitted under the CCPA); and (f) not receive discriminatory treatment for exercising these rights.

To exercise these rights, contact us at privacy@telecurbmd.com. We will verify your request using the information associated with your account or other information you provide. You may use an authorized agent to submit a request on your behalf, subject to verification. Please note that the rights described in this section do not apply to PHI, which is governed by HIPAA as described in Section 2, or to clinical consultation records, which are retained as described in Section 10.

12.2 Other States

Residents of other states may have rights under their state's privacy laws. To submit a question or exercise a right under an applicable state privacy law, contact us at privacy@telecurbmd.com.

13. Children

The Site and the Services are not directed to children, and we do not knowingly collect personal information from anyone under 18 years of age. Access to the Services is restricted to authorized professional users. If you believe we have collected personal information from a child, please contact us at privacy@telecurbmd.com and we will delete it.

14. International Users

The Site and the Services are operated from the United States and are intended for use in the United States only. If you access the Site or the Services from outside the United States, you understand that your information will be transferred to, stored, and processed in the United States, where privacy laws may differ from those of your jurisdiction.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice by posting the updated Privacy Policy on the Site, updating the "Last Updated" date above, and, where appropriate, notifying you by email or through the Services. Your continued use of the Site or the Services after the effective date of an updated Privacy Policy constitutes your acceptance of the changes.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, contact us at:

TeleCurbMD Management LLC

Attn: Privacy

10880 Wilshire Blvd, Suite 1101

Los Angeles, CA 90024

privacy@telecurbmd.com

‍