Loa Care Privacy Policy
Last updated: Aug 1 2025
(This Policy is provided for informational purposes only and does not constitute legal advice. You should consult counsel licensed in your jurisdiction before relying on it.)
1. Scope and Overview
Greater Health, LLC ("Loa Care," "we," "our," or "us") provides a subscription web and mobile service that enables consumers to (i) connect health-insurance information, (ii) search for clinicians, (iii) compare self-pay versus insurance pricing, and (iv) generate and send e-mails or claims to providers on the consumer's behalf (the "Services").
This Privacy Policy explains what personal information we collect, how we use and share it, and the rights and choices available to you when you visit www.loacare.com or any site or app we operate (collectively, the "Site").
Because Loa Care handles insurance and pricing data, we comply with:
- HIPAA where we act as a "Business Associate" to a covered entity or process Protected Health Information ("PHI") at a user's direction;
- state consumer-privacy statutes in operation or taking effect in 2025—including California's CCPA/CPRA, Colorado CPA, Virginia CDPA, Utah UCPA, Connecticut DPA, and new 2025 statutes in Iowa, Delaware, Nebraska, New Hampshire, New Jersey, Tennessee, Minnesota and Maryland (effective dates throughout 2025) ketch.com;
- Washington's My Health My Data Act, which regulates "consumer health data" that falls outside HIPAA Washington State Attorney General;
- all applicable breach notification laws at federal and state levels.
If any provision in this Policy conflicts with a jurisdiction-specific notice below, the jurisdiction-specific notice controls for residents of that jurisdiction.
2. Information We Collect
| Category | Examples | Source |
|---|---|---|
| Identifiers | Name, postal address, e-mail, phone, account credentials | You |
| Insurance & Health-Related Data (may be PHI) | Plan name, member ID, deductible status, clinician choices, claim documents, communications with providers | You; Insurance APIs; Providers |
| Financial Information | Payment-card token, subscription tier, billing address | Stripe (our payment processor) |
| Internet / Device Data | IP address, device ID, browser type, session logs, cookies, pixels | Automated collection |
| Communications | Messages you send to Loa Care or that we send on your behalf to providers | You; Providers |
| Inferences | Estimated cost savings, eligibility for self-pay | Derived from other data |
We do not knowingly collect information from children under 13.
Consent for Data Collection: We only collect personal data, including health information from external sources (such as insurance APIs), with your explicit consent. When connecting to external data sources, we will continue to collect new data as it becomes available unless you revoke consent through your account settings.
3. How We Use Your Information
- Provide the Services (e.g., authenticate you, fetch insurance benefits, generate pricing e-mails, prepare claim forms).
- Facilitate payment and manage subscriptions.
- Analyze and improve our Site, train models, and develop new features (using aggregated or de-identified data where feasible).
- Comply with law (HIPAA, state privacy laws, consumer-protection statutes, accounting rules, law-enforcement requests).
- Secure our systems, prevent fraud, and enforce our Terms.
- Communicate with you (transactional messages, product updates, limited marketing with opt-out).
We will not use your personal data or de-identified information for purposes beyond those listed above without your consent. We will obtain separate consent before using your data to market third-party goods or services.
Where the EU/UK GDPR applies, our legal bases are: performance of a contract, legitimate interests, consent, and legal obligation, as appropriate.
4. How We Share Information
| Recipient | Purpose / Safeguards |
|---|---|
| Healthcare Providers | We e-mail or fax clinicians you choose in order to request self-pay quotes, schedule appointments, or submit superbills. Messages include only the minimum data required. |
| Insurance Networks & Clearinghouses | To verify coverage and transmit claims. |
| Service Providers & Sub-Processors | Cloud hosting, storage, analytics, customer-support, e-mail delivery, payment processing. All are contractually obligated to follow this Privacy Policy and bound by written agreements requiring confidentiality, robust security, and (where applicable) HIPAA Business-Associate obligations. |
| Corporate Transactions | If we merge, acquire, or sell assets, data may transfer subject to this Policy. In the event of business closure, we will provide notice and options for data deletion or transfer. Any successor entity will be bound by this Policy for previously collected data. |
| Legal & Safety | Government, regulators, courts, or others when required or permitted by law or to protect rights, safety, or property. |
| Aggregated / De-identified Data | Used for benchmarking, research, or product development. We prohibit downstream re-identification. |
We never sell your PHI or other sensitive data. We do not enable third-party advertising cookies unless you opt-in.
Consent for Disclosures: We will obtain your informed, proactive consent before sharing your data with third parties except where disclosure is permitted without consent (such as to service providers under confidentiality agreements, as required by law, or in connection with business transfers as described above). We will obtain separate consent if the purpose of any disclosure is to facilitate marketing of goods or services to you.
5. State-Specific Rights
Residents of California, Colorado, Connecticut, Utah, Virginia, Washington, and the eight additional states with privacy laws effective in 2025 have rights to:
- access or port their personal information;
- correct inaccuracies;
- delete certain data;
- opt-out of targeted advertising, data sales, or certain profiling;
- appeal denials of requests.
You (or an authorized agent) may submit a verifiable request to privacy@loacare.com or through the in-app privacy center. We will honor a global privacy-control ("GPC") browser signal as an opt-out of "sale"/"share" where required.
6. Washington My Health My Data Act Notice
For Washington consumers, we process "consumer health data" for the limited purposes described in Section 3, obtain opt-in consent at sign-up, and will not geofence or use location around reproductive-health facilities for targeted advertising Reuters. We provide a dedicated deletion portal and a list of third parties that receive your consumer health data upon request within 45 days.
7. Cookies & Similar Technologies
We use first-party cookies for authentication and fraud prevention. Analytics cookies are deployed only after you consent via our Cookie Banner. You can manage cookies in your browser or via the in-app settings.
8. Data Retention
- Account Data & PHI: kept for the life of your account plus 7 years (standard healthcare claims retention) unless a longer period is required by law or requested by you.
- Payment records: kept for at least 7 years under tax law.
- Logs & device data: kept for 24 months then aggregated or deleted.
9. Security
We follow NIST SP 800-53 moderate controls, encrypt PHI and payment data in transit (TLS 1.3) and at rest (AES-256), separate production and staging, and perform annual SOC 2 Type II and HIPAA audits. We use provider portal credentials compliant with SMART on FHIR standards and implement digital identity credentials that meet NIST Assurance Level 2. Our workforce receives regular training on compliance with data practices and privacy requirements. No method of transmission is 100% secure, but we strive to mitigate foreseeable risks with administrative, technical, and physical safeguards.
10. International Transfers
Loa Care is based in the United States. If you are located abroad, we rely on the EU-US Data Privacy Framework or Standard Contractual Clauses (SCCs) for cross-border transfers, coupled with transfer-impact assessments.
11. Your Choices
- Update or delete data via the Account dashboard.
- Opt-out of marketing e-mails by clicking "unsubscribe."
- Disable analytics cookies in Settings.
- Close your account to trigger deletion of remaining personal data (subject to retention exceptions). Note that deletion may not be feasible where we have legal obligations to retain data, ongoing transactions, or legitimate business needs such as fraud prevention.
12. Children's Privacy
The Services are not directed to children under 13, and we do not knowingly collect their data. If we learn we have done so, we will delete it promptly.
13. Changes to This Policy
We will post any material change here and update the "Last updated" date. If changes reduce your rights, we will notify you by e-mail or prominent in-app notice at least 30 days before they take effect, and provide you with the option to re-affirm consent or withdraw consent. If you withdraw consent, we will delete your data subject to retention requirements, or provide options to export your data.
14. Privacy Education Resources
We provide educational resources in our Help Center to help you understand our data practices and steps you can take to protect your privacy and the confidentiality of your personal health data. These include guides on managing your privacy settings, understanding data sharing, and securing your account.
15. Contact Us
Greater Health, LLCAttn: Privacy Officer
156 Clinton Street
Brooklyn, NY 11201, USA
privacy@loacare.com
+1 (443) 983-8199
16. Supplemental California "Notice at Collection"
We collect the categories of personal information listed in Section 2 for the purposes described in Section 3. We do not "sell" or "share" (for cross-context behavioral advertising) your personal information. You have the right to request deletion, correction, or access, and to opt-out of any sale/share, as detailed in Section 5. We do not discriminate against you for exercising CCPA rights.