Privacy Policy

1. Who We Are

Quarterback Health ("QBH," "we," "us," or "our") operates the Quarterback Health platform at getquarterback.com and associated mobile applications. We provide a healthcare coordination service that helps you manage your providers, appointments, and health administration.

2. Information We Collect

We collect information you provide directly, including:

• Account information: name, email address, password, date of birth, phone number
• Health administration data: insurance provider and member ID, provider names and contact information, appointment dates and notes
• Care recipient information: names and relationships of people you manage care for
• Health documents: documents you upload for summarization (lab results, visit summaries, etc.)
• Survey responses: your answers during onboarding about health priorities

We also collect information from connected services you authorize:

• Bank transactions (via Plaid): healthcare-related transaction descriptions and dates to identify your providers. We do not access account balances, non-healthcare transactions, or financial account numbers.
• Calendar events (via Google/Outlook): appointment titles, dates, and times to match with your providers. We only read healthcare-related events.

3. Google Workspace API Limited Use

Quarterback Health’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

The use of raw or derived user data received from Workspace APIs will adhere to the Google User Data Policy, including the Limited Use requirements.

Specifically, calendar data we read from Google is used solely to identify and display your healthcare appointments inside Quarterback Health. We do not transfer this data to others, do not use it for advertising, do not allow humans to read it (except as required for security, abuse investigation, with your explicit consent, or where required by law), and do not use it to train generalized AI models.

4. How We Use Your Information

• Organize and display your healthcare providers, appointments, and care team
• Make AI-assisted phone calls to provider offices on your behalf to schedule appointments
• Provide personalized suggestions through Kate, our AI care coordinator
• Summarize health documents you upload
• Identify care gaps and recommend preventive care based on your age and health profile
• Send you notifications about upcoming appointments or action items

5. AI and Automated Processing

We use artificial intelligence services (including OpenAI) to power Kate's chat responses, summarize health documents, classify transactions, and generate care suggestions. When we send your information to AI providers, we use their API services with data protection agreements in place. Your data is not used to train AI models. We use AI for care coordination assistance only — Kate does not provide medical advice, diagnoses, or treatment recommendations.

6. AI Phone Calls

When you authorize it, our AI assistant Kate will call healthcare provider offices on your behalf to schedule, reschedule, or inquire about appointments. These calls are made using voice AI technology (via VAPI). Call transcripts and summaries are stored in your account. We only place calls during business hours (9 AM – 6 PM ET, Monday – Friday) and only to provider offices you have designated.

7. Data Storage and Security

Your account and provider data is stored in Supabase (cloud database) with encryption at rest. Health documents you upload are stored in AWS S3 with KMS encryption under pseudonymized identifiers — your real identity is not linked to stored files. All data transmission uses TLS encryption. We implement access controls, audit logging, and follow industry-standard security practices.

8. Data Sharing

We do not sell your personal information. We share data only with:

• Service providers: Supabase (database), OpenAI (AI processing), VAPI/Twilio (voice calls), Plaid (bank connections), Google (calendar), AWS (file storage) — each under data protection agreements
• Healthcare provider offices: your name, date of birth, insurance, and appointment preferences when Kate calls on your behalf
• Legal requirements: if required by law, court order, or governmental authority

We do not share your information with advertisers, data brokers, or any third parties for marketing purposes.

9. Your Rights

You have the right to:

• Access your personal information through your account settings
• Correct inaccurate information in your profile
• Delete your account and all associated data (Account page → "Delete my account")
• Disconnect linked services (bank, calendar) at any time
• Opt out of AI phone calls or specific features

California residents: Under the CCPA, you have additional rights including the right to know what personal information we collect, the right to request deletion, and the right to non-discrimination for exercising your rights.

10. Cookies and Analytics

We use Cookiebot for cookie consent management and Google Analytics for understanding how our service is used. Analytics data is only collected with your consent. We use Google Consent Mode v2, which means no tracking occurs until you grant permission. You can manage your cookie preferences at any time via the cookie banner.

11. Children's Privacy

Quarterback Health is not intended for individuals under 18 years of age. We do not knowingly collect information from children. If you believe a minor has provided us with personal information, please contact us and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the application. Your continued use of the service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or your data, contact us at:
Email: privacy@getquarterback.com
Website: getquarterback.com