Privacy Policy

Effective from Apr 17, 2026|Last updated Apr 17, 2026

1. Introduction

CodeClouds™ DBA AsterMD (“we”, “us”, “our”) provides an API-first, headless telehealth platform that enables healthcare organizations to build and deliver digital care experiences. We are committed to protecting the privacy and security of personal information, including Protected Health Information (“PHI”). This Privacy Policy explains how we collect, use, disclose, and safeguard information in connection with our platform (“Platform”).

2. Our Role (Important)

In most cases, we act as a Service Provider / Business Associate on behalf of healthcare organizations (“Customers”), who are the Covered Entities or Controllers of patient data.

We process personal information, including PHI, only on behalf of and under the instructions of our Customers, as governed by our agreements with them.

3. Information We Collect

a. Personal Information

  • Name, email address, phone number
  • Date of birth and demographic details
  • Account and authentication information

b. Protected Health Information (PHI) (Collected and processed on behalf of Customers)

  • Medical history, diagnoses, and treatment information
  • Consultation notes and clinical records
  • Prescriptions and care plans
  • Lab results and related health data

c. Technical & Usage Information

  • IP address, device identifiers, browser type
  • Log files, API requests, and system activity
  • Performance and diagnostic data

d. Integration Data

  • Information received via integrations (e.g., EHR systems, payment processors, identity providers)

4. How We Use Information

We use information to:

  • Provide, operate, and maintain the Platform
  • Enable telehealth workflows and API functionality
  • Process data on behalf of our Customers
  • Improve system performance, reliability, and security
  • Communicate service-related updates
  • Comply with applicable legal and regulatory obligations

We do not use PHI for marketing or sell personal information.

5. HIPAA Compliance

Where applicable, we comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and related regulations.

  • We act as a Business Associate when handling PHI
  • We enter into Business Associate Agreements (BAAs) with Covered Entities
  • We implement administrative, physical, and technical safeguards as required by HIPAA

6. Disclosure of Information

We may disclose information:

  • To our Customers (healthcare providers and organizations)
  • To authorized service providers (e.g., cloud hosting, infrastructure, analytics)
  • To integration partners as directed by the Customer
  • To comply with legal obligations, law enforcement requests, or regulatory requirements

All disclosures of PHI are made in accordance with HIPAA and applicable agreements.

7. Data Security

We implement industry-standard safeguards to protect information, including:

  • Encryption in transit and at rest
  • Role-based access controls
  • Secure authentication mechanisms
  • Continuous monitoring and audit logging

8. Data Retention

We retain information only as necessary to:

  • Provide services to our Customers
  • Fulfill contractual obligations
  • Comply with legal, regulatory, and healthcare record retention requirements

Retention of PHI is primarily determined by our Customers.

9. State Privacy Rights (e.g., California)

If you are a resident of certain U.S. states, including California, you may have rights under laws such as the California Consumer Privacy Act (CCPA/CPRA), including:

  • The right to know what personal information is collected
  • The right to request deletion of personal information
  • The right to correct inaccurate information
  • The right to opt out of the sale or sharing of personal information

We do not sell personal information.

Where we act as a Service Provider, we process requests on behalf of our Customers. You may need to contact your healthcare provider directly to exercise your rights.

10. Cookies & Tracking Technologies

We use cookies and similar technologies to:

  • Maintain session functionality
  • Improve performance and usability
  • Analyze platform usage

You can manage cookie preferences through your browser settings.

11. Children’s Privacy

Our Platform is not intended for direct use by children under 13 without appropriate authorization. We comply with the Children’s Online Privacy Protection Act (COPPA) where applicable.

12. Third-Party Services

Our Platform integrates with third-party systems. These third parties operate under their own privacy policies, and we are not responsible for their practices.

13. International Data Transfers

While our primary operations may be in the United States, data may be processed in other jurisdictions. We ensure appropriate safeguards are in place to protect personal information.

14. Changes to This Policy

We may update this Privacy Policy periodically. Updates will be posted with a revised “Last Updated” date.

Contact Information

For questions or privacy-related requests:

Company Name: CodeClouds™ DBA AsterMD
Email: privacy@astermd.com
Address: 299 Karaka Bay Road, Karaka Bays, Wellington 6022, New Zealand

We use cookies to personalize your experience and enhance our website. See our Privacy Policy to learn more.

Reject OptionalAccept All