Privacy Policy

Last Updated: January 2026

This Privacy Policy describes how SonarMD, Inc. and its affiliated entities (“SonarMD,” “we,” “us,” or “our”) collect, use, and protect personal data in connection with our websites, applications, and related technologies (collectively, the “Products and Services”). This Privacy Policy is intended to accurately reflect the actual functionality of our Products and Services and SonarMD’s role as a clinical and care support service operating within the U.S. healthcare system.

By accessing or using the Products and Services, you acknowledge that you have read and understood this Privacy Policy.

1. Scope and Role of SonarMD

SonarMD provides technology-enabled clinical and care support services on behalf of licensed healthcare providers, health systems, and health plans (collectively, “Clients”). Our Products and Services are designed to support care coordination, patient engagement, and clinical workflows by enabling the secure collection, presentation, and exchange of care-related information.

SonarMD is not a healthcare provider and does not practice medicine, diagnose conditions, prescribe treatment, or make independent clinical decisions. Licensed healthcare providers remain solely responsible for all medical judgment, diagnosis, treatment decisions, and care plans. SonarMD does not establish a provider–patient relationship with individuals who use the Products and Services.

For most Products and Services, including the mobile application, SonarMD acts as a Business Associate (as defined under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”)) to the healthcare provider or organization responsible for an individual’s care. Personal data is processed solely to support treatment, care coordination, healthcare operations, and related administrative functions permitted by applicable law.

2. Eligibility and Intended Users

SonarMD offers multiple products and services with different age eligibility requirements.

Mobile Application.

SonarMD’s mobile application (the “Mobile App”) is intended exclusively for individuals eighteen (18) years of age or older who are residents of the United States and are physically located within the United States at the time of use. Individuals under 18 may not access or use the Mobile App.

All Other Products and Services.

All SonarMD products and services other than the Mobile App are intended for individuals thirteen (13) years of age or older who are residents of the United States and are physically located within the United States at the time of use. Users between the ages of 13 and 17 may use these products and services only with the consent of a parent or legal guardian.

SonarMD does not knowingly collect personal data from children under the age of 13. If SonarMD becomes aware that personal data from a child under 13 has been collected, such data will be deleted promptly in accordance with applicable law. If SonarMD becomes aware that personal data from an individual under 18 has been collected in connection with the Mobile App, such data will likewise be deleted.

Reports regarding underage data collection may be sent to info@sonarmd.com.

3. Personal Data We Process

3.1 Categories of Personal Data

Depending on the Product or Service and the role of the user, SonarMD may process the following categories of personal data:

  • Identifiers such as name, date of birth, contact information, and internal identifiers assigned by a healthcare provider or health plan
  • Limited device and application metadata necessary to operate the mobile application (e.g., operating system version, app version)
  • Patient-reported responses, including self-reported symptoms, survey data, and longitudinal wellness or care-related inputs
  • Health and wellness metrics made available through patient-authorized integrations, which may include activity data (such as step counts), sleep indicators, heart rate, and heart rate variability (HRV)
  • Communications metadata related to system-generated notifications (e.g., message delivery status)

Health and wellness metrics and patient-reported data are used solely to support the individual’s clinical care, care coordination, and provider-facing insights. SonarMD does not use such data for advertising, marketing, behavioral profiling, or unrelated analytics.

SonarMD does not collect or store passwords for patient-facing Products and Services, including the mobile application. Patient authentication is performed using secure, passwordless mechanisms such as one-time passcodes or multi-factor verification. Password-based authentication may be used for internal or provider-facing web applications accessed by authorized care coordinators, which are governed by separate access controls and security policies.

3.2 Source of Personal Data

In most cases, personal data is provisioned to SonarMD by the healthcare provider or health plan responsible for the individual’s care. Users generally do not create consumer-style accounts or submit baseline identity data directly; instead, they securely access information that has already been established within their provider’s systems. Additional data may be generated when individuals choose to submit responses or interact with care-related tools made available through the Products and Services.

4. Use of Personal Data

SonarMD processes personal data only as necessary to provide the Products and Services, including to:

  • Enable patient access to care-related tools, insights, and visualizations
  • Support care coordination and clinical workflows directed by licensed providers
  • Facilitate the administration of clinically oriented assessments and support tools
  • Generate provider-facing alerts, summaries, and care support signals
  • Operate, maintain, secure, and improve the reliability of the Products and Services
  • Comply with legal, regulatory, and contractual obligations

Personal data is not used for advertising, marketing, lead generation, monetization, or cross-context behavioral tracking. SonarMD does not sell personal data. While patient participation and engagement may be relevant to evaluating the effectiveness of care coordination services and demonstrating value in payer-sponsored healthcare arrangements, SonarMD does not monetize personal data or patient engagement itself.

5. Disclosure of Personal Data

SonarMD discloses personal data only as necessary to perform the Services and only to:

  • The healthcare providers, health systems, or health plans responsible for the individual’s care
  • Authorized service providers that support SonarMD’s infrastructure under contractual confidentiality, security, and data protection obligations
  • Government authorities or other parties where disclosure is required by applicable law

Personal data disclosures are integral to care coordination and healthcare operations and cannot be opted out of without discontinuing use of the Services. SonarMD does not disclose personal data for advertising or commercial promotion.

6. Mobile Application Permissions and Device Access

The SonarMD mobile application functions as a secure interface for care-related data and insights. The application:

  • Does not request or access the device microphone
  • Does not request or access the device camera
  • Does not access photos, videos, or other media stored on the device

Any device permissions that may be requested are limited to those strictly necessary for core application functionality and are disclosed at the time of request.

7. Diagnostics, Logs, and Security Monitoring

SonarMD uses operational monitoring, diagnostics, and crash reporting tools that rely on de-identified or anonymized technical data. SonarMD does not intentionally ingest personal identifiers or health information into application logs or diagnostic systems.

We implement administrative, technical, and physical safeguards designed to protect personal data and to comply with applicable healthcare privacy and security requirements.

8. Data Retention

Personal data is retained in accordance with documented retention schedules aligned to healthcare and legal requirements. In general:

  • Clinical and care-related records are retained for at least seven (7) years, or longer where required by applicable law or Client obligations
  • Security logs and operational metadata are retained for approximately one (1) year, unless a longer period is required for security investigations or compliance purposes

When retention periods expire, data is securely deleted, de-identified, or anonymized in accordance with SonarMD’s data lifecycle policies.

9. Communications and Included Care Benefits

SonarMD may facilitate notifications, reminders, or informational messages related to care coordination, assessments, or care-related benefits made available as part of an individual’s healthcare coverage or care plan. Such benefits may be funded by a healthcare plan, provider, or by SonarMD as part of its care support services.

Participation in these benefits does not involve payment by the individual and does not result in advertising, marketing solicitations, or commercial offers. Any engagement or utilization data generated in connection with such benefits is used solely to support care coordination, quality oversight, and population-level reporting for healthcare providers or health plans.

10. Support Communications

SonarMD provides support to assist users with technical issues, account access, and application functionality. If you have questions or concerns regarding the collection, use, or disclosure of personal data, you may contact SonarMD at info@sonarmd.com.

For privacy and security reasons, SonarMD will not request protected health information (PHI), sensitive personal data, or medical records through email, text message, or other general communication channels. Users should not submit such information through these channels, as SonarMD cannot guarantee the security of their transmission.

Personal data and health-related information should be submitted only through designated, secure channels made available as part of the Products and Services, such as in-application surveys or mobile app interfaces. In limited circumstances, SonarMD personnel may contact individuals by phone to clarify information necessary to support care coordination or application use; however, users should not proactively disclose sensitive medical information outside of approved channels.

If you receive a communication that appears to be from SonarMD requesting sensitive personal or health information through an unauthorized channel, please contact SonarMD promptly at info@sonarmd.com so that we may investigate.

11. Your Rights

Subject to applicable law, individuals have the right to:

  • Request confirmation of whether SonarMD processes personal data about them
  • Request access to the categories and specific pieces of personal data processed
  • Request information about how personal data has been used and the categories of parties to whom it has been disclosed for care coordination or operational purposes
  • Request correction of inaccurate or incomplete personal data

Requests relating to patient data are fulfilled in coordination with the healthcare provider or organization responsible for the individual’s care. Certain data may not be directly modifiable by SonarMD where accuracy, integrity, or legal requirements apply; in such cases, correction requests will be routed through appropriate provider systems.

Requests may be subject to identity verification requirements and legal limitations, including obligations under healthcare record retention and professional practice laws.

12. Changes to This Privacy Policy

SonarMD may update this Privacy Policy from time to time to reflect changes in the Products and Services, legal requirements, or operational practices. The “Last Updated” date above indicates when this Privacy Policy was most recently revised.

13. Contact Information

Questions regarding this Privacy Policy may be directed to:

SonarMD, Inc.
Email: info@sonarmd.com