Privacy Policy

Last updated: February 01, 2025

This Privacy Policy explains how Toad Health LLC ("Company," "We," "Us," or "Our") collects, uses, and discloses information when you use our patient communication services (the "Service"). The Service facilitates communication between patients and primary care practices, including submission of medical inquiries via a web form and the optional receipt of SMS notifications containing secure message links. Clinic staff access the Service via secure accounts, while patients are not required to create accounts. By using our Service, you agree to the collection and use of your information in accordance with this Privacy Policy.

1. Interpretation and Definitions

1.1 Interpretation

The capitalized terms used in this Privacy Policy have specific meanings defined in the following sections. These definitions apply whether the terms appear in singular or plural.

1.2 Definitions

For the purposes of this Privacy Policy:

  • Clinic Staff Account: A unique account created for clinic staff to access our secure message dashboard and other administrative functionalities. Patients do not have user accounts.
  • Cookies: Small files placed on your device to collect information about your browsing activity on the Service.
  • Country: United States (specifically Florida, where our operations are based).
  • Device: Any device (computer, cellphone, tablet, etc.) used to access the Service.
  • Personal Data: Any information that relates to an identified or identifiable individual.
  • Service: The patient communication platform provided by Toad Health LLC, including the Website and associated functionalities.
  • Service Provider: Any third party that processes data on our behalf, including facilitating our SMS messaging via AWS End User Messaging.
  • Usage Data: Data collected automatically from your interaction with the Service, such as IP address and time of access.
  • Website: The Toad Health website, accessible at toadhealth.com.
  • "You": Refers to the individual or entity using the Service. This includes patients who submit inquiries via the web form and clinic staff who access the Service using a Clinic Staff Account.

2. How We Collect and Use Your Personal Data

2.1 Types of Data Collected

Personal Data

When you use our Service—whether by submitting a medical inquiry via our web form or through a Clinic Staff Account—we may collect information that can be used to identify you. This includes, but is not limited to:

  • First name and last name
  • Phone number
  • Email address (if provided)
  • Medical inquiry details
  • Usage Data

Usage Data

Usage Data is collected automatically when you interact with our Service. This may include:

  • Your device’s IP address
  • Browser type and version
  • Pages visited on our Service
  • The time and date of your visit
  • Duration of page visits
  • Unique device identifiers, especially when you access messages via the secure link provided in our SMS notifications.

SMS Notification Data

If you opt in to receive SMS notifications regarding your inquiry:

  • Your mobile phone number will be used solely to send you secure links to view the response to your inquiry.
  • When a secure link is accessed, we log your IP address and the time of access to help ensure secure delivery of the message.
  • SMS notifications are managed via AWS End User Messaging, and your consent to receive texts is recorded as part of this process.

2.2 How We Use Your Personal Data

We use your Personal Data for the following purposes:

  • To provide and improve our Service: Facilitating patient inquiries and secure communications between patients and primary care practices.
  • For the performance of a contract: Fulfilling the services requested through our web form and secure messaging system.
  • To communicate with you: Sending updates, secure links via SMS, and other necessary notifications based on your preferences.
  • For security and analytics: Monitoring access (e.g., logging IP addresses and access times) to enhance the security and performance of our Service.
  • For legal obligations: Retaining necessary records to comply with applicable laws and regulations.

3. Sharing and Disclosure of Your Data

We may share your Personal Data with third parties only under the following circumstances:

  • With Service Providers: To help us operate the Service, including managing SMS notifications via AWS.
  • With Clinic Staff: Clinic staff, who access our Service via dedicated accounts, may view the information submitted by patients for the purpose of responding to inquiries.
  • For legal reasons: To comply with legal obligations or respond to lawful requests by public authorities.

4. Data Retention and Transfer

4.1 Data Retention

We retain your Personal Data only for as long as necessary to fulfill the purposes described in this Privacy Policy. Usage Data is retained for a shorter period unless required for security or legal purposes.

4.2 International Data Transfer

Your information is processed at our operating offices in the United States and may be transferred to and maintained on devices located in other countries. We take appropriate steps to ensure that your data is protected in accordance with this Privacy Policy.

5. Your Rights and Choices

You have the right to update, correct, or request deletion of your Personal Data. If you wish to exercise these rights, please contact us at privacy@toadhealth.com.

Please note that certain information may be retained when necessary to meet our legal obligations or for legitimate business purposes.

6. Security

We use commercially reasonable security measures to protect your Personal Data. However, no method of transmission or electronic storage is 100% secure, and we cannot guarantee absolute security.

7. Children's Privacy

Our Service is not directed to individuals under the age of 13. We do not knowingly collect Personal Data from children under 13. If you believe that we have inadvertently collected such information, please contact us immediately so that we can take the appropriate action.

8. Links to Third-Party Websites

Our Service may contain links to third-party websites that are not operated by us. We are not responsible for the privacy practices or content of these sites. We encourage you to review the privacy policies of any site you visit.

9. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time. If we make any material changes to how we process your Personal Data, we will notify you via email or a prominent notice on our Service prior to the change becoming effective. Please review this Privacy Policy periodically for any updates.

10. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

By using our Service, including submitting your inquiry or opting in to receive SMS notifications, you consent to the collection and use of your data as described in this Privacy Policy.