Fasten Connect - Privacy and Security Policy

Effective as of Nov 06, 2025

This Privacy and Security Policy (this “Policy”) explains how Fasten Health, Inc. (“Fasten Health,” “we,” “us,” or “our”) collects, uses, shares, and protects your personal information when you use Fasten Connect. This includes our website https://www.fastenhealth.com/connect, the Fasten Connect API https://api.connect.fastenhealth.com, the Fasten Connect Portal https://portal.connect.fastenhealth.com, and any related services (together, “Fasten Connect” or the “Services”).

Fasten Health respects your privacy and handles your personal information with care. This Policy applies only to Fasten Connect, not to other products or services we offer. This Policy will also apply to your information for as long as we hold it.

By visiting the Site or using the Services, you agree to the practices described in this Policy.

Before you connect your health records through Fasten Connect, you will see a brief, easy-to-understand summary of how your data will be used, stored, and shared. This summary includes:

What information is collected
Who it will be shared with (if anyone)
How long it will be stored
Your rights to revoke or delete data

You will be asked to consent to this information explicitly. You can view the full Policy at any time by following the provided link.

We Do Not Sell Your Personal Information

We don’t sell your personal information, ever. That includes your name, contact details, and any health-related data.

When you use Fasten Connect to link your health information with a third-party app, we only share the specific data you have agreed to share. This may include diagnostic, treatment, or billing information. That data is temporarily stored on secure Fasten Health servers to ensure reliable delivery of our services. This data is automatically deleted within 24 hours after successful transmission.

If we work with trusted third-party vendors, such as cloud storage or analytics services, it is solely to help deliver and improve Fasten Connect. These vendors are not allowed to use your data for their own marketing or advertising.

Definition of Personal Information

“Personal Information” means any information that can identify you. It includes:

Personally Identifiable Information (PII): This includes any information that can directly identify an individual or is capable of doing so when combined with other information. Examples include but are not limited to an individual’s name, address, email address, phone number, or social security number.
Protected Health Information (PHI): This includes any information in an individual’s medical record that can be used to identify an individual and that was created, used, or disclosed in the course of providing a health care service such as diagnosis or treatment. It includes, but is not limited to, details such as the individual’s physical or mental health or condition, health care services that the individual receives, or a health plan’s payment for these services, such as the individual’s name, address, telephone number, health insurance information, Medicare Beneficiary number, or financial information related to payment for healthcare services.

We do not currently anonymize or de-identify your Personal Information. If we want to anonymize or de-identify your Personal Information in the future, then we will update this Policy and explain how that will happen.

The Information We Collect About You

Through our Site, fastenhealth.com

We collect Personal Information when you:

submit information through the “Contact” page of our website
register on our website
respond to our communications (such as responding to an email from us)
utilize features of our Site

The Personal Information that we collect can include your:

name
email address
phone number

Through our Fasten Connect Services

To use Fasten Connect, we need some personal information to provide our services:

Account Information: When you create a Fasten Connect account, we require details such as your first name, last name, telephone number, and email address.
Personal Health Information: Fasten Connect enables the linking of your Personal Health Information with third-party applications. When you use this feature, you will be asked to consent to share specific health information, which may include diagnostic, treatment, and billing information. This information is temporarily stored on secure Fasten Health servers to enhance service reliability and operation.
User Content: Includes all data, documents, or other content that you upload, input, or otherwise transmit while using Fasten Connect.

Voluntary Information You Provide to Us

You may also choose to give us more information, like when you:

Fill out a form
Update your account
Answer surveys
Join forums or promotions
Contact support

Information Collected Automatically

We also collect some information automatically:

Aggregated Data: Includes details of your interactions with the service, such as which features you use and how you use them. We may share your Personal Information with third-party service providers to analyze how our Services and features are being used.
Log Data and Device Information: We collect data related to your device and your use of our services, including IP address, device type, operating system, unique device identifiers, browser information, crash data, and other request information.
Cookies: We use cookies and similar tracking technologies to collect information about your interaction with our website, which helps us improve your user experience and tailor our services to your preferences. You can change cookie settings in your browser. Turning off cookies may limit some features.

How We Use Your Information

We will not sell, rent, license, or trade your Personal Information with third parties for their own direct marketing use. Unless you give us your permission, we will not share your Personal Information other than as stated in this Policy.

We collect and use your information to improve your experience and make Fasten Connect work better for you.

Communication: To contact you via email, phone, or postal mail about updates, security alerts, and product offerings related to Fasten Connect.
Customization: To tailor the content and features you see, ensuring a personalized experience on our platform.
Legal Compliance and Protection: To comply with legal obligations, prevent fraud, protect our digital and physical assets, and defend our legal rights or manage disputes where necessary.
Operational Necessities: To manage our services, including data storage, information security, and authentication. These actions are crucial for maintaining the integrity and accessibility of Fasten Connect.
Research and Development: To better understand your needs and interests, leading to enhanced features and new product development. This includes analyzing usage patterns and aggregating information to improve how our services integrate and function.
Security and Technical Support: To secure our services, address and resolve technical issues, and ensure the smooth functioning of Fasten Connect.
Service Delivery: To respond promptly to your requests, provide efficient customer support, and deliver the services you have signed up for.
Third-Party Services: We enable integration with third-party services upon your direction and with your explicit consent.
Consent-Based Activities: For any other purposes for which we have explicitly obtained your consent.

We only share your information when it’s needed to run our services or meet legal requirements. Where applicable, all of our uses and disclosures that occur through the Trusted Exchange Framework and Common Agreement (“TEFCA”) will align with requirements stated in TEFCA and applicable guidance that may be issued by the federal Department of Health and Human Services.

Third-party service providers must safeguard the Personal Information we entrust to them and are permitted to use such information solely for fulfilling the services we have contracted them for. They are prohibited from using this personal information for their own direct marketing purposes.

The handling of shared information is subject to the privacy policies of these third-party providers, including any Personal Information accessed through them. These providers are also expected to guide you on how to adjust your privacy settings on their platforms.

Here are the ways we may share your information:

With affiliates that assist us in providing you with our Services, such as payment processors and cloud service providers, but we will require our affiliates to only use or disclose your information for the purposes of providing the services requested of them and in accordance with this Policy.
If we believe that the disclosure is reasonably necessary to (a) satisfy an applicable law, regulation, legal process, or enforceable governmental request; (b) detect, prevent, or otherwise address illegal or suspected illegal activities; or (c) protect the safety, rights, or property of Fasten Health, the public, or any person.
We may share your Personal Information with other businesses in connection with the sale, assignment, merger or other transfer of all or a portion of our business to those businesses. We will require those businesses to honor the rules of this Policy.

It is important to note that our third-party service providers have their own privacy policies, which may differ from ours. We encourage you to read their privacy policies to understand how they handle your information.

By using Fasten Connect, you agree to the practices described in this section. If you want to opt out of sharing your Personal Information, then you can notify us and you should stop using our Services. If you have any concerns about how we share your information, please contact us at [email protected].

We will not use your Personal Information to assert any form of claim or demand against you, unless you owe us a fee and we need to use your Personal Information to collect amounts owed to us.

Customer Use Limitations

Fasten Connect allows you to share your health information with third-party apps of your choice. To protect your rights, we require all customers to follow strict data use standards.

As a member of the CARIN Alliance and a signatory of its Code of Conduct, Fasten Health enforces the following requirements on all customers:

Consent-Only Use: Customers may only use or share your data based on clear, informed consent provided by you.
Opt Out: You have the right to opt out of having your Personal Information disclosed. If you opt out, a customer will not be able to disclose your Personal Information.
No Marketing Without Opt-In: Any marketing or advertising use requires separate, explicit opt-in consent.
Children’s Data: Customers must follow all applicable laws, including COPPA, when handling data about minors.
Policy Changes: If a customer changes how they use your data, they must notify you and allow you to withdraw consent.
Withdraw Anytime: You must be able to revoke consent easily and stop future use of your data.
Third-Party Sharing: Customers must disclose any third-party access to your data and let you control it.
AI/ML Use: Use of your data for AI or machine learning must be clearly disclosed.
Business Changes: Customers must explain what happens to your data if their company is sold or shuts down.

To report a potential violation, contact [email protected].

How We Secure Your Information

The security of your Personal Information is important to us, and we strive to implement and maintain reasonable, commercially acceptable security procedures and practices appropriate to the nature of the information we store in order to protect it from unauthorized access, destruction, use, modification, or disclosure. One aspect of the security measures we take is to encrypt data both at rest and in transit.

However, please be aware that no method of transmission over the internet, or method of electronic storage, is 100% secure, and we are unable to guarantee the absolute security of the Personal Information we have collected from you.

In the unlikely event that our systems are breached, we will immediately fix any damage and add more protection to prevent it from happening again. If your Personal Information is compromised, we will notify you of what was compromised and any recommended actions you should take.

How to Access, Update or Delete Your Information

You may contact us to request access, updates or deletions of your Personal Information by contacting us at [email protected]. We keep your information only as long as we need it for the reasons described in this Policy. If you ask for access to your Personal Information, we will provide you with an export of your Personal Information if it is still in our possession.

Upon your request, Fasten Health will permanently delete 100% of your personal information, including all associated data stored on our systems. This deletion is irreversible and applies to all identifiable data under your account, in accordance with applicable laws and data retention obligations.

Fasten Health will take action on an individual’s requests no later than 30 calendar days from the receipt of the request. In cases where, due to unforeseen circumstances, we are unable to meet this timeframe, Fasten Health will provide the individual, within the initial 30-day period, with a written statement explaining the reasons for the delay and the anticipated date by which we will complete the requested action.

Our Responsibilities and Obligations

As part of this Policy, we need to make you aware of certain responsibilities and obligations that we need to follow, including as an individual access service provider. Those obligations and responsibilities include:

We will tell you within three (3) business days if we receive a civil or criminal subpoena, court order, search warrant, or other demand or compulsory disclosure in accordance with applicable law for your Personal Information. Unless prevented by applicable law, we will give you the chance to object to any request for us to produce your Personal Information, which could be you seeking a protective order or other remedy available under applicable law.
We will notify you within three (3) business days of us making your Personal Information available to a law enforcement agency.
We will comply with the terms of this Policy and will protect the security of your Personal Information in accordance with the applicable Framework Agreement that applies to us.
We will not charge any fees to you if you seek to exercise any of your individual rights explained in this Policy.

Identity Verification

When submitting access, deletion, or consent revocation requests, we may verify your identity using contact details, device verification, or other appropriate means to protect your data.

California Residents

If you are a California resident, specific rights are afforded to you under the California Consumer Privacy Act (CCPA). Fasten Health, Inc. respects these rights and provides you with the means to exercise them.

As a California resident, you have the right to request disclosure of the categories and specific pieces of personal information we have collected about you. You also have the right to ask us to delete any Personal Information we have about you, with certain exceptions as allowed by law.

Furthermore, you have the right to know about the Personal Information we collect, our purposes for processing that information, and if we share it with any third parties. Fasten Health does not sell Personal Information, and we will not discriminate against you for exercising any of your CCPA rights.

To make a request related to your rights under CCPA, or if you need further information regarding your rights, please contact us at [email protected]. We may require specific information from you to help verify your identity before processing your request.

Acknowledgments

It is important to acknowledge certain limitations around the scope of this Policy. The nature of our services does not subject us to compliance with the Health Insurance Portability and Accountability Act along with its implementing regulations.

Acceptance and Updates to this Policy

We may update this Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will revise the “Effective Date” at the top of the policy and, where appropriate, notify you via email, or by prominently posting a notice within the Fasten Connect Portal.

We encourage you to review this page regularly so you are aware of any changes. Continued use of the Services after the updated Policy becomes effective constitutes your agreement to the revised policy.

Contacting Us

If you have any questions or concerns about the Policy or Fasten Health, please email us at [email protected]