Privacy Policy
EnhancedDx, Inc.
Effective date: February 15, 2026 Last updated: April 27, 2026
1. About this policy
EnhancedDx, Inc. ("EnhancedDx", "we", "us", "our") provides non-clinical navigation and onboarding support to fertility clinics ("Clinic Partners") and their prospective and existing patients. This Privacy Policy explains how we handle information about you when you use our services (the "Services"), including our Concierge Agent (AI chat and AI voice), live chat and voice support with our Care Navigation Team, Care Navigation Appointments, Fast Track onboarding support, and related communications.
Defined terms in this policy have the same meaning as in our Service User Terms and Conditions.
Please read Section 2 first. How your information is protected depends on the stage you are at in your journey, and which of three layers your information falls into. Section 2 explains this, because it determines which parts of this policy, and which laws, apply to you.
2. How this policy works
Your information may fall into one or more of three layers. They are treated differently.
Layer 1: Consumer Health Data (before you become a patient). When you first interact with us, for example by using the Concierge Agent on a Clinic Partner's website, by chatting with our Care Navigation Team, or by booking a Care Navigation Appointment, and before you have become a patient of a Clinic Partner, the information you provide is handled by EnhancedDx under this Privacy Policy. Some of this information is "consumer health data" under state law. We handle it with your consent and the protections described in Sections 9 and 16.
Layer 2: Protected Health Information held by EnhancedDx as a Business Associate. When we create, receive, maintain, or transmit protected health information ("PHI") on behalf of a Clinic Partner, we do so as the Clinic Partner's Business Associate under the Health Insurance Portability and Accountability Act ("HIPAA") and a Business Associate Agreement. This PHI is governed by HIPAA, that agreement, and the Clinic Partner's Notice of Privacy Practices. Where HIPAA applies, it, and the Clinic Partner's Notice of Privacy Practices, govern, and the consumer-law rights in this policy do not displace your HIPAA rights.
Layer 3: Information held by the Clinic Partner. Consent forms, clinical history, and test results that you complete or upload in the Clinic Partner's own patient portal or electronic health record are held by the Clinic Partner, in the Clinic Partner's system, under the Clinic Partner's Notice of Privacy Practices, not this policy. We may help you with the process, but the Clinic Partner, not EnhancedDx, is the custodian of that information. Please review the Clinic Partner's own privacy notice for how it handles that information.
Because identifiable health information you provide while seeking to become a patient may be treated as PHI, we apply HIPAA-grade protection as our baseline to all health-related information we hold, and we additionally honor the consumer rights described in this policy for information in Layer 1.
3. Information we collect
Depending on how you use the Services, we may collect:
- Identifiers and contact information: name, email address, telephone number, WhatsApp number, and similar details you provide, for example on the booking form.
- Booking and appointment information: the appointment you book, scheduling details, and information you enter when booking.
- Communications content: the content of your chats with the Concierge Agent and the Care Navigation Team, and of telephone calls and online meetings, including recordings and transcripts where made.
- Health-related information you choose to share: information about your interest in fertility services, questions you ask, and details you provide to help us support your onboarding.
- Insurance information: information needed to run an insurance eligibility check, and the response reported by your payer.
- Technical and usage information: information about your device and how you interact with the Services, collected through the Services.
We ask that you provide only the information requested and avoid entering unnecessary sensitive clinical detail into free-text fields.
4. How we collect information
We collect information: directly from you, when you interact with the Services; automatically, through your use of the Services; and from the Clinic Partner, where it shares information with us so that we can support you.
5. How we use information
We use information to:
- provide the Services, including responding through the Concierge Agent and Care Navigation Team, scheduling and delivering Care Navigation Appointments, and supporting your onboarding;
- run insurance eligibility checks on a Clinic Partner's behalf;
- send you service and onboarding communications, and, only if you opt in, marketing communications (see Section 10);
- maintain quality, training, security, and records, including recordings as described in Section 11;
- improve and develop the Services, using de-identified data only (we do not use identifiable health information to train, fine-tune, or develop machine-learning models); and
- comply with law and protect the rights, safety, and security of Service Users, Clinic Partners, EnhancedDx, and others.
Where we act as a Business Associate, we use PHI only as permitted by HIPAA and the Business Associate Agreement.
6. Artificial intelligence
Our Concierge Agent is an automated AI service. We disclose when you are interacting with AI and when you are connected to a human Care Navigator. The Concierge Agent processes what you type or say in order to respond and to support your navigation. AI output is general information only, is not medical advice, may be inaccurate, and should not be relied upon (see our Service User Terms). We do not use identifiable information you provide to the Concierge Agent to train machine-learning models; any model development uses de-identified data only.
7. How we share information
We share information as follows. We do not sell your information, and we do not share your information with advertisers or for cross-context behavioral advertising. We do not disclose health-related information to third parties for their own marketing.
- With the Clinic Partner. We share your information with the Clinic Partner so that it can provide its services to you. This is a core purpose of the Services.
- With our service providers (sub-processors). We use the third-party providers listed in Section 8 to deliver the Services. They process information on our behalf under contracts that restrict their use of it.
- With our personnel and Affiliates. Members of our Care Navigation Team and other personnel, including those employed or engaged through our Affiliates.
- For legal and safety reasons. We may disclose information where required by law, to respond to lawful requests, or to protect rights, safety, and security.
- In a business transfer. If EnhancedDx is involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction, subject to this policy.
8. Our sub-processors
We use the following categories of third-party providers to deliver the Services.
- Cloud hosting: Google Cloud (United States) hosts and stores Service User data.
- Scheduling: cal.com is used for appointment booking and collects the information you enter on the booking form.
- Contact center and messaging: Twilio (including Twilio Flex) is used for live chat hand-off, voice, and SMS/messaging.
We maintain a current list of sub-processors and will update it as our providers change.
9. Where your information is stored and who can access it
All Service User data is stored and maintained in the United States (in Google Cloud). We do not store Service User data outside the United States, and we do not permit local copies to be retained on devices located outside the United States.
Members of our Care Navigation Team and other personnel, whether employed by or engaged as subcontractors of EnhancedDx and whether located within or outside the United States, may access United States-resident data remotely, on a need-to-know basis, solely to provide the Services, and only through controlled channels (a secured virtual private network and the EnhancedDx platform), subject to access controls, authentication, encryption in transit, and logging. This access is conducted under the Business Associate Agreement and sub-business-associate agreements and under our security safeguards.
10. Communications and your choices
To deliver the Services you request, we contact you about your appointments and onboarding by email, SMS, telephone, and (if you provide a WhatsApp number) WhatsApp, including booking confirmations, calendar invitations, reminders, onboarding follow-ups, and feedback requests. These may be sent using automated systems.
We send marketing communications only if you separately opt in. Marketing consent is never a condition of receiving a Service.
You can opt out of SMS by replying STOP and get help by replying HELP; opt out of WhatsApp using the method we provide; and unsubscribe from marketing emails using the link in them. Message frequency varies and message and data rates may apply. You can revoke consent at any time by any reasonable means, including by contacting . Opting out of communications necessary to deliver a Service may mean we cannot provide it.
11. Call and meeting recording
We may record or transcribe chats, telephone calls, and online meetings for quality, training, verification, and record-keeping. Where a call or meeting is recorded, we disclose this at the outset, and by continuing you consent to the recording. If you do not wish to be recorded, please tell the Care Navigator.
12. Reproductive health information
We understand that fertility and reproductive health information is especially sensitive. We apply heightened care to it: we do not sell it, we do not use it for advertising, we restrict access to personnel who need it to provide the Services, and we limit our disclosures as described in this policy and as required by HIPAA and applicable state law. We will not disclose reproductive health information except as permitted or required by law, and we will resist unlawful requests to the extent we are able.
13. Security
We maintain administrative, physical, and technical safeguards designed to protect information, consistent with the HIPAA Security Rule where applicable, including access controls, authentication, encryption in transit, and logging. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
14. Data retention
We keep information for as long as needed to provide the Services and for legitimate business and legal purposes, after which we delete or de-identify it. Health-related information you provide before becoming a patient (Layer 1), including where you do not go on to register with a Clinic Partner, is retained under this policy and is subject to your consumer rights, including the right to request deletion and to withdraw consent (see Section 16).
15. Children
The Services are for individuals aged 18 or older (or the age of majority in their state). We do not knowingly collect information from children.
16. Consumer health data and your state privacy rights
This Section describes rights that may apply to you depending on your state of residence. Where we act as a Business Associate and HIPAA applies to your information (Layer 2), HIPAA and the Clinic Partner's Notice of Privacy Practices govern that information, and the following consumer-law rights apply to information not covered by HIPAA (primarily Layer 1).
16.1 Consumer health data (Washington, Nevada, Connecticut, and similar)
For consumers protected by consumer-health-data laws, including the Washington My Health My Data Act, the Nevada consumer health data law (SB 370), and Connecticut's consumer-health-data provisions, we:
- collect and process consumer health data only with your consent or as necessary to provide a Service you requested;
- obtain separate consent before sharing consumer health data, except with our processors acting on our behalf;
- do not sell consumer health data, and would not do so without a valid written authorization;
- restrict access to consumer health data to personnel and contractors who need it; and
- provide rights to access, to withdraw consent, and to delete your consumer health data.
To exercise these rights, contact .
16.2 California (CCPA/CPRA and CMIA)
If you are a California resident, the California Consumer Privacy Act, as amended, gives you rights to know, access, correct, and delete personal information, to opt out of sale or sharing, and to limit the use of sensitive personal information. We do not sell or share personal information as those terms are defined. Health information may also be protected by the California Confidentiality of Medical Information Act. PHI handled under HIPAA is exempt from the CCPA. To exercise your rights, contact . We will not discriminate against you for exercising your rights.
16.3 Texas (TDPSA)
If you are a Texas resident, the Texas Data Privacy and Security Act gives you rights to access, correct, delete, and obtain a copy of your personal data, and to opt out of certain processing. We process sensitive data, including health data, only with your consent. We do not sell personal data. PHI handled under HIPAA is exempt. To exercise your rights, contact .
16.4 Other states (Virginia, Colorado, Connecticut, Oregon, and others)
If you are a resident of another state with a comprehensive privacy law, you may have similar rights to access, correct, delete, and obtain a copy of your personal data, and to opt out of targeted advertising, sale, and certain profiling. These laws treat health and reproductive data as sensitive data requiring your consent to process. We do not sell personal data or use it for targeted advertising. To exercise your rights, contact .
16.5 How to exercise your rights and appeal
To make a request, contact . We will verify your request as required by law and respond within the time the law allows. If we decline, you may appeal by replying to our response; where your state provides one, you may also contact your state Attorney General.
17. Changes to this policy
We may update this policy from time to time. We will notify you of changes by email and post the updated policy with a new effective date.
18. Contact us
EnhancedDx, Inc. 8 The Green, Ste R, Dover, Delaware 19901, United States
For information held by a Clinic Partner in its own systems (Layer 3), please contact the Clinic Partner and review its Notice of Privacy Practices.
End of Privacy Policy.