Pinnie logo

Privacy Policy

Last Updated: February 22, 2025

Recora, Inc. (“Recora,” “we,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect information through our and related websites (e.g. www.recora.com, www.pinnie.com, pinnie.health), mobile applications, telehealth platform, and other services (collectively, the “Services”).

By using the Services, you agree to the terms of this Privacy Policy. If you do not agree, please do not use the Services.

1. Information We Collect

Personal Information

“Personal Information” refers to information that identifies you as an individual or relates to an identifiable person. Examples include:

  • Name
  • Email address
  • Phone number
  • Health information (as defined by HIPAA)
  • Insurance details

We may also collect sensitive personal data as required for telehealth services or as permitted under applicable law.

Other Information

“Other Information” includes non-identifiable data such as:

  • Browser and device information
  • App usage data
  • IP address
  • General demographic information
  • Aggregated data

If Other Information is combined with Personal Information, it will be treated as Personal Information under this Privacy Policy.

2. How We Collect Information

We collect information in the following ways:

  1. Directly from You: When you register for an account, complete surveys or questionnaires, or interact with our Services.
  2. From Professional Corporations (PCs): PCs providing medical care may share Personal Information with us under applicable agreements.
  3. Automatically: Through cookies, pixel tags, device tracking technologies, IP addresses, and analytics tools like Google Analytics.
  4. From Third Parties: With your consent or as permitted by law, we may receive information from your healthcare provider, insurer, or public databases.

3. How We Use Your Information

We use Personal Information to:

  • Facilitate telehealth or care management services provided by PCs.
  • Respond to your inquiries and fulfill your requests.
  • Send administrative updates about the Services.
  • Personalize your experience on our platform.
  • Comply with legal obligations under HIPAA and other laws.

We may also use aggregated or de-identified data for research, analytics, and improving our Services.

4. Disclosure of Your Information

We may disclose your information:

  1. To Professional Corporations (PCs): For the provision of medical care.
  2. To Service Providers: For hosting, analytics, telehealth video platforms, and other operational purposes under strict confidentiality agreements.
  3. As Required by Law: To comply with legal obligations or respond to lawful requests from government authorities.
  4. With Your Consent: When you explicitly authorize us to share your information.

We do not sell Personal Information.

5. State-Specific Privacy Rights

Residents of certain states have additional rights under their state’s privacy laws:

California

Under the California Consumer Privacy Act (CCPA), you have the right to:

  • Know what Personal Information we collect and how it is used.
  • Request access to or deletion of your Personal Information.
  • Opt out of the sale of your Personal Information (though we do not sell data).

Delaware, Iowa, Nebraska, New Hampshire, New Jersey

As of 2025, residents in these states have rights similar to those under CCPA:

  • Right to access or delete Personal Information.
  • Right to opt out of targeted advertising or automated decision-making.

Maryland

The Maryland Online Data Protection Act (effective October 1, 2025) imposes stricter requirements:

  • Sensitive data cannot be sold without explicit consent.
  • Data collection must be limited to what is strictly necessary for providing requested services.

To exercise these rights or appeal a decision regarding your request, contact us at hello@recorahealth.com.

6. Telehealth-Specific Privacy Practices

Recora facilitates telehealth services provided by PCs in compliance with HIPAA guidelines:

  1. Patient Identity Verification: We verify patient identities during initial consultations.
  2. Secure Communications: All telehealth interactions are encrypted and conducted through HIPAA-compliant platforms.
  3. Consent Management: We obtain documented patient consent for telehealth sessions where required by law.
  4. Retention of Records: Telehealth records are securely stored in compliance with HIPAA retention requirements.

7. Security Measures

We are committed to protecting your Personal Information and have implemented administrative, physical, and technical safeguards that are reasonable and appropriate to ensure its security. These measures are designed to protect your information against unauthorized access, disclosure, alteration, or destruction. However, please note that no data transmission or storage system can be guaranteed to be 100% secure. If you believe that your interaction with us is no longer secure (for example, if you suspect unauthorized access to your account), please notify us immediately using the contact information provided in the “Contacting Us” section below.

As Recora operates from the United States, all Personal Information we collect is used and stored within the U.S. This information is subject to U.S. laws and may be disclosed to U.S. government agencies, courts, or law enforcement authorities as required by these laws. By using our Services, you acknowledge and consent to this transfer and storage of your information.

8. Data Retention

We will retain your Personal Information for as long as necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law. Specifically:

  • Personal Information will be stored in secure files at our offices or the data centers of our service providers.
  • We may retain records to comply with legal obligations (e.g., HIPAA requirements), resolve disputes, enforce agreements, or as otherwise required by applicable laws.

9. Third-Party Services

Our Services may link to third-party websites or platforms that operate independently from us. We are not responsible for their privacy practices or content.

10. Updates to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. The “Last Updated” date at the top indicates when changes were made. Continued use of the Services constitutes acceptance of any updates.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights: Email: hello@recorahealth.com

FAQS

How does Pinnie ensure the security of my data?

Pinnie takes data security seriously and is both SOC2 and HIPAA-compliant. We never sell your information and will only share your records with others if you explicitly authorize it.

How do I connect with a care advocate?

Pinnie is fully virtual, so connecting with a care advocate is easy. After signing up, you can connect with your advocate via our online platform via chat, email, phone, or video from anywhere in the U.S. All communication is secure and HIPAA-compliant.