elena
Legal

Privacy Policy

Last Updated: April 7, 2026

Introduction

Elena is a healthcare navigation tool designed to help individuals manage appointments, insurance information, medical bills, medications, and other healthcare logistics. Elena uses artificial intelligence to assist you in understanding your healthcare options, finding providers, comparing costs, and organizing your medical information.

Your privacy is important to us. This Privacy Policy explains what information we collect, how we use it, how we share it, and how we protect it. By using Elena, you agree to the practices described in this policy.

This policy applies to all users of the Elena mobile application and related services operated by Elena AI ("Elena," "we," "us," or "our").

Information We Collect

When you use Elena, you may choose to provide the following categories of information:

Account Information

  • Name
  • Email address
  • Phone number
  • Profile photo
  • Date of birth
  • Location (city, state, or zip code)

Health and Healthcare Information

  • Medical conditions and diagnoses
  • Medications and prescriptions
  • Healthcare providers and facilities
  • Appointment information
  • Insurance information, including plan details and member IDs
  • Medical bills or cost data
  • Notes or recordings from medical visits

Health Risk Assessment Data

If you use Elena's health risk assessment features, we may collect information about your health history, family medical history, lifestyle factors, and symptoms you report. This information is used to help you understand your healthcare needs and find appropriate providers.

Uploaded Documents

  • Insurance card photos
  • Medical bills and Explanation of Benefits (EOB) documents
  • Lab results and medical records
  • Other healthcare documents you choose to upload

Call Recordings

When Elena places phone calls on your behalf (for example, to schedule appointments, verify insurance coverage, or resolve billing questions), those calls may be recorded. Please see the "Call Recording" section below for full details on how recordings are handled.

Device and Usage Data

  • App usage activity and feature interactions
  • Device type, operating system, and version
  • Diagnostic and crash information
  • IP address and general location data

You control what health information you choose to provide. Elena does not access your device's health data (such as Apple Health or Google Fit) unless you explicitly authorize it.

How We Use Information

We use your information to:

  • Provide Elena's healthcare navigation features
  • Schedule or manage appointments on your behalf
  • Place phone calls on your behalf to healthcare providers, insurance companies, and billing departments
  • Help estimate and compare healthcare costs
  • Help track and organize your medical information
  • Process, analyze, and store healthcare documents you upload
  • Find healthcare providers that match your needs and insurance coverage
  • Provide personalized healthcare guidance based on your health profile
  • Improve the performance and reliability of the app
  • Provide customer support
  • Comply with legal obligations

Your health information, documents, and conversations are processed by artificial intelligence (AI) and large language model (LLM) systems to perform these tasks. Please see the "Artificial Intelligence and Automated Processing" section below for details on how AI is used.

Artificial Intelligence and Automated Processing

Elena uses artificial intelligence systems, including large language models provided by Anthropic (specifically, Anthropic's Claude), to power core features of the application. When you interact with Elena, your data may be sent to these AI systems for processing.

AI is used for the following purposes:

  • Understanding your health questions and providing relevant guidance
  • Finding providers that match your needs, location, and insurance
  • Comparing costs across providers and facilities
  • Processing and extracting information from uploaded documents (insurance cards, medical bills, lab results)
  • Conducting phone calls on your behalf
  • Organizing and summarizing your healthcare information

We send only the minimum necessary data to AI systems for each specific task. For example, if you ask Elena to find an in-network dermatologist, we may send your insurance plan details and location, but not your full medical history.

Anthropic, our AI provider, does not use data submitted through their API to train their models. Your health information sent to Anthropic for processing is not used to improve or train AI systems. For more details, please refer to Anthropic's Privacy Policy.

Call Recording

When Elena places phone calls on your behalf, those calls may be recorded for quality assurance, record-keeping, and to provide you with a summary of what was discussed or accomplished during the call.

Elena announces at the beginning of each call that the call may be recorded. By using Elena's call features, you consent to the recording of calls placed on your behalf.

Call recordings are stored securely and treated with the same level of protection as your health data. Recordings are accessible to you through your Elena account and are subject to the same data retention and deletion policies as other health information.

Several states require all-party consent for recording telephone conversations. Elena complies with these requirements by announcing recording at the start of each call. These states include:

  • California
  • Connecticut
  • Florida
  • Illinois
  • Maryland
  • Massachusetts
  • Montana
  • New Hampshire
  • Oregon
  • Pennsylvania
  • Washington

Data Sharing

We do not sell your personal information or health data. We will never sell your health data to data brokers, advertisers, or other third parties.

We share limited information with the following categories of service providers that help operate the app:

  • Cloud hosting and database services (Supabase, Amazon Web Services) for secure data storage and application infrastructure
  • AI processing services (Anthropic) for powering Elena's intelligent features, as described in the "Artificial Intelligence and Automated Processing" section
  • Telephony services for placing phone calls on your behalf to healthcare providers, insurance companies, and billing departments
  • Analytics services (Mixpanel) for understanding app usage patterns and improving the product. Analytics data is aggregated and does not include your health information

All service providers are bound by data processing agreements that require them to protect your data, use it only to provide services to Elena, and not retain it beyond what is necessary. Service providers may not use your data for their own purposes, including training AI models.

We may also disclose information when required by law, such as in response to:

  • A valid subpoena, court order, or other legal process
  • A request from law enforcement when we believe disclosure is necessary to prevent harm
  • A government audit or regulatory inquiry

Data Security

We use reasonable administrative, technical, and physical safeguards designed to protect your information. We take the security of your health data seriously and implement practices consistent with industry standards for protecting sensitive health information.

Our security practices include:

  • Encryption of data at rest and in transit using industry-standard protocols (TLS 1.2+, AES-256)
  • Access controls and role-based authentication for internal systems
  • Audit logging of access to sensitive data
  • Regular security assessments and vulnerability testing
  • Secure software development practices
  • Employee and contractor security training

While Elena is not a HIPAA-covered entity, we voluntarily implement security practices consistent with HIPAA standards to provide a high level of protection for your health data.

No system can be guaranteed to be completely secure. If you believe your account has been compromised, please contact us immediately at support@elena.health.

Data Retention

We retain your information as long as your account is active or as necessary to provide the service. Specific retention periods vary by data type:

  • Account information is retained for the life of your account
  • Health and healthcare information is retained for the life of your account unless you delete specific items
  • Call recordings are retained for up to 12 months, unless you request earlier deletion
  • Usage and analytics data may be retained in anonymized or aggregated form after account deletion

You may request deletion of your account and associated data at any time. Upon receiving a deletion request, we will delete or de-identify your personal information within 45 days, except where we are required by law to retain certain records.

Your Rights

Depending on where you live, you may have some or all of the following rights regarding your personal information:

  • Right to access. You may request a copy of the personal information we hold about you.
  • Right to correct. You may request that we correct inaccurate personal information.
  • Right to delete. You may request that we delete your personal information, subject to certain legal exceptions.
  • Right to withdraw consent. Where we rely on your consent to process health data, you may withdraw that consent at any time.
  • Right to data portability. You may request a copy of your data in a structured, commonly used, machine-readable format.
  • Right to opt out of sale. We do not sell personal information. However, where applicable law provides this right, you may exercise it.
  • Right to limit use of sensitive personal information. You may request that we limit our use of sensitive personal information (including health data) to what is necessary to provide the service.

To exercise any of these rights, please contact us at support@elena.health. We will respond to your request within 45 days. We will not discriminate against you for exercising your privacy rights.

To protect your privacy, we may need to verify your identity before fulfilling your request. We will typically verify your identity by confirming information associated with your account (such as your email address).

State-Specific Privacy Rights

Certain states provide additional privacy protections for their residents. The following sections describe your rights under specific state laws.

Washington Residents (My Health My Data Act, RCW 19.373)

The Washington My Health My Data Act provides Washington residents with specific rights over their "consumer health data," which includes data that identifies a consumer's past, present, or future physical or mental health status.

Categories of health data collected. Elena collects the following categories of consumer health data, as described in detail above: medical conditions, medications, insurance details, healthcare provider information, appointment data, medical bills, uploaded health documents, health risk assessment data, and call recordings related to healthcare matters.

Purposes. We collect and use this data to provide healthcare navigation services, including finding providers, comparing costs, scheduling appointments, placing calls on your behalf, and organizing your health information.

Third parties.We share consumer health data with the service providers listed in the "Data Sharing" section above, including cloud hosting providers (Supabase, AWS), AI processing services (Anthropic), telephony services, and analytics services (Mixpanel).

Consent. Before collecting consumer health data, Elena will obtain your separate and express consent, as required by the Act. You may withdraw your consent at any time.

Your rights under this law include:

  • Right to confirm whether we are collecting, sharing, or selling your consumer health data
  • Right to access your consumer health data
  • Right to delete your consumer health data
  • Right to withdraw consent for collection or sharing of your consumer health data

To exercise these rights, please contact us at support@elena.health.

California Residents (CCPA/CPRA, Cal. Civ. Code 1798.100 et seq.)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, "CCPA"), provides you with specific rights regarding your personal information.

Categories of personal information collected in the past 12 months:

  • Identifiers (name, email address, phone number)
  • Internet or other electronic network activity (app usage, device data)
  • Geolocation data (general location from IP address or user-provided zip code)
  • Audio information (call recordings placed on your behalf)
  • Professional or employment-related information (if provided)

Categories of sensitive personal information collected in the past 12 months:

  • Health information (medical conditions, medications, insurance details, medical bills)
  • Account log-in credentials

Your rights under the CCPA include:

  • Right to know what personal information we collect, use, disclose, and sell
  • Right to delete your personal information
  • Right to correct inaccurate personal information
  • Right to opt out of the sale or sharing of personal information
  • Right to limit the use and disclosure of sensitive personal information
  • Right to non-discrimination for exercising your privacy rights

Do Not Sell or Share My Personal Information. Elena does not sell your personal information. Elena does not share your personal information for cross-context behavioral advertising purposes.

Limit the Use of My Sensitive Personal Information. We use sensitive personal information (including health data) only as necessary to provide the Elena service you have requested. You may request that we further limit our use of sensitive personal information by contacting us.

How to submit a request. To exercise your rights, contact us at support@elena.health. We will verify your identity by confirming information associated with your account. You may also designate an authorized agent to submit a request on your behalf, provided you give the agent written permission and we can verify your identity.

Connecticut Residents (CTDPA, Conn. Gen. Stat. 42-515 et seq.)

If you are a Connecticut resident, the Connecticut Data Privacy Act (CTDPA) provides you with specific rights regarding your personal data.

Sensitive data. Health data is considered sensitive data under the CTDPA. Elena obtains your opt-in consent before processing sensitive data, including health information.

Your rights under the CTDPA include:

  • Right to confirm whether we are processing your personal data
  • Right to access your personal data
  • Right to correct inaccurate personal data
  • Right to delete your personal data
  • Right to data portability
  • Right to opt out of targeted advertising. Elena does not engage in targeted advertising
  • Right to opt out of the sale of personal data. Elena does not sell personal data
  • Right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects

Elena conducts data protection assessments for processing activities that present a heightened risk of harm to consumers, as required by the CTDPA. To exercise your rights, please contact us at support@elena.health.

Nevada Residents (NRS 603A)

If you are a Nevada resident, you have the right to opt out of the sale of certain "covered information" as defined under Nevada Revised Statutes Chapter 603A. Elena does not sell your covered information as defined by this law. If you wish to submit an opt-out request, please contact us at privacy@elena.health.

HIPAA Disclosure

Elena is not a "covered entity" or "business associate" as those terms are defined under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Elena collects health information directly from you, not from healthcare providers, health plans, or healthcare clearinghouses.

Although HIPAA does not apply to Elena, we voluntarily follow security practices that are consistent with HIPAA standards for protecting health information. We do this because we believe your health data deserves a high level of protection regardless of regulatory requirements.

This voluntary adoption of HIPAA-aligned practices does not create any HIPAA obligations or make Elena subject to HIPAA regulations. Your rights regarding your health data are governed by this Privacy Policy and applicable state and federal consumer protection laws.

Children's Privacy

Elena is not intended for individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at support@elena.health.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Last Updated" date at the top of this page and, where required by law, by providing additional notice (such as an in-app notification or email). Your continued use of Elena after the effective date of changes constitutes acceptance of the updated policy.

Contact

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us at:

General inquiries and privacy rights requests: support@elena.health

State-specific privacy requests (including Nevada opt-out requests): privacy@elena.health

Elena AI, Inc.
New York, NY