Legal
Privacy Policy
Last updated: June 25, 2026
Chapter One Enterprises, Inc., doing business as Tile Health (“Tile Health,” “we,” “us,” or “our”), respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect personal information in connection with our website located at tilehealthcare.com (the “Site”), our marketing and sales activities, and the business and administrative operations through which we offer our AI Clinical Agent and related services (collectively, the “Services”).
Please read this Privacy Policy carefully. By accessing or using the Site, you acknowledge that you have read and understood this Privacy Policy.
1. Important Note About Protected Health Information (PHI)
Tile Health provides its AI Clinical Agent and related services to healthcare providers and organizations (each, a “Provider”). When we perform patient enrollment, clinical triage, compliance documentation, or other Services on behalf of a Provider, we frequently access, create, receive, maintain, or transmit Protected Health Information (“PHI”) as that term is defined under the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (“HIPAA”).
This Privacy Policy does not govern PHI. When Tile Health handles PHI in connection with providing the Services to a Provider, we act as a Business Associate (and, in some cases, a subcontractor) under HIPAA. Our use and disclosure of that PHI is governed by HIPAA, applicable law, and the Business Associate Agreement (“BAA”) and Master Services Agreement between Tile Health and the relevant Provider — not by this Privacy Policy.
If you are a patient and you wish to exercise rights regarding your health information (such as access, amendment, or an accounting of disclosures), please contact your healthcare provider directly. The provider is the “covered entity” responsible for your records, and we will support that provider in responding to your request as required by the BAA and applicable law. If we receive a request that is directed to a Provider, we will forward it to the applicable Provider for handling.
This Privacy Policy applies to personal information we collect and process in our own right — for example, information collected from visitors to our Site, prospective customers, business contacts, and other individuals who interact with us outside of the PHI we process on a Provider's behalf.
2. Information We Collect
We collect personal information in the following ways.
2.1 Information you provide to us
- Contact and demo requests. When you request a demo, contact sales, subscribe to communications, or otherwise reach out to us, we may collect your name, business email address, phone number, company name, job title, and the contents of your message.
- Account and onboarding information. If you or your organization establishes an account to use the Services, we collect registration and administrative details such as names, business contact information, login credentials, and role or permission settings for authorized users.
- Communications. We collect information you provide when you communicate with us by email, phone, web form, chat, or through customer support, including records of those communications.
- Marketing and events. If you attend a webinar, event, or conference we host or sponsor, or download a resource, we may collect your registration details and related preferences.
- Job applicants. If you apply for a position with us, we collect the information in your application, resume, and related materials.
2.2 Information we collect automatically
When you visit or interact with our Site, we and our service providers may automatically collect:
- Device and connection data, such as IP address, browser type, operating system, device identifiers, and language settings.
- Usage data, such as the pages you view, links you click, the referring website, dates and times of access, and how you navigate the Site.
- Cookies and similar technologies, as described in Section 5 below.
2.3 Information we collect from other sources
We may obtain personal information about business contacts and prospective customers from third parties, including business-information and lead-generation providers, our partners and resellers, publicly available sources, and social media platforms. We may combine this information with information we already hold.
We do not knowingly collect sensitive personal information through the Site for our own purposes, except where you voluntarily provide it (for example, dietary or accessibility needs you share when registering for an event).
3. How We Use Information
We use the personal information described above to:
- Provide, operate, maintain, and improve the Site and the Services;
- Respond to your inquiries, demo requests, and support requests, and communicate with you about your account or our relationship;
- Establish and administer customer accounts and authorized-user access;
- Send marketing and promotional communications about our products, services, events, and offerings (subject to your choices described in Section 7);
- Personalize and improve your experience and develop new features and offerings;
- Analyze usage trends, measure the effectiveness of our content and campaigns, and conduct research and analytics;
- Maintain the security and integrity of the Site and Services, and detect, prevent, and respond to fraud, abuse, and security incidents;
- Evaluate job applications and recruit personnel;
- Comply with applicable laws, regulations, and legal process, and enforce our agreements and policies; and
- Carry out any other purpose disclosed to you at the time we collect the information or with your consent.
We may also create de-identified or aggregated information that does not identify you, and use and disclose it for any lawful purpose.
4. How We Disclose Information
We do not sell your personal information. We may disclose personal information as follows:
- Service providers and subprocessors. We share information with vendors and service providers who perform services on our behalf — such as hosting, infrastructure, analytics, customer relationship management, email and communications delivery, payment processing, and security — under contracts that require them to protect the information and use it only for the services they provide to us.
- Affiliates. We may share information with our corporate affiliates for purposes consistent with this Privacy Policy.
- Business transfers. If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of our assets, personal information may be transferred as part of that transaction, consistent with applicable law.
- Legal and safety. We may disclose information when we believe in good faith it is necessary to comply with a law, regulation, subpoena, court order, or government request; to enforce our agreements; or to protect the rights, property, or safety of Tile Health, our customers, or others.
- With your consent or at your direction. We may share information for other purposes with your consent.
PHI is shared only as permitted by the applicable BAA, HIPAA, and other applicable law, as described in Section 1.
5. Cookies and Tracking Technologies
We and our service providers use cookies, web beacons, pixels, tags, and similar technologies to operate and secure the Site, remember your preferences, understand how the Site is used, and support our marketing.
You can usually adjust your browser settings to refuse or delete cookies, though some features of the Site may not function properly if you do. Where required by law, we obtain consent for non-essential cookies through a cookie banner or preference tool.
When you visit or log in to our website, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email. We (or service providers on our behalf) may then send communications and marketing to these email addresses. You may opt out of receiving this advertising by visiting https://app.retention.com/optout.
“Do Not Track” and Global Privacy Control. Some browsers offer a “Do Not Track” (“DNT”) signal. There is no industry-standard response to DNT signals, and we do not currently respond to them. Where required by law, we honor opt-out preference signals such as the Global Privacy Control (GPC) for purposes of opting out of “sales” and “sharing”/targeted advertising.
6. SMS and Text Messaging
In connection with the Services, patients may receive SMS/text messages (for example, related to enrollment, scheduling, or care coordination) where they or their provider have opted in. Message and data rates may apply, and message frequency varies.
Recipients can opt out of SMS messages at any time by replying STOP, and can reply HELP for assistance. Mobile opt-in information and consent are not shared with third parties or affiliates for their own marketing or promotional purposes. Where SMS messaging is provided as part of the Services to a Provider, the messaging and any associated PHI are governed by the BAA and applicable law as described in Section 1.
7. Your Choices
- Marketing communications. You can opt out of marketing emails by using the “unsubscribe” link in any such email or by contacting us. We may still send you non-promotional messages about your account or our ongoing business relationship.
- Cookies. You can manage cookies through your browser settings and, where available, our cookie preference tool.
- Account information. Authorized users can update certain account information through their account or by contacting us.
8. Your Privacy Rights
Depending on where you live, you may have rights regarding your personal information under applicable state privacy laws. These rights generally apply to the personal information we process in our own right and do not extend to PHI, which is governed by HIPAA and the BAA (see Section 1). Information regulated by HIPAA, and certain other categories of information, may be exempt from these state laws.
8.1 California residents (CCPA/CPRA)
Under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“California Consumer Privacy Laws”), California residents have the right to:
- Know/access the categories and specific pieces of personal information we have collected, the sources, the purposes for collection, and the categories of third parties to whom we disclose it;
- Delete personal information we have collected from you, subject to exceptions;
- Correct inaccurate personal information;
- Opt out of the “sale” or “sharing” of personal information and of targeted advertising. We do not sell or share personal information as those terms are defined under California law.
- Limit the use of sensitive personal information; and
- Non-discrimination for exercising your rights.
Categories of personal information. In the preceding twelve (12) months, we may have collected the following categories of personal information (as defined by the California Consumer Privacy Laws):
| Category | Examples | Collected |
|---|---|---|
| A. Identifiers | Name, email address, phone number, IP address, online identifiers | Yes |
| B. California Customer Records info (Cal. Civ. Code § 1798.80(e)) | Name, contact information, employment-related information | Yes |
| C. Protected classification characteristics | Age, etc. (only if voluntarily provided) | Limited |
| D. Commercial information | Records of products/services considered or purchased | Yes |
| E. Biometric information | — | No |
| F. Internet/network activity | Browsing and usage data, interactions with our Site | Yes |
| G. Geolocation data | Approximate location derived from IP address | Yes |
| H. Sensory data | — | No |
| I. Professional/employment information | Job title, employer, application materials | Yes |
| J. Non-public education information | — | No |
| K. Inferences | Inferences drawn to create a profile about preferences | Limited |
| L. Sensitive personal information | Account log-in credentials | Limited |
We use and disclose each category for the business and commercial purposes described in Sections 3 and 4, and we retain it for as long as needed for those purposes as described in Section 9.
“Shine the Light.” California Civil Code § 1798.83 permits California residents to request information about disclosures of personal information to third parties for those third parties' direct marketing purposes. We do not disclose personal information to third parties for their own direct marketing purposes.
8.2 Residents of other states
Residents of states such as Virginia, Colorado, Connecticut, Utah, Texas, and other states with comprehensive privacy laws may have similar rights, including the right to access, correct, delete, and obtain a portable copy of their personal information, and to opt out of targeted advertising, the sale of personal information, and certain profiling. Where required, you may also have the right to appeal our decision on a rights request.
8.3 How to exercise your rights
To exercise any of these rights, contact us using the information in Section 13. We will verify your request, which may require us to confirm your identity. You may use an authorized agent to submit a request on your behalf, subject to verification. We will not discriminate against you for exercising your rights.
9. Data Security
We maintain administrative, physical, and technical safeguards designed to protect personal information against loss, theft, and unauthorized access, disclosure, alteration, and destruction. We restrict access to personal information to personnel who need it to perform their roles, and we test and update our security practices on an ongoing basis. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security.
10. Data Retention
We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, including to provide the Site and Services, maintain our business relationship, comply with our legal obligations, resolve disputes, and enforce our agreements. When personal information is no longer needed, we will delete or de-identify it in accordance with our retention practices and applicable law. Retention of PHI is governed by the BAA and HIPAA.
11. Children's Privacy
The Site is intended for a business audience and is not directed to children under 13, and we do not knowingly collect personal information from children under 13 through the Site for our own purposes. Health information about minors that we process on behalf of a Provider is handled as PHI under the BAA and HIPAA. If you believe a child has provided us with personal information through the Site, please contact us so we can take appropriate action.
12. International Users and Data Transfers
The Site and Services are operated in the United States. If you access the Site from outside the United States, you understand that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Site, you consent to this transfer and processing.
13. Third-Party Links and Services
The Site may contain links to third-party websites, products, or services that we do not own or control. This Privacy Policy does not apply to those third parties, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you use.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date above and post the updated policy on this page. Material changes may be communicated through additional notice where required by law. Your continued use of the Site after an update becomes effective constitutes your acknowledgment of the revised Privacy Policy.
15. Contact Us
If you have questions about this Privacy Policy or our privacy practices, or if you would like to exercise your rights, please contact us at:
This Privacy Policy is governed by the laws of the State of New York, without regard to its conflict of laws principles, except where applicable privacy law requires otherwise.