Photos, videos and chat done right. HIPAA-compliant
© CAPTUREPROOF Inc 2012-2026 | version 3.0.0
Last Modified: February 9, 2026
Thank you for using CaptureProof®. The Service that CaptureProof, Inc. provides to you is subject to the following Terms of Service ("Terms").
These Terms constitute a legal agreement between you and CaptureProof, Inc. and its successors, parents, subsidiaries, affiliates and related companies or other companies under a common control that we may have now or in the future operate ("CaptureProof", "we", "our" or "us"). As used in these Terms, the words "you" and "your" refer to you, the user of the CaptureProof Service. The use of the word "including" in these Terms is used to refer to specific examples and will be construed to mean "including, without limitation" or "including, but not limited to" and will not be construed to mean that the examples given are an exclusive list of the topics covered. These Terms apply to the CaptureProof website and mobile applications (the "Site") and the asynchronous telemedicine communication service we offer on the Site (together with the Site, the "Service"). These Terms govern your access to and use of the Service, so please carefully read them before using the Service.
By using the Service you agree to be bound by these Terms. If you are using the Service on behalf of an organization, you are agreeing to these Terms for that organization and promising that you have the authority to bind that organization to these terms. In that case, "you" and "your" will refer to that organization.
The following is a brief summary of these Terms:
CaptureProof is committed to compliance with all privacy and security laws and regulations that apply to the provision of the Service to you. Such laws and regulations vary from country to country. The Terms apply to both national and international customers except to the extent otherwise noted or as required by applicable law.
For example, CaptureProof complies with applicable U.S. laws and regulations, including the U.S. Health Insurance Portability and Accountability Act ("HIPAA"), governing the privacy and security of patients' protected health information. CaptureProof's Privacy Policy and Security Policy have been adopted in furtherance of these compliance efforts.
CaptureProof also complies with applicable international laws and regulations regarding the collection, use, and retention of personal information. CaptureProof's policies and procedures have been adopted been in furtherance of its efforts to comply with the principles set forth in privacy laws and regulations including, for example, the EU General Data Protection Regulation ("GDPR") requirements.
No PHI for Advertising; Analytics Limited to Marketing Site. CaptureProof does not use Protected Health Information (“PHI”) or electronic PHI (“ePHI”) for advertising, ad targeting, or marketing profiling. Any website analytics technologies (e.g., cookies or similar tools) are used only on CaptureProof’s public marketing website to understand site performance and improve user experience, and are not used within the authenticated Service where PHI/ePHI is accessed or stored.
Except as otherwise provided herein, by either (1) clicking to agree or accept to these Terms where these options are presented to you, or (2) following your initial acceptance of Terms during account creation, actually using or accessing the Site or any part of the Service, you signify your agreement to be bound by these Terms and all other policies or notices posted by us on the Site. Your use of the Service is also governed, as applicable to you, by CaptureProof’s Acceptable Use Policy, Security Policy, Privacy Policy, International Privacy Law Policy and International Data Transfer Policy (including SCC-based international transfer terms where required), and Business Associate Agreement Policy — all of which are incorporated herein by reference into these Terms. Any conflict between CaptureProof’s general Terms and the specific terms and conditions set forth in the Acceptable Use, Security, Privacy, International Privacy Law, or Business Associate Agreement policies shall be resolved in favor of the more specific policy as applicable. Copies of these policies can be found at www.captureproof.com/terms/.
If you don't agree to these Terms, do not use the Service. You agree that your use of the Service will always be subject to the most current version of these Terms at the time of such use. It is your responsibility to review these Terms from time to time for any changes. If you use the Service after we have changed any of the Terms, you are agreeing to all of the changes. Again, if you do not agree, do not use the Service.
You may not accept these Terms if you are not authorized by applicable law to form a binding contract with CaptureProof for the Service.
If you accept these Terms, you represent that you have the legal authority to form a contract with CaptureProof and be bound by these Terms.
Depending on your activities when visiting the Site or using the Service, you may be required to agree to additional terms and conditions as indicated on the Site or via the Service.
The Service may be used as a tool to facilitate the creation of a patient’s personal visual health record and/or facilitate secure visual and text asynchronous communication between a medical patient and his or her existing team of Health Care Providers. By accepting the Terms, the patient and Health Care Provider agree to this.
For purposes of sharing medical information between a patient user of the Service and a Health Care Provider user of the Service, a Health Care Provider-patient relationship is established when one of the following conditions is met:
The Health Care Provider-patient relationship remains in effect until one of the following conditions is met:
Once data is shared with the Health Care Provider, it will remain shared with the Health Care Provider. Terminating the connection will prevent the Health Care Provider from having access to any subsequent data uploaded and/or shared by the patient.
You agree never to use the Service for urgent matters. If you experience any adverse reactions or your medical condition worsens, or for any other urgent matters, you understand that it is your responsibility to seek emergency care immediately.
If at any time you are concerned about your, or your child's, care or the treatment prescribed by a healthcare provider through the Service, or you believe or someone else advises you that you or your child has or suspect that you or your child has a serious or life-threatening condition, call 911 in areas in which that service is available, or go to the nearest emergency room or open clinic.
You authorize CaptureProof to use the information contained in your CaptureProof profile to provide the Service and to share this information, in part or in its entirety, with those entities and individuals you designate. You understand that the designated individuals may share your health information with colleagues for the purpose of your treatment.
If the patient is under the age of 18, in order to use the Service, you must be authorized by applicable law to agree to use of the Service and sharing of the minor's information. Generally, a parent or legal guardian may create a Profile for a child and grant others access to the data unless prohibited by applicable law. In certain limited circumstances, minors may be legally entitled to act on their own behalf and may be legally authorized to create their own Profile and grant others access to the data. By accepting the Terms, you are representing that you have the legal authority to form a contract with CaptureProof for the use and sharing of information pertaining to a minor patient. Once an account is created by an individual with legal authority to do so, a minor between the age of 13 and 17 may use the Service to access their Profile. U.S. federal law prohibits web site and internet service operators from collecting personal information from minors under age 13 without their parent or guardian's knowledge and consent. If we become aware that a child under the age of 13 has provided us with personally identifying information without consent of a parent or guardian, we will take steps to remove or delete such information from active systems to the extent feasible and as required by applicable law, and to disable the account as appropriate.
This site does not provide medical or any other health care advice, diagnosis or treatment. Always seek the advice of your Health Care Provider or other qualified Health Care Provider with any questions you may have regarding a medical condition, diet, fitness or wellness program. Never disregard professional medical advice or delay in seeking it because of information you accessed on or through the service.
It is the responsibility of the patient to follow the advice of their Health Care Provider and arrange any and all follow up in-office or online communication that is requested by the Health Care Provider. If a follow up appointment is requested and the patient does not either schedule or maintain the appointment, or even if the patient does follow up, CaptureProof is not liable for any delay in diagnosis or treatment.
Files and other content in the Service may be protected by intellectual property rights of others. You agree not to copy, upload, download, or share files unless you have the right to do so. You, not CaptureProof, will be fully responsible and liable for what you share, upload or otherwise use while using the Service. You will not upload spyware or any other malicious software to the Service.
We do not claim ownership of the content you submit through the Service. Your content remains your content. We also don't control, verify, or endorse the content that you and others make available through the Service. While we assume no responsibility to monitor content that you and others make available, we retain the right to remove any content at our discretion.
The Service requires you to register by creating a user account. You must complete the registration process by providing us with current, complete and accurate information as prompted by the applicable registration form. This means that you may not set up an account using someone else's name or contact information, unless you are a parent or legal guardian authorized to set up and maintain an account for a child, and in no event may you set up an account using a phony name or phony contact information. You also will be required to choose a password and/or a PIN. You are entirely responsible for safeguarding your password, PIN, and account, and you agree not to disclose your login information to any third party. In connection with the registration process, you may be asked to acknowledge your acceptance to the Terms of the Service by electronic signature which will be authenticated by your use of your unique user name and password and which will be electronically date and time stamped on the date and at the time your electronic signature is made.
Furthermore, you are entirely responsible for any and all activities that occur under your account, whether or not you authorized that activity. You agree to notify CaptureProof immediately of any unauthorized use of your account or any other breach of security, by sending an email to security@captureproof.com.
CaptureProof will not be liable for any loss that you may incur as a result of someone else using your password, PIN or account, either with or without your knowledge. However, you could be held liable for losses incurred by CaptureProof or another party due to someone else using your account, PIN or password. You may not use anyone else's account at any time, without the permission of the account holder. You may not transfer your account to someone else. You will be liable for losses and damages incurred by us (or anyone else) due to the unauthorized use of your account. Upon account termination, we will delete or de-identify your data from active systems to the extent feasible and as permitted by applicable law and contractual obligations. Encrypted backups may retain data until scheduled expiration. We have no obligation to return data to you after your account is terminated unless otherwise specified or otherwise required by applicable law.
It is your duty to provide true, accurate, current and complete personal information, including your current contact information and medical records as necessary for us to provide the Service to you.
You must not make any misrepresentations in the information you provide to CaptureProof or your team of Health Care Providers. In order for the Service to function effectively, you must also keep your account information up-to-date and accurate.
Your communication is also governed by the Acceptable Use Policy, which governs the acceptable use of the Site and the Service.
You warrant and represent to us that you either own all the information you are submitting or have the right to submit the information. Furthermore, you warrant and represent that you have the right to allow us to make your information available to our employees and agents to view and use in connection with providing the Service without requiring that any such use be subject to additional obligations or terms except as otherwise required by applicable law.
PATIENT:
Patient users are not charged any fees by CaptureProof for the use of the CaptureProof Platform. In certain circumstances, a patient's healthcare provider may bill for a healthcare service provided to a patient using the CaptureProof Platform and a patient may be responsible for payment. This may include payment of applicable insurance co-payments and deductibles to the healthcare provider. By connecting to a healthcare provider on the CaptureProof Platform, the patient consents to allow their healthcare provider to use the Platform to provide and bill for such healthcare services.
HEALTH CARE PROVIDER:
Payment
By accessing or using the services you, the health care provider, medical practice or institution, agree that your credit card will be billed on a monthly basis. If you are agreeing to the terms and conditions of the CaptureProof, Inc. pricing policy described herein, during registration you will have the opportunity to input a credit card. If your fees are covered by another entity contact CaptureProof directly at payments@captureproof.com to confirm this agreement. If an invoice is needed instead of a credit card this will have to be arranged with the company itself and services fees will apply.
We may revise these Terms from time to time and the most current version will always be posted on our website. We may communicate revisions to these Terms to you via email to the email address associated with your account or via notices displayed on the Site. By continuing to access or use the Service after revisions become effective, you agree to be bound by the revised Terms. If you do not agree to the new terms, please stop using the Service.
These Terms, including the incorporated policies and together with any additional terms and conditions as indicated on the Site or via the Service, constitute the entire and exclusive agreement between you and CaptureProof with respect to the Service, and supersede and replace any other agreements, terms and conditions applicable to the Service. These Terms create no third party beneficiary rights. CaptureProof’s failure to enforce a provision is not a waiver of its right to do so later. If a provision is found unenforceable, the remaining provisions of the Terms will remain in full effect and an enforceable term will be substituted reflecting our intent as closely as possible. You may not assign any of your rights in these Terms, and any such attempt is void except as otherwise required by applicable law, but CaptureProof may assign its rights without restriction. CaptureProof and you are not legal partners or agents; instead, our relationship is that of independent contractors.
These terms do not grant you any right, title, or interest in the Service, Site, or the content in the Service (other than your personal information and any other content you post to the Service). The Software and other technology we use to provide the Service are protected by applicable intellectual property and other laws.
If you give feedback on the Service, such as recommendations for improvements or features, you hereby assign to CaptureProof all right, title and interest in and to such feedback, and that feedback may be implemented as part of the Service without compensation to you.
All brand, product and service names and other brand features used in the Service that identify CaptureProof or the Service are the trademarks or service marks of CaptureProof or its licensors. Nothing in the Service or these Terms shall be deemed to confer on any person any license or right on the part of CaptureProof or any licensor with respect to any such brand features.
USE OF THE SERVICE IS AT YOUR OWN RISK. THE SERVICE ARE PROVIDED ON AN "AS IS," "WHERE IS" AND "AS AVAILABLE" BASIS. CaptureProof AND ITS AFFILIATES, SUPPLIERS AND PARTNERS EXPRESSLY DISCLAIM ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.
CaptureProof AND ITS AFFILIATES, SUPPLIERS AND PARTNERS MAKE NO WARRANTY, REPRESENTATION OR PROMISE THAT (A) THE SERVICE WILL MEET YOUR REQUIREMENTS; (B) THE SERVICE WILL BE UNINTERRUPTED, TIMELY, SECURE OR ERROR-FREE; OR (C) THAT THERE WILL BE NO ERRORS IN THE SERVICE. ANYTHING OBTAINED THROUGH USE OF THE SERVICE IS OBTAINED AT YOUR OWN DISCRETION AND RISK AND CaptureProof SHALL NOT BE RESPONSIBLE FOR ANY DAMAGE CAUSED TO YOUR COMPUTER OR DATA OR FOR ANY BUGS, VIRUSES, TROJAN HORSES OR OTHER DESTRUCTIVE CODE, OR FOR ANY OTHER LOSSES YOU MAY INCUR, RESULTING FROM YOUR USE OF THE SERVICE.
SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO THE ABOVE EXCLUSION MAY NOT APPLY TO YOU. YOU MAY ALSO HAVE OTHER LEGAL RIGHTS, WHICH VARY FROM STATE TO STATE AND COUNTRY TO COUNTRY.
TO THE FULLEST EXTENT PERMITTED BY LAW, (A) IN NO EVENT WILL CaptureProof, OR ITS AFFILIATES, DIRECTORS, OFFICERS, INVESTORS, EMPLOYEES, AGENTS, ADVERTISERS, LICENSORS, SUPPLIERS, OR SERVICE PROVIDERS, BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION LOSS OF USE, DATA, BUSINESS, OR PROFITS), REGARDLESS OF LEGAL THEORY, WHETHER OR NOT CaptureProof HAS BEEN WARNED OF THE POSSIBILITY OF SUCH DAMAGES, AND EVEN IF A REMEDY FAILS OF ITS ESSENTIAL PURPOSE; AND (B) CaptureProof's TOTAL LIABILITY TO YOU FOR DAMAGES, LOSSES, AND CAUSES OF ACTION UNDER ANY THEORY OF LIABILITY SHALL IN NO EVENT EXCEED $100.
You agree to indemnify, defend, and hold harmless CaptureProof, its affiliates and their respective directors, officers, employees and agents from and against any losses, costs, damages, liabilities and expenses (including reasonable attorneys' fees) arising out of any claims, actions, suits or proceedings related to your use of the Service, your violation of these Terms or of any rights of any third party, or any content or other information you submit to the Service. Your indemnification obligation will survive the termination of these Terms and your use of the Service.
We may terminate or suspend your permission to use the Service immediately and without notice upon any violation of these Terms, your failure to pay any fees when due, upon the request of law enforcement or government agencies, after extended periods of inactivity, for unexpected technical issues or problems, or in the event you engage in fraudulent or illegal activities. We also reserve the right to refuse, restrict, discontinue or terminate the Service (or any portions, components or features of the Service) to you or any other person or entity, for any reason or for no reason whatsoever, at any time, without notice or liability as allowed by applicable law. If we terminate your use of the Service for any of these reasons or otherwise for cause, we will not refund any fees you may have paid.
You acknowledge that temporary interruptions in the availability of the Service may occur from time to time, including the malfunction of equipment, periodic updating, maintenance or repair of the Service or other actions that CaptureProof, in its sole discretion, may elect to take. Under no circumstances will CaptureProof be held liable for any damages due to such interruptions or lack of availability.
Portions of the Service may be accompanied by additional terms that apply to specific features or areas of the Service or are required by applicable law. Those additional terms supplement these terms with respect to your use of those features or areas. (e.g. Authorized Use Policy, Security Policy, Privacy Policy, International Privacy Law Policy)
Except as otherwise required by applicable international law, these Terms are governed by laws of the state of California, without respect to its conflict of laws principles. The sole jurisdiction and venue for any claim arising from the Service and these Terms shall be the state and federal courts located in San Francisco, California and each party hereby consents to the exclusive jurisdiction and venue of such courts.
You agree that if you want to bring a legal claim against us under these Terms, you must file your claim lawsuit within one year after the date on which you discovered or reasonably should have discovered the event that gave rise to your claim.
TO THE EXTENT PERMITTED BY LAW, THE PARTIES AGREE THAT ANY DISPUTE RESOLUTION PROCEEDINGS, WHETHER IN ARBITRATION OR IN COURT, WILL BE CONDUCTED ONLY ON AN INDIVIDUAL BASIS AND NOT IN A CLASS OR REPRESENTATIVE ACTION OR AS A NAMED OR UNNAMED MEMBER IN A CLASS, CONSOLIDATED, REPRESENTATIVE OR PRIVATE ATTORNEY GENERAL ACTION, UNLESS BOTH YOU AND CaptureProof SPECIFICALLY AGREE TO DO SO IN WRITING.
If you do not wish to be bound by the foregoing class-action waiver, you must notify CaptureProof in writing within 30 days of the date that you accept these Terms. Your written notification must be mailed to: CaptureProof, Inc., ATTN: legal 611 S. Gateway Blvd, Ste 120, South San Francisco, CA 94080.
Notices to you may be sent via email or provided through links displayed on the Site. You understand and agree that notices and other information ("Communications") may be provided by CaptureProof to you by electronic means (i.e., via email or by posting the information on the Site). The categories of Communications that may be provided by electronic means include:
All Communications will be deemed to have been received by you after it is posted on the site for 5 days, whether or not you have retrieved the Communication from the Site. An electronic Communication by email is considered to be sent at the time that it is directed by CaptureProof’s email server to your email address, whether or not your receive it. You agree that these are reasonable procedures for sending and receiving electronic Communications.
You agree to promptly update your account records with CaptureProof if your email address changes so that CaptureProof may contact you electronically. You understand and agree that if we send you an electronic Communication but you do not receive it because the email address on file is incorrect, out of date, blocked by your service provider or you are otherwise unable to receive electronic Communications, CaptureProof will be deemed to have provided the Communication to you.
Although we reserve the right to provide Communications in paper format at any time, you agree that we are under no obligation to do so. All Communications in either electronic or paper format will be considered to be "in writing." You should print a paper copy of these Terms and any Communication that is important to you and retain the copy for your records. If you do not wish to receive these Terms or the Communications electronically, you may not use the Service.
If you have opened an account with us and you wish to withdraw your consent to have Communications provided electronically, you must close your account and stop using the Service. There are no fees to close your account, but a return data-handling fee may apply as allowed by law.
The terms of this Agreement (“Terms”) apply to your use of the Service, including iOS applications available via the Apple, Inc. (“Apple”) App Store (the “Application”), but the following additional terms also apply to the Application:
Both you and CaptureProof acknowledge that the Terms are concluded between you and CaptureProof only, and not with Apple, and that Apple is not responsible for the Application or the Content.
To the extent that the additional terms of the End-User License Agreement conflict with the Terms, the EULA shall control with respect to your use of the Service via the Application.
If you would like to contact us to provide feedback, comments or requests for technical support, and/or complaints or claim with respect to the EULA, you should contact us through our customer support department at help@captureproof.com or call our support line at +1.415.691.7615.
If you have privacy questions or concerns, you should contact us at privacy@captureproof.com.
If you have data security questions or concerns, you should contact us at security@captureproof.com.
Last Modified: February 9, 2026
Last Modified: February 9, 2026
Many people use CaptureProof, and we are proud of the trust placed in us. In exchange, we expect you to use the CaptureProof services (the "Service") responsibly.
As a CaptureProof account holder you agree to comply with this Acceptable Use Policy (this "Policy") and will be liable for all activities and content you post and for violation of this Policy.
You agree not to misuse the Service. For example, you must not, and must not attempt to, use the Service to do any of the following:
CaptureProof is not responsible for the content or activities in any CaptureProof profile. The decision to share or create content is yours. We advise you to use your judgment.
CaptureProof reserves the right to amend or change this Acceptable Use Policy at any time. CaptureProof may place a special notice on the CaptureProof website, update the date of this Acceptable Use Policy, or communicate significant changes by email. Your continued use of the Service following such notification constitutes your acceptance of any such changes. We encourage you to periodically review this Acceptable Use Policy to ensure you are in compliance.
Some information you provide or upload to the Service may be stored outside of the country in which you reside.
All activity on the Service is also governed by the CaptureProof Terms of Service.
If you see content that violates this Acceptable Use Policy, we encourage you to report it to CaptureProof for review. Please contact us at security@captureproof.com.
Thank you for using CaptureProof and honoring this Acceptable Use Policy.
Last Modified: February 9, 2026
CaptureProof maintains safeguards designed to support compliance with HIPAA and applicable privacy/security requirements, and enters into Business Associate Agreements (BAAs) with Covered Entities as applicable. We provide this overview so that you can better understand the security measures we've put in place to protect the information that you store using CaptureProof.
All data stored in our databases is symmetrically encrypted using AES-256 keys. Amazon Web Services stores data over several large-scale data centers. You can find more information about Amazon Web Services' security at the Amazon Web Services' website. CaptureProof manages encryption keys using cloud-provider key management services (e.g., AWS Key Management Service) with restricted, role-based access and auditing. Access to systems and data is governed by least-privilege principles and role-based access controls, and administrative access is restricted and monitored. System and application logs are centralized for monitoring, alerting, and forensic review to support security operations and compliance obligations.
Your files are sent from CaptureProof’s mobile and web apps to our servers over a secure channel using TLS 1.2 or higher (including TLS 1.3 where supported) encryption, the standard for secure Internet network connections.
User accounts are password protected. Healthcare professional accounts may be configured to require multi-factor authentication (MFA) based on customer requirements and regional support; administrative access is restricted and monitored.
CaptureProof and Amazon Web Services keep redundant backups of all data over multiple locations to prevent the remote possibility of data loss.
We guard your privacy and work hard to protect your information from unauthorized access. Except as stated in the next sentence, CaptureProof employees are prohibited from viewing the content of files you store in your CaptureProof profile(s), and are only permitted to view file metadata (e.g., file names and locations). Like most online services, we have a small number of employees who must be able to access user data for the reasons stated in the CaptureProof Privacy Policy (e.g., when legally required to do so). We have strict policy and technical access controls that prohibit employee access except in these rare circumstances.
CaptureProof cooperates with law enforcement when it receives valid legal process, which may require CaptureProof to disclose information contained in your CaptureProof profile(s). In the case of being compelled to disclose information as above, We may disclose information in response to valid legal process as required by law. Where technically feasible and legally required, we may provide responsive data in a readable format; we do not provide encryption keys unless required by applicable law.
Our auditing process tracks relevant records and events that are created, updated, restricted, or deleted where authorized via controlled workflows, and maintains traceability of user activity such as logins, access, viewing, and note entry.
You understand that your medical history is entered into the CaptureProof database and that all reasonable measures have been and will be taken to protect the confidentiality of this medical and personal information – in accordance with HIPAA standards. You know that no computer or phone system is completely 100% secure. CaptureProof understands your rights to reasonable privacy in accordance with HIPAA standards and state laws, and in accordance with our Privacy Policy, will not release information to anyone without your written authorization or as required permitted by law, or in accordance with your health insurer's privacy policy if applicable, or as otherwise disclosed via our Privacy Policy.
CaptureProof may revise and update this Security Policy at any time, without notice to you. We encourage you to periodically check the Site to see if there have been any changes to our Security Policy that may affect you.
CaptureProof is committed to resolving complaints about the security measures we use to protect your personal information. Individuals with inquiries or complaints regarding our Security policy should contact the CaptureProof Security Officer at:
CaptureProof's Security Officer can be contacted at:
CaptureProof, Inc
c/o Security Officer, David Chasteen
611 S. Gateway Blvd, Ste 120
South San Francisco, CA 94080
United States of America
security@captureproof.com
415-691-7615
Last Modified: February 9, 2026
CaptureProof takes your privacy very seriously. We are committed to protecting the privacy of visitors to the CaptureProof.com web site and mobile application (the "Site"). The purpose of this Privacy Policy is to inform you what kinds of information we may collect about you when you visit the Site or use the service offered on the Site (the "Service"), how we may use that information, to whom we may disclose it, and the choices you have regarding our use of, and your ability to manage and edit, your information. This Privacy Policy applies to the Site and the Service. This Privacy Policy does not apply to other websites to which we may link.
If you are from a country other than the United States, please refer to the International Privacy Law Policy.
This Privacy Policy governs information we collect about patients who use the Service ("Patients") and about designated health care professionals who are part of a Patient's health care team ("Medical Professionals").
Patients and Medical Professionals can access the Service through the Sites, via desktop or laptop computer, mobile phone, tablet, or other consumer electronic device. This Privacy Policy governs your use of the Service regardless of how you access the Service, and by using the Service you consent to the collection, transfer, processing, storage, disclosure and other uses of your information described in this Privacy Policy.
The Service is a health records platform that allows Patients to gather, edit, add to, store, and share their protected health information online and to communicate and share that information with designated Medical Professionals. This Service also allows Medical Professionals to gather, edit, add to, store and share protected health information online related to the treatment of Patients and share that information with their Patients and other designated Medical Professionals.
When you use the Service, the Service collects identifying information about you (e.g., name and email address) as well as, if you are a Patient, your protected health information (e.g., photos, videos, notes, doctor communications, and health history), and, if you are a Medical Professional, your patient communications.
We may collect and store the following information when you use the Service:
When you register to create an account with the Service, we collect some information about you, such as your name, phone number and email address. If you are a Patient, we also collect information about your gender and date of birth. If you are a Medical Professional, we also may collect information about your medical credentials, such as your medical license number, degree, office number and specialty. We may also collect information Patients choose to provide us regarding their designated Medical Professionals, such as their names and email addresses. Providing a profile picture is optional for both Patients and Medical Professionals.
If you are a Patient, when you use the Service, we collect health information that relates to (a) your past, present or future physical or mental health or condition, and (b) the provision of health care to you. This health information includes notes describing health conditions, communications with your medical clinician, photos of body parts or video of body movements and/or experiences, and any other information you upload to the Service. You can use the Service to enter a wide range of health information into a record. You can give others permission to view, and/or add information in a record.
End users cannot delete clinical media or messages directly from the application in order to preserve record integrity. Deletion, restriction, or de-identification requests may be processed through controlled workflows based on customer configuration, documented instructions, and applicable law. Backups may retain data temporarily until scheduled expiration.
When you make payment for your use of the Service, we collect additional financial information as required to process those purchase transactions.
We also collect other information required to configure, use, and receive support for the Services, the time you visited, and browser type.
When you use the Service, we automatically record information, from the computer, mobile phone or other consumer electronic device you use to access the Service, that device's software, and your activity using the Service (collectively, "Analytics Information"). This may include the device's Internet Protocol ("IP") address, browser type, the web pages you visit on our website, information you search for on our website, locale preferences, identification numbers associated with your device, your mobile carrier, date and time stamps associated with transactions, system configuration information, captured metadata from photos and video concerning your uploaded health information, and other interactions with the Service.
We may use Analytics Information to monitor and analyze use of the Service, for the Service's technical administration, to increase the Service's functionality and user-friendliness, and to verify users have the authorization needed for the Service to process their requests.
For clarity, the Service may generate operational logs and telemetry needed to maintain security, reliability, fraud prevention, and support (for example, login events, error logs, and performance metrics). These operational logs are not used for advertising or cross-site tracking.
Marketing Website Analytics Only; No PHI for Advertising. CaptureProof may use analytics technologies on CaptureProof’s public marketing website to understand website performance and improve user experience. These analytics tools are not used within the authenticated Service where PHI/ePHI is accessed or stored. CaptureProof does not use PHI/ePHI for advertising, ad targeting, or marketing profiling, and we do not permit service providers to use PHI/ePHI for those purposes. Where analytics providers are used on the marketing website, information is collected and processed in accordance with applicable law and provider contractual obligations, and users may be able to control analytics cookies through browser settings or available opt-out mechanisms. Google provides a browser add-on to opt out of Google Analytics.
The Service allows you to manage one health record, such as the ones you create for yourself or for your child(ren). You choose what information to put in your records. Examples of the types of information you can store in a record include:
How we use personally identifying information:
We use personally identifying information collected through the Service, including Patients' protected health information:
We may also ask you to participate in use surveys, questionnaires or polls, to facilitate feedback and input from our users. When you respond to surveys, questionnaires or polls, this information is collected only as anonymous, aggregated information and is used for statistical purposes only.
We may also use, or share with third parties, other non-personally identifying information in the aggregate for the purpose of improving the Service and for business and administrative purposes.
A key purpose of the Service is to facilitate the sharing by Patients of health information with Medical Professionals that are designated members of the Patient's health care team. Patients can choose to share specific information (or all information) with a designated Medical Professional.
Patients can share protected health information with designated Medical Professionals once they have established a Medical Professional - Patient relationship as outlined in our Terms of Service. Once data is shared it will remain shared with the Medical Professional. Terminating the connection will prevent the Medical Professional from having access to any subsequent data uploaded and/or shared by the patient.
No Medical Professional who accepts a sharing invitation has the ability to use the Service to share a Patient's health information with third parties, the exception being that Medical Professionals can use or disclose protected health information, such as X-rays, laboratory and pathology reports, diagnoses, photos, videos, and other medical information for treatment, payment or health care operations purposes only without the patient's authorization. This includes sharing the information to consult with other providers, including providers who are not covered entities, to treat a different patient, or to refer the patient.
We may permit certain trusted third party companies and individuals to access your information in connection with their performance of services to help us maintain, operate, analyze, and improve the Service, including but not limited to data storage, maintenance services, database management, web analytics, payment processing, and improvement of the Service’s features. These third parties may have access to your information only for purposes of performing these tasks on our behalf and under obligations similar to those in this Privacy Policy.
We may disclose your personally identifying information to third parties when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of CaptureProof or its users; or (d) to protect CaptureProof's property rights. If we provide information to a law enforcement agency in response to valid legal process, we will do so as required by applicable law. Where technically feasible and legally required, we may provide responsive information in a readable format; we do not provide encryption keys unless required by applicable law. We may not be able to access certain data in response to legal requests where doing so is not technically feasible or is prohibited by applicable law.
If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your personally identifying information may be transferred as part of that transaction, but we will notify you of this transfer of your information (for example, via email and/or a prominent notice on the Site). We will also notify you of choices you may have regarding the transfer of your information
We may disclose your non-personally identifying information to third parties as described above under "How we use aggregate non-personally identifying information." We do not sell, trade or rent your personal information to third parties.
You may review, update, correct or delete the personally identifying information provided in your registration or Profile by changing your Profile settings. If your personally identifiable information changes, or if you no longer desire to use the Service, you may update or delete it by making the change in your Profile settings. In some cases we may retain copies of your information if required by law.
We will retain your information for as long as your account is active or as needed to comply with applicable federal and state laws. If you delete your account, we may retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Consistent with these requirements, we will try to delete your information as quickly as possible upon request. Please note, however, that there might be a delay in deleting information from our servers and that backed-up versions might continue to exist after deletion. Any information that remains will continue to be protected by CaptureProof under the terms of this Privacy Policy and under the terms of the Security Policy.
In regulated healthcare and clinical research contexts, certain records may be subject to legal, clinical, or regulatory retention requirements (including auditability and study integrity). Where deletion is authorized and applicable, CaptureProof will delete or de-identify data from active systems to the extent feasible and consistent with documented instructions and applicable law; certain audit logs may be retained for security and compliance purposes. Encrypted backups are retained according to defined schedules and may persist until they expire or are overwritten; if restored, applicable deletion or restriction requests are re-applied.
We use administrative, technical, and physical safeguards designed to protect your information, including encryption in transit using TLS 1.2 or higher (including TLS 1.3 where supported), encryption at rest using industry-standard encryption (e.g., AES-256), and authentication and access controls. However, no method of transmission over the Internet or method of electronic storage is 100% secure.
CaptureProof may revise and update this Privacy Policy at any time, without notice to you. We encourage you to periodically check the Site to see if there have been any changes to our Privacy Policy that may affect you.
An internet cookie is a string of information that a website stores on a visitor's computer, and that the visitor's browser provides to the website each time the visitor returns. We use cookies to help us identify and track visitors to the Site, their usage of the Site, and their website access preferences. You will, however, have the option to accept the use of cookies or reject the use of cookies. Certain features of the Site may not function properly without the aid of cookies.
Cookies and similar technologies described in this Cookies Policy apply to CaptureProof’s public marketing website. The authenticated Service where PHI/ePHI is accessed or stored does not use third-party analytics or advertising cookies for tracking or profiling.
You have a right to:
1. View your medical records. You can access your medical records that have been provided to CaptureProof within 30 days of your request to do so. You can view your medical records at any time by accessing your account online.
2. Inspect and copy your PHI. You must submit your request to inspect or copy your PHI online to CaptureProof. CaptureProof may impose a fee for the costs of copying, mailing, labor and supplies associated with your request. CaptureProof may deny your request to inspect and/or copy your PHI in certain limited circumstances. If that occurs, CaptureProof will inform you of the reason for the denial, and you may request a review of the denial.
3. Amend your PHI. If you believe your file is incomplete or incorrect, you can request that CaptureProof amend your PHI. CaptureProof may, under certain circumstances, deny your request. If that occurs, you have the right to submit a statement of disagreement for inclusion in your records.
4. Accounting and disclosures. You always have the decision whether or not to give permission for your PHI to be shared before it is used or shared. Your chosen health professionals that use the Service are prohibited from using or sharing your personally identifiable medical records for any purposes that are not part of normal, routine health care processes. You have the right to receive an accounting of all disclosures CaptureProof has made of your PHI. Accordingly, upon request made in a 12 month period, CaptureProof shall provide the patient, at no charge, with a copy of accounting of disclosures.
CaptureProof will provide you a notice that tells you how your PHI has been used and shared. This accounting will be provided without charge for the first request made in a 12-month period. Reasonable cost-based charges can be imposed to provide an additional accounting(s) if the request for the 2nd (3rd ...) accounting is within the 12 month period, as permitted by law.
5. Complaint. You may complain to CaptureProof and to the Secretary of the Department of Health and Human Services if you believe that your privacy rights have been violated.
If you have any questions about this Privacy Policy, please contact us at privacy@captureproof.com.
CaptureProof is committed to resolving complaints about our collection or use of your personal information. Individuals with inquiries or complaints regarding our Privacy policy should contact the CaptureProof Privacy Officer at:
CaptureProof, Inc
c/o Privacy Officer, Meghan Conroy
611 S. Gateway Blvd, Ste 120
South San Francisco, CA 94080
United States of America
security@captureproof.com
415-691-7615
The CaptureProof Privacy Officer also serves as the Grievance Officer with respect to individuals governed by the privacy laws of India.
Last Modified: February 9, 2026
CaptureProof relies primarily on Standard Contractual Clauses (SCCs) and other lawful mechanisms for international transfers where required. This page provides historical context regarding Privacy Shield.
On July 16, 2020, the Court of Justice of the European Union issued a judgment declaring as “invalid” the European Commission’s Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of the protection provided by the EU-U.S. Privacy Shield. As a result of that decision, the EU-U.S. Privacy Shield Framework is no longer a valid mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States.
On September 8, 2020 the Federal Data Protection and Information Commissioner (FDPIC) of Switzerland issued an opinion concluding that the Swiss-U.S. Privacy Shield Framework does not provide an adequate level of protection for data transfers from Switzerland to the United States pursuant to Switzerland’s Federal Act on Data Protection (FADP). As a result of that opinion, the Swiss-U.S. Privacy Shield Framework also appears to no longer be a valid mechanism to comply with the Swiss data protection requirements when transferring personal data from Switzerland to the United States.
As a result of these two decisions, CaptureProof will not renew its Privacy Shield certification.
CaptureProof remains committed to data protection and to compliance with all applicable privacy laws including international laws such as the EU General Data Protection Regulation (GDPR) and the Swiss FADP. CaptureProof will work with entities to ensure compliance with these laws as applicable.
For example, when processing personal information or personal data pursuant to a contract with a controller, CaptureProof may utilize contractual clauses to ensure compliance with the GDPR or FADP requirements. Such contractual clauses would include: (a) the subject-matter and duration of the processing; (b) the nature and purpose of the processing; (d) the type of personal data and categories of data subjects; and (e) the obligations and rights of the controller. The contractual clauses would also stipulate that CaptureProof: (a) processes the personal data only on documented instructions from the controller unless otherwise required by applicable law; (b) ensures that persons authorized to process the personal data have agreed to treat the information confidentially; (c) takes appropriate security measures; (d) will not engage another third party processor (subcontractor) without prior specific or general written authorization from the controller; (e) will enter into a contract with any third party subcontractor requiring the subcontractor to provide the same protections imposed on CaptureProof; (f) will remain liable to the controller for the performance by subcontractors; (g) assists the controller in response to requests by data subjects seeking to exercise their rights insofar as possible given the nature of the processing; (h) assists the controller in ensuring compliance with security obligations insofar as possible given the nature or the processing and the information available to CaptureProof; (i) at the choice of controller, deletes or returns all personal data at the end of the provision of services unless otherwise required by law; and (j) makes information available to the controller to demonstrate compliance with the data protection law and as necessary for audits.
Last Modified: February 9, 2026
Last Modified: February 9, 2026
The Business Associate Agreement set forth below binds only Covered Entities, as defined in the Health Insurance Portablity and Accountability Act and implementing regulations ("HIPAA"), including Health Care Providers and the health care organization to which they belong. The Business Associate Agreement does not apply to Users who are patients.
NOW THEREFORE, the parties hereby agree to this Addendum to the Business Associate Agreement to protect personal information transferred from countries outside of the United States. The parties agree to comply with CaptureProof's International Privacy Law Privacy Policy which is incorporated herein by reference. This includes, but is not limited to, safeguarding personal information consistent with international privacy laws as applicable.
Last Modified: February 9, 2026
Your browser has known security flaws, and may not display all features of this website. Please update your browser to the latest version, or download one of the following supported browsers:
