Menu
close
Contact Us
close

Privacy Policy


LAST UPDATED: 12.10.25

Privacy Policy

1. Introduction

Carta Healthcare, Inc. ("Carta Healthcare," "we," "our," or "us") respects your privacy and is committed to protecting it through our compliance with this policy.

This Privacy Policy describes the types of information we may collect from you or that you may provide when you visit the website www.carta.healthcare (our "Website") and our practices for collecting, using, maintaining, protecting, and disclosing that information.

Important Note Regarding Patient Data (HIPAA):

This Privacy Policy applies specifically to the data collected via our public-facing Website (e.g., marketing forms, job applications, and browsing data). It does not apply to Protected Health Information (PHI) that we process on behalf of our hospital and health system clients through our products (such as Atlas, Voyager, and Lighthouse). The processing of PHI is governed by the Health Insurance Portability and Accountability Act (HIPAA) and the specific Business Associate Agreements (BAAs) we have in place with our clients.

2. Information We Collect About You

We collect several types of information from and about users of our Website, including:

A. Information You Provide to Us

  • Contact Information: When you fill out forms on our Website (such as "Request a Demo," "Contact Us," or downloading white papers), we may collect information from you such as your name, email address, phone number, job title, and company name.
  • Correspondence: If you contact us, we may keep a record of that correspondence.
  • Job Applications: If you apply for a job via our Careers page, we collect your resume, employment history, and other professional details.

B. Information We Collect Automatically

As you navigate through and interact with our Website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:

  • Usage Details: Traffic data, location data, logs, and other communication data and the resources that you access and use on the Website.
  • Device Information: Information about your computer and internet connection, including your IP address, operating system, and browser type.

C. Cookies and Tracking Technologies

We use cookies (small files placed on the hard drive of your computer), web beacons, pixels, and similar tracking technologies to help us improve our Website and deliver a better and more personalized service. We use the following types of cookies: (1) strictly necessary cookies required for website functionality; (2) performance/analytics cookies to understand how visitors use our site; (3) functionality cookies to remember your preferences; and (4) targeting/advertising cookies to deliver relevant advertisements. You may refuse to accept browser cookies by activating the appropriate setting on your browser or by using our cookie preference center [INSERT LINK]. However, if you disable strictly necessary cookies, you may be unable to access certain parts of our Website

3. How We Use Your Information

We use information that we collect about you or that you provide to us:

  • To present our Website and its contents to you.
  • To provide you with information, products, or services that you request from us (e.g., scheduling a demo of our AI platform).
  • To fulfill any other purpose for which you provide it.
  • To notify you about changes to our Website or any products or services we offer.
  • To allow you to participate in interactive features on our Website.
  • For marketing purposes, such as sending newsletters or information about upcoming webinars (you may opt-out of these communications at any time).
  • To analyze Website usage and improve our user experience.

4. Disclosure of Your Information

We do not sell your Personal Information to third parties. We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.

We may disclose Personal Information that we collect or that you provide as described in this Privacy Policy:

  • To Our Service Providers: We use third-party vendors to support our business (e.g., hosting services, CRM platforms like HubSpot or Salesforce, and analytics providers). These parties are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.
  • To Affiliates: To our subsidiaries and affiliates.
  • Business Transfers: To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Carta Healthcare’s assets.
  • Legal Requirements: To comply with any court order, law, or legal process, including to respond to any government or regulatory request.

5. State Privacy Rights (California and Others)

While we are a B2B healthcare technology company, we recognize that residents of certain states, including California (under CCPA/CPRA), Virginia (under VCDPA), Colorado (under CPA), Connecticut (under CTDPA), Utah (under UCPA), and other states with comprehensive privacy laws, have specific rights regarding their personal information.

Depending on your jurisdiction, you may have the right to:

  • Access: Request access to the specific pieces of personal information we have collected about you.
  • Correction: Request that we correct inaccurate personal information.
  • Deletion: Request that we delete personal information we have collected from you, subject to certain exceptions (e.g., legal compliance).
  • Opt-Out: Opt-out of the processing of your personal data for targeted advertising purposes.

To exercise these rights, please contact us at [Insert Privacy Email Address, e.g., privacy@carta.healthcare].

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (as amended by the California Privacy Rights Act):

Categories of Personal Information We Collect

In the past 12 months, we may have collected the following categories of personal information:

  • Identifiers (name, address, phone number, email)
  • Internet or electronic activity (browsing history, cookies, analytics data)
  • Professional or employment-related information (if you apply for a position with us)
  • Inferences drawn from the above (e.g., preferences for services)

Purposes for Collection

We collect and use this information to:

  • Improve our services and website.
  • Set up meetings or demos of our services.
  • Conduct marketing (with your consent).
  • Comply with legal obligations.

Disclosure of Personal Information

We may disclose personal information to:

  • Service providers (IT, marketing).
  • Regulators or law enforcement, if required.

We do not sell personal information for monetary or other valuable consideration. However, our use of certain cookies, pixels, and analytics tools that allow third parties to collect information about your online activity over time and across different websites or applications may be considered "sharing" for cross-context behavioral advertising purposes under California law. You can opt out of this sharing as described in the "Cookies and Online Tracking" section below.

Your Rights Under CCPA/CPRA

As a California resident, you have the right to:

  • Know what personal information we collect, use, disclose, and share.
  • Access specific pieces of personal information we hold about you.
  • Delete personal information we collected from you (subject to certain exceptions).
  • Correct inaccurate personal information.
  • Opt out of the sale or sharing of personal information.
  • Limit the use and disclosure of sensitive personal information (as defined under California law) to purposes necessary to provide the services you request, perform the services reasonably expected by an average consumer, and other enumerated purposes under California law (such as ensuring security, complying with legal obligations, and short-term transient use). Note: We do not collect or process sensitive personal information as defined by the CPRA through our public-facing Website.
  • Not be discriminated against for exercising your privacy rights.

How to Exercise Your Rights

You may submit a request by:

  • Emailing us at: [Insert Privacy Contact Email]
  • Calling us at: [Insert Phone Number]

We will verify your identity before fulfilling your request. You may also designate an authorized agent to make a request on your behalf.

6. Data Security

We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk.

7. Privacy of Minors 

Our services are not directed to individuals under 18, except with parental consent. We do not knowingly collect personal information from minors without such consent.

8. Third-Party Links

Our Website may contain links to third-party websites (e.g., news articles, partner websites, or social media platforms). We are not responsible for the privacy practices or content of those third-party sites. We encourage you to read the privacy policies of any website you visit.

9. Changes to Our Privacy Policy

It is our policy to post any changes we make to our Privacy Policy on this page. The date the Privacy Policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Website and this Privacy Policy to check for any changes.

10. Contact Information

To ask questions or comment about this Privacy Policy and our privacy practices, contact us at: