Legal

Privacy policy.

How Curitas collects, uses, and protects your information.

Last updated · May 11, 2026

This Privacy Policy explains how Curitas collects, uses, and protects your information when you use our provider matching platform. By using Curitas, you agree to the practices described below.

01

Who we are

Curitas is a provider matching platform operated by [Company Name TBD]. We help patients find healthcare providers based on care preferences, philosophy, and logistics.

Contact: [email TBD]

02

Information we collect

  • Account information: name, email, phone number.
  • Patient intake data: care preferences, location, insurance status, goals, and any notes you choose to provide.
  • Provider profile data: credentials, specialty, care philosophy, and practice information.
  • Usage data: pages visited and features used, for improving the service.

We do not collect medical records, diagnoses, lab results, prescription history, or detailed health conditions. Curitas is not a medical provider and does not store protected health information.

03

How we use your information

  • To match patients with providers based on stated preferences.
  • To generate match explanations using AI. Your intake responses are processed by a third-party AI service (OpenAI) for this purpose.
  • To send notifications about matches and account activity.
  • To improve our matching algorithms over time.

We do not use your data for advertising and we do not sell it to third parties.

04

Information sharing

  • Patient data is shared with providers only when the patient explicitly clicks “Share with provider.” Browsing your matches does not share any information.
  • Provider profile data visibility is controlled by the provider through Public, Match-Only, and Internal settings.
  • We may share data with: hosting providers (for infrastructure), email services (for notifications), and AI services (for matching analysis).
  • We will comply with lawful requests from law enforcement and regulatory authorities.
05

Data security

  • Data is encrypted in transit (HTTPS) and at rest (MongoDB Atlas encryption).
  • Role-based access controls limit who can see what.
  • Audit logs are maintained for all sensitive data access events.
  • Passwords are hashed using industry-standard algorithms; we never store passwords in plain text.
06

Data retention and deletion

Account data is retained while your account is active. You can request deletion at any time from your dashboard.

  • Upon a deletion request, your account enters a 30-day grace period during which you can cancel the deletion.
  • After the grace period expires, your patient data is permanently removed: intake responses, matches, and identifying details are wiped.
  • Lead records sent to providers you chose to share with are retained as anonymized records (your name and contact details are redacted to “[deleted]”) so providers do not end up with broken records.
07

Your rights

  • Access your data at any time through your dashboard.
  • Request deletion of your account and all associated data.
  • Opt out of AI processing by contacting us — manual matching is available upon request.
08

Third-party services

We use the following third-party services to operate Curitas:

  • MongoDB Atlas — database hosting.
  • OpenAI — AI-assisted matching analysis and explanation generation.
  • SendGrid — email delivery for notifications.

Each vendor's privacy practices are governed by their own policies.

09

Changes to this policy

We may update this Privacy Policy from time to time. Continued use of Curitas after changes are posted constitutes acceptance of the updated policy. Material changes will be communicated via email to the address on your account.

10

Contact

Questions about this Privacy Policy or your data? Contact us at [email TBD].