1. Eko Help Center
  2. Compliance and policies
  3. Policies

Eko Health, Inc. - Privacy Policy

Last updated April 28, 2026

This Privacy Policy describes how Eko Health, Inc. and its subsidiaries and affiliates (collectively “Eko,” “we,” or “us”) collect, process, use, disclose, and secure your personal information and the rights available to you when you use our mobile apps (the “Apps”), devices (including, but not limited to, the Eko DUO™, Eko CORE™ Digital Attachment, the Eko CORE 500™ Digital Stethoscope, and the 3M™ Littmann® CORE Digital Stethoscope, (collectively, the “Devices”)), hosted services, software applications, software functionalities delivered through third parties, and websites (such as ekohealth.com and dashboard.ekodevices.com) that display a link to this Privacy Policy (the “Sites”) (collectively, the “Services”). 

This Privacy Policy applies to:

  • Authorized users of our Services (for example, individual Customer's or team members of one of our Customers who has been provided with access to the Services) (collectively, “Users”); 
  • Human patients of our Users whose personal information is being hosted in our Services ("Patients");
  • Parents or guardians of Patients, and pet owners or caretakers of veterinary patients who personal information is hosted in our Services (collectively, “Care Recipients”); and 
  • Visitors to our Sites.

For the purposes of this Privacy Policy, “personal information” means any information that identifies or relates to a particular individual, and includes information referred to as "personal data" under applicable data protection/data privacy laws. We value keeping your personal information confidential and using it solely in the context of our mission to enable you to become fully engaged in your healthcare through updated personal health records and the most recent information regarding your disease state to aid you and your healthcare providers in making informed decisions about your care.

Please note that the personal information we collect and transmit may include healthcare information, including billing, insurance, and medical information. Therefore, our privacy practices are intended to comply with the Health Insurance Portability and Accountability Act (“HIPAA”), General Data Protection Regulation (“GDPR”), and other global privacy laws where we operate. We will maintain the privacy of your health information as required by HIPAA and the regulations promulgated under that act.

Please also note that access to and use of the Services by a healthcare provider or veterinarian who is an Eko customer (“Customer”), and by such Customer’s authorized users, is subject to and governed by the agreement between Eko and the applicable Customer executed by authorized representatives of each party (the “Customer Agreement”).

If you are a User, then your access and use of our subscription Services are subject to and governed by our Terms of Service .

This Privacy Policy is provided to inform you about Eko’s privacy practices. When you use or access the Services, or submit personal information through the Services, you acknowledge that you have read and understood all the terms and provisions of this Privacy Policy. If you do not agree with this Privacy Policy, please do not access or use our Services, or submit your personal information to us.

We recommend that you read this Privacy Policy in full to ensure you are fully informed.  However, if you only want to access a particular section of this Privacy Policy, then you can click on the relevant link in the Table of Contents below to jump to that section.

For additional information related to your personal information, including your healthcare information, or if you have any questions, please reach out to us at privacy@ekohealth.com.

Table of Contents

  1. Personal Information We Collect
  2. How We Use the Personal Information We Collect
  3. How We Share the Personal Information We Collect
  4. Cookies, Analytics Technologies, and Abandoned Cart Emails
  5. HIPAA Compliance
  6. Legal basis (EEA and UK only)
  7. Your Rights
  8. Data Retention and Deletion
  9. International data transfers
  10. Data security
  11. Information Submission by Minors
  12. Updates and Versions to Our Privacy Policy
  13. How to Contact Us

______________________________________________________________________

  1. Personal Information We Collect

The information we collect depends on the context of your interactions with Eko and the choice you make, the products and features you use, your location, and application law. 

In general, our Services are intended for use by our Customers and their Users. As a result, for much of the personal information (including Patient personal information) we collect and process through the Services, we act as a processor or service provider. This means, it is primarily our Customers and their Users that control what personal information we collect through the Services and how we use it. Therefore, if you are a Patient of one of our Customers, and have privacy related questions or concerns about the privacy practices of or the choices the relevant Customer has made to share your information with us or any other third-party, you should contact the relevant Customer (your health care provider) or review their or (where applicable) their organizations' privacy notices. 

Eko is not responsible for the privacy or security practices of its Customers or their Users, which may differ from those set out in this Privacy Policy. 

We collect and process the following types of personal information in connection with our Services: 

Registration and Account Information

If you are a User, when you register to use the Service or create an Eko account (including  an Eko Vet+ account), we may collect your name and all other information you (or your organization) provide to us, such as your account login credentials (like your email address, username and password and the unique User ID assigned to you in our systems), and professional details (like the name of your health care practice or veterinary clinic, your job title). If you are a healthcare provider, we may also collect your National Provider Identifier (NPI).

Physiological Data

We collect and generate certain information about our User's and their Patients through their use of the Devices and/or related software and connected Services. This information may be collected directly from Patients or Users using the Services, or generated automatically through the use of the Services. Some of this information may constitute protected health information ("PHI") or other sensitive health data (collectively "Health Data"). 

(i) Recordings Data - We collect audiovisual and physiological data in Device recordings uploaded to the Services, including heart sound data, lung sound data, electrocardiogram (ECG) signals and related measures (like average heart rate, rhythm regularity, sound amplitude, frequency patterns, and timing intervals such as systole versus diastole). 

We also collect limited technical and contextual information associated with the recording process, such as the mobile device accelerometer data, the location on the body where the recording was taken, local time, time zone and geographic location of data acquisition. 

(ii) Analysis Results - For Users of the Services, we may apply automated analysis to certain Recordings Data using Eko’s AI algorithms to assist clinicians in reviewing and interpreting recordings. This may include: 

  • Cardiac findings, such as classification of murmurs (systolic, diastolic, or continuous);
  • Rhythm findings, such as detection of atrial fibrillation, tachycardia, bradycardia, or irregular or unclassified rhythms;
  • Signal quality indicators, such as “poor signal” or “no analysis possible”; and
  • Summary labels, such as “abnormal,” “no abnormalities detected,” or “unclassified.”

Analysis Results are provided to support clinical review and do not replace professional medical judgment.

As described above, in most cases we only process this information on behalf of and as instructed by our Customers (the data controllers of the personal information).  However, where permitted by the relevant Customer and applicable law, we may leverage some of this personal information collected through the operation of our Services for our internal research and development purposes. For these purposes, we only use Health Data in a de-identified form that does not specifically identify any particular Patient. For more information, see the "Aggregated, De-identified, and Pseudonymized Data" section below. 

Customer Support Inquiries

If you contact us directly, such as when you contact our Customer Support channels, to submit a complaint, make a warranty claim or request support, we will receive the contents of your communications, including any messages, attachments or other you choose to provide. This may include contact and account details, details about your role (such as customer, reseller, or healthcare professional), device or product information, order numbers, descriptions of issues or complaints, usage context, troubleshooting or investigation information, warranty claim details (such as repairs, replacements, and shipping information), and any feedback you provide following resolution of your request.

We may also collect limited technical information about the device you use to contact us, including your IP address or device ID. 

We use this information to manage support interactions, investigate issues, comply with applicable regulatory or safety reporting obligations, process warranty claims, and improve our products and Services.

Payment Information (Applicable to Customers ONLY)

We use third-party payment processors to process any payments you make to us for purchases made via the Eko Store or by App subscribers within the Eko App. When you make payments through the Services, you may need to provide your shipping address and financial account information, such as your credit card number, to our third-party service providers. All of the information you provide in connection with making a payment to us is collected and stored by the third-party service provider, not by Eko. 

We do not collect or store financial information, though we may receive limited transaction related information (such as transaction identifiers, order numbers and payment method type) and summary information that does not include credit card or bank account numbers, which we use solely for purposes such as order processing, account management, record-keeping, and customer support.

We also process purchase data, including information relating to completed or potential purchases of our products or services, such as order history, products purchased or viewed, and abandoned transactions. Where you purchase Devices through a third-party e-commerce platform or reseller, that third party may share relevant purchase information with us. When App Subscribers make in-app purchases, Eko stores purchase records associated with those transactions.

Importantly, your use of such third-party payment processors to make payments to Eko is governed by that third-party’s terms of use, privacy policy, and other applicable terms. We encourage you to read those terms carefully before using the third-party site and to reach out directly to the third-party if you have questions about the handling of your payment information. 

EKO CANNOT BE HELD LIABLE FOR ANY LOSS DAMAGE, THEFT, OR OTHER ACTION ARISING FROM A THIRD PARTY PAYMENT PROCESSOR’S FAILURE TO KEEP YOUR INFORMATION SECURE.

Aggregated, De-identified, and Pseudonymized Data

In an ongoing effort to better understand and serve our Customers and their Users, and communities of patients with chronic health conditions, Eko conducts research based on personal information we collect in connection with the Services. We compile and analyze any data we collect both on an aggregate basis and on a de-identified and pseudonymized basis to produce research and analyses. Eko may share the research and analyses in aggregated and de-identified/pseudonymized format with its affiliates, agents, Customers, Customers’ affiliates, and other healthcare research and services entities. Eko may disclose aggregated, de-identified and/or pseudonymized information in order to describe our business and the Services to current and prospective business partners and Customers, and to other third parties for other lawful purposes.

Device and Usage Data

When you use or interact with our Services, we may automatically collect or receive certain information through our Services (e.g. in log files) and through other technologies (such as cookies and similar technologies) about your device and usage of the Services. Some of this information may be considered personal information under data protection laws.  The information we collect includes: 

  • Usage Data, including log and usage information automatically collected when you interact with our Services. This may include page interactions (such as clicks, mouse movements, resources accessed, and forms completed), products or features viewed or searched for, page response times, download errors, crash logs, length of visits, and related performance and diagnostic data.
  • Device Data, including technical information automatically collected from the devices and browsers used to access the Services, such as device type, IP address, browser type, operating system, web logs, application or device identifiers, network or carrier information, and related configuration details. If you use our mobile App, this may also include your mobile device’s unique device ID and information about App features accessed.
  • Location Data, including approximate geographic location derived from IP addresses, or precise location data where you have authorized your web browser or mobile app to access such information. The level of location data collected depends on your device settings and permissions, and certain Service functionality may be limited if location access is disabled.

This information is used to: analyze overall trends; to help us provide and improve our Sites and other Services, including to assess and improve our User's experience of the Services;  and to guarantee the security and continued proper functioning of our Services. 

For more information, review the "Cookies, Analytics Technologies, and Abandoned Cart Emails" section below. 

  1. How We Use the Personal Information We Collect

We use and process your personal information for the following purposes:

To Provide and Improve our Services

Where permitted under applicable law, we use your information:

  • ‍‍to provide you with the Services, including to fulfil and manage subscriptions, purchase orders, deliveries, payments and returns;  
  • to evaluate and improve our Services, including to train our algorithms to improve our Devices and Services;
  • to manage support interactions, investigate issues, comply with applicable regulatory or safety reporting obligations, and process warranty claims;
  • to analyze our products and their usage to enhance and improve our existing Services; including to develop new products and services; 
  •  for research purposes, including veterinary research; and
  • to perform accounting, auditing and other internal functions.

To Communicate with You

We may send you emails, text messages, and push notifications to your mobile device, if you have them enabled, to verify your account and for informational and operational purposes, such as account management, providing instructions, alerts, reminders, customer service, system maintenance, and other Service-related purposes. We may also permit Users, such as healthcare providers and veterinarians, to use the Services to send you emails, text messages, and push notifications.

Marketing and Data Analysis

To the extent permitted by applicable law, we may use your personal information to provide online advertising on the Services and to send you newsletters, offers, surveys, and other promotional information related to Eko products and services in accordance with your marketing preferences. You may opt out of email marketing by using the unsubscribe link in a marketing email, or by contacting us at contact@ekohealth.com.

Monitoring

Eko and its affiliates and agents are permitted, but not obligated, to review and/or retain information and/or communications stored and/or transmitted using the Services (“User Content”). We may monitor User Content for data collection purposes and/or to evaluate the quality of service you receive, your compliance with the Terms of Use, the security of the Services, or for other reasons.

If you are a Patient, your healthcare provider(s) may also monitor User Content in order to monitor your progress and overall condition and to follow up with you, as they deem appropriate in their independent judgment as your healthcare providers.

You agree that such monitoring activities, if in compliance with applicable privacy laws, will not entitle you to any cause of action or other right with respect to the manner in which Eko or its affiliates or agents monitor your communications and enforces or fails to enforce our Terms of Use or this Privacy Policy. In no event will Eko or any of its affiliates or agents be liable for any costs, damages, expenses, or any other liabilities incurred by you as a result of monitoring activities by Eko or its affiliates or agents.

  1. How We Share the Personal Information We Collect

We may disclose or share your personal information to the following categories of recipients:

With Our Users: If you are a Patient, we will share your personal information and Health Data with our Users that provide healthcare services to you. This will enable your healthcare provider to track your Health Data and combine such Health Data with other information about you that your provider obtains in treating you.

With Patient-Authorized Persons: If you are a Patient, you may have the option of identifying family, friends, Care Recipients, or other people in the Eko application to view certain of your information and receive alerts regarding your health and/or activities (“Permissions”). If you designate Permissions, we may make available certain of your personal information and Health Data, and related alerts, to the people you designate.

In the Event of a Business Transfer: We might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, personal information may be part of the transferred assets.

With Eko Related Companies: We may also share your personal information with Eko Related Companies for purposes consistent with this Privacy Policy.

Business Partners: We may disclose your personal information with third parties who partner with us to support our products, services and marketing efforts to our Customers; to our partners who provide us with analytics services (for example, to better understand our Users); and to our authorized partners and service providers.  

Service Providers: We may disclose your personal information to contractors, service providers and other vendors we engage to perform support services for us. Examples include hosting providers, payment processors, customer service agencies, analytics service providers and ad companies. 

Sharing via User Care Settings: If you are a User, you may choose to share recordings or related data you collect and store in the Services with other members of your care team; referral specialists; and Patients, animal owners or caretakers (as applicable). 

To Meet Our Legal Requirements: We may disclose your personal information if required to do so by law or if we have a good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend our rights or property, (iii) act in urgent circumstances to protect the personal safety of you, us, other users of the Services or the public, or (iv) protect against legal liability.

  1. Cookies, Analytics Technologies, and Abandoned Cart Emails

When you visit or use our Services or open our emails, we and our third-party service providers may collect certain information by automated means, such as cookies, web beacons and web server logs. A cookie is a piece of information that the computer that hosts our Services gives to your browser when you access the Services. Our cookies help provide additional functionality to the Services and help us analyze Services usage more accurately for research and marketing purposes. Cookie technology is used to help keep track of items you put into your shopping cart including when you have abandoned your cart and this information is used to send you cart reminder messages via email. 

In addition to cookies, we may use web beacons (also known as “clear GIFs”) to measure traffic to or from the Services and related browsing behavior and to improve your experience when using the Services.

You may be able to change browser settings to block and delete cookies when you access the Services through a web browser. However, if you do that, the Services may not work properly. Our ad networks and analytics service providers may also collect information about your use of other websites and online services over time, if those websites and online services also use the same service providers.

We currently use Google Analytics and MixPanel to collect and process certain website usage data. To learn more about Google Analytics and how to opt out, please visit google.com/policies/privacy/partners/. To learn more about MixPanel, please visit https://mixpanel.com/privacy/

  1. HIPAA Compliance

Notwithstanding anything in this Privacy Policy to the contrary, to the extent we create, receive, maintain, or transmit (collectively, “Process”) “Protected Health Information” (as such term is defined in 45 C.F.R 160.103) in providing the Services, we shall only use and disclose that information in accordance with the Health Insurance Portability and Accountability Act of 1996, as amended, and its implementing regulations (collectively, “HIPAA”). HIPAA also requires us to, among other things, apply reasonable and appropriate measures to safeguard the confidentiality, integrity, and availability of the Protected Health Information we Process.

For Patients: Under HIPAA, your healthcare provider is generally required to provide or make available to you a Notice of Privacy Practices (“NPP”). The NPP is intended to explain to you the ways in which your healthcare provider may use and share your protected health information and inform you about your health privacy rights. For more information about how your healthcare provider uses and shares your information, ask your healthcare provider for a copy of their NPP. EKO IS NOT RESPONSIBLE FOR YOUR HEALTHCARE PROVIDER’S USE OR SHARING OF YOUR PROTECTED HEALTH INFORMATION.

  1. Legal Basis (EEA and UK only)

If you are an EEA or UK data subject, we are required to explain the legal basis for processing your personal information. Our legal basis for collecting and processing the categories of personal information described above in this Privacy Policy will depend on the personal information concerned and purposes of processing.  However, in general we collect and process your personal information only pursuant to the following legal bases, as applicable:

  • Consent: We may process your personal information when we have your explicit consent to do so, where required or permitted under applicable law. 
  • Performance of a contract: We may process your personal information in order to perform a contract with you. This includes: establishing your account, validating access to the Services, processing your purchase orders, registering you as a User of the Services, providing customer support and sending you administrative or transactional communications. 
  • Compliance with legal obligations: We may process your personal information in order to comply with a legal obligation under applicable laws, or to protect your vital interests or those of another person. This includes complying with our legal obligation to provide personal information to law enforcement agencies and other governmental bodies where required by applicable law; retaining business records required to be retained by applicable laws; registering and reporting adverse events and other health and safety incidents; enforcing our rights and those of others; and fraud prevention. 
  • Legitimate interests: We may process your personal information when the processing is in our legitimate business interests (such as providing these Services), and our legitimate interests do not override your data protection interests or fundamental rights and freedoms. This includes our legitimate interests in: providing secure functional Sites; providing and improving our Services; understanding how our Services are used so we can make improvements; and performing other research to develop and improve our Services. 

Where we process your sensitive Health Data, we do so in reliance on the fact it is necessary in the interest of public health (including ensuring high standards of quality of health care, of our devices, and of our Services) and/or necessary for scientific research purposes. 

  1. Your Rights 

Depending on your location and subject to applicable law, you may have the following rights regarding the personal information we control about you: 

Request access to personal information about you, including the right to be informed about the information we process about you and to obtain access to or a copy of your personal information.  

Request correction of or a change to your personal information where it is inaccurate, incomplete or outdated.  

Request deletion, anonymization or blocking of your personal information, for example, where the processing is based on your consent or where the processing is unnecessary, excessive or non-compliant. 

Request to opt-out of or object to certain data processing activities. 

Request to withdraw your consent at any time, where we rely on consent to process your personal information. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful ground other than consent. 

If you wish to exercise any of these rights, please contact us using the "How to Contact Us" section below or by emailing us at privacy@ekohealth.com, specifying which right you are seeking to exercise. We will respond to all requests in accordance with applicable law. Please note that we may require additional information from you to allow us to confirm your identity and process your request. 

You may be entitled, in accordance with applicable law, to submit a request through an authorized agent. To designate an authorized agent to exercise choices on your behalf, please provide evidence that you have given such agent power of attorney or that the agent otherwise has valid written authority to submit requests to exercise rights on your behalf.

We will respond to your request consistent with applicable law and subject to proper verification. 

Eko Users may also contact us to stop the sharing of your information with a specific healthcare provider. For example, to facilitate secure sharing of data to a health professional, Eko may contact you by email to confirm a request to do so. You have the ability to accept or reject those requests. If you wish to stop sharing your data please submit a request via the ‘How to Contact Us’ section of this Privacy policy. 

EEA/UK and Brazil Data Subject Rights

In addition, if you are resident in the EEA, UK or Brazil, you can ask us to restrict processing of your personal information or request portability of your personal information. You also have the right not be subject to a decision based solely on automated processing, including profiling, which produces legal effects ("Automated Decision-Making") and to lodge a complaint about our data processing practices with your supervisory authority. Contact details for data protection authorities in the EEA are available here and the UK here. You can also submit a complaint to Eko directly by contacting us using the details provided below. 

  1. Data Retention and Deletion

We store your personal information for as long as you maintain an account and up to five (5) years after the account is closed. At the end of this five-year period, we may remove your Personal Information from our databases and will request that our business partners remove your personal information from their databases. When we delete any information, it will be deleted from the active database, but may remain in our archives. However, once we disclose your personal information to third parties, we may not be able to access that personal information any longer and cannot force the deletion or modification of any such information by the parties to whom we have made those disclosures. Written requests for deletion of personal information other than as described should be directed to privacy@ekohealth.com. We retain anonymized data indefinitely.

We will continue to use de-identified and/or aggregated information, as permitted under applicable law and to comply with our legal obligations, agreements with physicians and healthcare providers, resolve disputes, enforce our rights, or similar purposes. You may delete the App or software to remove information stored on your device.

Not all Care Recipients are aware of their Rights when using the Services. It is up to You, as the User to inform those Care Recipients of their Rights according to this Privacy Policy.

  1. International Data Transfers

The Services are hosted in the United States.  If you are using the Services from outside the United States, please be aware that your personal information may be transferred, stored, and processed by Eko in our facilities and by those third parties with whom we may share your personal information, in the United States and other locations around the world.  Those countries may not have the same data protection laws as the country in which you initially provided the personal information (and, in some cases, may not be as protective). 

Regardless of where your data is located, we take appropriate steps to ensure your personal information is processed in accordance with this Privacy Policy and applicable laws. 

If you are located in the European Economic Area (“EEA”), United Kingdom or another jurisdiction with similar data transfer protections, please note that we have implemented safeguards to ensure your personal information is protected when transferred, in accordance with applicable data transfer requirements, including through the use of Standard Contractual Clauses or another lawful mechanism approved by the European Commission or United Kingdom. 

  1. Data Security

How We Protect Personal Information

We maintain administrative, technical, and physical safeguards designed to protect the personal information you provide against accidental, unlawful, or unauthorized destruction, loss, alteration, access, disclosure, or use. However, please bear in mind that no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while Eko uses reasonable efforts to protect your information, we cannot guarantee its absolute security.

How You Can Protect Your Personal Information

We will NEVER send you an e-mail requesting confidential information such as account numbers, usernames, passwords, or social security numbers, and you should NEVER respond to any e-mail requesting such information. If you receive such an e-mail purportedly from Eko, DO NOT RESPOND to the e-mail and DO NOT CLICK on any links and/or open any attachments in the e-mail, and notify Eko support at privacy@ekohealth.com.

You are responsible for taking reasonable precautions to protect your user ID, password, and other account information from disclosure to third parties, and you are not permitted to circumvent the use of required encryption technologies. You should immediately notify privacy@ekohealth.com  if you know of or suspect any unauthorized use or disclosure of your user ID, password, and/or other User Account information, or any other security concern.

  1. Information Submission by Minors

We do not knowingly collect personal information from individuals under the age of 18 and the Services are not directed to individuals under the age of 13. We request that these individuals not provide personal information through the Services. If you are aware of a User under the age of 13 using the Services, please contact us at privacy@ekohealth.com.

  1. Updates and Versions to Our Privacy Policy

This Privacy Policy may be changed or updated periodically. When we change this Privacy Policy, we will notify you of the changes by posting a notice on our Services. Where required by law, we will seek your explicit consent to specific changes. You agree that Eko Health will reserve the right to occasionally notify you via email of any important changes to this Privacy Policy and/or our Terms of Use.

We may make versions of our Privacy Policy available in languages other than English. In the event of any discrepancy between the English version of this Privacy Policy and any translation of this Privacy Policy, the English version prevails.

  1. How to Contact Us

If you have any questions or comments about this Privacy Policy, or wish to submit a privacy rights request, please contact us by email at privacy@ekohealth.com.  You may also write to us at:

Eko Health, Inc.

Attn: Privacy Officer

2100 Powell Street, Suite 300

Emeryville, CA 94608

Additionally, you may direct your privacy or data protection related query, or privacy rights request to our Data Protection Officer at dpo@ekohealth.com.

If you are unable to reach Eko at the contact information provided above regarding your issue, you may have the right to contact your local Data Protection Authority, depending on your jurisdiction.

Controller:  If you reside in the UK or European Economic Area, Eko Health, Inc. is the controller of your personal information.

Was this article helpful?

Your feedback helps us improve our content

Related articles