Privacy Policy & Terms and Conditions

Privacy Policy

Effective Date: April 1, 2026

1. Introduction

Opal Healthcare Technologies, LLC. ("Opal," "we," "us," or "our") operates the Opal mobile application (the "App") as a healthcare data activation and compliance automation platform for home health agencies. This Privacy Policy describes how we collect, use, disclose, and protect information when authorized users — including licensed nurses, clinicians, and agency administrators — access the App in the course of their professional duties.

This Policy applies to all personally identifiable information and protected health information as defined under 45 CFR Part 160 and 164 ("PHI") processed through the App. By accessing or using the App, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with its terms, you should not access or use the App.

2. Scope and Applicability

This Privacy Policy applies to:

• Nurses and licensed clinicians who use the App to submit clinical shift notes, verify Electronic Visit Verification (EVV) check-in/check-out, and complete care documentation.
• Agency administrators and compliance officers who use the App to manage clinical workflows, review QA results, and monitor organizational compliance.

This Policy does not apply to patients or their families, who are not direct users of the App. Patient data is processed on behalf of home health agency customers who are HIPAA Covered Entities under the terms of a Business Associate Agreement (BAA) as described below.

3. HIPAA Compliance and Business Associate Agreements

Opal operates as a Business Associate under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations, including the HIPAA Privacy Rule (45 C.F.R. Parts 160 and 164). Opal has entered into Business Associate Agreements (BAAs) with each home health agency customer (each a "Covered Entity") that authorizes Opal to create, receive, maintain, or transmit PHI on the agency's behalf.

All PHI processed through the App is handled in accordance with:

• The applicable BAA between Opal and the agency customer
• The HIPAA Privacy Rule and Security Rule
• The HITECH Act, to the extent applicable
• Applicable state health data privacy laws

Individual App users (nurses, administrators) access PHI solely in their professional capacity as authorized workforce members of an agency customer. Opal does not independently determine the purposes or means of PHI processing beyond what is directed by the agency customer under the BAA.

4. Information We Collect

4.1 Protected Health Information (PHI)

The App processes PHI on behalf of agency customers, including but not limited to:

• Patient names, dates of birth, and Medicaid/health insurance identifiers
• Clinical documentation including shift notes, vital signs, medication administration records, and care plan data
• Diagnosis codes and condition-specific clinical data
• Authorization numbers and prior authorization records
• Plan of Care (POC) documentation

4.2 Electronic Visit Verification (EVV) Data

In connection with federally mandated EVV compliance, the App collects:

• Precise geolocation data at the time of check-in and check-out for each patient visit
• Timestamp data for visit start and end times
• Caregiver identity verification data linked to each visit record
• Visit duration and service type data

Location data is collected only when an authorized user performs an EVV check-in or check-out action within the App. Continuous background location tracking is not performed.

4.3 User Account and Credential Information

To authenticate users and maintain platform security, we collect:

• Username, email address, and role designation (nurse, administrator, etc.)
• Encrypted authentication credentials
• Device identifiers and operating system version for security and support purposes
• Login timestamps and session activity logs

4.4 Clinical Performance Data

The App generates and processes performance metrics for authorized users, including note completion rates, correction frequency, EVV compliance rates, platform utilization data, and trend data on documentation error patterns. This data is available to agency administrators as part of Opal's Clinical Performance Insights module.

4.5 Automatically Collected Technical Data

When you use the App, we automatically collect IP address and network connection type, App version, crash reports, error logs, and feature usage analytics (aggregated and de-identified).

5. How We Use Information

We use the information collected through the App to provide, operate, and maintain the Opal compliance and documentation platform; automate QA validation; perform EVV reconciliation; support regulatory audits; generate compliance reports; authenticate users; detect security incidents; provide technical support; fulfill BAA and regulatory obligations; and improve the App. We do not use PHI for marketing purposes, sell PHI to third parties, or use PHI to train machine learning models beyond what is expressly permitted under the applicable BAA and HIPAA regulations.

6. Disclosure of Information

Agency Customers: PHI and clinical performance data is made available to the agency customer on whose behalf it was collected, in accordance with the applicable BAA.

Service Providers: We may share information with third-party service providers (cloud infrastructure, identity services, technical support) subject to confidentiality obligations and, where applicable, BAAs.

Legal Requirements: We may disclose information when required by applicable law, regulation, court order, or governmental authority.

Business Transfers: In the event of a merger or acquisition, information may be transferred to the successor entity, subject to the same privacy commitments and HIPAA compliance.

7. Data Security

Opal maintains a comprehensive information security program including:

• Encryption of data in transit using TLS 1.2 or higher
• Encryption of PHI at rest using AES-256 or equivalent standards
• Role-based access controls and multi-factor authentication
• Audit logging and monitoring of access to PHI
• Regular security assessments and vulnerability testing
• Employee training on HIPAA privacy and security requirements

In the event of a breach affecting PHI, we will notify affected agency customers in accordance with the HIPAA Breach Notification Rule and the applicable BAA.

8. Data Retention

We retain PHI and related documentation data for the period required under the applicable BAA and consistent with the agency customer's retention obligations under HIPAA, state Medicaid requirements, and applicable licensing standards. For Texas-based agency customers, this includes adherence to HHSC documentation retention requirements. Upon termination of an agency customer's contract, data is handled in accordance with the BAA's data disposition provisions.

9. Your Rights and Choices

HIPAA Individual Rights: Patient rights with respect to PHI are managed by the agency customer as the Covered Entity. Patients should direct requests to their home health agency.

App User Rights: As an authorized App user, you may access and update your account profile, request correction of inaccurate account information at privacy@opal-health.com, or request deletion of your account data subject to retention obligations.

Location Data: You may disable location permissions through your device settings. However, doing so will prevent you from completing EVV check-in and check-out functions required for regulatory compliance.

10. Children's Privacy

The App is intended solely for use by licensed healthcare professionals and agency administrative staff who are 18 years of age or older. We do not knowingly collect personal information from individuals under 18 through the App.

11. California Privacy Rights

California residents may have additional rights under the California Consumer Privacy Act (CCPA) and related regulations. However, the CCPA's protections apply primarily to consumer data; information processed in the context of a business-to-business relationship or as a business associate under HIPAA may be subject to different or exempted treatment. For inquiries, contact privacy@opal-health.com.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to Agency Customers with reasonable advance notice. Continued use of the App following the effective date constitutes acceptance of the revised Policy.

13. Contact Us

Terms and Conditions of Use

Effective Date: April 1, 2026

These Terms and Conditions of Use ("Terms") govern your access to and use of the Opal mobile application ("App") operated by Opal Healthcare Technologies, LLC. ("Opal"). By accessing or using the App, you agree to be bound by these Terms. If you do not agree, you must not access or use the App.

1. Authorized Use

Access to the App is granted exclusively to individuals who are:

• Licensed nurses, clinicians, or other healthcare professionals employed by or contracted with a home health agency that has entered into a subscription agreement with Opal ("Agency Customer"); or
• Administrative staff or compliance officers of an Agency Customer who are authorized by that Agency Customer to access the App in their professional capacity.

You may only use the App for lawful purposes and in accordance with your Agency Customer's policies, applicable professional licensing requirements, and applicable federal and state law, including HIPAA.

2. Account Security

You are responsible for maintaining the confidentiality of your login credentials and for all activity that occurs under your account. You must notify your Agency Customer's system administrator immediately upon becoming aware of any unauthorized access to or use of your account. Opal is not liable for any loss or damage arising from your failure to comply with this obligation.

3. Professional Responsibility

The App is a documentation and compliance support tool. It does not replace your independent clinical judgment or professional responsibilities. You remain solely responsible for the accuracy and appropriateness of all clinical documentation, care decisions, and professional conduct.

4. Clinical Documentation Standards

All clinical documentation submitted through the App must:

• Be accurate, truthful, and based on actual patient observations and care provided
• Comply with applicable clinical documentation standards and your Agency Customer's policies
• Not be fabricated, falsified, or otherwise misleading
• Be completed within the timeframes required by your Agency Customer and applicable regulations

5. HIPAA Obligations

As an authorized App user, you acknowledge that you are accessing PHI as an authorized workforce member of an Agency Customer and agree that you will:

• Access, use, and disclose PHI only as authorized by your Agency Customer and required to perform your job duties
• Not access PHI for any personal, unauthorized, or non-work-related purpose
• Not attempt to extract, export, copy, or otherwise remove PHI from the App in any manner not expressly authorized
• Promptly report any suspected PHI breach or unauthorized disclosure to your Agency Customer's HIPAA Privacy Officer

Violations of HIPAA may result in significant civil and criminal penalties under federal law. Opal cooperates with regulatory investigations and will report confirmed breaches in accordance with its BAA obligations.

6. Electronic Visit Verification (EVV) Requirements

By using the EVV features, you agree that you will only perform EVV check-in and check-out at the patient's authorized service location; will not falsify, manipulate, or attempt to spoof EVV location or timestamp data; will not check in or check out on behalf of another caregiver; and understand that EVV data constitutes a record of care delivery subject to Medicaid audit. Falsification of EVV data may constitute Medicaid fraud under applicable federal and state law.

7. Prohibited Uses

You agree not to use the App to access or disclose PHI for unauthorized purposes; enter false or misleading clinical documentation; falsify EVV records; circumvent or interfere with the App's security or QA features; reverse engineer or decompile the App; use automated scripts or bots; transmit malicious code; or violate any applicable law or regulation.

8. Intellectual Property

All content, features, functionality, software, and technology comprising the App are the exclusive property of Opal Healthcare Technologies, LLC. or its licensors. These Terms grant you a limited, non-exclusive, non-transferable, revocable license to use the App solely for your authorized professional functions. "Opal," the Opal logo, and related marks are trademarks of Opal Healthcare Technologies, LLC.

9. Disclaimer of Warranties

THE APP IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND UNINTERRUPTED OR ERROR-FREE OPERATION. OPAL DOES NOT WARRANT THAT THE APP WILL MEET ALL REGULATORY REQUIREMENTS APPLICABLE TO YOUR SPECIFIC AGENCY OR JURISDICTION WITHOUT PROPER CONFIGURATION AND USE.

10. Limitation of Liability

TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, OPAL AND ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, AND LICENSORS SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES ARISING OUT OF OR RELATED TO YOUR USE OF THE APP. IN NO EVENT SHALL OPAL'S TOTAL AGGREGATE LIABILITY TO YOU EXCEED THE AMOUNTS PAID BY YOUR AGENCY CUSTOMER TO OPAL FOR THE APP IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM.

11. Indemnification

You agree to indemnify, defend, and hold harmless Opal Healthcare Technologies, LLC. and its officers, directors, employees, and agents from any claims, liabilities, damages, costs, and expenses (including reasonable attorneys' fees) arising from: (a) your use of the App in violation of these Terms; (b) your violation of applicable law or regulation; (c) your infringement of any third-party rights; or (d) the falsification or inaccuracy of any documentation submitted through the App.

12. Termination and Suspension

Opal reserves the right to suspend or terminate your access to the App, with or without notice, if you violate any provision of these Terms, your Agency Customer's subscription is terminated, or Opal reasonably believes your account has been compromised. Upon termination, your license to use the App immediately ceases.

13. Updates to the App and Terms

Opal may update the App and these Terms from time to time. Material changes will be communicated to Agency Customers with reasonable advance notice. Continued use of the App following the effective date of updated Terms constitutes your acceptance of the revised Terms.

14. Governing Law and Dispute Resolution

These Terms are governed by the laws of the State of Delaware. Any dispute arising out of these Terms shall be resolved exclusively through binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules on an individual basis; class arbitrations are expressly waived.

15. Miscellaneous

These Terms, together with the master subscription agreement between Opal and your Agency Customer and the applicable BAA, constitute the entire agreement between you and Opal with respect to the App. If any provision is found unenforceable, the remaining provisions continue in full force and effect.

16. Contact Information