Privacy Policy
Effective: May 27, 2026 · Version PP-v2.4
1. Introduction
2460 Health Tech, Inc., a Delaware corporation ("2460 Health Tech," "we," "us," or "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Meira workforce management platform (the "Service") at meira.life and associated mobile applications.
2. Information We Collect
2.1 Information You Provide. Account information (name, email, phone, password); professional credentials and certifications; employment and clinical experience history; banking and payment information (collected and stored by Stripe; 2460 Health Tech does not store full bank account numbers); tax identification information (SSN or EIN, encrypted at rest and used only as required for tax documentation support); profile photographs and identification documents; communications sent to us or through the Platform.
2.2 Automatically Collected Information. Device information; log data (IP address, access times, pages viewed); location data (with explicit consent, for Assignment matching and travel calculations); usage patterns and feature interactions.
2.3 Information from Third Parties. Credential verification services; a background-check provider (when background screening is enabled); payment processor (Stripe); calendar services (Google Calendar, Microsoft Outlook) when enabled by the user.
3. How We Use Your Information
We use information to: provide, maintain, and improve the Platform; match Independent Donation and Transplant Professionals (IDTPs) with Assignment opportunities; process payments through Stripe Connect; provide tax documentation support to OPOs in connection with their 1099 reporting obligations; verify professional credentials and monitor expiration; send service-related notifications; respond to requests and provide support; detect and prevent fraud; comply with legal obligations; and generate de-identified, aggregated analytics.
4. Information Sharing
4.1 With OPOs and IDTPs. Profiles, credentials, availability, and factual cancellation history are visible to OPOs in the context of Assignment evaluation. OPO information, Assignment details, and rates are visible to IDTPs in the context of Assignment browsing. Contact information is shared when Assignments are confirmed.
4.2 With Service Providers. Stripe (payment processing and money transmission); Amazon Web Services (cloud infrastructure and hosting); a background-check provider (when background screening is enabled); Resend (email); Twilio (SMS); Documenso (electronic signatures); receipt OCR processing services.
4.3 Legal Requirements. Disclosure if required by law, regulation, legal process, or governmental request.
4.4 Business Transfers. Information may transfer in connection with a merger, acquisition, or sale of all or substantially all of our assets. We will notify you by email or prominent Platform notice before your information becomes subject to a different privacy policy.
4.5 De-Identified and Aggregated Data. We may, in the future, create, use, and share de-identified, aggregated data for workforce analytics, benchmarking, research, and Platform improvement. When we do, our de-identification will meet the Safe Harbor standard under 45 CFR 164.514(b).
4.6 No Sale of Personal Information. We do not sell personal information to third parties or share it for direct marketing purposes.
4.7 Insurance Brokers and Carriers. We may disclose information to our insurance broker and carriers for the purpose of obtaining and maintaining liability insurance coverage, including underwriting and renewal, and for the processing of any claims that may arise. Disclosures are limited to information reasonably necessary for those purposes and are subject to applicable confidentiality obligations.
5. Data Security
We use encryption in transit (TLS 1.2+) and at rest (AES-256); Row-Level Security at the database level; Just-In-Time access controls for sensitive data with automatic expiry and audit logging; periodic security assessments; multi-factor authentication; and role-based access controls. We are pursuing SOC 1 Type 2 and SOC 2 Type 2 certifications. No method of transmission or storage is one hundred percent secure.
6. Data Retention
- Account data: duration of active account plus one (1) year.
- Tax records: seven (7) years.
- Financial transaction records: seven (7) years.
- Credential verification records: duration of credential validity plus three (3) years.
- Background check results: duration of active participation plus one (1) year.
- Audit and security logs: three (3) years.
- De-identified, aggregated data: retained indefinitely.
7. Your Rights and Choices
Access and portability; correction; deletion (within thirty (30) days, subject to legal retention requirements); communication preferences; location data control. California residents have CCPA/CPRA rights including the right to know, delete, and opt out of sale or sharing of personal information (we do not sell or share as defined by CCPA). Contact: privacy@meira.life.
8. Health Information
The Platform is not designed to receive, process, or store patient-level PHI. Where OPOs have executed a Business Associate Agreement with 2460 Health Tech, any incidental contact with PHI is governed by that agreement.
9. Cookies and Tracking
The Platform uses essential and functional cookies only. We do not use advertising or cross-site tracking cookies, and we do not use any third-party analytics or tracking service.
First-party product analytics. To understand how the Platform is used and to improve it, we collect first-party usage analytics that are stored only on our own servers. These record product behavior (for example, pages viewed and features used), associated with a random identifier or, once you sign in, your account identifier. They never include personal, financial, or health information: a server-side filter removes any such fields before storage, and the data is never sold or shared with third parties. We honor your browser's Do Not Track or Global Privacy Control signal, and you can opt out at any time from Settings (Product analytics). Opting out does not affect your use of the Platform.
10. Children's Privacy
The Platform is not intended for individuals under eighteen (18). We do not knowingly collect information from children.
11. International Data Transfers
Information is stored and processed in the United States.
12. Changes to This Policy
Material changes will be communicated by email at least fourteen (14) days before taking effect.
13. Contact
2460 Health Tech, Inc.
455 Market Street, Suite 1940
San Francisco, CA 94105
privacy@meira.life