Cosight Networks Corporation
Privacy Policy and Data Processing Addendum
Effective Date: February 14, 2026
Last Updated: February 14, 2026
Website: https://cosight.net
Contact: legal@cosight.net
1. Overview
Cosight Networks Corporation ("Cosight", "we", "us", or "our") operates cosight.net and provides healthcare technology services.
We collect healthcare data only when a patient or user clearly chooses to opt in. We share healthcare data only with that patient’s authorized healthcare providers.
We do not sell personal data. We do not use health data for advertising.
2. Information We Collect
A. Basic Account Information
- Name
- Email address
- Date of birth
- Account login credentials
B. Healthcare and Wearable Data (Opt-In Only)
If you choose to connect a wearable or health device, we may receive:
- Heart rate and heart rate variability
- Sleep metrics
- Activity data
- Blood oxygen levels (SpO2)
- Weight and body composition data
- Stress indicators
We only receive this information after you provide explicit authorization.
3. Third-Party Integrations (Opt-In)
If authorized by you, Cosight may integrate with:
- Garmin
- Fitbit
- Google Fit or Health Connect
- Apple Health (HealthKit)
- Oura
- InBody
You may disconnect these integrations at any time through your device or account settings, or by contacting your healthcare provider or Cosight directly .
4. How We Use Information
We use healthcare data only to:
- Support clinical care
- Allow healthcare providers to review patient information
- Enable remote patient monitoring
- Improve patient safety
- Maintain secure medical records
We do not use health data for marketing, advertising, or resale.
5. How We Share Information
We share healthcare data only with:
- The patient’s authorized healthcare providers
- HIPAA-compliant service providers that securely process or store data
- Government authorities when legally required
We do not sell or share personal information for advertising purposes.
6. Data Security
All healthcare data is stored using HIPAA-compliant infrastructure.
- Encryption at rest (AES-256 or equivalent)
- Encryption in transit (TLS 1.2 or higher)
- Role-based access controls
- Multi-factor authentication for administrators
- Audit logging and monitoring
Cosight may use secure infrastructure from:
- Amazon Web Services (AWS)
- Microsoft Azure
- Google Cloud Platform (GCP)
7. HIPAA Compliance
Where applicable, Cosight acts as a Business Associate under U.S. healthcare law. We safeguard Protected Health Information (PHI) consistent with HIPAA requirements.
8. California Privacy Rights (CCPA / CPRA)
If you are a California resident, you have the right to:
- Know what personal information we collect
- Request access to your information
- Request correction of inaccurate information
- Request deletion (subject to legal retention requirements)
- Limit use of sensitive personal information
Cosight does not sell or share personal information as defined under California law.
To exercise your California privacy rights, contact: legal@cosight.net
9. European Union (GDPR)
If you are located in the European Union or European Economic Area, we process healthcare data only with explicit consent or as necessary to provide healthcare services.
You have the right to:
- Access your personal data
- Correct inaccurate data
- Request deletion
- Restrict processing
- Request data portability
- Lodge a complaint with your local supervisory authority
If data is transferred outside the EU, Cosight relies on approved legal safeguards such as Standard Contractual Clauses.
For EU privacy inquiries, contact: legal@cosight.net
10. Data Retention
Healthcare records are retained as required by applicable medical and regulatory laws. After services end, data is securely deleted according to our retention policies.
11. Data Processing Addendum (Enterprise Terms)
When Cosight processes personal data on behalf of healthcare providers or enterprise customers:
- Cosight acts as a data processor under GDPR.
- We process data only under documented instructions.
- We maintain appropriate security and confidentiality safeguards.
- We notify customers of data breaches without undue delay.
- We delete or return data upon contract termination.
Approved sub-processors may include AWS, Microsoft Azure, and Google Cloud Platform. All sub-processors are bound by contractual data protection obligations.
12. Contact
For privacy questions or legal inquiries, contact:
Email: legal@cosight.net
Website: https://cosight.net