Privacy Policy

Effective Date: 09/10/2025
Last Updated: 09/10/2025

Artemis Health, Inc. (“Artemis,” “we,” “our,” or “us”) provides healthcare and benefits analytics services to employers, health plans, and benefits consultants. Most of the data we process is supplied by our clients so that we can provide analytics and reporting on their behalf.

This Privacy Policy explains what information we collect, how we use it and your rights under applicable U.S. privacy laws.

1. Information We Collect

We collect information in two primary ways:

A. Information Provided by Clients

Employers, health plans, and benefits consultants provide us with data so thatwe can deliver our analytics services. This may include:

  • Healthcare claims (medical, dental, vision, pharmacy).
  • Benefits enrollment and eligibility data.
  • Wellness program participation.
  • Demographic data (e.g., age, gender, location).
  • Dependent data, which may include children’s information.

This data is used solely to provide analytics and reporting to ourclients and is often subject to HIPAA or contractual protections.

B. Information Collected Directly from You (Website & Application)

When you visit our website or log into our application, we may collect:

  • Registration and Login Data: Name, email address, username, and credentials.
  • Usage Data: Searches, reports accessed, and interactions within the application.
  • Technical Data: IP address, browser type, device identifiers, and cookies.
  • Support Information: Communications you send to us, such as help requests.

We do not collect health claims, diagnoses, dependent information, orother sensitive health data directly through our website or login portal.

2. How We Use Information

We use information to:

  • Provide analytics services to our clients.
  • Allow authorized users (e.g., HR staff, consultants) to log into the platform.
  • Generate de-identified and aggregated insights.
  • Ensure security and system integrity.
  • Respond to support requests.
  • Comply with legal and contractual obligations.

We do not sell personal information.

3. How We Protect Information

We implement industry-standard safeguards:

  • Encryption: SSL/TLS encryption in transit; encryption at rest where applicable.
  • Access Controls: Role-based access for authorized personnel only.
  • Monitoring: Regular vulnerability scanning and audits.
  • HIPAA Protections: When handling PHI, we operate under a Business Associate Agreement (BAA) with our     client.

4. Cookies & Tracking Technologies

We use cookies and similar technologies to support the secure operationof our application and to improve your experience.

Types of Cookies We Use

  • Strictly Necessary Cookies: Required for login, authentication, and security.
  • Functional Cookies: Remember your settings and preferences.
  • Analytics Cookies: Help us understand how the application is used.
  • Advertising/Targeting Cookies: Artemis does not use advertising cookies to sell or share personal     information.

Why We Use Cookies

  • Authenticate users and maintain secure sessions.
  • Protect against fraud and unauthorized access.
  • Save preferences and support application features.
  • Measure usage trends and improve our services.

Your Choices

  • Manage cookies through your browser.
  • Use our cookie banner/preference tool to accept or reject non-essential cookies.
  • Opt out of analytics cookies.

Global Privacy Control (GPC)
We recognize and honor the Global Privacy Control (GPC) signal. If your browseror device sends a GPC signal, we will treat it as a request to opt out of“sale,” “sharing,” or targeted advertising as defined under U.S. privacy laws.

California Clarification
California law (CPRA) considers administrator login IDs, work email addresses,IP addresses, and browser/device data to be “personal information.” Otherstates may not treat professional contact data this way. Regardless, Artemisapplies privacy safeguards consistently across all users.

5. Data Retention

We retain data as long as necessary to provide services, meet legal orcontractual obligations (including HIPAA, ERISA, IRS requirements), and resolvedisputes. Where deletion is requested but retention is required, we limit useof retained data to those obligations.

6. HIPAA and Health Information

Artemis does not collect PHI directly from individuals via our website.Only minimal login/technical/support data is collected online.

We process PHI only when our clients provide it to us.

  • We act as a Business Associate under HIPAA.
  • HIPAA rights (access, amendment, accounting) must be exercised through your health plan or provider.
  • De-identified data is not PHI and may be used for analytics.

7. U.S. State Privacy Rights

Residents of certain states may have rights to:

  • Access personal information.
  • Delete personal information (with exceptions for HIPAA, ERISA, IRS, fraud, or contractual obligations).
  • Correct inaccuracies.
  • Opt Out of sales/sharing/targeted advertising.
  • Portability of personal information.
  • Appeal denials of requests.

California (CPRA): California law covers business and employment-relatedinformation, including administrator account data. We do not sell personalinformation.

Requests: help@artemishealth.com | (801) 869-8544

8. Washington State (MHMD)

We do not collect consumer health data directly from individuals via thewebsite. MHMD data is processed only when provided by clients.

  • Categories: Claims, benefits, wellness program data.
  • Purpose: Analytics, compliance, security.
  • Sharing: Only with service providers under contract.
  • Your Rights: Access, delete, or withdraw consent via help@artemishealth.com.
  • Geofencing: We do not use geofencing for advertising.

9. Children’s Privacy

We do not knowingly collect children’s information via our website.

  • Our clients may provide dependent/child data, which we process under contracts and, where applicable, HIPAA.
  • If we ever inadvertently collect children’s data directly through the website, it will be deleted.

10. Data Breach Notification

If a breach occurs, we notify clients and individuals per law, typicallywithin 7 business days.

11. Communications & Email

We use administrator emails to

  • Support account access.
  • Send security/system updates.
  • Notify about service changes.

We comply with CAN-SPAM.

12. Data Subject Access Requests (DSARs)

Depending on your state of residence and the nature of your relationshipwith Artemis, you may have the right to make a Data Subject Access Request(“DSAR”). This may include the right to:

  • Confirm whether we process your personal information.
  • Access and obtain a copy of personal information we hold about you.
  • Correct inaccuracies in your personal information.
  • Request deletion of your personal information, subject to legal or contractual requirements.
  • Opt out of certain uses of personal information, such as “sale,” “sharing,” or targeted advertising     (note: Artemis does not sell personal information).
  • Receive your data in a portable format.
  • Appeal a denial of your request.

How to Submit a DSAR:

You may submit a request by:

Please include your name, contact information, and whether you are:

  • A website visitor or authorized administrator.
  • An employee, dependent, or plan participant of a client.

Important Clarification:

  • If your information was provided to Artemis by one of our clients (employer, health plan, or benefits consultant), we process your data solely as a service provider/Business Associate. In that case, we will forward your request to the relevant client, who is responsible for responding under applicable law.
  • If you are a website visitor or administrator, Artemis will respond directly to your request.

Verification:
We may need to verify your identity before responding, including by asking youto provide information that matches records we maintain.

Response Time:
We will confirm receipt within 10 business days and respond within thetimeframe required by applicable law (typically 45 days, extendable once by anadditional 45 days where reasonably necessary).

Appeals:
If we deny your request, you may appeal by contacting us at help@artemishealth.com. If you remain dissatisfied, you may contact your state Attorney General or relevant regulatory authority.

13. Contact Us

help@artemishealth.com
(801) 869-8544

© Artemis Health Inc. 2024

Privacy Policy
Security Brief
Who We Serve

For Advisors

For Employers

For Health Plans

For Point Solutions

Solutions

Perspectives

Console

Cost Advisor

Exchange

SDOH Insights

Insights

Blog

Resources

Product Tour

Company

About

Our Promise

Careers

Contact Us

Let's Talk

Get to know us and see
if Artemis Health is the right
benefits analytics solution for you.

Schedule a Call