Your Privacy

At OneRecord, you come first. You can trust us to keep your information safe, secure, and in your control.

We believe no one should have to trade their privacy for access to services. We will always be transparent about the data we collect, and how we use it in making our services work better for you. You can read our full Privacy Policy below, with simple summaries for each section.

Illustration of a woman who is incognito.

Privacy Page

Dated: May 05, 2022
See previous versions of this policy

We are committed to maintaining the privacy and security of your personal information, and we appreciate that medical information is sensitive. This Privacy Policy describes how OneRecord, LLC ("OneRecord," "we" or "us") may collect, use and share your personal information when you visit the OneRecord website at or use the OneRecord mobile application to access OneRecord's personal health record (collectively, the "Services"). This Privacy Policy does not address personal information that you provide to us in other contexts (for example, through a business relationship unrelated to the Services).

Acceptance of Privacy Policy

By using our Services, you say to us that you agree to the terms of this Privacy Policy. If you do not agree to the terms of this Privacy Policy, please do not use the Services. Your continued use of the Services after we make changes to this Privacy Policy will mean that you agree to those changes.

Simply Put...

Visiting our website, mobile app, and personal health record means you're subject to our Privacy Policy.

Personal Information Provided by You

Through our Website

We collect your personal information through our website when you choose to provide that information, such as when you:

  • submit information through the "Contact" page of our website,
  • register on our website,
  • respond to our communications (for example, when you respond to an email from us),
  • submit your email address through our website's "Get Involved" feature, or
  • participate in another one of our website features

The personal information that we collect can include your:

  • name,
  • email address,
  • phone number, or
  • mailing address

When you sign up or register on our website, we may ask you for your name, email address, mailing address, phone number or other information, but you may still visit our website without providing that information.

Through our mobile application and personal health record

Our mobile application and personal health record collect your personal information when you create a new account:

  • First Name
  • Last Name
  • Date of Birth
  • Gender
  • Address
  • Phone Number
  • Email Address

In addition, we collect and keep your medical information through the personal health record and sync your medical record information from your healthcare provider or another third-party source using our HealthFeed feature.

Simply Put...

We collect your registration and user account information. We also collect information when you choose to communicate with us or voluntarily engage with website or mobile application features. Our servers collect log information used to make the website faster and better. You can choose not to share information with us, but your experience using our Services may be limited.

COVID-19 Information

In addition to the personal information described above, we may receive COVID-19 vaccination records or test results, or COVID-19 SMART Health Cards or other health cards (“COVID Information”). COVID Information may be provided directly by you, or it may be obtained from your healthcare provider or insurance company when you connect them to your OneRecord account. Your healthcare provider or insurance company may also provide information relating to the COVID-19 pandemic, such as COVID-19 testing programs, testing sites, test results, vaccination or immunization records, or information regarding health care professionals, clinical laboratories, doctors’ practices, public health authorities, or governmental entities. Your healthcare provider and insurance company have their own privacy policies, which you should review, and they are not subject to this Privacy Policy.

Upon your permission, the OneRecord app will collect your device’s GPS location. If this permission is granted, OneRecord will acquire this device’s location only for the purpose of finding nearby hospitals from which to retrieve medical records to add to your health profile, including COVID-19 test results and vaccination records.

Upon your permission, the OneRecord app will require the use of your device’s camera to import data by capturing photos or scanning QR codes. Only the photos and QR codes you choose will be uploaded to OneRecord for the purpose of adding your records to your health profile, including COVID-19 test results and vaccination records.  OneRecord needs this permission in order for you to upload files to your OneRecord account. With this permission, only the images and files you choose will be uploaded to OneRecord for the purpose of adding your records to your health profile, including COVID-19 test results and vaccination records.

OneRecord may also access your device’s Service Set Identifier (SSID) and Basic Service Set ID (BSSID) to determine the connectivity state of your application and whether or not your device has a WiFi connection to display the applicable status within the app.

Automatically Collected Information & Anonymous Information

Aggregated Data

We collect aggregate inquiries for internal reporting and also count, track, and aggregate each visitor's activity into our analysis of general traffic flow at our website. To make sure this happens, we may merge information about you into aggregated group data. In some cases, we may remove personal identifiers from personal information and maintain it in aggregate form that may later be combined with other information to generate anonymous, aggregated statistical information. That anonymous group data may be shared with our affiliates, business partners, service providers and/or vendors; if it is shared, we will not disclose your individual identity.

Web Server Logs and IP Addresses

An Internet Protocol ("IP") address is a number that automatically identifies the computer/machine you have used to access the Internet. The IP address enables our server to send you the web pages that you want to visit, and it may identify the server owned by your Internet Service Provider. We may use IP addresses to conduct website analyses and performance reviews and to administer our website.

Cookies and Web Beacons

Cookies are pieces of information that a website transfers to a user's computer for purposes of storing information about the user's preferences. Cookies do not actually personally identify users, although they do identify a user's computer. Many websites use cookies as a standard practice to provide useful features when a user visits the website, and most web browsers are set up to accept cookies. We use cookies to improve your online experience when visiting the website. You can set your browser to refuse cookies, but some portions of our website may not work properly if you refuse cookies. Some of our website's web pages may use web beacons along with cookies to compile aggregate statistics about website usage. A web beacon is an electronic image (also referred to as an "action tag," "single-pixel," or "clear GIF") that is commonly used to track the traffic patterns of users from one web page to another in order to maximize web traffic flow and to otherwise analyze the effectiveness of our website. Some web beacons may be unusable if you elect to reject their associated cookies.

Simply Put...

Each time you come to our website, we collect some information to improve the overall quality of your online experience. To remember you, our system will give you a cookie. It's safe.

Use & Sharing of Personal Information

We will not sell, rent, license, or trade your personal information with third parties for their own direct marketing use unless you expressly tell us it is okay to do so. Unless you give us your permission, we will not share your personal information other than as stated in this Privacy Policy.

We may use the information we collect from you when you sign up, register, respond to a survey or marketing communication, surf our website, or use certain other features of the Services in the following ways:

  • To personalize your experience on the website and to allow us to deliver content and product offerings that interest you.
  • To allow us to better respond to your customer service requests.
  • To quickly process your requested transactions.
  • To administer a promotion, survey or other feature of our website.

You Control How Your Medical Information Is Shared

When you use our personal health record, you can decide whom you want to be able to see your medical information (spouse, family members, etc.) by using the data sharing options in your Account Settings

Registration Information, Portal Information and Portal Credentials

Certain areas and features of our website are available to you without registration. However, other features of our website or the Services may require registration, which involves giving us your email address, a password and a username (the "Registration Information"). In order to fully benefit from our Services, you also must provide your third-party health portal credentials ("Portal Credentials") to allow us to access your health data at those other healthcare providers' organizations ("Portal Information") for your use.

From time to time we may request other personal information to provide you with other benefits of the Services. In those instances, you will be given the opportunity to provide or not provide that information, and it will be used only for that purpose. OneRecord may create anonymous or aggregate personal information and share that data only in a non-personally identifiable manner to:

  • Organizations approved by us that conduct research into health; and
  • Users of the Services for purposes of comparison of their personal health situations relative to others.

That information does not identify you individually. Access to your Registration Information, Portal Credentials, Portal Information and any other personal information you provide is protected by our specific internal procedures and safeguards restricting access to that information, so that we can ensure it is only used to operate, develop or improve the Services.

Information Shared with Third Parties Assisting in Our Operations

We may share your personal information under confidentiality agreements with other companies that provide products and services on our behalf, such as those:

  • providing research,
  • providing marketing services,
  • delivering goods or services,
  • providing cloud hosting services,
  • administering promotions,
  • analyzing data and usage of the Services,
  • processing payments,
  • operating our website, mobile application or personal health record, or
  • providing support and maintenance services for the Services, as well as legal, regulatory, audit and other professional advisors.

These companies (described above) may use your personal information to assist us in our operations. However, these companies do not have any independent right to share your information.

Information Shared Under Special Circumstances

We may provide information about you:

  • to respond to subpoenas, court orders, legal processes or governmental regulations,
  • to establish or use our legal rights or defend against legal claims,
  • to investigate, prevent or take action regarding illegal activities, suspected fraud, or situations involving potential threats to the physical safety of any person, or
  • as otherwise required by law.

Business Transfers

We may share your personal information with other businesses in connection with the sale, assignment, merger or other transfer of all or a portion of our business to those businesses. We will require those businesses to honor the rules of this Privacy Policy.

Dormant, Closed or Terminated Accounts

If your account is unused for an extended period, we may suspend or “lockdown” your account in order to better safeguard your personal information, and we will notify you when that occurs. If your account is suspended because it is unused, we will retain the personal information in your account for two years.  At the end of that two-year period, we will delete the personal information in your account in order to better protect your privacy. Prior to deletion of your personal information, we will attempt to notify you.

If your account is closed by you or terminated by us in accordance with our Terms of Service, we will promptly delete the personal information in your account, with the exception of a disclosure log that records how you shared the information in your account with third parties.  The disclosure log will be maintained only for so long as is necessary for our business purposes and will be deleted as soon as practicable, in accordance with our record retention policies. You may close your account and request deletion of your data at any time by contacting us at

Simply Put...

We do not sell your information to anyone. However, we collect information to make our Services useful for you and to provide a personalized experience. We may share information so that we can provide our Services, and we may share information where required by law. We may also share information with third parties that help us provide services to you. You decide how your medical information is shared.


Our website may contain links to third-party websites that may offer information of interest. This Privacy Policy does not apply to those websites, and we recommend reviewing those websites' privacy policies individually.

Simply Put...

Our Privacy Policy only applies to our website, mobile application, and personal health record. It does not apply to other websites, even if we link to those websites.


We understand that storing our data in a secure manner is important. We store your personal information and other data using industry standard physical, technical and administrative safeguards to secure data against foreseeable risks, such as unauthorized use, access, disclosure, destruction or modification. Please note, however, that while we have tried to create a secure and reliable website for users, the confidentiality of any communication or material transmitted to/from our website or via email cannot be guaranteed.

Response to "Do Not Track" Signals

Some Internet browsers include the ability to transmit "Do Not Track" signals. Since uniform standards for "Do Not Track" signals have not yet been adopted, we do not process or respond to "Do Not Track" signals.

Simply Put...

We protect your personal information in a number of important ways. However, the confidentiality of information transmitted over the Internet can never be guaranteed.

Children's Privacy Policy

Under Age 13

We understand the importance of protecting children's privacy in the interactive online world. Our website is not designed for, or intentionally targeted at, children under 13 years of age. It is not our policy to intentionally collect or maintain information about anyone under the age of 13. No one under the age of 13 should submit any personal information to us or our website.

Under Age 18

Minors under 18 years of age may have the personal information that they have provided to us through our website deleted by sending an email to requesting deletion. Please note that, while we make reasonable efforts to comply with those requests, deletion of your personal information does not guarantee complete and comprehensive removal of that data from all systems.

Simply Put...

You are not allowed to register or use our Services if you are under the age of 13. If you are between 13 and 18 years old, you can request deletion of your personal information by emailing us at

Important Notices to Non-United States Residents

It is important to note that our website is operated in the United States. If you are located outside of the United States, please be aware that any personal information you provide to us will be transferred to the United States. By using our website and/or providing us with your personal information, you agree to this transfer.

Simply Put...

Your personal information will be transferred to and stored in the United States.

Changing or Deleting Your Information

You may review and request changes to your personal information that we have collected.

You may also request deletion of your personal information from our databases in order to close your account and prevent receipt of future communications. When you choose to delete your account, all of your personal information associated with the account is deleted immediately, and is no longer accessible by you or OneRecord. The only data that is not deleted is the Disclosure Log information that we keep for audit and legal purposes.

You may submit requests to change or delete your personal information using either of the following options:

You can send your request via email to

You can mail your request to the following postal address:
OneRecord LLC
599 Lexington Ave,
New York, NY 10022

Simply Put...

You are able to request changes to your personal information that we've collected.

Policy Updates

This Privacy Policy may be revised from time to time as we add new features and services, as laws change, and as industry privacy and security best practices evolve. We display an effective date at the top of this Privacy Policy so that it will be easier for you to know when there has been a change. If we make any change to this Privacy Policy regarding use or sharing of personal information, we will provide advance notice on our website, and will notify you of the most recent changes to the policy, highlighting and explaining those changes. If you don't approve of a change to this Privacy Policy, you will have the opportunity to opt-out of the Services. If you are a user of our mobile application, this Privacy Policy will also be available in the app store from which you downloaded the app. Small changes or changes that do not significantly affect individual privacy interests may be made at any time and without prior notice.

Simply Put...

This privacy policy may change.


If you have any questions about this Privacy Policy or about our handling of your personal information, please contact us at: (800) 440-6598 or