Privacy Policy

Last Updated: March 23, 2026 | Vigil Health LLC, El Reno, Oklahoma

1. Introduction

Vigil Health LLC ("Vigil Health," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our notification relay service and related platforms.

2. Information We Collect

2.1 Waitlist Information

When you join our waitlist, we collect:

Email address
Name
Phone number (optional)

2.2 Continuous Glucose Monitoring (CGM) Data

To provide our service, we collect glucose data through secure API connections to Dexcom. This includes:

Real-time glucose readings
Trend data
Timestamps of readings
Glucose alert thresholds you set

2.3 SMS Alert Information

For SMS notification delivery, we collect:

Phone number for receiving alerts
SMS opt-in consent
SMS delivery status and engagement data

2.4 Usage Data

We automatically collect:

Alert acknowledgment patterns
Login timestamps and frequency
App feature usage analytics
Device information (IP address, browser type, OS)

3. How We Use Your Information

3.1 Service Delivery

We use your data to:

Monitor glucose trends and send timely alerts
Deliver SMS notifications to your phone
Generate weekly glucose summaries
Maintain and secure your account
Provide customer support

3.2 Service Improvement

We analyze aggregated, de-identified usage data to improve our alert algorithms, user experience, and service reliability.

3.3 Communications

We may contact you about account changes, service updates, or changes to this policy.

4. HIPAA Compliance

HIPAA Notice: Vigil Health operates as a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA). Your Protected Health Information (PHI) is handled in compliance with HIPAA Security and Privacy Rules. We maintain Business Associate Agreements (BAAs) with vendors who process your health information. Please see our separate HIPAA Notice of Privacy Practices for more details.

5. Data Security

We implement industry-standard security measures to protect your information:

End-to-end encryption for glucose data in transit and at rest
Role-based access controls limiting employee access
Regular security audits and penetration testing
Secure API authentication with Dexcom
PCI DSS compliance for any payment information

6. Data Retention and Deletion

We retain your information only as long as necessary to provide the service:

Glucose data: Retained for 24 months for trend analysis and backup recovery
Alert logs: Retained for 12 months for audit purposes
Account information: Retained until account deletion request

You may request deletion of your data by emailing blake@vigil.healthcare. We will delete all personal data within 30 days, except where retention is required by law.

7. Third-Party Vendors

We share information only with vendors necessary to provide our service:

Dexcom API: For glucose data retrieval (covered by Dexcom's privacy terms)
Twilio: For SMS delivery and opt-in management
Hosting Providers: For secure infrastructure (AWS, Heroku, or similar)

All vendors are required to maintain strict confidentiality and security standards.

8. Cookies and Tracking

Vigil Health uses minimal cookies and does not engage in tracking for advertising purposes:

Session cookies: To maintain your login during browsing
Preference cookies: To remember your settings
No third-party tracking, analytics cookies, or advertising cookies

9. Children's Privacy

Our service is not intended for individuals under 18 years old. If a user is under 18, they must have verifiable parental or guardian consent before creating an account. We do not knowingly collect data from minors without proper consent. If we learn we've collected data from a minor without proper consent, we will delete such data immediately.

10. State and California Privacy Rights

Depending on your location, you may have additional rights:

Right to Know: You can request what personal data we collect and how we use it
Right to Delete: You can request deletion of your data (subject to legal exceptions)
Right to Correct: You can request correction of inaccurate information
Right to Opt-Out: You can opt out of data sales (we do not sell data, so this does not apply)

To exercise these rights, contact blake@vigil.healthcare.

11. We Do Not Sell Your Data

Important: Vigil Health does not sell, rent, lease, or share your personal or health data with third parties for commercial purposes. Your data is only used to provide the service you requested.

12. Policy Changes

We may update this Privacy Policy periodically. We will notify you of material changes via email or through our platform. Continued use of our service constitutes acceptance of updated terms.

13. Contact Information

For privacy questions, concerns, or to exercise your rights, please contact:

Email: blake@vigil.healthcare
Company: Vigil Health LLC, El Reno, Oklahoma
Response Time: We aim to respond within 10 business days