WhiteGloveMD is built on trust. Every piece of your medical information is protected by HIPAA compliance, end-to-end encryption, and security infrastructure designed for the most sensitive data in healthcare.
Personal identification information: name, email address, phone number, date of birth, and mailing address provided during account creation or case submission.
Medical records: catheterization reports, echocardiograms, CT scans, surgical notes, lab results, medication lists, and other clinical documents uploaded or transmitted for case review.
Payment information: processed securely through Stripe. WhiteGloveMD does not store credit card numbers on our servers.
Usage data: anonymized analytics about how you interact with our platform, used solely to improve the user experience. This data is never linked to your medical records.
Communication records: messages exchanged through our secure portal, consultation notes, and support interactions.
To perform clinical case reviews and generate your White Glove Insights™ Report.
To facilitate Heart Team consultations between you and your reviewing physicians.
To communicate case updates, scheduling information, and delivery notifications.
To process payments and provide financial documentation for HSA/FSA reimbursement.
To improve our Clintelligence™ AI engine using de-identified, aggregated data only — never your personal information.
To comply with legal obligations, including HIPAA audit trails and regulatory reporting requirements.
AES-256 encryption protects all data at rest. TLS 1.3 encryption protects all data in transit.
All data processors and subprocessors are bound by signed Business Associate Agreements (BAAs).
Access to medical records is restricted to physicians and clinical staff directly assigned to your case.
Multi-factor authentication is required for all clinical and administrative access.
Comprehensive audit logging tracks every access, modification, and export of protected health information.
Regular penetration testing and vulnerability assessments are conducted by third-party security firms.
Our infrastructure is aligned with SOC 2 Type II controls and HITRUST CSF standards.
Access: You may request a copy of all personal and medical data we hold about you at any time.
Correction: You may request corrections to inaccurate or incomplete personal information.
Deletion: You may request deletion of your data, subject to legal retention requirements for medical records.
Portability: You may request your data in a structured, machine-readable format.
Restriction: You may request that we limit processing of your data in certain circumstances.
To exercise any of these rights, contact our Privacy Officer at privacy@whiteglovemd.com.
We never sell your personal or medical data to third parties.
We never share your data for marketing purposes.
We share data only with: (1) physicians assigned to your case, (2) data processors bound by BAAs (Supabase, Stripe, Resend), and (3) as required by law.
De-identified, aggregated data may be used for clinical research and quality improvement. This data cannot be traced back to any individual patient.
We use essential cookies required for platform functionality (authentication, session management).
We use anonymized analytics to understand how users navigate our site and improve the experience.
We do not use third-party advertising trackers or sell data to ad networks.
You may disable non-essential cookies through your browser settings without affecting core platform functionality.
Contact our Privacy Officer for any questions about how your data is handled, to request access or deletion, or to report a concern.
privacy@whiteglovemd.com
Last updated: February 2026