Talk to us

Privacy Policy

Thesis Care, Inc.

Effective Date: March 14, 2026  |  Last Updated: March 15, 2026

1. Introduction

Thesis Care, Inc. (“Thesis Care,” “we,” “our,” or “us”) is a Delaware corporation headquartered in New York City. We provide AI-enabled clinical operations and care management services to healthcare organizations. This Privacy Policy describes how we collect, use, disclose, and protect personal information when you visit our website at thesis.care (the “Site”), submit information through our contact or demo request forms, apply for employment, or otherwise interact with us online.

This Privacy Policy does not apply to our processing of protected health information when we provide services to our healthcare clients under separate agreements. Information processed in the course of those services is governed by our client agreements, Business Associate Agreements, and applicable HIPAA regulations.

2. Information We Collect

The following describes the personal information collected by Thesis Care, including in the 12 months preceding the “last updated” date of this Privacy Policy.

2.1 Information You Provide Directly

We collect personal information you voluntarily provide when you:

  • Request a demo or contact us: name, email address, phone number, company name, job title, and any message content you include.
  • Apply for a job and work for us: name, email address, phone number, resume or CV, employment history, education, and any other information you choose to include in your application materials.
  • Interact with us in a commercial capacity: name, contact information.

2.2 Information Collected Automatically

When you visit our Site, we may automatically collect certain information, including:

  • IP address and general geographic location (e.g., city or region, derived from IP address)
  • Browser type, operating system, and device information
  • Pages viewed, referring URL, and site interaction data
  • Date and time of your visit

We may use cookies, pixels, and similar tracking technologies to collect this information. See Section 7 (Cookies and Tracking Technologies) below for details.

2.3 Information from Third Parties

We may receive information about you from publicly available sources (such as LinkedIn) or from business partners to supplement our records for sales and marketing purposes.

3. How We Use Your Information

We use the personal information we collect for the following purposes:

  • To respond to your inquiries and demo requests
  • To evaluate your job application and communicate with you about employment opportunities
  • To operate, maintain, and improve our Site
  • To send communications (including marketing communications) about our services
  • To analyze Site usage and trends to improve user experience
  • To detect, prevent, and address security incidents and fraudulent activity
  • To comply with legal obligations, enforce our Terms of Use, and protect our rights

We do not use personal information collected through this Site to make automated decisions that produce legal or similarly significant effects on individuals.

4. How We Disclose Your Information

We do not sell your personal information. We may disclose your information to the following categories of recipients:

  • Service providers and contractors: Third parties that perform services on our behalf, such as website hosting, analytics, email delivery, applicant tracking, and customer relationship management. These providers are contractually bound to use your information only for the services we engage them to perform.
  • Professional advisors: Attorneys, accountants, auditors, and other professional advisors as needed.
  • Legal compliance and protection: When required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, safety, or property, or that of our users or the public.
  • Business transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change via prominent notice on our Site. We may also share your information with investors as part of the fundraising process.

We do not share personal information with third parties for cross-context behavioral advertising. If we change this practice in the future, we will update this Privacy Policy and provide appropriate opt-out mechanisms as described in Section 6.2.

5. Data Retention

We retain personal information only as long as reasonably necessary for the purposes described in this Privacy Policy:

  • Contact and demo request data: Up to 36 months following your most recent interaction with us, unless an ongoing business relationship is established.
  • Job applicant data: Up to 24 months after the conclusion of the application process, unless you consent to a longer retention period for consideration for future positions, in which case up to 36 months.
  • Commercial contacts data: For the duration of the commercial relationship and up to 36 months after its conclusion.
  • Automatically collected data: Up to 26 months for analytics purposes.

After the applicable retention period, we will delete or de-identify your personal information. We may retain information for longer periods if required by law, to resolve disputes, or to fulfill our contractual obligations. Specific retention obligations under client agreements, including Business Associate Agreements, may supersede the periods stated above with respect to data processed in connection with those agreements.

6. Your Privacy Rights

Depending on your state of residence, you may have the following rights regarding your personal information:

  • Right to know / access: You may request confirmation of whether we process your personal information and obtain a copy of the specific information we hold about you.
  • Right to delete: You may request that we delete your personal information, subject to certain exceptions.
  • Right to correct: You may request that we correct inaccurate personal information.
  • Right to data portability: You may request your information in a portable, readily usable format.
  • Right to opt out of sale or sharing: We do not currently sell or share personal information for cross-context behavioral advertising. If this changes, you will have the right to opt out.
  • Right to opt out of targeted advertising: You may opt out of the use of your personal information for targeted advertising purposes.
  • Right to opt out of profiling: You may opt out of profiling that produces legal or similarly significant effects.
  • Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.
  • Right to appeal: If we deny your privacy request, you may appeal our decision. We will respond to appeals within the timeframe required by applicable law.

6.1 How to Exercise Your Rights

To exercise any of the rights described above, please contact us at legal@thesis.care or by mail at the address listed in Section 14 below. We may verify your identity before processing your request. You may also designate an authorized agent to submit a request on your behalf.

We will promptly respond to verifiable requests. If additional time is needed, we will notify you of the extension and the reason.

6.2 Universal Opt-Out Mechanisms

We honor Global Privacy Control (GPC) and similar browser-based universal opt-out signals as valid opt-out requests where required by applicable state law. When we detect a GPC signal, we will treat it as a request to opt out of any sale or sharing of personal information and will suppress non-essential tracking technologies for that session.

7. Cookies and Tracking Technologies

Our Site may use the following categories of cookies and similar technologies:

  • Strictly necessary cookies: Required for the Site to function properly (e.g., security, load balancing). These cannot be disabled.
  • Analytics cookies: Help us understand how visitors interact with our Site by collecting information about pages viewed, time spent, and navigation patterns. This data is aggregated and anonymized where possible.
  • Functional cookies: Enable enhanced functionality and personalization, such as remembering your form preferences.

We do not currently use advertising or retargeting cookies. If we adopt such technologies in the future, we will update this policy and implement appropriate consent and opt-out mechanisms.

You can control cookies through your browser settings. Disabling certain cookies may affect your experience on our Site. Where required by applicable state law, we will obtain your consent before placing non-essential cookies.

8. Do Not Track Signals

Our Site recognizes and responds to Global Privacy Control (GPC) signals and standard Do Not Track browser signals to the extent required by applicable law. For details on how we process these signals, see Section 6.2.

9. Data Security

We implement and maintain reasonable administrative, technical, and physical safeguards designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These measures are consistent with industry standards and our SOC 2 Type 2 certification.

However, no method of electronic transmission or storage is completely secure. While we strive to protect your personal information, we cannot guarantee absolute security.

10. Health Information Disclaimer

This Site is not part of our HIPAA-regulated service environment. Thesis Care is a HIPAA-compliant Business Associate for the clinical support services we provide to our healthcare clients. However, personal information collected through this Site (such as contact form submissions and job applications) is not Protected Health Information (PHI) and is not governed by HIPAA.

Do not submit patient data or protected health information through this Site. If you are an existing client, please use the secure communication channels provided under your service agreement. If we inadvertently receive PHI through this Site, we will securely delete it and notify you promptly.

This Site does not provide medical advice, diagnosis, or treatment. Nothing on this Site should be construed as establishing a provider-patient or clinical care relationship.

11. Children's Privacy

Our Site is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. As described in our Terms of Use, this Site is intended for users who are at least 18 years of age. If we learn that we have collected personal information from a child under 13, we will promptly delete it. If you believe we may have collected information from a child under 13, please contact us at the address below.

12. Additional State Disclosures

12.1 California (CCPA/CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act. The following disclosures describe our data practices in the preceding 12 months:

  • Categories of personal information collected: Identifiers (name, email, phone, IP address); professional or employment-related information (company name, job title, resume data); internet or electronic network activity (browsing data, Site interaction data).
  • Sources: Directly from you; automatically through your use of our Site; from publicly available sources.
  • Business purposes for collection: Responding to inquiries; evaluating job applications; Site operations and improvement; marketing communications; security and fraud prevention; legal compliance.
  • Categories of third parties receiving information: Service providers (hosting, analytics, CRM, applicant tracking); professional advisors; government entities when required by law.
  • Sale or sharing: We have not sold or shared personal information in the preceding 12 months.
  • Sensitive personal information: We do not collect sensitive personal information as defined by the CCPA through this Site.

To submit a CCPA request, see Section 6.1 above.

12.2 Other State Laws

Residents of Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, Nevada, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia may have similar privacy rights under their respective state laws. We extend the rights described in Section 6 to all U.S. residents regardless of state of residence.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, applicable law, or for other operational, legal, or regulatory reasons. When we make material changes, we will update the “Last Updated” date at the top of this page and, where required by law, provide additional notice.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Thesis Care, Inc.
Attn: Legal
169 Madison Ave STE 38075
New York, NY 10016
Email: legal@thesis.care

15. Consumer Protection Agencies

If you exercise your right to appeal our determination with respect to your data subject rights, and we deny your appeal, you may have the right to submit a complaint to your regulator. Information for your relevant regulator is provided below:

  • California Residents: You may contact the California Privacy Protection Agency at cppa.ca.gov and the California Attorney General at oag.ca.gov.
  • Colorado Residents: You may contact the Colorado Attorney General at coag.gov.
  • Connecticut Residents: You may contact the Connecticut Attorney General at portal.ct.gov/ag.
  • Delaware Residents: You may contact the Department of Justice at privacy@delaware.gov.
  • Iowa Residents: You may contact the Iowa Attorney General at iowaattorneygeneral.gov.
  • Indiana Residents: You may contact the Indiana Attorney General at in.gov/attorneygeneral.
  • Kentucky Residents: You may contact the Kentucky Attorney General's Office of Data Privacy at ag.ky.gov.
  • Maryland Residents: You may contact the Consumer Protection Division at marylandattorneygeneral.gov.
  • Minnesota Residents: You may contact the Minnesota Attorney General at ag.state.mn.us.
  • Montana Residents: You may contact the Montana Attorney General at dojmt.gov.
  • Nebraska Residents: You may contact the Nebraska Attorney General at ago.nebraska.gov.
  • Nevada Residents: You may contact the Nevada Attorney General at ag.nv.gov.
  • New Hampshire Residents: You may contact the New Hampshire Attorney General at doj.nh.gov.
  • New Jersey Residents: You may contact the Division of Consumer Affairs at njconsumeraffairs.gov.
  • Oregon Residents: You may contact the Oregon Attorney General at doj.state.or.us.
  • Rhode Island Residents: You may contact the Rhode Island Attorney General at riag.ri.gov.
  • Tennessee Residents: You may contact the Tennessee Attorney General at tn.gov/attorneygeneral.
  • Texas Residents: You may contact the Texas Attorney General at texasattorneygeneral.gov.
  • Utah Residents: You may contact the Utah Attorney General at attorneygeneral.utah.gov.
  • Virginia Residents: You may contact the Virginia Attorney General at oag.state.va.us.