Privacy Policy
Last updated: March 2026
Xylar Health ("we," "us," or "our") operates the website xylarhealth.com and the Xylar Health product (the "Service"). This Privacy Policy describes how we collect, use, and protect information when you use our website and when you use our product as a customer. We are committed to protecting your privacy and, where applicable, to complying with the Health Insurance Portability and Accountability Act (HIPAA) and other applicable laws.
1. Scope of This Policy
This policy covers (a) your use of our public website (xylarhealth.com), including the interest form and any other information you submit through the site, and (b) our practices regarding Protected Health Information (PHI) when you use the Xylar Health product as a customer. When you use our product in connection with patient care, we act as a Business Associate under HIPAA and our handling of PHI is governed by our Business Associate Agreement (BAA) with your organization, in addition to this policy.
2. Information We Collect
Information you provide on our website
When you submit our "Get early access" or interest form, we collect your first name, last name, email address, and any optional message you provide (e.g., description of your current voicemail process). We use this information solely to respond to your inquiry, to contact you about Xylar Health, and to manage our relationship with you. We do not collect health information or other sensitive personal information through this website form.
Information collected automatically
When you visit our website, we may collect your IP address for security and rate-limiting purposes (e.g., to prevent abuse of our form). We may use a privacy-focused analytics service (such as Plausible) that does not use cookies and does not collect personally identifiable information. Our goal is to understand how the site is used without identifying individual visitors.
Information when you use the Xylar Health product
When your organization uses the Xylar Health product, we process voicemail audio, transcriptions, summaries, and related data that may constitute PHI. That processing is governed by our BAA with your organization and our HIPAA-compliant practices, including technical and administrative safeguards, and is not used for marketing or sold to third parties.
3. How We Use Your Information
We use the information we collect to: (a) respond to your inquiries and provide the services you request; (b) communicate with you about Xylar Health and your account; (c) operate, secure, and improve our website and product; (d) comply with legal obligations; and (e) enforce our terms and protect our rights. We do not sell your personal information. We do not use information submitted through the website form for marketing unrelated to your interest in Xylar Health without your consent.
4. Sharing and Disclosure
We may share your information with service providers that help us operate our business. For example, we use Resend to send and receive emails related to form submissions; Resend processes data in accordance with their privacy policy and our instructions. When you use the Xylar Health product, we use HIPAA-eligible infrastructure and only share PHI with subprocessors that are bound by appropriate agreements. We may also disclose information when required by law, to protect our rights or safety, or with your consent.
5. Security
We use industry-standard measures to protect your information, including encryption in transit (HTTPS), access controls, and secure infrastructure. For the Xylar Health product, we implement safeguards required under HIPAA and our BAAs. No method of transmission or storage is 100% secure; we will notify affected parties and regulators as required in the event of a breach involving PHI or other sensitive data.
6. Data Retention
We retain information only as long as necessary to fulfill the purposes described in this policy, to comply with legal obligations, or to resolve disputes. You may request deletion of the personal information you provided through the website (see Your Rights below). PHI is retained in accordance with our BAA and applicable law.
7. Your Rights
Depending on your location, you may have the right to access, correct, or delete the personal information we hold about you, or to object to or restrict certain processing. To exercise these rights, or if you have questions about our practices, contact us at hello@xylarhealth.com. We will respond within a reasonable time. If you are in California or another jurisdiction with specific privacy laws, we will honor your rights under those laws. If you believe we have violated your privacy rights, you may have the right to lodge a complaint with a supervisory authority.
8. Children
Our website and product are not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us and we will delete it promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will post the updated policy on this page and update the "Last updated" date. Material changes may be communicated via email or a notice on our website. Your continued use of the website or product after changes constitutes acceptance of the updated policy.
10. Contact Us
For privacy-related questions, requests, or complaints, contact us at support@xylarhealth.com. For HIPAA-related matters or to request a BAA, you may also reach out to the same address.