Beacon Legal

HIPAA Privacy Policy

Last updated: May 24, 2026

This policy explains how Beacon, provided by OneToLive, Inc., handles your account information and health-related data, including how we use artificial intelligence and automated processing. You can also review our Terms of Service.

Scope of This Policy

This policy describes how OneToLive, Inc. collects, uses, shares, and protects information when you use Beacon. Where OneToLive, Inc. processes information on behalf of a covered entity—such as a clinician, health plan, or healthcare provider—we act as a Business Associate under HIPAA, and the terms of the applicable Business Associate Agreement (BAA) control our use and disclosure of that protected health information.

Information We Collect

We collect: account information you provide (such as name, email, phone, and role); caregiver and care-recipient profile data; authorization records that establish who can access whose information; messages and content you create in Beacon; documents and records you upload or that connected providers transmit on your behalf; health-related data including conditions, medications, lab results, visit summaries, and insurance information; and operational data such as device, log, and usage information generated when you interact with the service.

How We Use Information

We use information to operate Beacon and provide the care-coordination service you request; to authenticate users and enforce family-access permissions; to generate summaries, insights, reminders, and other AI-assisted output; to maintain audit history; to provide customer support; to improve product reliability and security; to detect and prevent fraud and abuse; and to comply with our legal obligations. We do not sell personal information, and we do not use protected health information for advertising.

AI and Automated Processing

Beacon uses artificial intelligence to summarize documents, surface health insights, draft calendar items and reminders, and assist with caregiver workflows. AI processing is performed by OneToLive, Inc. and by vetted AI subprocessors that are bound by confidentiality and, where they handle protected health information, by Business Associate Agreements. We do not permit our AI subprocessors to use your identifiable protected health information to train their general-purpose models. AI output may be incomplete or inaccurate; please review it before relying on it. You can find a current list of AI subprocessors and request more information by contacting beacon-support@onetolive.ai.

HIPAA and Protected Health Information

When we handle protected health information, we apply administrative, physical, and technical safeguards designed to protect its confidentiality, integrity, and availability, consistent with the HIPAA Privacy and Security Rules. Use and disclosure of protected health information is limited to what is permitted by HIPAA, by the applicable Business Associate Agreement, and by the directions of the covered entity or individual on whose behalf we hold the information.

Sharing and Service Providers

We share information with service providers that help us operate Beacon, including hosting and infrastructure, identity and authentication, communications, payment processing, analytics, customer support, AI processing, and health-data integrations. Access is limited to what each provider needs to perform its function, and providers that handle protected health information sign Business Associate Agreements. We may also disclose information when required by law, in response to valid legal process, to protect the rights, property, or safety of users or the public, or in connection with a corporate transaction such as a merger or acquisition.

Family and Caregiver Visibility

Beacon is built around explicit family access and caregiver permissions. A caregiver may only access a care recipient’s information after the appropriate authorization flow has been completed. Care recipients and their authorized representatives can review, adjust, or revoke caregiver access at any time from the relevant settings.

Security

We protect information using encryption in transit and at rest, role-aware access controls, audit logging, network and application safeguards, and ongoing monitoring. No service can guarantee perfect security; if you believe your account or another person’s information has been compromised, contact beacon-support@onetolive.ai immediately.

Data Retention and Deletion

We retain information for as long as needed to provide Beacon, to comply with legal, tax, and accounting obligations, to enforce our agreements, and to support security and integrity investigations. When information is no longer required, we delete or de-identify it. Where OneToLive, Inc. holds protected health information as a Business Associate, retention and deletion follow the directions of the covered entity and the applicable BAA.

Your Rights and Choices

Depending on where you live and the role you play, you may have the right to access, correct, export, or delete information about you, to restrict or object to certain processing, to opt out of automated decision-making with significant effects, and to lodge a complaint with a regulator. If OneToLive, Inc. holds your information as a Business Associate, please direct requests under HIPAA to the covered entity that engaged us; we will support those requests as the BAA requires. You can submit a request directly to us at beacon-support@onetolive.ai, and we will verify your identity before acting.

De-identified Data

We may create de-identified data—stripped of identifiers in accordance with HIPAA’s Safe Harbor or Expert Determination methods—to operate, evaluate, and improve Beacon and the underlying models. We do not attempt to re-identify de-identified data, and we require recipients to agree not to do so.

Children’s Privacy

Beacon is not directed to children under 13, and we do not knowingly collect personal information from children under 13 except as part of a caregiver-managed profile authorized by the child’s parent or legal guardian. If you believe a child has provided us information without proper authorization, contact us and we will take appropriate steps.

International Users

OneToLive, Inc. operates Beacon in the United States. If you access the service from outside the United States, you understand that your information will be processed in the United States, which may have different data-protection laws than your country of residence.

Changes to This Policy

We may update this policy from time to time. When changes are material, we will provide notice in-product, by email, or by updating the date at the top of this page. Your continued use of Beacon after an update indicates acceptance of the revised policy.

Contact

For privacy questions, requests, or complaints, contact our privacy team at beacon-support@onetolive.ai.