TheracareAI App Privacy Policy & Terms of Use
Provided by Leap of Faith Technologies, Inc.
Effective Date: April 28, 2026 – Version 2.0
Leap of Faith Technologies, Inc. (“LOF”) provides the TheracareAI App (“the App”) to help you manage and track your medications. The App enables features such as medication reminders, AI-powered guidance on side effects, safe dosage and storage recommendations, FHIR-based interoperability with healthcare providers (including Epic via Epic on FHIR), and export functionality.
1. About LOF and What This Policy Covers
LOF is a for profit digital health informatics company.[DH1] We do not fund the App through advertising or the sale of your data. LOF is not a HIPAA-covered entity and does not have a business associate agreement (BAA) with any healthcare provider the App connects to; health information retrieved at your direction is governed by this Policy.
This Policy outlines how LOF collects, uses, stores, and protects personal information. “Personally Identifiable Information” (PII) refers to data that can identify, relate to, describe, or be associated with an individual or household, including contact information, device identifiers, or health-related data.
2. What PII We Collect and Why
|
Category of Personal Information |
Source |
Purpose of Collection |
Shared With |
|
Contact Information: Name, DOB, Gender |
User input |
Used locally to associate medications with the correct individual profile. |
Not shared. |
|
Medication Information: Scanned from labels/ prescription bottles or manually entered |
Uploaded image |
The App allows users to scan a prescription label or medication bottle to extract medication information. These images may contain Personally Identifiable Information (PII) and Protected Health Information (PHI). With the user's explicit consent, the image is securely transmitted to an AI service for one-time, real-time extraction of medication details. No image, PII, PHI, or extracted data is stored, logged, or retained by TheracareAI or its backend systems after the extraction process. If users prefer not to share images, they can opt to manually enter medication names instead of using the scanning feature. |
AI-based processor (ephemeral, real-time processing only). |
|
Health Record Data Imported via Epic / FHIR |
User-authorized OAuth 2.0 connection to the user's provider's Epic system |
When users authorize the App to connect to their healthcare provider through Epic on FHIR, medication and related clinical data are retrieved and stored locally on their device. Users may optionally opt in to encrypted cloud backup on servers in the U.S. |
Not shared by LOF. Users may share data only by exporting a password-protected package and sharing it (and the password) themselves, with recipients of their choosing. If users choose the “Export to TheraCare” option, an encrypted copy of the package is stored on AWS servers in the U.S. so it can be shared as a link; LOF cannot read its contents. |
|
Browsing Information: Page views, IP addresses, device identifier of the device on which users are using the App, and session identifiers |
User interactions with the App |
This information is necessary for (i) our information service providers, IMO and FDB, to know where to send back responses to users' requests for information; (ii) to understand how people are using the App; (iii) to enhance the technical performance of the App; and (iv) to protect the security and integrity of the App, and our business, such as preventing fraud, hacking, and other criminal activity or to meet legal obligations. |
Intelligent Medical Objects, Inc. (“IMO”), the company that provides the software that transforms medication names into an NDC code to pass to First Databank, Inc. (“FDB”), our medication information database provider. (NDC means National Drug Code, a unique 10-digit number that identifies human drugs in the U.S.). IMO and FDB use AWS servers. Service providers who help us with analytics, which receive device and session identifiers along with interaction events to help us understand product usage. |
|
Device and Usage Data: Device ID, session ID, page interactions |
App analytics |
Used to enhance app performance, ensure security, and route medication queries. |
IMO (Intelligent Medical Objects), FDB (First Databank, Inc.) for medication lookup. Service providers who help us with analytics. |
3. Connecting to Your Healthcare Provider (Epic on
FHIR)
You may connect the App to your healthcare provider's Epic system through Epic on FHIR using OAuth 2.0. Your provider authenticates you directly; LOF does not see or store your credentials. Retrieved data is stored on your device, with optional encrypted cloud backup on U.S. servers. You may revoke the connection at any time.
4. How You Share Your Data With Others
The App itself does not send your data to anyone else, and there is no feature inside the App for granting another person, group, or app access to your data. This is by design: the App has no awareness of other people or services you may want to share with, so it cannot authorize them on your behalf.
Instead, you share your data on your own initiative using the export options described in Section 7. The App lets you generate a password-protected export package containing your data. You then share that package, and separately the password you set for it, with whomever you choose, through any channel you prefer (for example, email, messaging apps, cloud storage, or in person). The recipient must have both the package and the password to open it.
Among the export options offered by the App, the “Export to TheraCare” option provides for the storage of an encrypted copy of the export package on AWS servers located in the United States, enabling the package to be shared via a generated link in lieu of a file. The package is encrypted at rest with the password set by the user, and LOF maintains no technical ability to access or decrypt its contents, including by its administrative personnel. The user shall determine when the package expires and may revoke the link and delete the package from within the App at any time. No other export option results in the storage of any copy of exported data on LOF's servers.
Because all sharing happens at your sole direction, you are solely responsible for choosing recipients, choosing the channel, safeguarding the password, and revoking access (which, once a package has been opened, is no longer technically possible). LOF does not see, log, or have any record of who you share an export with.
We use your data only to provide direct services to you. We do not use it for advertising, research, or sale; we do not provide, distribute, or sell your data (including aggregate or de-identified data) to third parties; and we do not use data about other individuals from your health record (such as family or care team) for any purpose.
5. Your Rights: Access, Export, and Deletion
• You may obtain a complete record of the data the App has stored about you, and a complete record of which authorized entities have accessed it.
• You may delete all data the App has stored about you, from within the App.
• The App stores your data only as long as you choose, until you delete it. If you delete the App and close your account, we do not retain your data.
6. Local Data Storage & Encryption
All data stored locally on your device is encrypted using AES 256-bit encryption in CBC (Cipher Block Chaining) mode, utilizing a MasterKey and your device's unique ID. The App can perform its core services without storing data on servers; encrypted cloud backup on U.S. servers is opt-in only.
7. Data Export and Import
You may export or import your medication data using AES 256-bit GCM (Galois/Counter Mode) encrypted files. This functionality requires a user-generated password for both encryption and decryption. With most export options, these files are stored and processed solely on your device. If you choose the “Export to TheraCare” option, an encrypted copy of the package is stored on AWS servers in the U.S. so that it can be shared as a link; the package remains encrypted with your password, is accessible only to those who have both the link and the password, and can be deleted by you at any time or set to expire on a date you choose (see Section 4).
Once exported, the package and its password are entirely under your control. As described in Section 4, sharing of the export, including the choice of recipient, channel, and disclosure of the password, is performed by you and outside the App. LOF does not have access to exported packages or to your password.
8. FHIR-Compliant Export
To support health interoperability, the App allows you to export your data in FHIR (Fast Healthcare Interoperability Resources) format. These exports are password-protected and designed to be imported into other healthcare systems under your control.
9. Security Information
We use industry standard encryption technologies, such as 2048-bit SSL Secure Sockets Layer with TLS Encryption, when transferring and receiving information from you. However, no commercial method of information transfer over the Internet or electronic data storage is known to be 100% secure. As a result, we cannot guarantee the absolute security of that information during its transmission or its storage in our systems.
If we or the TheracareAI business is acquired, or we otherwise transfer any assets (including due to a sale in connection with a bankruptcy), we may provide your PII to the purchaser [DH2] for use by such purchaser, subject to the terms of this Privacy Policy. Occasionally, we may share, sell or rent data that is not Personal Information with third party partners and vendors.
11. The App is Provided in
the US under US Law
We do not yet make the App available outside of the U.S. US law governs our provision of the App and your use of it.
12. Children's Privacy
The App is not designed for, or directed at, anyone eighteen (18) years of age or younger. It is not our policy to intentionally collect or maintain information about anyone under the age of eighteen (18). No one under the age of eighteen (18) is permitted to use the App. If you learn that anyone under the age of eighteen (18) is using the App, please contact us immediately at support@lofllc.com.
13. Opting Out of Data Collection
You may opt out of information collection at any time by uninstalling the App from your phone. As described in Section 5, when you delete the App and close your account, we do not retain your personal data. We may continue to retain pseudonymous usage analytics processed through service providers who help us with analytics (which receive device identifiers, session identifiers, and interaction events but not your name, date of birth, medication list, or health record data), as well as limited records we are required to keep by applicable law.
14. First Databank, Inc. End User Pass-Through Terms
and Conditions[DH3]
Medical Disclaimers
This site/app is
designed to offer you general health information for educational purposes only.
The health information furnished on this site/app and the interactive responses
are not intended to be professional advice and are not intended to replace personal
consultation with a qualified physician, pharmacist or other healthcare
professional. You must always seek the advice of a professional for questions
related to your disease, disease symptoms, and appropriate therapeutic
treatments. If you have or suspect that you have a medical problem or
condition, please contact a qualified healthcare provider immediately. You
should never disregard medical advice or delay in seeking it because of
something you have read on this site/app.
We do not make any warranty that the content on this site/app satisfies government regulations requiring disclosure of information on prescription drug products. The content was developed for use in the United States, and neither we nor our content providers make any representation concerning the content when used in any other country. While information on this site/app has been obtained from sources believed to be reliable, neither we nor our content providers warrant the accuracy of codes, prices or other data contained on this site/app.
We do not give medical advice, nor do we provide medical or diagnostic services. Medical information changes rapidly. Neither we nor our content providers guarantee that the content covers all possible uses, directions, precautions, drug interactions, or adverse effects that may be associated with any therapeutic treatments.
Your reliance upon information and content obtained by you at or through this site/app is solely at your own risk. Neither we nor our content providers assume any liability or responsibility for damage or injury (including death) to you, other persons or property arising from any use of any product, information, idea, or instruction contained in the materials provided to you.
Liability Disclaimers
Our content providers have utilized reasonable care in collecting and reporting the information contained in the Products on this site/app and have obtained such information from sources believed to be reliable. However, the content providers do not warrant the accuracy of the information in the site/app, nor of codes, prices or other data available on this site/app. Information reflecting prices is not a quotation or offer to sell or purchase. The clinical information contained in the information is intended as a supplement to, and not a substitute for, the knowledge, expertise, skill, and judgment of physicians, pharmacists, or other healthcare professionals in patient care. The absence of a warning for a given drug or drug combination should not be construed to indicate that the drug or drug combination is safe, appropriate or effective in any given patient.
THE CONTENT PROVIDERS
MAKE NO WARRANTY OR REPRESENTATION, EXPRESS OR IMPLIED, AS TO THE ACCURACY OF
THE DATA FROM WHICH THE INFORMATION IS COMPILED OR THE ACCURACY OF THE
INFORMATION ITSELF, NOR THE COMPATIBILITY OF THE INFORMATION WITH ANY HARDWARE
AND SYSTEMS, AND SPECIFICALLY DISCLAIMS THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
YOU USE THIS SITE/APP
AND THE MATERIAL AND INFORMATION ON THE SITE/APP AT YOUR OWN RISK. OUR
INFORMATION PROVIDERS SHALL NOT BE LIABLE FOR ANY DAMAGES ALLEGEDLY SUSTAINED
ARISING OUT OF USE OF THE SITE/APP, AND INCLUDING ANY CONSEQUENTIAL, SPECIAL,
OR SIMILAR DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
IF, NOTWITHSTANDING
THE OTHER TERMS OF THIS AGREEMENT (OR ANY OTHER AGREEMENT BETWEEN YOU AND US),
WE (OR OUR CONTENT PROVIDERS OR SPONSOR/ADVERTISERS) SHOULD HAVE ANY LIABILITY
FOR ANY LOSS, HARM OR DAMAGE, YOU AND WE (ON BEHALF OF OURSELVES AND OUR CONTENT
PROVIDERS AND SPONSOR/ADVERTISERS) AGREE THAT SUCH LIABILITY SHALL UNDER NO
CIRCUMSTANCES EXCEED $1,000. YOU AND WE (ON BEHALF OF OURSELVES AND OUR CONTENT
PROVIDERS AND SPONSOR/ADVERTISERS) AGREE THAT THE FOREGOING LIMITATION OF
LIABILITY IS AN AGREED ALLOCATION OF RISK BETWEEN YOU AND US (AND OUR CONTENT
PROVIDERS AND SPONSOR/ADVERTISERS) AND REFLECTS THE FEES, IF ANY, WE CHARGE YOU
TO USE THIS SITE/APP, THE SERVICES AND THE CONTENT. YOU ACKNOWLEDGE THAT ABSENT
YOUR AGREEMENT TO THIS LIMITATION OF LIABILITY, WE WOULD NOT PROVIDE THE
SITE/APP, THE SERVICES OR THE CONTENT TO YOU.
Restrictions
No material from this website may be copied, reproduced, republished, uploaded, posted, transmitted, commercialized or distributed in any way, except that you may download and/or print to non-electronic or electronic form one copy of the materials on any single computer for your personal, non-commercial home use only, provided you keep intact all copyright and other proprietary notices. Modification of the materials or use of the materials for any other purpose is a violation of our content provider's copyright and other proprietary rights. The use of any such material on any other website or networked computer environment is prohibited. All rights, title and interest in and to the materials on this site (including but not limited to all copyrights, trademarks, service marks, trade names and all derivative works) are owned or controlled by and shall remain at all time vested in the site operator and its content providers.
14. IMO, Inc. End User Pass-Through
Terms and Conditions[DH4]
Licensed
Solutions. IMO grants to Client a non-exclusive,
personal, non-transferable, limited license to use the Licensed Solutions
during the Term, subject to the terms of this EULA. Client shall not (a) cause
or permit the Licensed Solutions, in whole or in part, to be available to any
other person, entity or business; (b) copy (except for backup or disaster
recovery operations), reverse engineer, create a cache of, decompile or
disassemble the Licensed Solutions, in whole or in part; (d) modify, combine,
integrate, render interoperable, the Licensed Solutions with any other software
or services not contemplated by this EULA; (e) share, sell, rent, lease, or
otherwise distribute access to the Licensed Solutions, or use the Licensed
Solutions to operate any timesharing, service bureau, or similar business; (f)
alter, destroy or otherwise remove any proprietary notices within the Licensed
Solutions; or (g) disclose the results of any benchmark tests to any third
parties without IMO’s prior written consent. IMO and IMO’s licensors retain and
own all right, title, and interest in all intellectual property rights in the
Licensed Solutions, and all enhancements, revisions or improvements to, or
derivative works the foregoing. If
Client provides IMO with any suggested improvements, or requests additions or
changes to the Licensed Solutions, Client grants IMO a nonexclusive, perpetual,
irrevocable, royalty free, worldwide license, with rights to transfer,
sublicense, sell, use, reproduce, display, and make derivative works of such suggested
improvements, additions or changes. Third Party Components will be provided
under the applicable terms of the third party supplier. IMO makes no
representations or warranties regarding the Third Party Components.
Warranty
Disclaimer. THE LICENSED SOLUTIONS ARE PROVIDED ON AN AS-IS AND
AS-AVAILABLE BASIS. IMO DISCLAIMS ALL WARRANTIES, BOTH EXPRESS AND IMPLIED,
INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND OF
FITNESS FOR A PARTICULAR PURPOSE, ANY WARRANTY ARISING FROM A COURSE OF
DEALING, USAGE OR TRADE PRACTICE AND ANY IMPLIED WARRANTY OF NON-INFRINGEMENT
OF INTELLECTUAL PROPERTY RIGHTS. IMO DOES NOT WARRANT THAT THE LICENSED
SOLUTIONS WILL BE ERROR-FREE OR UNINTERRUPTED, THAT ALL DEFECTS WILL BE
CORRECTED, OR WILL MEET CLIENT’S REQUIREMENTS.
Professional
Responsibility. Client
acknowledges and agrees that the Licensed Solutions are information management
tools that require the involvement of professional medical personnel and the
information provided is not intended to be a substitute for the advice and
professional judgment of a physician or other professional medical personnel.
Client further acknowledges and agrees that the Licensed Solutions are not
intended to diagnose disease, prescribe treatment, or perform any other tasks
that constitute or may constitute the practice of medicine or of other
professional or academic disciplines. Client will be solely responsible for the
professional and technical services provided by Client and Client Users. IMO
makes no representations concerning the completeness, accuracy or utility of
any information in the Licensed Solutions. IMO has no liability for the
consequences to Client or Client’s patients of Client’s use of the Licensed
Solutions.
Disclaimer
of Liability. EXCEPT
FOR iMO’S INDEMNIFICATION OBLIGATIONS IN THE FOLLOWING SECTION, in no event
shall IMO be liable to any person including, but not limited to CLIENT OR
CLIENT’S PATIENTS for any CONSEQUENTIAL, INDIRECT, SPECIAL, INCIDENTAL, OR
PUNITIVE dAMAGES ARISING OUT OF OR RELATED TO THIS EULA OR THE LICENSED
SOLUTIONS. IMO's total liabilities
arising out of or related to this EULA are limited to the fees received by IMO
FOR CLIENT’S USE OF THE LICENSED SOLUTIONS IN THE TWELVE (12) MONTHS PRECEDING
THE CLAIM.
IMO’s
Indemnification. Subject to the provisions
set forth herein, IMO will defend
or, at its option, settle any claim or action brought against Client by an
unaffiliated third party to the extent it is based on a claim that the Licensed
Solutions directly infringe such third party’s United States patent, trademark
or copyright (each, a “Claim”), and IMO will pay any final judgment of the
Claim awarded against Client by a court of competent jurisdiction, or
settlement of the Claim agreed to by IMO. IMO will have the foregoing
obligation under this Section only if Client provides IMO with (a) prompt
written notice of the Claim, (b) sole control and authority over the defense
and any settlement of the Claim, and (c) all available information, assistance,
and authority reasonably necessary to settle and/or defend any such Claim. IMO
shall have no indemnification obligation or
liability for any Claim or infringement resulting from (i) Client’s continued
use of the infringing Licensed Solution after receipt of notice of a claim;
(ii) modifications to the Licensed Solutions by any party other than IMO; (iii)
any development of, or modifications made to, the Licensed Solutions pursuant
to Client’s designs, specifications or instructions; (iv) the combination or use
of the Licensed Solutions with other products, processes or materials if the
Licensed Solution itself does not infringe; or (v) Client’s use of the Licensed
Solutions other than in accordance with the Documentation or the terms of this
EULA.
Client’s
Indemnification. Client will
defend, indemnify and hold IMO and its officers, directors, and agents harmless
against third party claims, liabilities, judgments, settlements, penalties, and
causes of action (“Third Party Claims”) and associated costs and expenses
(including reasonable attorneys' fees) arising out of the use of the Licensed
Solutions by Client; provided however, that the foregoing indemnity will not
apply to the extent Client has used the Licensed Solutions in accordance with
the Documentation and applicable standards of good clinical practice and the
proximate and direct cause of the Third Party Claim is IMO’s negligence or
willful misconduct in providing the Licensed Solutions.
Data. Client grants IMO the non-exclusive, worldwide
right to use Data as necessary to provide and support the Licensed Solutions
and provide Services to Client under this Agreement. IMO may also use Data for
IMO’s internal business purposes, including analysis or development of new
services, products, or analysis or improvement of existing services or
products. Client shall not submit any Protected Health Information to the
Licensed Solutions. IMO may de-identify
or anonymize Data for its internal uses in accordance with applicable laws.
General.
Client agrees that IMO shall be, and is
hereby, named as an express third-party beneficiary of this EULA for the
purpose of enforcing at law and at equity all terms set forth in this EULA.
Client will ensure that anyone with authorized access to the Licensed Solutions
will comply with the provisions of this EULA.
If any provision of this EULA is determined to be unenforceable, the
rest of this EULA will remain in full force. The delay or failure to assert a
right herein or to insist upon compliance with any term or condition of this
EULA shall not constitute a waiver of that right or excuse a subsequent failure
to perform any term or condition. Client
may not assign any of the rights herein without prior written approval from
IMO. This EULA will be governed by the
State of Illinois without regard to choice-of-law principles. The courts of the State of Illinois and/or
the United States District Court for the Northern District of Illinois shall
have exclusive jurisdiction over any action arising under or related to the
subject matter of this EULA and the parties agree to submit to the jurisdiction
of the courts of the State of Illinois and the United States District Court for
the Northern District of Illinois. This
EULA is the entire agreement between Client and IMO as to the subject
matter. This EULA may be terminated by
IMO or Software Vendor at any time if: (i) Client violates any provision of
this EULA; or (ii) Software Vendor’s relationship with IMO terminates. If this EULA is terminated for any reason,
Client agrees to immediately return or destroy all copies of the Licensed
Solutions and all accompanying items and certify the return or destruction
thereof. Additionally, Client
acknowledges and agrees to the terms and conditions for use of third
party content as included in the Licensed Solutions:
Third Party Components (if applicable):
SNOMED CT®: Client acknowledges that the Licensed
Solutions include SNOMED Clinical Terms (SNOMED CT®) which is used by
permission of the SNOMED International. All rights reserved. SNOMED CT®, was
originally created by The College of American Pathologists. “SNOMED” and
“SNOMED CT” are registered trademarks of SNOMED International. Additional fees
may apply for to the use of SNOMED CT outside of SNOMED member countries.
Current Procedure Terminology (CPT®):
https://www.imohealth.com/cpt-end-user/
LOINC®: This material contains content from LOINC®
(http://loinc.org). LOINC is copyright © 1995-2021, Regenstrief Institute, Inc.
and the Logical Observation Identifiers Names and Codes (LOINC) Committee and
is available at no cost under the license at http://loinc.org/license.
The Diagnostic and Statistical Manual of Mental
Disorders, 5th ed. Text Revision (DSM-5-TR): https://www.imohealth.com/dsm/
Healthcare Effectiveness Data and Information Set
(HEDIS®): https://www.imohealth.com/hedis/
Health Level Seven (HL7®):
http://www.hl7.org/legal/ippolicy.cfm?ref=nav
Definitions.
“Data” means data that is collected,
stored, processed or generated through Client’s use of the Licensed Solutions.
“Documentation” means the printed and on-line
materials, user guides, product specifications, training manuals and other
similar information that assist Client, as updated from time to time.
“Licensed Solutions” means the terminology products
and/or software programs developed by IMO and accessed by Client pursuant to
the agreement between Client and Software Vendor.
“Term” means the term of the agreement between
Client and Software Vendor that provides for use of the Licensed
Solutions.
“Third Party Components” means all third party
software and content included in the Licensed Solutions as identified in the
Documentation.
16. Contact Us
Leap of Faith Technologies, Inc.
1105 W. Park Ave., Suite 2, Libertyville, IL 60048
Email: support@lofllc.com
Website: www.leapoffaith.com
[DH1]Why do we have to say this? I do not like this statement!
How about:
LOF is a for profit digital health informatics company.
[DH2]What PII will we provide to a purchaser? This is too broad and should be defined better.
[DH3]Where are the IMO pass through terms? We need to include them too.
[DH4]Where are the IMO pass through terms? We need to include them too.