Last updated: April 1, 2026
HIPAA Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Our Commitment to Your Privacy
Aere (“Aere”) is committed to maintaining the privacy of your protected health information (“PHI”). Aere operates as a personal health record platform — a software service that enables you to store, organize, and analyze health records that you choose to upload. As a personal health record platform acting on your behalf, Aere handles your PHI in accordance with applicable federal privacy standards, including those under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act.
We are required by law to maintain the privacy of PHI, provide you this Notice describing our privacy practices, and follow the terms of the Notice currently in effect. We are also required to notify you in the event of a breach of your unsecured PHI.
Health Information We Handle
The health information we handle on your behalf includes: health record documents you upload (lab reports, imaging studies, clinical notes, pathology reports, and similar documents); structured biomarker data extracted from those documents (e.g., blood test results, vital signs, medication lists); and health profile information you voluntarily provide (including medical history, diagnoses, medications, allergies, surgical history, and demographic information). All of this information is stored in encrypted form and is accessible only to you and to the service providers listed in this Notice who process it on your behalf.
How We May Use and Disclose Your Health Information
At your direction — treatment coordination.The primary use of Aere is to empower you to manage and share your health information at your discretion. You may use Aere's sharing features to generate a secure, time-limited link to your health records or a pre-visit health brief that you can share with your healthcare providers. All such sharing is initiated and controlled by you.
Platform operations. We use your PHI to provide the Aere service — including storing your records, extracting biomarkers, generating AI-powered healthspan insights, and powering your personal health dashboard. This use is inherent to providing the service you requested.
Service providers (Business Associates). We work with third-party service providers who process PHI on our behalf under written Business Associate Agreements (BAAs), as required by HIPAA. These include:
- Cloud database and storage provider — your health records and biomarkers are stored here, encrypted at rest and protected by access controls
- AI processing service — document content is transmitted to parse health records and generate insights; this provider is contractually bound under a BAA
- Cloud hosting provider — application infrastructure; does not access stored PHI
Each of these providers is contractually prohibited from using your PHI for any purpose other than providing services to Aere on your behalf.
As required by law. We may disclose your PHI when required by law, including in response to a court order, subpoena, or other lawful process. We will make reasonable efforts to notify you before making such a disclosure unless legally prohibited.
Other uses require your authorization. Any use or disclosure of your PHI not described above requires your specific written authorization. You may revoke an authorization at any time by contacting admin@aere.health, except to the extent that action has already been taken in reliance on the authorization.
Your Rights Regarding Your Health Information
You have the following rights with respect to your PHI:
Right to access. You have the right to inspect and receive a copy of PHI that Aere maintains about you. To request access, contact admin@aere.health. We will provide the requested information within 30 days.
Right to amendment. If you believe PHI we hold is inaccurate or incomplete, you may request an amendment. We will respond within 60 days and will notify you if we deny the request, along with the reason for the denial and your right to submit a statement of disagreement.
Right to an accounting of disclosures. You may request a list of instances where we have disclosed your PHI for purposes other than those described in this Notice. This accounting covers the six years prior to your request.
Right to request restrictions. You may request that we restrict uses or disclosures of your PHI beyond those described in this Notice. We are not required to agree to all requested restrictions, but we will honor any restriction we do agree to.
Right to confidential communications. You may request that we communicate with you about your health information through alternative means or at an alternative location (e.g., a specific email address).
Right to a copy of this Notice. You have the right to receive a paper or electronic copy of this Notice at any time, even if you have received it previously. Email admin@aere.health to request a copy.
Our Duties
Aere is required to maintain the privacy of your PHI, provide you with this Notice of our legal duties and privacy practices, and abide by the terms of the Notice currently in effect. We reserve the right to change this Notice and make new provisions effective for all PHI we maintain. Any revised Notice will be available on our website at aere.health/hipaa and will include the effective date prominently.
Complaints
If you believe your privacy rights have been violated, you may file a complaint with Aere by contacting admin@aere.health, or you may file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights, at www.hhs.gov/ocr. You will not be penalized or retaliated against for filing a complaint.
Effective Date
This Notice of Privacy Practices is effective April 1, 2026.
Contact: admin@aere.health