Skip to main content
Back to home

Privacy Policy

Last updated: January 30, 2026

Drift, developed by iSleep Health Services, is committed to protecting your privacy and ensuring the security of your personal and health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our CPAP patient compliance platform, including our website, mobile application, and related services.

Information We Collect

Protected Health Information (PHI)

To provide you with CPAP therapy compliance tracking and personalized recommendations, we collect:

  • Full name, date of birth, and contact information
  • Medical history, diagnoses, and CPAP prescriptions
  • Insurance information and billing details
  • Emergency contact and next-of-kin information

Device and Usage Data

Your CPAP device transmits therapy data directly to our secure servers for analysis and compliance monitoring:

  • Nightly usage statistics (hours worn, therapy events)
  • Clinical metrics (AHI, leak, pressure settings)
  • Device model, serial number, and firmware version
  • Data synchronization timestamps

Platform Interaction Data

We collect information about how you interact with our platform:

  • Login times and access patterns
  • Pages viewed and features used
  • Messages sent through our support or communication features
  • Device type, operating system, and browser information

How We Use Your Information

Patient Care:

To provide, maintain, and improve your CPAP therapy compliance tracking, generate therapy reports, and deliver personalized recommendations to optimize your treatment outcomes.

Provider Communication:

To share your therapy data and compliance information with your healthcare providers, physicians, and insurance companies as necessary for treatment coordination and coverage verification.

Notifications & Support:

To send you therapy reminders, alerts about compliance concerns, educational information, and customer support communications.

Administrative:

To process payments, manage billing, verify insurance coverage, and handle account administration.

Safety & Compliance:

To prevent fraud, maintain system security, comply with legal requirements, and enforce our terms of service.

Research & Quality:

To conduct de-identified research to improve our products and services, only with your explicit consent where required by law.

HIPAA Compliance

Drift is a HIPAA-compliant platform developed in accordance with the Health Insurance Portability and Accountability Act of 1996. As a healthcare technology provider, we maintain comprehensive compliance with HIPAA regulations to protect your protected health information.

We have executed Business Associate Agreements (BAAs) with healthcare providers and organizations as required. Our security safeguards ensure that only authorized healthcare personnel and administrative staff access your health information for treatment, payment, or healthcare operations purposes.

You have the right to request our Privacy Notices and to understand how your health information is being used and shared. For HIPAA-related inquiries, please contact our Privacy Officer at privacy@isleephealth.com.

Data Security Measures

We employ industry-leading security measures to protect your information:

Encryption:All data transmitted to and from our servers is encrypted using TLS 1.3 or higher. Stored data is encrypted at rest using AES-256.
Authentication:Multi-factor authentication is available and recommended for all users. Passwords are salted and hashed using industry-standard algorithms.
Access Controls:Role-based access control ensures employees only access data necessary for their job functions. All access is logged and monitored.
Monitoring:We continuously monitor our systems for security threats, conduct regular penetration testing, and maintain 24/7 security operations.
Incident Response:We maintain an incident response plan and will notify affected individuals of any security breaches as required by law.
Data Centers:Our servers are hosted in HIPAA-compliant data centers with redundant security systems, biometric access controls, and continuous surveillance.

Data Retention

We retain your personal and health information for as long as necessary to provide you with our services and comply with legal obligations.

Retention Periods:

  • Active Accounts: Information is retained for the duration of your active subscription plus 2 years for compliance purposes.
  • Therapy Data: CPAP device data is retained for at least 7 years as required by Medicare compliance standards.
  • Billing Records: Financial and insurance records are retained for 10 years to meet regulatory requirements.
  • Support Communications: Chat and support tickets are retained for 3 years.

After retention periods expire, we securely destroy or anonymize your information. You may request deletion of your account at any time, subject to legal and regulatory requirements.

Your Privacy Rights

Under HIPAA and applicable privacy laws, you have the following rights regarding your health information:

Right to Access

You have the right to access, review, and obtain a copy of your personal and health information. We will provide this within 30 days of your request in an electronic or paper format of your choice.

Right to Correction

If you believe your information is incomplete or inaccurate, you can request correction. We will review your request and update records within 60 days, or explain why correction is not appropriate.

Right to Deletion

You may request deletion of your account and associated personal information, subject to legal retention requirements. Some information may be retained to comply with healthcare, tax, and regulatory obligations.

Right to Privacy

You have the right to request restrictions on how your information is used and disclosed. We will comply with reasonable requests, though some uses may be necessary for treatment or required by law.

Right to Accounting of Disclosures

You can request a list of individuals and organizations to whom we have disclosed your health information over the past six years.

Right to Portable Data

You can request your health information in a portable, electronic format to transfer to another healthcare provider or service.

To exercise any of these rights, contact us at privacy@isleephealth.com or call 1-800-555-0199.

Third-Party Services

We partner with trusted third-party services to support our platform. All third parties are required to maintain the same level of privacy and security as we do, and are bound by Business Associate Agreements.

Categories of Third Parties:

  • Healthcare Providers: Your healthcare team may access your data with your authorization.
  • Insurance Companies: To verify coverage and process claims.
  • Cloud Infrastructure: Secure HIPAA-compliant servers managed by AWS or Microsoft Azure.
  • Payment Processors: Encrypted transactions through PCI-DSS compliant processors.
  • Analytics: De-identified, aggregated analytics to improve our service.

We do not sell your personal or health information to third parties for marketing purposes. Your data is shared only as necessary for treatment, payment, healthcare operations, or with your explicit consent.

Contact Information

If you have questions about this Privacy Policy or your information, or if you wish to exercise your privacy rights, please contact us:

Email

privacy@isleephealth.com

Phone

1-800-555-0199

Mailing Address

iSleep Health Services
Privacy Department
450 Market Street, Suite 1200
San Francisco, CA 94102
USA

Response Time

We will respond to privacy inquiries within 30 business days.

Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by updating the “Last Updated” date and posting the revised policy on our website.

Your continued use of Drift after such modifications constitutes your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically to stay informed about how we protect your information.

Commitment to Your Privacy

Drift is committed to maintaining the highest standards of privacy and security. We understand that your health information is sensitive and personal. Every member of our team is trained to respect your privacy, and we continuously invest in technologies and practices to protect your data. Your trust is essential to us, and we take that responsibility seriously.

Back to home

© 2026 iSleep Health Services