Privacy Policy

1. Information We Collect

We may collect the following categories of information:

• - Personal Identifiers: Name, email address, mailing address, phone number, and other information you voluntarily provide.
• - Mobile Communication Information: Your mobile number, opt-in timestamp, and records of SMS interactions with Enthea.
• - Website and Usage Information: IP address, browser type, and interaction data when you visit our website.
• - Health-Related Information (if voluntarily provided): Only to the extent necessary for coordinating benefits or services (subject to HIPAA protections where applicable).

2. Use of Information

We use collected information only as permitted by law and for the following business purposes:

• - To deliver the services you request or authorize, including SMS updates or benefit communications.
• - To provide operational notifications, such as reminders, support messages, or program eligibility notices.
• - To respond to your inquiries or communicate about our services in a non-marketing capacity.
• - To comply with legal obligations or respond to lawful requests from public authorities.

3. SMS Communications and TCPA Compliance

By voluntarily providing your mobile number and explicitly opting in to receive text messages, you consent to receive non-marketing SMS communications from Enthea.

These may include:

• - Appointment or enrollment reminders
• - Service or benefit notifications
• - Support communications related to your inquiry or account

Your consent to receive SMS messages is not a condition of receiving services. You may opt out at any time by replying “STOP.” Message and data rates may apply depending on your carrier plan.

We maintain secure records of your opt-in and opt-out activity for compliance purposes as required by TCPA and 10DLC regulations.

4. Data Sharing and 10DLC Compliance

Enthea adheres strictly to SMS industry regulations regarding data usage. In accordance with 10DLC guidelines and CTIA best practices:

• - We do NOT share, sell, rent, or disclose mobile information (including opt-in data and consent) to third parties or affiliates for marketing or promotional purposes.
• - We may disclose your information only to trusted third-party vendors or subcontractors solely for service delivery purposes (e.g., customer service platforms like Heymarket or benefit administrators), and only under written agreements requiring data protection.
• - Text messaging opt-in data and consent are excluded from all other use cases outside direct service support.

5. Legal Disclosures and HIPAA Considerations

Enthea does not transmit protected health information (PHI) via SMS.

If any PHI is collected for service coordination purposes, it is handled in compliance with the Health Insurance Portability and Accountability Act (HIPAA) and applicable state health privacy laws.

PHI is not shared via SMS unless explicitly authorized under a signed HIPAA-compliant consent form.

6. Security Measures

We implement industry-standard administrative, technical, and physical safeguards to protect your personal data against unauthorized access, disclosure, or misuse.

This includes encryption, access controls, and secure data storage protocols.

7. Your Rights and Choices

You may exercise the following rights, subject to verification and applicable law:

• - Opt out of SMS communications by replying “STOP” at any time.
• - Request access to or correction of your personal data by contacting us.
• - Request deletion of certain personal information, where required by law (e.g., CCPA/CPRA for California residents).

8. Data Retention

We retain personal and opt-in information only as long as necessary for operational purposes, legal compliance, or customer support.

SMS consent logs are maintained per 10DLC and carrier requirements.

9. Children’s Privacy

Enthea’s services are not intended for use by individuals under the age of 18, and we do not knowingly collect personal information from children without verified parental consent.

10. Changes to This Policy

We may update this Privacy Policy periodically.

All changes will be reflected with an updated “Last Updated” date at the top of this page.

Material changes will be communicated via email or prominent notice on our website.

11. Contact Information

If you have questions or requests related to this Privacy Policy, please contact:

Enthea Public Benefits Corporation

PO Box 600646 Newton, MA 02460

Email: info@enthea.com

Phone: 617-297-7237