8 Total
3 High severity
5 Medium severity
0 Low severity
Summary

This is Ro's Privacy Policy, which governs how the company collects and uses personal and health information from patients and visitors across its telehealth services including weight loss, sexual health, fertility, and dermatology programs. The policy discloses that Ro may share health-related behavioral data with advertising and analytics partners, including through pixel tracking technologies embedded in the platform, and that this data sharing may occur outside of HIPAA-protected channels for patients whose interactions do not constitute a covered healthcare transaction. The policy also states that Ro may sell or share personal information as defined under California law, and that California residents have the right to opt out of such sales or sharing.

Technical / Legal Breakdown

This document is Ro's consumer-facing Privacy Policy governing the collection, use, disclosure, and retention of personal information across Ro's telehealth platform, which includes services such as Roman, Ro Derm, and Ro Fertility. The policy states that Ro collects identifiers, health and medical information, financial data, device and usage information, and communications content, and the terms authorize sharing this information with affiliated entities, healthcare providers, pharmacies, payment processors, analytics vendors, advertising partners, and data brokers for marketing purposes. Notably, the policy discloses that pixel tracking technologies from advertising platforms including Meta and Google may receive health-related behavioral data generated during the patient intake and checkout flows, an operational pattern that has drawn regulatory scrutiny in the digital health sector under FTC consumer protection authority and HHS guidance on HIPAA-regulated entities. The policy engages HIPAA with respect to protected health information handled by Ro's affiliated medical practices, CCPA/CPRA for California residents, and FTC Act standards applicable to consumer-facing health data practices; the policy's disclosure that non-HIPAA-covered data flows may be used for advertising purposes warrants evaluation under applicable state health privacy laws, including Washington's My Health MY Data Act and similar statutes enacted in multiple states. Compliance teams should note that the stated uses of health-related data for advertising and the deployment of third-party tracking technologies in clinical intake flows create heightened regulatory exposure in jurisdictions with expanded health data protections.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Get Compliance
High — 3 provisions
Medium — 5 provisions

Monitoring

Ro has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Get Monitor Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Get Compliance

Cross-platform context

See how other platforms handle Collection of Sensitive Health and Financial Information and similar clauses.

Compare across platforms →

Related Analysis

AI Governance · May 12, 2026
AI Training Data Provisions Across Major Platforms: A Provision-Level Comparison

How 10 AI platforms describe the use of user data for model training, improvement, and development, based on archived governance provisions.

Privacy · April 16, 2026
What Google Actually Knows About You

Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.

Privacy · April 14, 2026
Deleted Claude Conversations Aren't Gone for 30 Days

Anthropic is more transparent than most AI companies about data retention. Here's exactly what happens when you delete your data, and how t…

Consumer Rights · April 21, 2026
Robinhood's Agreement Authorizes Position Liquidation Without Prior Notice

Buried in Robinhood's customer agreement is broad authority to close your positions, suspend your account, and force arbitration. Here is w…

Governance · June 2, 2026
The Quiet Expansion of Mandatory Arbitration Across Digital Platforms

561 arbitration provisions across 197 platforms. ConductAtlas tracks how dispute resolution is being restructured across the internet.

Archival ProvenanceSource & Archival Record
Last Captured July 5, 2026 02:09 UTC
Capture Method Automated scheduled archival capture
Document ID CA-D-000905
Version ID CA-V-004489
SHA-256 fd8e38702aa47447615a3625653591159b0e77ea6255a1ce4be0d067ec9913a4
✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Hash verified

Governance Monitoring

Monitor governance changes across the platforms you rely on.

Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.

Create free account Compare plans