Track 3 platforms and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
This is Ro's Privacy Policy, which governs how the company collects and uses personal and health information from patients and visitors across its telehealth services including weight loss, sexual health, fertility, and dermatology programs. The policy discloses that Ro may share health-related behavioral data with advertising and analytics partners, including through pixel tracking technologies embedded in the platform, and that this data sharing may occur outside of HIPAA-protected channels for patients whose interactions do not constitute a covered healthcare transaction. The policy also states that Ro may sell or share personal information as defined under California law, and that California residents have the right to opt out of such sales or sharing.
This document is Ro's consumer-facing Privacy Policy governing the collection, use, disclosure, and retention of personal information across Ro's telehealth platform, which includes services such as Roman, Ro Derm, and Ro Fertility. The policy states that Ro collects identifiers, health and medical information, financial data, device and usage information, and communications content, and the terms authorize sharing this information with affiliated entities, healthcare providers, pharmacies, payment processors, analytics vendors, advertising partners, and data brokers for marketing purposes. Notably, the policy discloses that pixel tracking technologies from advertising platforms including Meta and Google may receive health-related behavioral data generated during the patient intake and checkout flows, an operational pattern that has drawn regulatory scrutiny in the digital health sector under FTC consumer protection authority and HHS guidance on HIPAA-regulated entities. The policy engages HIPAA with respect to protected health information handled by Ro's affiliated medical practices, CCPA/CPRA for California residents, and FTC Act standards applicable to consumer-facing health data practices; the policy's disclosure that non-HIPAA-covered data flows may be used for advertising purposes warrants evaluation under applicable state health privacy laws, including Washington's My Health MY Data Act and similar statutes enacted in multiple states. Compliance teams should note that the stated uses of health-related data for advertising and the deployment of third-party tracking technologies in clinical intake flows create heightened regulatory exposure in jurisdictions with expanded health data protections.
Institutional analysis available with Compliance
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.
Get ComplianceMonitoring
Ro has updated this document before.
Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
Compliance Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Get ComplianceCross-platform context
See how other platforms handle Collection of Sensitive Health and Financial Information and similar clauses.
Compare across platforms →How 10 AI platforms describe the use of user data for model training, improvement, and development, based on archived governance provisions.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Anthropic is more transparent than most AI companies about data retention. Here's exactly what happens when you delete your data, and how t…
Buried in Robinhood's customer agreement is broad authority to close your positions, suspend your account, and force arbitration. Here is w…
561 arbitration provisions across 197 platforms. ConductAtlas tracks how dispute resolution is being restructured across the internet.
Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.