Effective Date:
Applies To: activesos.com and all Active SOS mobile applications and services

Table of Contents

1. Who We Are
2. Information We Collect
3. How We Use Your Information
4. SMS and Text Message Program
5. Location Information
6. How We Share Your Information
7. HIPAA and Protected Health Information
8. Data Security
9. Your Rights and Choices
10. Children’s Privacy
11. Cookies and Tracking Technologies
12. Third-Party Links and Services
13. Changes to This Policy
14. Contact Us

1. Who We Are

Calm Water Trading LLC, doing business as Active SOS (‘Active SOS,’ ‘we,’ ‘our,’ or ‘us’) provides a safety alerting platform and a Remote Patient Monitoring (RPM) platform. Our services enable users to send alerts, share location with authorized contacts, and allow healthcare providers to monitor patient health status between clinical visits through automated SMS messaging, app-based alerts, and clinical dashboards.

This Privacy Policy explains how we collect, use, share, and protect information when you use our website (activesos.com), mobile application, or related services (collectively, the “Services”).

By using our Services, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use our Services.

2. Information We Collect

2.1 Information You Provide Directly

• Account and registration information: Name, email address, role (patient, caregiver, or clinician), and login credentials.
• Mobile phone number: Collected when you enroll in our SMS health monitoring program, either through a paper consent form at a point of care or by texting a keyword to our program number.
• Health and clinical information: Responses to health check-in questionnaires, symptom reports, and any information shared through the Active SOS platform as part of your care plan.
• Provider information: For healthcare providers, professional credentials, NPI numbers, practice affiliation, and billing information.

2.2 Information Collected Automatically

• Device identifiers, browser type, operating system, and IP address.
• Usage logs including pages visited, features used, and time stamps.
• SMS message delivery status and opt-in or opt-out events.

2.3 Information from Third Parties

• Healthcare providers may share patient information with us in order to enroll patients in the RPM program under a Business Associate Agreement (BAA).
• Electronic Health Record (EHR) systems may transmit demographic or clinical data under appropriate data-sharing agreements.

2.4 Location Information

With your permission, Active SOS accesses precise and, when available, approximate location from your device (for example, GPS coordinates). Section 5 explains how we use, share, and protect location data, and the choices you have over it.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Operating the Active SOS mobile application, including sending alerts with your location, live location sharing, live tracking for people you authorize, and showing you on a map.
• Delivering the Active SOS Remote Patient Monitoring service, including sending scheduled health check-in messages and clinical alerts via SMS.
• Enabling healthcare providers to review patient-reported data and respond to escalating health conditions.
• Sending you service-related communications including enrollment confirmations, program updates, and account notifications.
• Improving the quality and effectiveness of our platform through aggregated, de-identified analytics.
• Complying with applicable law, including HIPAA, state health privacy laws, and Telephone Consumer Protection Act (TCPA) requirements.
• Maintaining the security and integrity of our systems.

We do not use patient health information or location data for advertising, profiling, or any purpose unrelated to the delivery of Active SOS Services.

4. SMS and Text Message Program (Active SOS Health Monitoring)

Active SOS Health Monitoring SMS Program A2P 10DLC

Active SOS operates a healthcare Remote Patient Monitoring SMS program. Enrolled patients receive automated text messages that support clinical monitoring between provider visits.

4.1 How You Opt In

You may enroll in the Active SOS SMS program through one of the following methods:

• In-person consent form: A paper consent form signed at a hospital discharge appointment or physician office visit. The form includes the program description, message frequency disclosure, data rate notice, opt-out instructions, and links to this Privacy Policy and our Terms of Service.
• SMS keyword opt-in: Text START to the Active SOS program number provided by your healthcare provider. You will receive an immediate confirmation message.

4.2 Message Types and Frequency

Message frequency varies based on your individual care plan and clinical needs. Most enrolled patients receive at least one health check-in message per day. Depending on your diagnosis and care plan, you may receive additional messages. You will never receive messages unrelated to your health monitoring program.

Message and data rates may apply. Contact your wireless carrier for details about your plan’s messaging rates.

4.3 How to Opt Out

You may opt out of the Active SOS SMS program at any time by:

• Texting STOP to the Active SOS program number. You will receive a confirmation that you have been unenrolled and will receive no further messages.
• Contacting your healthcare provider to request removal from the program.
• Contacting Active SOS directly at privacy@activesos.com.

4.4 Help

Text HELP to the Active SOS program number to receive program information and support contact details. You may also reach us at support@activesos.com or visit activesos.com.

4.5 Mobile Number Privacy: No Sharing or Sale

We will never sell, rent, lease, or share your mobile phone number with any third party for their marketing or promotional purposes. Your mobile phone number is used exclusively to deliver health monitoring messages as part of the Active SOS Remote Patient Monitoring program. It is not shared with advertisers, data brokers, or any other commercial third parties.

The only parties that may have access to your mobile number in connection with the SMS program are:

• Your enrolling healthcare provider or practice (solely for clinical coordination purposes).
• Twilio, Inc., our SMS messaging service provider, acting as a data processor under a written agreement that restricts their use of your data.
• Entities required by applicable law, such as law enforcement agencies acting under valid legal process.

4.6 Supported Carriers

The Active SOS SMS program is supported by all major U.S. wireless carriers. Carriers are not liable for delayed or undelivered messages.

5. Location Information

This section explains how the Active SOS mobile application collects and handles location data.

5.1 What We Collect

With your permission, Active SOS accesses precise and, when available, approximate location from your device (for example, GPS coordinates).

5.2 Why We Use It

To run safety features: sending alerts with your location, live location sharing and live tracking for people you authorize, and showing you on a map. We may turn coordinates into a place or address for display.

5.3 When We Collect It

While you use features that need location. If you turn on live sharing, we may also collect location in the background. On Android, this may use a foreground service. Background collection continues until you stop sharing or end the session.

5.4 How We Share It

Location is sent to our servers and may be shared with other users you authorize (for example, group or linked members), including via real-time connections or standard internet requests.

5.5 Third Parties

Map and related providers may process data needed to show maps or location features, under their own policies.

5.6 Your Choices

You can turn off location permission or stop live sharing in the app or device settings. Some features may not work without location.

6. How We Share Your Information

We do not sell your personal information. We share information only in the following limited circumstances:

6.1 Authorized Contacts and Groups

We share your alerts, messages, and location with the contacts, groups, and care teams you have authorized within the Active SOS app. This sharing is the core function of the app and happens only with users you have explicitly added or invited.

6.2 Healthcare Providers

We share patient-reported data with the patient’s enrolling healthcare provider or practice for clinical monitoring purposes. This sharing is integral to the Active SOS RPM service.

6.3 Business Associates and Service Providers

We engage third-party vendors to operate our Services (such as cloud hosting, SMS delivery, map and location services, and analytics). These vendors act as Business Associates under HIPAA or as data processors under written agreements that prohibit them from using your data for any purpose other than providing services to Active SOS.

6.4 Legal Requirements

We may disclose information when required by law, legal process, or governmental authority, or when we believe disclosure is necessary to protect the rights, property, or safety of Active SOS, our users, or the public.

6.5 Business Transfers

If Active SOS is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

6.6 With Your Consent

We may share your information for purposes not described above with your explicit prior consent.

7. HIPAA and Protected Health Information

To the extent that Active SOS creates, receives, maintains, or transmits Protected Health Information (PHI) on behalf of a Covered Entity (such as a hospital or physician practice), Active SOS acts as a Business Associate as defined under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations.

In that capacity, Active SOS:

• Enters into a Business Associate Agreement (BAA) with each enrolling healthcare provider.
• Implements administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of PHI as required by the HIPAA Security Rule.
• Uses and discloses PHI only as permitted by the BAA and applicable law.
• Reports breaches of unsecured PHI as required under the HIPAA Breach Notification Rule.

Patients who wish to exercise rights under HIPAA (such as the right to access or amend PHI) should contact their healthcare provider, who is the Covered Entity responsible for maintaining those records.

8. Data Security

Active SOS uses industry-standard technical and organizational measures to protect your information, including:

• Encryption of data in transit (TLS 1.2 or higher) and at rest (AES-256).
• Role-based access controls limiting data access to authorized personnel.
• Regular security assessments and vulnerability monitoring.
• Multi-factor authentication for system access.

No method of electronic transmission or storage is 100 percent secure. If you believe your account has been compromised, contact us immediately at security@activesos.com.

9. Your Rights and Choices

9.1 Access and Correction

You may request access to or correction of the personal information we hold about you by contacting us at privacy@activesos.com.

9.2 Location Choices

You can turn off location permission or stop live sharing in the app or device settings. See Section 5.6 for details. Some features may not work without location.

9.3 Opt Out of SMS

Text STOP at any time to the Active SOS program number to unenroll from SMS messaging. See Section 4.3 for full opt-out details.

9.4 California Residents

California residents may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to delete personal information, and the right to opt out of the sale of personal information. Active SOS does not sell personal information. To submit a CCPA request, contact us at privacy@activesos.com.

9.5 Other State Privacy Laws

Residents of Virginia, Colorado, Connecticut, Texas, and other states with comprehensive privacy laws may have rights to access, correct, delete, or port their personal data, and to opt out of targeted advertising or profiling. Contact us to exercise these rights.

10. Children’s Privacy

The Active SOS platform is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13 without verifiable parental consent. If you believe we have inadvertently collected such information, please contact us at privacy@activesos.com and we will delete it promptly.

For minors ages 13 to 17 enrolled in RPM programs, parental or guardian consent is required prior to enrollment, and parental consent forms are included as part of the clinical intake process.

11. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to maintain session state, remember preferences, and analyze usage. We do not use advertising or cross-site tracking cookies. You may disable cookies in your browser settings. Some website features may not function properly if cookies are disabled.

12. Third-Party Links and Services

Our Services may contain links to third-party websites or services, and the Active SOS mobile application uses third-party providers for maps and location services as described in Sections 5 and 6. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through our platform.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will update the “Last Updated” date at the top of this page and, where appropriate, notify enrolled users via SMS or email. Your continued use of the Services after the effective date of the updated policy constitutes your acceptance of the changes.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us: