Privacy Policy

Steady Health, Inc., its affiliates, and/or its contracted medical practice entities (collectively “Steady Health”, “the Companies”, “we”, “us”) are committed to protecting your privacy. This Privacy Policy (this “Policy”) describes how and why we collect information from you or about you through our mobile application (the “App”), website (together with the App, the “Site”), and the services provided in connection with the Site (“Services”), and how we might use or disclose this information. By accessing or using our Site and/or Services, you consent to the collection, use, disclosure, and display of personal health information and other personal information in accordance with this Policy.  This Policy is incorporated by reference into the Terms of Use (“Terms of Use”) and subject to the provisions thereof.  Please note that, unless we define a term in this Policy, all capitalized terms used herein have the same meanings as in our Terms of Use. Please therefore make sure that you have read and understand our Terms of Use.

When you use our Site or Services, Steady Health may receive protected health information and we may collect, use, and disclose other personally identifiable information. Under the Health Insurance Portability and Accountability Act and its implementing regulations (“HIPAA”), certain demographic, health, and/or health-related information that Steady Health receives from and shares with your health care providers, including but not limited to Steady Health Medical Group, as part of providing the Services may be considered “protected health information” or “PHI.” HIPAA provides specific protections for the privacy and security of PHI and restricts how PHI is used and disclosed. Steady Health may only use and disclose your PHI in the ways set forth in the Notice of Privacy Practices or as otherwise in compliance with HIPAA. In addition, personally identifiable information (“PII”), as used in this Policy, is information that specifically identifies an individual, such as an individual’s name, address, telephone number, e-mail address, or other similar information that can be used to identify you. PII also includes information about an individual’s activity on our Site, including profile information and other identifiable information entered by the individual.  PHI and PII are collectively referred to in this Policy as “Your Information.”

Your Information does not include “aggregate” or other non-personally identifiable information. Aggregate information is information that we collect about a group or category of products, services, or users that is not personally identifiable or from which individual identities are removed. We may use and disclose aggregate information, and other non-personally identifiable information, for various purposes, including, without limitation, to improve and promote the Site or Services.

INFORMATION WE COLLECT

Information you provide us 

  • User Accounts and Profiles. Our Site may give you the ability to register for an account or to create and update a user profile. If we offer user account or profile functionality on the Site, we will collect Your Information as provided to use in the course of registering for an account or creating or updating a user profile. This information may include, for example, name, postal address and zip code, telephone number, e-mail address, information about your health, and related demographic information. We may indicate that some of Your Information is required for you to register for the account or to create the profile, while some may be optional. Failure to provide any required information may affect your ability to use or enjoy all functionalities of the Site or Services. If you create an account through the Site, we may also collect your title, birth date, gender, occupation, industry, personal interests, and other information that is not considered PII because it cannot be used by itself to identify you.

  • Interactive Features. Our Site may contain interactive functionality that allows you to engage with the Services, post comments to forums, upload photographs and other content (the “User Materials”), participate in surveys, track certain activities, and otherwise interact with the Site and with other users. If you use any interactive functionality on our Site, we collect that information that you provide to us in the course of using these interactive features.

  • Correspondence. If you contact us by e-mail, using a contact form on the Site, or by mail, fax, or other means, we collect Your Information as contained within, and associated with, your correspondence.

  • Certain Outside Activities. We and other business partners may collect information from you about your activities outside of the Site, including but not limited to, your selected providers, treatment plans, and the monitoring of your treatment.  In these instances, our business partners may collect Your Information, and such information may be shared with us.

Information we collect automatically.

When you visit our Site, some information is collected automatically. This includes:

  • your browser type and operating system

  • Your device type (for example, if you are on a computer or iPhone)

  • Information Sent by your mobile device. We collect certain information that your mobile device sends when you use our Site, like a device identifier, user settings and the operating system of your device, as well as information about your use of our Site. You understand that, by logging into the App on your mobile device, some information pertaining to your medical treatment may be stored to your mobile device. We are not responsible for any unauthorized access by any third party to such information on your mobile device.

  • Your Internet Protocol (IP) address, which can sometimes be used to derive your general geographic location. When you use our App, we may collect and store information about your location by converting your IP address into a rough geo-location or by accessing your mobile device’s GPS coordinates or course location if you enable location services on your device. We may use location information to improve and personalize our App for you. If you do not want us to collect location information, you may disable that feature on your mobile device.

  • Server logs and other communication data

  • How you found your way to our Site (for example, if you clicked on a link from a social network)

  • Actions you take on our Site, and the content, features, and activities that you access and participate in on our Site

  • Information regarding your interaction with e-mail messages, such as whether you opened, clicked on, or forwarded a message

  • Information collected through cookies, Web beacons, and other similar Internet technologies, as further detailed below

Cookies and Tracking Technology

A "cookie" is a small data file that certain websites write to your hard drive when you visit them. A cookie file can contain information such as a user ID that the website uses to track the pages you've visited, but the only PII a cookie can contain is information you supply yourself. A cookie can't read data off your hard disk or read cookie files created by other websites. Some parts of the Site use cookies to understand user traffic patterns and to tell us how and when you interact with our Site. We do this in order to determine the usefulness of our Site information to our users, to see how effective our navigational structure is in helping users reach that information and to customize and improve our Site. Unlike persistent cookies, session cookies are deleted when you log off from the Site and close your browser. If you prefer not to receive cookies while browsing our website, you can set your browser to warn you before accepting cookies and refuse the cookie when your browser alerts you to its presence. You can also refuse all cookies by turning them off in your browser. You do not need to have cookies turned on to use/navigate through many parts of our Site, although if you do so, you may not be able to access all portions or features of the Site. Some third-party services providers that we engage (including third-party advertisers) may also place their own cookies on your hard drive. Note that this Policy covers only our use of cookies and does not include use of cookies by such third parties.

"Web Beacons" (also known as Web bugs, pixel tags or clear GIFs) are tiny graphics with a unique identifier that may be included on our Site for several purposes, including to deliver or communicate with cookies, to track and measure the performance of our Site, to monitor how many visitors view our Site, and to monitor the effectiveness of our advertising. Unlike cookies, which are stored on the User’s hard drive, Web Beacons are typically embedded invisibly on web pages (or in an e-mail).

Information from Other Sources

We may receive information about you, including PHI and personal information from third parties, including our affiliates and any of our service providers, and may combine this information with Your Information that we maintain about you. If we do so, this Policy governs any combined information that we maintain in personally identifiable format.

Use of Your Information

We use Your Information to provide services and information that you request; to enhance, improve, operate, and maintain our Site and Services, our programs, and other systems; to display personalized health content and appointment reminders; to prevent fraudulent use of our Site, Services and other systems; to prevent or take action against activities that are, or may be, in violation of our Terms of Use or applicable law; to tailor content and other aspects of your experience on and in connection with the Site and Services; to maintain a record of our interactions with you; for other administrative purposes; for any other purposes that we may disclose to you at the point in which we request Your Information; and pursuant to your authorization.

Sharing Your Information

  • Except as described in this Policy, we will not disclose Your Information that we collect or display on the Site to third parties without your authorization. We may disclose information to third parties if you consent to us doing so, as well as in the following circumstances:

  • Trusted Third-Party Service Providers. To the extent legally permissible, we may disclose and/or exchange Your Information to third-party service providers (e.g., administrative services companies, marketing partners, application developers, data hosting, and processing providers) that assist us in our operations. We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions and we require them to expressly agree to maintain the confidentiality of such information.

  • Health Care Service Providers. To the extent legally permissible, we may also disclose Your Information to your health care service providers for purposes of medical treatment, consultation, appointment reminders, to disclose your use of the Services, and to deliver content specific to your health condition and other similar activities as applicable.

  • Business Decisions. To the extent legally permissible, we may disclose Your Information to third parties if we are involved in a merger, acquisition, or sale of any or all of our business and/or our assets to a third party.

  • Legal Compliance. We cooperate with government and law enforcement officials or private parties to enforce and comply with the law. To the extent legally permissible, we may disclose Your Information if we have a good faith belief that disclosure is necessary to:

    • respond to claims;

    • comply with applicable laws, regulations, legal process (such as a subpoena), or enforceable government request;

    • as required in accordance with HIPAA or related applicable local, state or federal laws (please refer to the Notice of Privacy Policies);

    • stop any activity that we consider illegal, unethical or legally actionable activity;

    • enforce applicable Terms of Use or Member Agreements, including investigation of potential violations of such Terms of Use or Member Agreements, or to detect, prevent, or otherwise address fraud, security or technical issues; and

    • Protect against harms to the rights, property, or safety of Steady Health, our Users, or the public as required or permitted by law.

Choice

If you authorize integration of your PHI into the Services, you may revoke this authorization at any time by contacting legal@steady.health.

If you receive e-mail from us, you may unsubscribe at any time by following instructions contained within the e-mail. Additionally, if we offer user account functionality on the Site, we may allow you to view and modify settings relating to the nature and frequency of promotional communications that you receive from us. We do need to send you certain communications regarding the Site or Services and you will not be able to opt out of those communications – e.g., communications regarding updates to our Terms of Use, this Policy, Member Agreements or information about billing.

Review and Correction of Your Information

You may review and edit the information Steady Health collected about you at any time by contacting us at the addresses below. If your information has been shared with a third party, as described elsewhere in this Policy, then that third party has received its own copy of your data. If you have been contacted by one of these third parties and wish to correct or delete your information, please contact them directly.

Third Party Websites

Steady Health’s Site may contain links to other websites, including those of third parties or business partners. If you choose to visit or use any third-party sites or products or services available on or through such third-party sites, please be aware that this Policy will not apply to your activities or any information you disclose while using those third-party sites or any products or services available on or through such third-party sites. We are not responsible for the content, privacy or security practices of any third parties. To protect your information, we encourage you to learn about the privacy policies of those third parties. Additionally, please be aware that the Services may contain links to websites and services that we operate, but that are governed by different privacy policies. We encourage you to carefully review the privacy policies applicable to any website or service you visit other than our Site before providing any of Your Information on them.

Minors

The safety of minors is important to us, and we encourage parents and guardians to take an active interest in the online activities of their children. Our Site or Services are not directed to minors under the age of 18.  We will abide by the Children’s Online Privacy Protection Act (“COPPA”) and will never knowingly request personally identifiable information from anyone under the age of 18. In the event we discover we have collected information from a child under 18 years of age, we will immediately delete the information.

International Visitors and the Privacy Shield

Our Services are hosted and operated in the United States (“US”) and are intended for Users located within the US. You may not access, view or use the Site if you are located outside of the US.  If you accessing our Site from outside the US notwithstanding the foregoing, please be advised that US law may not offer the same privacy protections as the law of your jurisdiction. Those who choose to access and use the Service from outside the U.S. do so on their own initiative, at their own risk, and are responsible for compliance with applicable laws.

California Privacy Rights

California law allows California residents to ask companies with whom they have an established business relationship to provide certain information about the companies’ sharing of personal information with third parties for direct marketing purposes. Under California Civil Code Section 1789.3, California users are entitled to the following specific consumer rights notice: If you have a question or complaint regarding the Website, please send an email to legal@steady.health. You may also contact us by writing to Steady Health Inc., 100 Bush Street Suite 1600, San Francisco, CA 94104. California residents may reach the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs may be contacted in writing at 400 R Street, Suite 1080, Sacramento, California 95814, or by telephone at (916) 445-1254 or (800) 952-5210.

Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to ask for a notice identifying the categories of PII which we share with certain third parties for direct marketing purposes under certain circumstances and providing contact information for such third parties. If you are a California resident and would like a copy of this notice, please submit a written request to: Steady Health Inc., 100 Bush Street, Suite 1600, San Francisco, CA 94104.

We do not share any California consumer personal information with third parties for marketing purposes without consent.

California customers who wish to request further information about our compliance with this law or have questions or concerns about our privacy practices may contact us using the contact information set forth below.

Security

Your Information as provided to us through the Services will be stored in a secure manner. We have implemented a variety of commercially standard encryption and security technologies and procedures to protect Your Information stored in our computer systems from unauthorized access. Please be aware, however, that no data security measures can be guaranteed to be completely effective. Consequently, we cannot ensure or warrant the security of any information that you provide to us. You transmit information to us at your own risk.

Updates to this Policy

We may occasionally update this Policy. When we do, we will also revise the “last updated” date at the beginning of the Policy. Your continued use of our Site or Services after such changes will be subject to the then-current policy. If we change this Policy in a manner that is materially less restrictive of our use or disclosure of Your Information, we will use reasonable efforts to notify you of the change and to obtain your consent prior to applying the change to any of Your Information that we collected from you prior to the date the change becomes effective. We encourage you to periodically review this Policy to stay informed about how we collect, use, and disclose Your Information.

Contacting Us

If you have any questions or comments about this Policy, please email us at legal@steady.health or send us a letter at:

Steady Health

ATTN: Privacy Officer

100 Bush Street,

Suite 1600

San Francisco, CA 94104

Terms and Privacy

© 2019 Steady Health, Inc.

Last Updated:  April 3, 2019