When you use our Site or Services, Steady Health may receive protected health information and we may collect, use, and disclose other personally identifiable information. Under the Health Insurance Portability and Accountability Act and its implementing regulations (“HIPAA”), certain demographic, health, and/or health-related information that Steady Health receives from and shares with your health care providers, including but not limited to Steady Health Medical Group, as part of providing the Services may be considered “protected health information” or “PHI.” HIPAA provides specific protections for the privacy and security of PHI and restricts how PHI is used and disclosed. Steady Health may only use and disclose your PHI in the ways set forth in the Notice of Privacy Practices or as otherwise in compliance with HIPAA. In addition, personally identifiable information (“PII”), as used in this Policy, is information that specifically identifies an individual, such as an individual’s name, address, telephone number, e-mail address, or other similar information that can be used to identify you. PII also includes information about an individual’s activity on our Site, including profile information and other identifiable information entered by the individual. PHI and PII are collectively referred to in this Policy as “Your Information.”
Your Information does not include “aggregate” or other non-personally identifiable information. Aggregate information is information that we collect about a group or category of products, services, or users that is not personally identifiable or from which individual identities are removed. We may use and disclose aggregate information, and other non-personally identifiable information, for various purposes, including, without limitation, to improve and promote the Site or Services.
User Accounts and Profiles. Our Site may give you the ability to register for an account or to create and update a user profile. If we offer user account or profile functionality on the Site, we will collect Your Information as provided to use in the course of registering for an account or creating or updating a user profile. This information may include, for example, name, postal address and zip code, telephone number, e-mail address, information about your health, and related demographic information. We may indicate that some of Your Information is required for you to register for the account or to create the profile, while some may be optional. Failure to provide any required information may affect your ability to use or enjoy all functionalities of the Site or Services. If you create an account through the Site, we may also collect your title, birth date, gender, occupation, industry, personal interests, and other information that is not considered PII because it cannot be used by itself to identify you.
Interactive Features. Our Site may contain interactive functionality that allows you to engage with the Services, post comments to forums, upload photographs and other content (the “User Materials”), participate in surveys, track certain activities, and otherwise interact with the Site and with other users. If you use any interactive functionality on our Site, we collect that information that you provide to us in the course of using these interactive features.
Correspondence. If you contact us by e-mail, using a contact form on the Site, or by mail, fax, or other means, we collect Your Information as contained within, and associated with, your correspondence.
Certain Outside Activities. We and other business partners may collect information from you about your activities outside of the Site, including but not limited to, your selected providers, treatment plans, and the monitoring of your treatment. In these instances, our business partners may collect Your Information, and such information may be shared with us.
Information we collect automatically. When you visit our Site, some information is collected automatically. This includes:
your browser type and operating system
Your device type (for example, if you are on a computer or iPhone)
Information Sent by your mobile device. We collect certain information that your mobile device sends when you use our Site, like a device identifier, user settings and the operating system of your device, as well as information about your use of our Site. You understand that, by logging into the App on your mobile device, some information pertaining to your medical treatment may be stored to your mobile device. We are not responsible for any unauthorized access by any third party to such information on your mobile device.
Your Internet Protocol (IP) address, which can sometimes be used to derive your general geographic location. When you use our App, we may collect and store information about your location by converting your IP address into a rough geo-location or by accessing your mobile device’s GPS coordinates or course location if you enable location services on your device. We may use location information to improve and personalize our App for you. If you do not want us to collect location information, you may disable that feature on your mobile device.
Server logs and other communication data
How you found your way to our Site (for example, if you clicked on a link from a social network)
Actions you take on our Site, and the content, features, and activities that you access and participate in on our Site
Information regarding your interaction with e-mail messages, such as whether you opened, clicked on, or forwarded a message
Information collected through cookies, Web beacons, and other similar Internet technologies, as further detailed below
"Web Beacons" (also known as Web bugs, pixel tags or clear GIFs) are tiny graphics with a unique identifier that may be included on our Site for several purposes, including to deliver or communicate with cookies, to track and measure the performance of our Site, to monitor how many visitors view our Site, and to monitor the effectiveness of our advertising. Unlike cookies, which are stored on the User’s hard drive, Web Beacons are typically embedded invisibly on web pages (or in an e-mail).
We may receive information about you, including PHI and personal information from third parties, including our affiliates and any of our service providers, and may combine this information with Your Information that we maintain about you. If we do so, this Policy governs any combined information that we maintain in personally identifiable format.
Except as described in this Policy, we will not disclose Your Information that we collect or display on the Site to third parties without your authorization. We may disclose information to third parties if you consent to us doing so, as well as in the following circumstances:
Trusted Third-Party Service Providers. To the extent legally permissible, we may disclose and/or exchange Your Information to third-party service providers (e.g., administrative services companies, marketing partners, application developers, data hosting, and processing providers) that assist us in our operations. We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions and we require them to expressly agree to maintain the confidentiality of such information.
Health Care Service Providers. To the extent legally permissible, we may also disclose Your Information to your health care service providers for purposes of medical treatment, consultation, appointment reminders, to disclose your use of the Services, and to deliver content specific to your health condition and other similar activities as applicable.
Business Decisions. To the extent legally permissible, we may disclose Your Information to third parties if we are involved in a merger, acquisition, or sale of any or all of our business and/or our assets to a third party.
Legal Compliance. We cooperate with government and law enforcement officials or private parties to enforce and comply with the law. To the extent legally permissible, we may disclose Your Information if we have a good faith belief that disclosure is necessary to:
respond to claims;
comply with applicable laws, regulations, legal process (such as a subpoena), or enforceable government request;
as required in accordance with HIPAA or related applicable local, state or federal laws (please refer to the Notice of Privacy Policies);
stop any activity that we consider illegal, unethical or legally actionable activity;
Protect against harms to the rights, property, or safety of Steady Health, our Users, or the public as required or permitted by law.
If you authorize integration of your PHI into the Services, you may revoke this authorization at any time by contacting email@example.com.
You may review and edit the information Steady Health collected about you at any time by contacting us at the addresses below. If your information has been shared with a third party, as described elsewhere in this Policy, then that third party has received its own copy of your data. If you have been contacted by one of these third parties and wish to correct or delete your information, please contact them directly.
Steady Health’s Site may contain links to other websites, including those of third parties or business partners. If you choose to visit or use any third-party sites or products or services available on or through such third-party sites, please be aware that this Policy will not apply to your activities or any information you disclose while using those third-party sites or any products or services available on or through such third-party sites. We are not responsible for the content, privacy or security practices of any third parties. To protect your information, we encourage you to learn about the privacy policies of those third parties. Additionally, please be aware that the Services may contain links to websites and services that we operate, but that are governed by different privacy policies. We encourage you to carefully review the privacy policies applicable to any website or service you visit other than our Site before providing any of Your Information on them.
The safety of minors is important to us, and we encourage parents and guardians to take an active interest in the online activities of their children. Our Site or Services are not directed to minors under the age of 18. We will abide by the Children’s Online Privacy Protection Act (“COPPA”) and will never knowingly request personally identifiable information from anyone under the age of 18. In the event we discover we have collected information from a child under 18 years of age, we will immediately delete the information.
Our Services are hosted and operated in the United States (“US”) and are intended for Users located within the US. You may not access, view or use the Site if you are located outside of the US. If you accessing our Site from outside the US notwithstanding the foregoing, please be advised that US law may not offer the same privacy protections as the law of your jurisdiction. Those who choose to access and use the Service from outside the U.S. do so on their own initiative, at their own risk, and are responsible for compliance with applicable laws.
California law allows California residents to ask companies with whom they have an established business relationship to provide certain information about the companies’ sharing of personal information with third parties for direct marketing purposes. Under California Civil Code Section 1789.3, California users are entitled to the following specific consumer rights notice: If you have a question or complaint regarding the Website, please send an email to firstname.lastname@example.org. You may also contact us by writing to Steady Health Inc., 100 Bush Street Suite 1600, San Francisco, CA 94104. California residents may reach the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs may be contacted in writing at 400 R Street, Suite 1080, Sacramento, California 95814, or by telephone at (916) 445-1254 or (800) 952-5210.
Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to ask for a notice identifying the categories of PII which we share with certain third parties for direct marketing purposes under certain circumstances and providing contact information for such third parties. If you are a California resident and would like a copy of this notice, please submit a written request to: Steady Health Inc., 100 Bush Street, Suite 1600, San Francisco, CA 94104.
We do not share any California consumer personal information with third parties for marketing purposes without consent.
California customers who wish to request further information about our compliance with this law or have questions or concerns about our privacy practices may contact us using the contact information set forth below.
Your Information as provided to us through the Services will be stored in a secure manner. We have implemented a variety of commercially standard encryption and security technologies and procedures to protect Your Information stored in our computer systems from unauthorized access. Please be aware, however, that no data security measures can be guaranteed to be completely effective. Consequently, we cannot ensure or warrant the security of any information that you provide to us. You transmit information to us at your own risk.
We may occasionally update this Policy. When we do, we will also revise the “last updated” date at the beginning of the Policy. Your continued use of our Site or Services after such changes will be subject to the then-current policy. If we change this Policy in a manner that is materially less restrictive of our use or disclosure of Your Information, we will use reasonable efforts to notify you of the change and to obtain your consent prior to applying the change to any of Your Information that we collected from you prior to the date the change becomes effective. We encourage you to periodically review this Policy to stay informed about how we collect, use, and disclose Your Information.
If you have any questions or comments about this Policy, please email us at email@example.com or send us a letter at:
ATTN: Privacy Officer
100 Bush Street,
San Francisco, CA 94104
© 2019 Steady Health, Inc.
Last Updated: April 1, 2019