Privacy Policy

Steady Health, Inc. and its affiliates including Steady Health Medical Group (collectively “Steady Health”, “the Companies”, “we”, “us”) are committed to protecting your privacy. We want you to understand how we use and disclose information so you can interact with Steady Health and our services (“Services”) with confidence. By using our Services, you consent to the collection, use, disclosure, and display of personal health information and other personal information in accordance with this Policy. This Policy is incorporated by reference into the Terms of Use (“Terms of Use”) and subject to the provisions thereof.

When you use our Services, Steady Health may receive protected health information and we may collect, use, and disclose other personally identifiable information. Under the Health Insurance Portability and Accountability Act and its implementing regulations (“HIPAA”), certain demographic, health, and/or health-related information that Steady Health receives from and shares with your health care providers, including but not limited to Steady Health Medical Group PC, as part of providing the Services may be considered “protected health information” or “PHI.” HIPAA provides specific protections for the privacy and security of PHI and restricts how PHI is used and disclosed. Steady Health may only use and disclose your PHI in the ways permitted by you in the HIPAA Privacy Authorization provided under the Terms of Use and upon your login to your account with the Service or otherwise in compliance with HIPAA. In addition, “personally identifiable information,” as used in this Policy, is information that specifically identifies an individual, such as an individual’s name, address, telephone number, e-mail address, or other similar information that can be used to identify you. Personally identifiable information also includes information about an individual’s activity on our Service, including profile information and other identifiable information entered by the individual. PHI and personally identifiable information are collectively referred to in this Policy as “Your Information.”

Your Information does not include “aggregate” or other non-personally identifiable information. Aggregate information is information that we collect about a group or category of products, services, or users that is not personally identifiable or from which individual identities are removed. We may use and disclose aggregate information, and other non-personally identifiable information, for various purposes, including, without limitation, to improve and promote the Service.

Information We Collect

Information you provide us

Personally identifiable Information ("PII" or “Your Information”) means any information that may be used to identify an individual, including, but not limited to, a first and last name, email address, a home, postal or other physical address, and phone number. We collect Your Information in various ways on our Service. More specifically, when you use our Service, we may collect the following:

  • User Accounts and Profiles. Our Services may give you the ability to register for an account or to create and update a user profile on the applicable Services. If we offer user account or profile functionality on the Services, we will collect Your Information as provided to use in the course of registering for an account or creating or updating a user profile. This information may include, for example, name, postal address and zip code, telephone number, e-mail address, information about your health, and related demographic information. We may indicate that some of Your Information is required for you to register for the account or to create the profile, while some may be optional. Failure to provide any required information may affect your ability to use or enjoy all functionalities of the Service. If you create an account through the Website or the App, we may also collect your title, birth date, gender, occupation, industry, personal interests, and other information that is not considered PII because it cannot be used by itself to identify you.

  • Interactive Features. Our Services may contain interactive functionality that allows you to engage with the Services, post comments to forums, upload photographs and other content (the “User Materials”), participate in surveys, track certain activities, and otherwise interact with the Services and with other users. If you use any interactive functionality on our Services, we collect that information that you provide to us in the course of using these interactive features.

  • Correspondence. If you contact us by e-mail, using a contact form on the Services, or by mail, fax, or other means, we collect Your Information as contained within, and associated with, your correspondence.

  • Certain Outside Activities. We and other business partners may collect information from you about your activities outside of the Services, including but not limited to, your selected providers, treatment plans, and the monitoring of your treatment. In these instances, our business partners may collect Your Information, and such information may be shared with us.

Information we collect automatically

When you visit our Services, some information is collected automatically. This includes:

  • Your browser type and operating system

  • Your device type (for example, if you are on a computer or iPhone)

  • Information Sent by Your Mobile Device. We collect certain information that your mobile device sends when you use our Website, App and Service, like a device identifier, user settings and the operating system of your device, as well as information about your use of our Website, App and Service. You understand that, by logging into the App on your mobile device, some information pertaining to your medical treatment may be stored to your mobile device. We are not responsible for any unauthorized access by any third party to such information on your mobile device.

  • Your Internet Protocol (IP) address, which can sometimes be used to derive your general geographic location. When you use our App, we may collect and store information about your location by converting your IP address into a rough geo-location or by accessing your mobile device’s GPS coordinates or course location if you enable location services on your device. We may use location information to improve and personalize our App for you. If you do not want us to collect location information, you may disable that feature on your mobile device.

  • Server logs and other communication data

  • How you found your way to our Services (for example, if you clicked on a link from a social network)

  • Actions you take on our Services, and the content, features, and activities that you access and participate in on our Services

  • Information regarding your interaction with e-mail messages, such as whether you opened, clicked on, or forwarded a message

  • Information collected through cookies, Web beacons, and other similar Internet technologies

    • Cookies and Tracking Technology. A "cookie" is a small data file that certain websites write to your hard drive when you visit them. A cookie file can contain information such as a user ID that the website uses to track the pages you've visited, but the only PII a cookie can contain is information you supply yourself. A cookie can't read data off your hard disk or read cookie files created by other websites. Some parts of the Service use cookies to understand user traffic patterns and to tell us how and when you interact with our Website, App and Service. We do this in order to determine the usefulness of our Website, App and Service information to our users, to see how effective our navigational structure is in helping users reach that information and to customize and improve our Website, App and Service. Unlike persistent cookies, session cookies are deleted when you log off from the Website, App and Service and close your browser. If you prefer not to receive cookies while browsing our Website, App and Service, you can set your browser to warn you before accepting cookies and refuse the cookie when your browser alerts you to its presence. You can also refuse all cookies by turning them off in your browser. You do not need to have cookies turned on to use/navigate through many parts of our Website, App and Service, although if you do so, you may not be able to access all portions or features of the Website, App and Service. Some third-party services providers that we engage (including third-party advertisers) may also place their own cookies on your hard drive. Note that this Privacy Policy covers only our use of cookies and does not include use of cookies by such third parties.

    • "Web Beacons" (also known as Web bugs, pixel tags or clear GIFs) are tiny graphics with a unique identifier that may be included on our Website, App and Service for several purposes, including to deliver or communicate with cookies, to track and measure the performance of our Website, App and Service, to monitor how many visitors view our Website, App and Service, and to monitor the effectiveness of our advertising. Unlike cookies, which are stored on the user’s hard drive, Web Beacons are typically embedded invisibly on web pages (or in an e-mail).

Information from Other Sources

We may receive information about you, including PHI and personal information from third parties, including our affiliates and any of our service providers, and may combine this information with Your Information that we maintain about you. If we do so, this Policy governs any combined information that we maintain in personally identifiable format.

Use of Your Information

We use Your Information to provide services and information that you request; to enhance, improve, operate, and maintain our Services, our programs, and other systems; to display personalized health content and appointment reminders; to prevent fraudulent use of our Services and other systems; to prevent or take action against activities that are, or may be, in violation of our Terms of Use or applicable law; to tailor content and other aspects of your experience on and in connection with the Service; to maintain a record of our interactions with you; for other administrative purposes; for any other purposes that we may disclose to you at the point in which we request Your Information; and pursuant to your authorization.

Sharing Your Information

Except as described in this Policy, we will not disclose Your Information that we collect or display on the Services to third parties without your authorization. We may disclose information to third parties if you consent to us doing so, as well as in the following circumstances:

  • Trusted Third-Party Service Providers. To the extent legally permissible, we may disclose and/or exchange Your Information to third-party service providers (e.g., administrative services companies, marketing partners, application developers, data hosting, and processing providers) that assist us in our operations. We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions and we require them to agree to maintain the confidentiality of such information.

  • Health Care Service Providers. To the extent legally permissible, we may also disclose Your Information to your health care service providers for purposes of medical treatment, consultation, appointment reminders, to disclose your use of the Services, and to deliver content specific to your health condition and other similar activities as applicable.

  • Business Decisions. To the extent legally permissible, we may disclose Your Information to third parties if we are involved in a merger, acquisition, or sale of any or all of our business and/or our assets to a third party.

  • Legal Compliance. We cooperate with government and law enforcement officials or private parties to enforce and comply with the law. To the extent legally permissible, we may disclose Your Information if we have a good faith belief that disclosure is necessary to:

    • respond to claims;

    • comply with applicable laws, regulations, legal process (such as a subpoena), or enforceable government request;

    • as required in accordance with HIPAA or related applicable local, state or federal laws (please refer to the HIPAA Policy);

    • stop any activity that we consider illegal, unethical or legally actionable activity;

    • enforce applicable Terms of Use or Terms of Service, including investigation of potential violations of such Terms, or to detect, prevent, or otherwise address fraud, security or technical issues; and

    • protect against harms to the rights, property, or safety of Steady Health, our users, or the public as required or permitted by law.

Choice

If you authorize integration of your PHI into the Services, you may revoke this authorization at any time by contacting legal@steady.health.

If you receive e-mail from us, you may unsubscribe at any time by following instructions contained within the e-mail. Additionally, if we offer user account functionality on the Services, we may allow you to view and modify settings relating to the nature and frequency of promotional communications that you receive from us. We do need to send you certain communications regarding the Service and you will not be able to opt out of those communications – e.g., communications regarding updates to our Terms of Service or this Privacy Policy or information about billing.

Review and Correction of Your Information

You may review and edit the information Steady Health collected about you at any time by contacting us at the addresses below. If your information has been shared with a third party, as described elsewhere in this Privacy Policy, then that third party has received its own copy of your data. If you have been contacted by one of these third parties and wish to correct or delete your information, please contact them directly.

Third Party Websites

Steady Health’s Services may contain links to other websites, including those of third parties or business partners. If you choose to visit or use any third-party sites or products or services available on or through such third-party sites, please be aware that this Policy will not apply to your activities or any information you disclose while using those third-party sites or any products or services available on or through such third-party sites. We are not responsible for the content, privacy or security practices of any third parties. To protect your information, we encourage you to learn about the privacy policies of those third parties. Additionally, please be aware that the Services may contain links to Web sites and services that we operate but that are governed by different privacy policies. We encourage you to carefully review the privacy policies applicable to any Web site or service you visit other than the Services before providing any of Your Information on them.

Minors

The safety of minors is important to us, and we encourage parents and guardians to take an active interest in the online activities of their children. Our Services are not directed to minors under the age of 18 except when a minor between the age of 14 and 18 has otherwise been granted electronic access to their medical records on a case-by-case basis in order to provide such minor with health care related services as provided in the Terms of Use.

We will abide by the Children’s Online Privacy Protection Act (“COPPA”) and will never knowingly request personally identifiable information from anyone under the age of 14. In the event we discover we have collected information from a child under 14 years of age in a manner inconsistent with COPPA’s requirements, we will either delete the information or immediately seek the parent’s consent for such collection. Notwithstanding the foregoing, we may collect PII about children between the ages of 14 and 18 that parents or guardians provide to us when establishing an account for their children’s records.

International Visitors and the Privacy Shield

Our Services are hosted and operated in the United States (“US”). By using the Services, you are consenting to the transfer of your personal information to the US. If you are accessing our Services from outside the US, please be advised that US law may not offer the same privacy protections as the law of your jurisdiction. Those who choose to access and use the Service from outside the U.S. do so on their own initiative, at their own risk, and are responsible for compliance with applicable laws.

California Privacy Rights

California law allows California residents to ask companies with whom they have an established business relationship to provide certain information about the companies’ sharing of personal information with third parties for direct marketing purposes. Under California Civil Code Section 1789.3, California users are entitled to the following specific consumer rights notice: If you have a question or complaint regarding the Website, please send an email to legal@steady.health. You may also contact us by writing to Steady Health Inc., 100 Bush Street, Suite 1600, San Francisco, CA 94104. California residents may reach the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs may be contacted in writing at 400 R Street, Suite 1080, Sacramento, California 95814, or by telephone at (916) 445-1254 or (800) 952-5210.

Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to ask for a notice identifying the categories of PII which we share with certain third parties for direct marketing purposes under certain circumstances and providing contact information for such third parties. If you are a California resident and would like a copy of this notice, please submit a written request to: Steady Health Inc., 100 Bush Street, Suite 1600, San Francisco, CA 94104.

We do not share any California consumer personal information with third parties for marketing purposes without consent.

California customers who wish to request further information about our compliance with this law or have questions or concerns about our privacy practices may contact us using the contact information set forth below.

Security

Your Information as provided to us through the Services will be stored in a secure manner. We have implemented a variety of commercially standard encryption and security technologies and procedures to protect Your Information stored in our computer systems from unauthorized access. Please be aware, however, that no data security measures can be guaranteed to be completely effective. Consequently, we cannot ensure or warrant the security of any information that you provide to us. You transmit information to us at your own risk.

Updates to this Policy

We may occasionally update this Policy. When we do, we will also revise the “last updated” date at the beginning of the Policy. Your continued use of our Services after such changes will be subject to the then-current policy. If we change this Policy in a manner that is materially less restrictive of our use or disclosure of Your Information, we will use reasonable efforts to notify you of the change and to obtain your consent prior to applying the change to any of Your Information that we collected from you prior to the date the change becomes effective. We encourage you to periodically review this Policy to stay informed about how we collect, use, and disclose Your Information.

Contacting Us

If you have any questions or comments about this Policy, please email us at legal@steady.health or send us a letter at:

Steady Health
ATTN: Privacy Officer
100 Bush Street,
Suite 1600
San Francisco, CA 94104

Updated: March 11, 2019