Welcome to Heald! ("Heald," "we," "us," or "our") is committed to protecting the privacy of our users ("you" or "your"). This Policy describes how we collect, use, disclose, and secure your personal information when you use our website, mobile applications, telehealth services, and any connected wearable devices integrated with our platform (collectively, the "Services").
This Policy is designed to be transparent and informative. We encourage you to read it carefully to understand how we handle your data. By using our Services, you acknowledge that you have read and understood this Policy and agree to be bound by its terms.
1. Introduction & Definitions
Scope of this Policy
This Policy applies to all aspects of Heald's Services. It covers information collected through:
Our website (including any subdomains)
Our mobile applications for iOS and Android
Our telehealth services, including video consultations with healthcare providers
Wearable devices that integrate with our platform (with your explicit consent)
Our Commitment to User Privacy
At Heald, we understand the sensitivity of your personal information, especially health data. We are committed to protecting your privacy by adhering to the following principles:
Transparency: We will be clear and transparent about how we collect, use, and disclose your information.
Choice: We will provide you with choices regarding the collection, use, and sharing of your information.
Security: We will implement appropriate security measures to protect your information from unauthorized access, disclosure, alteration, or destruction.
Accountability: We are accountable for the privacy of your information and will comply with all applicable data privacy laws and regulations.
If you have any questions about this Policy or our privacy practices, please do not hesitate to contact us using the information provided in the "Contact Us" section below.
Definitions
To ensure a clear understanding of this Policy, we define some key terms used throughout the document:
Personal Information: Any information that relates to an identified or identifiable individual. This can include, but is not limited to, your name, email address, date of birth, username, password (stored securely using hashing and salting techniques), billing address, and phone number.
Protected Health Information (PHI): Health information that can be used to identify an individual and relates to their past, present, or future physical or mental health condition, the provision of healthcare to the individual, or payment for the provision of healthcare to the individual. This definition is based on the Health Insurance Portability and Accountability Act (HIPAA).
De-identified Data: Data that has undergone a process to remove personally identifiable information. This data cannot be reasonably linked back to a specific individual.
Cookies: Small text files that are stored on your device (computer, smartphone, etc.) when you visit a website. Cookies are used to remember your preferences and improve your browsing experience.
Device Identifiers: Unique identifiers associated with your device, such as an IP address, device type, operating system, and browser type.
Usage Information: Information about how you interact with our Services, such as the pages you visit, the features you use, the searches you perform, and the time you spend using our Services.
Third-Party Service Providers: Companies or individuals that we engage to perform functions on our behalf. This may include data storage providers, technical service providers (e.g., appointment scheduling), and payment processors.
By continuing to use our Services, you acknowledge your understanding of these definitions.
Additional Notes
This Policy does not address the privacy practices of any third-party websites or applications that you may access through links on our Services. We encourage you to review the privacy policies of any third-party websites or applications you visit.
This Policy is subject to change. We will notify you of any changes to this Policy by posting the updated Policy on our website and through email notifications (if you have opted-in to receive them).
Section 2: Information Collection & Use
This section details the types of information Heald collects and how it's used to deliver and improve our services.
2.1 Information Collected
Heald collects various information to provide a personalized and effective user experience. The specific information collected depends on how you interact with our Services. Here's a breakdown of the categories:
Registration & Account Information:
Name
Email Address
Date of Birth
Username
Password (hashed and salted for security)
Health Information (collected with your explicit consent and authorization):
Height
Weight
Blood Pressure
Medical History
Diagnoses
Medications
Lab Results
And More
Lifestyle Information (collected through surveys, questionnaires, and wearable devices with your consent):
Diet
Physical Activity
Sleep Patterns
And More
Payment Information:
Billing Address
Credit Card Details (stored securely using PCI-DSS compliant methods)
Device Information:
Device Type (e.g., smartphone, tablet, computer)
Operating System (e.g., iOS, Android, Windows)
Browser Type (e.g., Chrome, Safari, Firefox)
IP Address
Usage Information:
Pages Visited within the Heald platform
Features Used
Search Queries Performed
Time Spent Using Heald Services
2.2 Methods of Collection
We collect information through various methods depending on the type of data:
Directly from Users: During registration, account creation, completing forms, surveys, using chatbots, or telehealth consultations.
Automatically Collected Data: Device information and usage information are collected through cookies and similar tracking technologies with your consent. We will obtain your clear opt-in before placing cookies on your device.
Third-Party Sources: With your explicit authorization, Heald may collect health information from:
Electronic Health Records (EHR) systems maintained by your healthcare providers.
Wearable devices you connect to the Heald platform (ensuring proper data security protocols are followed).
2.3 Use of Information
Heald uses the collected information for various purposes, always considering its type and relevance to providing you with the best possible experience. Here's a breakdown of the primary uses:
Provide and personalize Heald services:
Tailor programs, educational content, and care plans based on your health information, lifestyle choices, and goals.
Recommend relevant resources and interventions based on your progress and needs.
Facilitate communication with healthcare providers:
Enable secure messaging between you and your healthcare providers within the Heald platform.
Allow healthcare providers to monitor your progress and adjust your program as needed.
Process payments and billing:
Manage your account and subscriptions securely.
Improve Heald's services:
Analyze usage data to improve platform functionality, content relevance, and user experience.
Identify areas for improvement and develop new features to better serve user needs.
Send relevant communications (with your consent):
Provide program updates, appointment reminders, and educational content tailored to your progress.
Offer information about new features and services from Heald (with an opt-out option for marketing communications).
Conduct research and development:
De-identified data may be used for research to improve Heald's services and develop new programs to address specific health conditions.
We will implement robust anonymization techniques to ensure data cannot be reasonably linked back to you.
2.4 Legal Basis for Processing
Heald collects and uses your information based on several legal justifications, depending on the specific data and purpose:
Consent: We obtain your explicit consent for collecting health information and using it for specific purposes outlined in this Policy. You have the right to withdraw your consent at any time (refer to Section 4 for details on user rights).
Contractual Necessity: To fulfill our contractual obligations to provide Heald's services, we may need to process certain user information. This includes account management, program delivery, and facilitating communication with healthcare providers.
Legitimate Interests: We may use de-identified data for research and development purposes to improve Heald's services and develop new programs. This allows us to better serve users and advance healthcare interventions. However, we will always balance our legitimate interests with your privacy rights by ensuring data anonymization.
We are committed to using your information in a lawful and ethical manner. We will only collect and use information that is necessary to achieve the purposes outlined in this Policy.
Section 3: Information Sharing & Disclosure
This section details when and how Heald might share your information with third parties.
3.1 Third-Party Service Providers
We may share your information with trusted third-party service providers who assist us in operating and improving Heald's services. These providers are contractually obligated to maintain the confidentiality and security of your information and are only permitted to use it for the specific purposes we have outlined. Here are some examples of third-party service providers we may work with:
Data Storage Providers: We store user information on secure cloud platforms that comply with HIPAA regulations.
Technical Service Providers: We may use third-party services for functionalities like appointment scheduling, data analytics, and platform maintenance.
Payment Processors: We utilize secure payment processing services to manage user payments and adhere to PCI-DSS standards.
We carefully vet all third-party service providers before sharing any information with them. We ensure they have appropriate security measures in place and enter into agreements that restrict their use of your information for purposes beyond those we have specified.
3.2 De-identified Data
We may use de-identified data for research and development purposes to improve Heald's services and develop new programs. This data will be anonymized using robust techniques that prevent re-identification of individual users. Here are some ways we may use de-identified data:
Analyze user trends and patterns to improve program effectiveness.
Develop new algorithms and interventions for specific health conditions.
Collaborate with researchers to advance the field of digital health.
3.3 Compliance with Law
Heald is committed to complying with all applicable laws and regulations. We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to:
Comply with a court order, subpoena, or other legal process.
Investigate or prevent potential violations of our Terms of Service.
Protect the rights, property, or safety of Heald, our users, or the public.
3.4 Mergers and Acquisitions
In the event of a merger, acquisition, or bankruptcy, user information may be transferred as part of the business transaction. We will provide you with prior notice and choices regarding your information if such a situation arises.
3.5 International Data Transfers
Heald's services may be hosted on servers located in the United States or other countries with varying data protection laws. If you are located outside the United States, your information may be transferred to servers located outside of your country of residence. By using our Services, you consent to the transfer of your information to these locations. We will take all reasonable steps to ensure that your information is treated securely and in accordance with this Policy, regardless of the location of the servers.
3.6 Your Choices
You have some control over how your information is shared:
Reviewing Third-Party Service Providers: We will provide you with a list of categories of third-party service providers with whom we share your information. You can contact us for more information about these providers.
De-identified Data: You can choose to opt-out of having your de-identified data used for research purposes (refer to Section 4 for details on opting out).
3.7 Third-Party Tracking and Online Advertising
Heald may use third-party advertising companies to serve you targeted advertisements based on your browsing history and interests. This section outlines how we handle such practices and your choices regarding them:
Interest-Based Advertising: We may participate in interest-based advertising using third-party cookies and similar tracking technologies. This allows us and our partners to display ads on other websites, apps, or services that may be relevant to you.
Social Media Widgets and Advertising: Our platform may integrate social media features like Facebook Like buttons. These features collect information about your visit governed by the privacy policies of those social media companies. We may also display targeted ads through these platforms based on their advertising programs (governed by their privacy policies).
Cross-Device Linking: We, or our partners, may link your devices to deliver relevant advertising across them. This involves collecting information about each device you use when logged into Heald. We may also work with partners who use statistical modeling to determine if devices are linked to the same user. A common account identifier (e.g., email address) may be shared with partners to recognize you across devices for advertising and analytics purposes.
Your Choices:
Cookies: Most browsers allow you to control cookie settings (accepting, disabling, or automatic rejection). Blocking cookies may impact your experience on Heald.
Interest-Based Advertising Opt-Out: You can opt-out of interest-based advertising through resources provided by the Network Advertising Initiative (NAI) (https://thenai.org/) and the Digital Advertising Alliance (DAA) (https://digitaladvertisingalliance.org/blog-terms/youradchoices). Note that opting out applies to the specific browser or device used.
Mobile Advertising Opt-Out: Limit interest-based advertising on mobile devices by selecting "limit ad tracking" (iOS) or "opt out of interest-based ads" (Android). You can also opt-out from some mobile ad networks by visiting https://youradchoices.com/.
Google Analytics and Advertising: We use Google Analytics to understand user interaction with Heald and personalize advertising. For information on Google Analytics' data practices and opt-out options, please refer to https://policies.google.com/privacy?hl=en-US and https://tools.google.com/dlpage/gaoptout.
Section 4: User Rights & Security
This section outlines your rights regarding your information and the security measures Heald takes to protect it.
4.1 User Access & Control
You have certain rights regarding your personal information collected by Heald. These rights may vary depending on your location and applicable data privacy laws. Here's an overview of some key rights:
Access: You have the right to request access to your personal information collected by Heald. This includes the ability to review, download, and potentially correct any inaccurate information.
Update: You can request to update your personal information to ensure it remains accurate and complete.
Delete: You have the right to request the deletion of your personal information, subject to certain exceptions (e.g., legal or regulatory requirements).
Data Portability: In some jurisdictions, you may have the right to request the transfer of your personal information to another service provider.
To exercise any of these rights, please contact us using the information provided in the "Contact Us" section below. We will respond to your request within a reasonable timeframe.
4.2 Opt-Out & Unsubscribe
You have the option to opt-out of receiving marketing communications from Heald. You can unsubscribe from marketing emails by clicking the "unsubscribe" link at the bottom of any marketing email you receive from us. You can also manage your communication preferences within your Heald account settings.
4.3 Data Retention
Heald will retain your personal information for as long as necessary to fulfill the purposes outlined in this Policy, comply with legal obligations, and resolve disputes. We will use a criteria-based retention schedule to determine how long we keep your information. Here are some factors we consider:
The purpose for which the information was collected.
Legal requirements for data retention (e.g., HIPAA regulations).
The potential need for the information for future disputes or legal proceedings.
Once your information is no longer needed, we will take appropriate steps to securely delete or anonymize it.
4.4 Security Measures
Heald takes the security of your information very seriously. We implement a variety of security measures to protect your information from unauthorized access, disclosure, alteration, or destruction. These measures include:
Encryption: We use industry-standard encryption methods to protect your personal information at rest and in transit.
Access Controls: We restrict access to your information to authorized personnel who have a legitimate business need to access it.
Data Security Policies: We have comprehensive data security policies and procedures in place to safeguard your information.
Regular Security Assessments: We conduct regular security assessments to identify and address any potential vulnerabilities.
4.5 Your Role in Security
While Heald takes significant steps to protect your information, it's important to remember that security is a shared responsibility. Here are some things you can do to help protect your information:
Choose a strong password: Create a complex password and avoid using the same password for multiple online accounts.
Be mindful of phishing attempts: Do not click on suspicious links or open attachments from unknown senders.
Keep your devices secure: Use strong passwords on your devices and install security software (antivirus, anti-malware).
4.6 Children's Privacy
Heald's services are not intended for children under the age of 18. We do not knowingly collect personal information from children under this age. If you are a parent or guardian and you believe your child has provided us with personal information, please contact us. We will take steps to delete the information from our systems.
4.8 Contact Us
If you have any questions or concerns about this Policy or your privacy rights, please do not hesitate to contact us:
Email: reverse@iheald.com
Phone: +1 470 934 0043
Postal Mail: 2972 Webb Bridge Rd, Alpharetta, GA 30009
We will be happy to address your questions and concerns.
5 Google User Data Usage
Our application utilizes Google services to provide certain functionalities related to fitness and health data. We collect and use Google user data in accordance with the Google API Service: User Data Policy and Google's privacy practices.
Types of Fitness Data We Collect:
Sleep Data: We may access and collect sleep data, including sleep duration and quality, with the scope.
Heart Rate Data: We may access and collect heart rate data with the scope
Oxygen Saturation Data: We may access and collect oxygen saturation data with the scope
https://www.googleapis.com/auth/fitness.oxygen_saturation.read
Activity Data: We may access and collect activity data, including physical activity duration, type, and intensity, with the scope
Body data - We may access and collect user body data, including access to body composition metrics such as weight, height, body fat percentage, and muscle mass.
How We Use Fitness Data:
Personalization: We may use fitness data to personalize the user experience within our application, such as providing tailored recommendations or insights based on the user's health and fitness activities.
Health Insights: Fitness data may be used to provide users with insights or analytics related to their health and fitness goals, helping them track progress and make informed decisions.
Storage and Security:
Data Storage: Fitness data obtained from Google services may be securely stored on our servers or cloud storage services to facilitate the functionality of our application.
Security Measures: We implement appropriate security measures to protect fitness data from unauthorized access, misuse, or alteration.Sharing of Fitness Data:
Sharing of Fitness Data:
Third-Party Services: We do not share fitness data obtained from Google services with third-party services or entities without explicit user consent, except as required by law or outlined in this privacy policy.
