Online Services Privacy Policy

Sanvello Health, Inc. (“we,” “us,” “our,” and “Company”) recognizes that the privacy of your information is important. This Online Services Privacy Policy (“Privacy Policy” ) describes our practices in connection with information we collect through online and mobile websites, platforms, services and applications that we own or operate and that contain a link to this Privacy Policy (collectively, “Online Services”). Our Online Services are designed to provide tools for you to use to reduce stress, anxiety, and depression. 

If you are visiting us from the European Union or European Economic Area, please see the section entitled “Additional Information for European Union Users” for information on how we comply with privacy laws applicable to you.

By using the Online Services, you consent to our collection, use, disclosure, and storage of information as described in this Privacy Policy.

Our Privacy Policy explains:

  • What information we collect
  • How we use Information
  • How we share Information
  • How to manage your Information
  • How we protect Information
  • How to learn about health and financial privacy practices
  • Specific Product Privacy Practices
  • Additional rights for California residents
  • Additional rights for European Union Users
  • When this Privacy Policy applies
  • How to contact us

What Information We Collect

When you register for Online Services, we may collect the following information from you: 

  • First and last name
  • Nickname
  • E-mail address
  • Health plan provider name, Member ID and Group ID(optional)
  • Gender
  • Date of birth
  • Mood
  • Goals
  • Your mental health provider (optional)
  • App usage data
  • Device and System data such as type of phone, operating system
  • Other information described in this Privacy Policy

We may enter into business associate agreements with mental health providers (“Providers”) and health plans or health insurers, including, employer-sponsored health plans (“Health Insurers”), to make our Online Services available to patients of such Providers or enrollees, members, or participants of such Health Insurers (“Sanvello Partners”). When you use our Online Services, we may collect information about you, directly or indirectly, from or through applicable Sanvello Partners. We will comply with applicable business associate agreements, this Privacy Policy, and the Health Insurance Portability and Accountability of 1996, as amended, and its implementing regulations (collectively, “HIPAA”) with respect to your information that is protected health information, as defined under HIPAA. This Privacy Policy is separate from applicable Sanvello Partners’ HIPAA notices of privacy practices. Your provider or health plan’s notice of privacy practices describes in detail how it uses and discloses your protected health information. Please contact your provider or health plan for a copy of its HIPAA Notice of Privacy Practices.

When you use Online Services, you may provide certain information directly to us, including when you allow us to obtain information about you from other sources.

We may also obtain automatically-collected information through the Online Services. We may use common technologies such as cookies, tokens, tags, beacons, scripts and Web server logs, as well as functionality that can collect data from a mobile device. The automatically-collected information may include demographic, de-identified, aggregated, or certain information collected automatically through your device such as technical information about your device, web browser information, and server log files collected by us or provided by you. Our mobile applications may also collect information specific to use of your mobile device, such as a unique device identifier and precise geolocation information.

Certain features of the Online Services may actively record information about you as you use the Online Services. This tracking is accomplished through integration with Apple’s HealthKit API and the Apple Health App. We use this information solely for the purpose of providing you with health-related feedback and self-care suggestions.

You may limit the Information you provide or make available to us if you want to; however, that may limit your ability to access or use certain functions of the Online Services or to request certain services or information.

Our Online Services operate on computer servers in the United States; therefore, any Information you provide will be processed by a computer server located within the United States.

How We Use Information 

We may use the Information for a number of purposes such as:

  • To respond to an e-mail or particular request from you.
  • To communicate with you.
  • To provide you with content through our Online Services or other services that we may offer.
  • To process an application for a product or service as requested by you.
  • To authenticate you on any portion of our Online Services and with vendors acting on our behalf.
  • To administer surveys and promotions.
  • To personalize your experience on our Online Services.
  • To provide you with informational or promotional offers, as permitted by law, that we believe may be useful to you, such as information about products or services provided by us or other businesses.
  • To perform analytics and to improve our products, Online Services, and advertising.
  • To comply with applicable laws, regulations, and legal process.
  • To protect someone’s health, safety, or welfare.
  • To protect our rights, the rights of affiliates or related third parties, or take appropriate legal action, such as to enforce our Terms of Use.
  • To keep a record of our transactions and communications.
  • As otherwise necessary or useful for us to conduct our business, so long as such use is permitted by law or for any other purpose with your consent.

We may use Information to contact you through any contact information you provide through our Online Services or any other services we offer, including any e-mail address, telephone number, or cell phone number.

We may, when permitted, combine your Information with other information, whether online or offline, maintained or available to us from you or from other sources, such as from our vendors, and we may use and disclose combined data for the purpose described in this Section or for internal business purposes. We may, when permitted, use and disclose de-identified and aggregated data for any purpose, which may include, without limitation, disclosures to third parties for analytics purposes such as evaluating the Online Services and providing additional benefits, programs, and services.

How We Share Information

We will only share your Information with third parties as outlined in this Policy and as otherwise permitted by law or as permitted with your consent.

We may share Information if all or part of the Company is sold, merged, dissolved, acquired, or disbanded to any extent in a similar transaction, or in connection with steps that may need to be taken in anticipation of such events.

We may share Information in response to a court order, subpoena, search warrant, or to comply with law or regulation. We may cooperate with law enforcement authorities in investigating and prosecuting activities that are illegal, violate our rules, or may be harmful to other visitors.

We may also share Information within the Company, including among affiliates, or with our parent company, or subsidiaries.

We may also share Information with other third party companies that we have a business relationship with or hire to perform services on our behalf. For example, we may hire a company to help us send and manage e-mail, and we might provide that company with your e-mail address and certain other information in order for them to send you an e-mail message on our behalf. Similarly, we may hire companies to host or operate some of our Online Services and related computers and software applications.

Posting Messages, Comments, and Content

Our Online Services may have collaboration areas, including but not limited to “blogs,” “bulletin boards,” “leader boards,” and “health games,” that permit users to have collaborative discussions and/or share information. Some of our Online Services may permit you to select a display name or image that will be “nickname” on the Online Service. Please note, any information you submit or post to these collaboration areas, including your display name or image, may be visible by other users of the Online Service, and such users may share with others. Therefore, please be thoughtful in what you write and understand that this information may become public.

How to Manage Your Information

Our Online Services may permit you to view your profile, if applicable, and access related Information about you and to request changes to, or deletion of, such Information. If this function is available, you may have access to a page on the Online Services through which you may review your profile, if applicable, and related Information about you, and you may have options to modify or delete or such Information. Please remember, however, if we have already disclosed some of this Information to third parties, we may not have access to that disclosed information and may not be able to force the deletion or modification of any information by the third parties to whom we have made those disclosures.

If you need additional assistance in opting-out of a communication, please contact us at info@sanvello.com. Please be aware that opt-outs may not apply to certain types of communications, such as account status, Online Service updates, or other communications.  

Cookies and Tracking

The Company may use various technologies, including cookies, tokens, tags, web logs, web beacons, scripts, and web server logs to automatically-collected information and may aggregate this information from our Online Services visitors or to enable certain features of our Online Services. This information may include demographic data, technical information about the technology (e.g. phone, computer) used to connect to the Online Services, web browser information, your IP address, operating system (“OS”), camera use, use of screen, patterns of application usage, and browsing behavior such as pages visited and how often they are visited (“Activity Information”). We may also use third party analytics companies to provide these services.

We may also allow third party service providers to use cookies and other technologies to collect information and to track browsing activity over time and across third party websites such as web browsers used to read our websites, which websites are referring traffic or linking to our websites, and to deliver targeted advertisements to you. We do not control these third party technologies and their use is governed by the privacy policies of third parties using such technologies. For more information about third party advertising networks and similar entities that use these technologies, see http://www.aboutads.info/consumers, and to opt-out of such ad networks’ and services’ advertising practices, go to http://www.aboutads.info/consumers and http://www.networkadvertising.org/choices. Once you click the link, you may choose to opt-out of such advertising from all participating advertising companies or only advertising provided by specific advertising companies. Please note that to the extent advertising technology is integrated into the Online Services, you may still receive advertisements even if you opt-out of tailored advertising. In that case, the ads will just not be tailored. Also, we do not control any of the above opt-out links and are not responsible for any choices you make using these mechanisms or the continued availability or accuracy of these mechanisms.

Activity Information is captured using various technologies and may include cookies. “Cookies” are small text files that may be placed on your computer when you visit an Online Service or click on a URL. Cookies may include “single-session cookies” which generally record information during only a single visit to a website and then are erased, and “persistent” cookies which are generally stored on a computer unless or until they are deleted or are set to expire. You may disable cookies and similar items by adjusting your browser preferences at any time; however, this may limit your ability to take advantage of all the features on our Online Services. In addition, you may also have additional means to manage the collection of Activity Information by:

  • Managing the use of “flash” technologies, with the Flash management tools available at Adobe’s website;
  • Clicking on the “Opt-Out” link at the bottom of the applicable home web page; and/or
  • Visiting Google to “Opt-Out” of display advertising or customize Google display network ads.

Please note that we do not currently respond to web browser “Do Not Track” signals that provide a method to opt-out of the collection of information about online activities over time and across third party websites or online services because, among other reasons, there is no common definition of such signals and no industry-accepted standards for how such signals should be interpreted.

We gather Activity Information about you in order to improve the quality of our services, such as the best method and time to contact you. Without limiting the other ways in which we may use Information as described herein, we may otherwise use and disclose your Activity Information unless restricted by this Policy or by law. Some examples of the ways we use your Activity Information include:

  • Customizing your experiences, including managing and recording your preferences;
  • Authenticating your account information;
  • Marketing, product development, and research purposes;
  • Tracking resources and data accessed on the Online Services;
  • Developing reports regarding Online Service usage, activity, and statistics;
  • Assisting users experiencing problems with our services;
  • Updating and servicing our Online Services;
  • Enabling certain functions and tools on the Online Services; and
  • Tracking paths of visitors to the Online Services and within the Online Services.

As described above, we may use tracking technologies that allow us recognize your device when you return to our Online Services within a period of time, as determined by us, and to support automatic login to your Online Services. To maintain your privacy, you should affirmatively log out of your account prior to your session ending (whether you end your session or we end your session, for example if our Online Services has “timed out” – i.e. we have ended your session automatically after a period of inactivity as determined by us in our sole discretion). Unless you affirmatively log out of your account, you may be automatically logged back in the next time you or any user of your devices visits the Online Services.

How We Protect Information 

We maintain administrative, technical, and physical safeguards designed to protect the information that you provide on our Online Services. These safeguards vary based on the sensitivity of the information that is being collected, used and stored. However, no security system is impenetrable and we cannot guarantee the security of our Online Services, nor can we guarantee the security of the information you transmit to us over the Internet, including your use of e-mail. We are not liable for the illegal acts of third parties such as criminal hackers.

It is your responsibility to safeguard the devices you use to access our Online Services (such as laptops, tablets and mobile devices), and to use appropriate security settings on those devices. If those devices are lost, stolen or misplaced, others may be able to access your account and your personal information using those devices. If you log into the Online Services using a public computer or device, or the computer or device of another person, you should affirmatively log out of your account (i) prior to ending your session, or (ii) if you will be inactive on the Online Services for more than a few minutes otherwise, the next user of that computer or device may be able to access your account and the Information in your account if your session has not ended.

You agree that we are not responsible for any harm that may result from someone accessing your account or personal information on a lost, stolen or misplaced device or on a public computer or kiosk where you do not for any reason take the necessary steps to log out of your account prior to ending a session on such public computer or kiosk.

We offer mobile applications that enable us to communicate with you through push notifications. You may be able to turn off push notifications in your mobile phone settings. You may also be able to control preview settings in your e-mail applications. Please note, choosing to disable certain functionality of the mobile application may impact the functionality of other areas of the mobile application.

We retain Information for as long as necessary for the purpose for which it is collected, subject to a longer period if the information is relevant to a legal challenge. 

Children under 13

We will not intentionally collect any personal information (as that term is defined in the Children’s Online Privacy Protection Act) from children under the age of 13 through our Online Services without receiving parental consent. If you think that we have collected such personal information from a child under the age of 13 through our Online Services, please contact us immediately at info@sanvello.com.

SSN Protection Policy

It is our policy to protect the confidentiality of Social Security numbers (“SSNs”) that we receive or collect in the course of business. We secure the confidentiality of SSNs through various means, including physical, technical, and administrative safeguards that are designed to protect against unauthorized access. It is our policy to limit access to SSNs to that which is lawful, and to prohibit unlawful disclosure of SSNs.  

Additional Rights for California Residents

California Privacy Rights

California law permits our customers who are California residents to request certain information regarding the disclosure of personal information to third parties for their direct marketing purposes.

If we have disclosed any personal information to third parties for direct marketing purposes, we will provide a list of the categories of personal information, along with the names and addresses of these third parties to you at your request. To make such a request, write us at the postal or e-mail address found in the Contact Us section of this Policy.

This request may be made no more than once per calendar year. We reserve our right not to respond to requests submitted other than to the specified e-mail or postal address. You should put “California Privacy Rights” in the e-mail subject line and in the body of your request. You must provide us with specific information regarding yourself so that we can accurately respond to the request.

California Minors Under 18

If you are a California resident under the age of 18 and are a registered user of our Online Services, you may request that we remove from our Online Services any content you post to our Online Services that can be accessed by any other user (whether registered or not). Please note that any content that is removed from visibility on our Online Services may still remain on our servers and in our systems. To request removal of content under this provision, please write or e-mail us at the postal or e-mail address found in the please Contact Us section of this Policy. When you write us, provide us with a description of the content and the location of the content on our Online Services, and any other information we may require in order to consider your request. Please note that removal of content under this provision does not ensure complete or comprehensive removal of the content or information posted on the Online Services by you.

When this Privacy Policy Applies

Our Policy applies to Online Services that we own or operate and that contain a link to this Privacy Policy. Our Policy does not apply to information collected through other means such as by telephone, via mobile application that do not link to this Privacy Policy, or in person, although that information may be protected by other privacy policies.

Our Policy does not apply to the practices of other companies or other websites or software applications that may be linked from or made available through our Online Services. Some online services offered by us may be governed by a separate privacy policy.

The inclusion of a link on our Online Services or the ability to utilize a third party website or software application through our Online Services does not imply that we endorse, or otherwise monitor the privacy or security practices of that third party website or software application or the accuracy of its content and your use of the third party website or software application is governed by the third party’s privacy policy.

This Privacy Policy is not intended to and does not create any contractual or other legal rights in or on behalf of any party.

Additional Rights for European Union Residents

Personal Information

References to “Personal Information” in this Privacy Policy are equivalent to “personal data” governed by European data protection legislation.

Controller and Data Protection Officer

Sanvello Health is the controller of your personal information for purposes of European data protection legislation. You can contact our Data Protection Officer at info@sanvello.com.

Lawful Basis for Data Processing

We will only collect, store, and process your personal information where a lawful basis for such processing exists, which will typically fall under one of the following scenarios:

  1. You, the Data Subject, have given consent to the processing of your personal information for one or more
  2. Processing is necessary for the performance of a contract to which you, the Data Subject, are party;
  3. Processing is necessary for compliance with a legal obligation to which Sanvello Health as a Controller is subject;
  4. Processing is necessary for the purposes of the legitimate interests pursued by us as the Controller, or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of you, the Data Subject, which require protection of your personal information.

Use for New Purposes

We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it.

Retention

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Information) for six years after they cease being customers for tax purposes.

In some circumstances we may anonymize your personal information (so that it can no longer be associated with you) in which case we may use this information indefinitely without further notice to you.

Your Rights

European data protection laws give you certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold:

  • Opt-out. Stop sending you direct marketing communications. You may continue to receive Service-related and other non-marketing emails.
  • Access. Provide you with information about our processing of your personal information and give you access to your personal information.
  • Correct. Update or correct inaccuracies in your personal information.
  • Delete. Delete your personal information.
  • Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
  • Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.

You can submit these requests by email to info@sanvello.com. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us as described below or submit a complaint to the data protection regulator in your jurisdiction.

Contact Us

Contact us regarding this Policy or related our privacy practices. If you believe we or any company associated with us has misused your information, please contact us immediately at info@sanvello.com

Effective Date

June 19, 2019

Social Media Disclaimer

Are you using social media? So are we! We encourage you to read, share, follow us and provide commentary on Facebook®, Twitter®, Pinterest®, Instagram® and other social media sites (“Social Media Site”). Before you post, please make sure you read our social media disclaimer:

We are under no obligation to screen or monitor your posts or any other user content; however, we reserve the right to monitor participation to ensure that you stay on topic, are courteous and avoid making offensive comments. Your posts and user content must adhere to the following requirements and cannot:

  • Contain any third party material including logos, drawings, tattoos, photographs, pictures, sculptures, paintings and other images or works of art, phrases, trademarks, trade secrets or other items without explicit prior written permission to use such materials
  • Contain sexually explicit, graphic, gratuitous or unnecessarily violent content or defamatory or derogatory content against any ethnic, racial, gender, religious, sexual orientation, professional or age group or contain any pornographic or nude material
  • Contain any private information about yourself or any other individual, including without limitation, information related to the health of the individual, financial information about the individual or any identification or account numbers related to the individual, with or without their permission or consent
  • Contain any software viruses or any other computer code, files or programs designed to interrupt, destroy or limit the functionality of any computer software, hardware or telecommunications equipment
  • Contain any advertising, promotional materials, “junk mail”, “spam”, “chain letters”, “pyramid schemes”, or promote illegal activity and/or illegal contests, sweepstakes, gambling, including any online casino, sports books, bingo, poker or any other form of solicitation

We reserve the right to edit comments for content, remove off-topic contributions, delete offensive comments or remarks, block offensive contributors and delete actual or suspected spam content from any Social Media Site. Please be aware that once you post something online, there is the potential for numerous individuals to read your words, even years from now. Therefore, we suggest that you exercise caution when posting on any Social Media Sites and that you not disclose Information like your location, medical record number, personal medical information, financial information, etc. We are not responsible for the content of any comments or responses posted by others to any website or Social Media Site we manage or monitor. We do not control the placement of any marketing or advertising displayed on our pages by social media or third party organizations. 

Please remember that information posted on any of our social media profiles or platforms is for general informational purposes only and should not be considered medical advice and should not replace a consultation with your health care or financial professional. Always consult an appropriate health care or financial professional for your specific needs. If you are experiencing a medical emergency, call 9-1-1 or your local emergency number. Some treatments mentioned on social media formats may not be covered by your health plan. Please refer to your benefit plan documents for information about coverage.

We reserve the right to respond to any post or user content and may occasionally privately request your contact information to assist offline with your consent by routing the matter to the appropriate persons or department for further handling. Any further questions about your account, claims or benefits or request for additional information can be addressed by visiting your member website or calling the toll-free member phone number on the back of your health plan ID or other membership card.

All trademarks are the property of their respective owners.