Your privacy is a top priority to Indigo Health. We recognize how important it is to keep your information secure and confidential, and most importantly, yours. Privacy matters for your information, and in particular your Personal Identifiable Information and Protected Health Information. Please also take the time to read through Our Terms of Service.
What is Personal Identifiable Information?
Personal Identifiable information (PII) is information that can be used to identify you, either alone or in combination with other information. Protected Health Information is information that is classified as protected under the Health Insurance Portability and Accountability Act (HIPAA). We collect and store the following types of Personal Information and Protected Health Information (PHI):
What do We mean by Protected Health Information (PHI)?
With this term We refer to any information in the medical record or designated record set that can be used to identify an individual and that was created, used, or disclosed while providing a health care service such as diagnosis or treatment. that has been uploaded by any of Our clients, independent contractors; or otherwise processed by and/or contributed to Us.
What is included in the term "Sensitive Information"?
This term refers to information about your health, and information related to your racial and ethnic origin, sexual orientation, and political affiliation.
What kind of information Do We Collect?
We collect several types of information from and about users of Our Services.
We may collect some of your Personal Demographic Information. You must provide certain information when you access Our Services through Our Platform or by logging into Our website. This information includes your name, email address, the password you create, and credit card or other payment information. Your account information also includes records and copies of any correspondence with you and details of any transactions you carry out through Our Services.
You will have the chance to upload what We call "Self-Reported Information". This is information you provide directly to Us, either through Our web portal or through any third party, including your disease conditions, other health-related information, personal traits, ethnicity, family history, and other information that you enter into surveys, forms, or features while signed in to your Account. We may ask you to provide data about yourself or your patient, if you are a Professional User, including demographic data such as personal and family medical history, age, sex, other physical features, behavioral information, or self-declared ethnicity.
We also collect "Online Behavior" Information collected through tracking technology. Online Behavior information is that info that can show Us how you use Our Services collected through log files, cookies, web beacons, and similar technologies, (e.g., device information (device identifiers), IP address, browser type, domains, page views).
Aggregate information is information that has been combined with that of other users and analyzed or evaluated as a whole, such that no specific individual may be reasonably identified. Google Analytics is used to perform many of the tasks listed above. We work with Google Analytics to better understand Our audience and users, to improve Our marketing campaigns, and to enhance Our Services. You can learn more aboutGoogle Analytics' privacy choices oropt out at any time.
We may collect your information to send you some promotional offers of Our Services. If you do not wish to have your contact information used by Us to promote Our Services, you can opt-out by changing your account settings. You may not be able to opt out of receiving certain Service-related emails, such as communications about orders, billing, account creation, registration and policy updates. If We have sent you a promotional email or other informational email not related to your order or account, the email will have an "unsubscribe" feature that will allow you to opt-out of receiving future email distributions.
Our Services are not intended to be used by anyone under 18 years of age. If you are under 18, do not register on Our website or provide any information about yourself to Us. If We learn We have received personal information directly from someone under 18, We will make commercially reasonable efforts to remove the information and/or user account and not make future use of that information to contact a minor. If you believe anyone under 18 years of age is making use of Our Service, please contact us a email@example.com.
How do We use your information?
To provide you with Services and to analyze and improve Our Services:
For individuals located in the European Economic Area ("EEA") and the United Kingdom:
To process, analyze and deliver Our reports based on your Information:
We will analyze your Information to provide you and your mental health practitioner with health insights and other patient management related Services.
For individuals located in the European Economic Area ("EEA"): Our legal basis for processing your Information for the purposes described above is based on your consent and the consent obtained by your mental health practitioner prior to using Our Services. You may withdraw your consent at any time by sending an email to firstname.lastname@example.org, however, the withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal.
You have the choice to participate in Our research studies by providing your consent. "Research" refers to research aimed at publication in peer-reviewed journals and other research conducted by Us, or just for the purposes of improving Our diagnostic and treatment recommendation Services.
Research may be conducted on behalf of, or in collaboration with, third parties. In those Researches, We may study a specific group or population, identify potential areas or targets for therapeutics development, conduct or support the development of therapies, diagnostics or devices to diagnose, predict or treat mental health conditions, work with public, private and/or non-profit entities on research initiatives, or otherwise create, commercialize, and apply this new knowledge to improve mental health care.
For individuals located in the European Economic Area ("EEA") or the United Kingdom: Our legal basis for processing your Sensitive Information for the purpose described above is based on your, or your mental health practitioner's, consent. You may withdraw your consent at any time; however, the withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal.
Withdrawing your Consent:
You may withdraw your consent to participate in any of Our Research efforts at any time by contacting us at email@example.com. Any research involving your data that has already been performed or published prior to your consent withdrawal will not be reversed, undone, or withdrawn.
For individuals located in the European Economic Area ("EEA") or the United Kingdom, the legal basis for processing your Sensitive Information for the purpose described above is based on your consent. You may withdraw your consent at any time; however, the withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal.
What do We share with others?
We sometimes share the information described above with Our third-party service providers, as necessary for them to provide their Services to Us and help Us perform Our contract with you. Service providers are other companies or individuals that help Us to provide, analyze and improve Our Services. We engage some third-party service providers to assist in supporting Our Services.
How do We store your information?
We store your information using third-party cloud storage Services providers. Our cloud storage providers provide secure storage for information in dedicated databases, ensuring that Our infrastructure can support continued use of Our Services, and protect data in the event of a natural disaster or other disruption to Our Service. Our IT and security service providers assist with intrusion detection and prevention measures to stop any potential attacks against our networks.
When you use Our Services, including Our website and online Platform, Our third-party service providers may collect Online Behavior Information about your visit, such as the links you clicked on, the duration of your visit, and the URLs you visited. This information can help Us improve site navigability and assess Our Marketing campaigns. Per applicable data protection regulations, Our EU, UK, and International websites present visitors with a cookie opt in to allow the processing of cookies and other marketing functionalities.
We implement procedures and maintain contractual terms with each service provider to protect the confidentiality and security of your information. However, We cannot guarantee the confidentiality and security of your information due to the inherent risks associated with storing and transmitting data electronically.
For individuals located in the European Economic Area ("EEA") and the United Kingdom, when We transfer some or all your Personal Identifiable Information to a third country or to an international organization, We implement appropriate safeguards, such as contractual obligations, relating to the transfer.
We may share Aggregate Information, which is information that has been stripped of your name and contact information and combined with information of others so that you cannot reasonably be identified as an individual, with third parties. This Information is different from "Individual-level" information and is not Personal Identifiable Information because it does not identify any particular individual or disclose any particular individual's data.
How Do You Access, Correct or Remove Your Information?
Knowing what We know about you:
We provide access to Our Platform by the use of a dedicated account. You can access your Information, and reports and information created for you as part of Our Services. You may access, correct or update most of your PII and PHI through Our Platform.
When you access Our Services, whether entering into Our website, signing into the web portal, or when purchasing any of Our products and Service, you may be asked to opt-in to receive promotional emails or notifications when creating your Account or when using Our Services. You may view or update your notification preferences for marketing communications by contacting Our Privacy Officer at firstname.lastname@example.org .
Deleting your info:
If you no longer wish to have access to Our Services, or no longer wish to have your Personal Identifiable Information be processed, you may delete your account and Information by requesting it to email@example.com. Once you submit your request, We will send an email to the email address linked to your account detailing Our account deletion policy and requesting that you confirm your deletion request. Once We confirm your identity, your request will become effective. This process cannot be canceled, undone, withdrawn, or reversed. When your account is deleted, all associated Personal Identifiable Information is deleted and any stored sensitive Information, or PHI will be discarded. However, some information will not be erased. For example, information previously included in Research, for which you have given consent to use in any of Our Research, cannot be removed from completed studies that use that information.
Additionally, there are legal retention requirements that We need to comply with some legal processes in certain locations, for which some of your PII and PHI will not be subject to complete erasure. We will retain limited information related to your account and data deletion request, including your email address, account deletion request, any emails or communications related to inquiries or complaints and legal agreements for a limited period of time as required by law, contractual obligations, and/or as necessary for the establishment, exercise or defense of legal claims and for audit and compliance purposes.
Other third parties privacy policies:
Information for Our customers in the European Economic Area ("EEA") and the United Kingdom. The following rules apply to you.
Your Personal Information will be transferred to, stored, and processed in data centers located in safe territories other than the EU territorial space.
If you have questions about how We process your information, contact Us at firstname.lastname@example.org.
For the most part of Our Services We will be the "controller" of your Personal Identifiable Information, as we determine the means and purposes of processing your information when using Our Services. A "controller" is a natural or legal person, public authority, agency or other body which alone or jointly with others, determines the purposes and means of the processing of your Personal Information. For some other Services, We will act as a simple "processor" of your Personal Identifiable Information, as We will act on behalf of other third parties.
We may process your Personal Identifiable Information if you consent to the processing, to satisfy Our legal obligations, if it is necessary to carry out Our obligations arising from any contracts We entered with you or to take steps at your request prior to entering into a contract with you, or for Our legitimate interests to protect our property, rights, Our customers or others.
Promotional Offers. If you do not wish to have your contact information used by Us to promote Our Services, you can opt-out by changing your notification settings. You may not be able to opt out of receiving certain Service-related emails, such as communications about orders, billing, account creation, registration and policy updates. If We have sent you a promotional email or other informational email not related to your order or Account, the email will have an "unsubscribe" feature that will allow you to opt-out of receiving future email distributions. You may also withdraw your consent at any time by emailing Us at email@example.com.
How do you exercise your rights?
You can exercise your privacy rights by following the instructions below or contacting at firstname.lastname@example.org. We will handle your request under applicable law. When you make a request, We may verify your identity to protect your privacy and security.
You have the right to withdraw consent at any time. To the extent We request you provide your consent to the processing of your Personal Identifiable Information, you can withdraw your consent at any time. Your withdrawal will not affect the lawfulness of Our processing based on consent before your withdrawal.
You have the right to know what Personal Identifiable Information We have of you, and you can request Us to correct any part of it. At any point in time you can send Us an email to email@example.com and request a correction of your Personal Identifiable Information. In some cases, We may reject part or all of your request if responding to your request could adversely affect the rights and freedoms of others.
You have the right to be forgotten. That's right, you can request Us to delete your account at any time. You can request erasure of Personal Information that: (a) is no longer necessary in relation to the purposes for which it was collected or otherwise processed; (b) was collected in relation to processing to which you previously consented, but later withdrew such consent; or (c) was collected in relation to processing activities to which you object, and there are no overriding legitimate grounds for Our processing. If We have shared your Personal Identifiable Information with any third parties, but We are still required to erase such Personal Identifiable Information, We will take reasonable steps, including technical measures, to inform controllers that are processing any links to or copies or replications of your Personal Identifiable Information of your erasure request. Our assistance with your request for erasure is subject to limitations by relevant data protection laws, available technology and the cost of implementation.
You have the right to take your info with you. If We process your Personal Identifiable Information based on a contract with you or based on your consent, or the processing is carried out by automated means, you may request your Personal Identifiable Information in a structured, commonly used and machine-readable format. You may also request the transfer of your Personal Information directly to another controller, where technically feasible, unless choosing to exercise this right adversely affects the rights and freedoms of others.
You have the right to ask Us to stop processing your Personal Identifiable Information. You can restrict our processing of your Personal Identifiable Information where one of the following applies: (a) you dispute the accuracy of Personal Information processed by Us (for a period enabling Us to verify its accuracy); (b) the processing is unlawful and you oppose the erasure of the Personal Identifiable Information and request the restriction of its use instead; (c) We no longer need the Personal Information for the purposes of the processing, but We are required to do it by you for the establishment, exercise or defense of legal claims; and (d) you have objected to certain processing relying on legitimate interest, pending the verification whether Our legitimate grounds override your rights. Restricted Personal Information shall only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. We will notify you if the restriction is lifted.
You can also limit the scope of what We do with your Personal Identifiable Information. Where the processing of your Personal Information is based on consent, contract, or legitimate interests described under the legal bases for processing heading above, you may restrict or object, at any time, to the processing of your Personal Information as permitted by applicable law. We may continue to process your Personal Information if it is necessary for the defense of legal claims, or for any other exceptions permitted by applicable law.
What happens with any information We have already shared with others?
We will provide notice to each recipient that We disclosed your Personal Information to regarding any rectification or erasure of Personal Information or restriction of processing, unless you initiated the disclosure or providing notice proves impossible or involves disproportionate effort. Upon your request, We will share the list of recipients with you.
We will never process your info through automated profiling systems. You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects on you, except as allowed under applicable data protection laws.
How long will We keep your Personal Identifiable Information?
Unless you request Us to delete your account or any of your Personal Identifiable Information, We will store it as long as your account is open, unless a longer retention period is required or permitted by law.
The rights described above may be limited by local laws. Have in mind that your right of access and deletion is not absolute and may not be available if fulfillment of such right would, if they can cause interference with execution and enforcement of the law and legal private rights (such as in the case of the investigation or detection of legal claims or the right to a fair trial); or if that causes to breach or prejudice the rights of confidentiality and security of others; prejudice security or grievance investigations, corporate reorganizations, or in any way violate the interests of others or where the burden or cost of providing access would be disproportionate.
If you believe your rights have been infringed:
You should immediately reach out to Us so that We can activate Our internal processes to remediate your concerns. You can contact Us at:
(Also, for Our EU member representative, Data Rep)
1968 S. Coast Hwy
Laguna Beach, CA 92651
You also have a right to file a complaint with your member country's supervisory authority of your habitual residence, place of work, or place of alleged infringement.