Wellvana Health, LLC together with our affiliates and subsidiaries (“Wellvana”, “us”, “our”, or “we”) are committed to protecting your privacy. This Privacy Policy (the “Policy”) together with our Terms of Use (the “Terms”) describes our practices regarding the collection and disclosure of personal information when you use our website, any mobile apps, and other online or offline services we provide (together, the “Services”). This Policy generally applies to all individuals with whom we interact or from whom we collect personal information through our Services. This Policy also describes your choices about the collection and use of your information. 

Please read this policy carefully before you start to use our Services. By using the Services, you agree to be bound and abide by our Terms and this Policy. If you do not agree to our Terms with this Policy, or if you violate them in any way, your right to access or use the Services is terminated. 

NOTE TO PATIENTS: This Policy governs how we use your Protected Health Information (“PHI”) as defined under the Health Insurance Portability & Accountability Act and related federal and state laws and regulations (collectively referred to as “HIPAA”), such as information you provide or receive through us in connection with the provision of healthcare services, except to the extent this Policy conflicts with the HIPAA Notice of Privacy Practices provided to you by your healthcare provider before or while enrolling in the Services they provide through us, or our business associate agreement with your provider. Please see your provider’s notice for more information on how we handle PHI and your rights in regard to your PHI.

We may collect information about you by various means, including:

• Directly from you, both online (e.g., our Services) and offline (e.g., industry events);

• From other third-party sources and social media platforms that you may use to engage with us, as well as from partners or third parties we work with; and

• By combining information from different sources, including online and offline data.

We collect several types of information about you, including:

• Contact information such as your name, mailing address, e-mail address, phone number, title, organization and other information you may provide to us;

• Subscriber account information and related usage data if you maintain a business account with us, including business account information and profiles, payment information, usage data regarding our online services, and other such information;

• Survey information in response to questions we may send you, including for feedback and research purposes; 

• Communications between you and us, such as via email, web form, mail, text message, phone, or other channels;

• Job applicant information such as contact information, education, work experience and other information provided by you or by third parties on your behalf; and

• Online User Activity described in the next section.

Cookies are a commonly-used web technology that allow websites or mobile apps to store and retrieve certain information on a user’s system, and track users’ online activities. We and our service providers may collect information about your use of our Services by such automated means, including but not limited to cookies, pixels and other similar technologies. These tools can help us automatically identify you when you return to our Services. Cookies help us review traffic patterns, improve our Services, and determine what Services are popular. 

When you use the Services, the information we may collect by automated means includes, for example:

• Usage Details about your interaction with our Services (such as the date and time of use, pages visited, features used);

• Device Information including the IP address and other details of a device that you use to connect with our Services (such as device type, model and operating system information); and

• Location information where you choose to provide the website or app with access to information about your device’s location.

If a user does not want information collected through the use of cookies, most browsers allow the visitor to reject cookies, but if you choose to decline cookies, you may not be able to fully experience the interactive features our Services provide. We may share non-personal information obtained via cookies with our advertisers and affiliates. Because there is not yet a consensus on how companies should respond to web browser-based do-not-track (“DNT”) mechanisms, we do not respond to web browser-based DNT signals at this time.

We use information that we collect about you or that you provide to us for purposes allowed by applicable laws, including to:

• Provide our Services to you, including to establish and maintain any account or user ID that is created for your use of our Services, and to process transactions or interactions;

• Fulfill our obligations to you, and provide case management or care management services as requested by you, your provider or health plan;

• Respond to your requests, questions and comments and provide customer support through email, text message, phone and other available communications channels;

• Provide you with information, products, or services that your provider, health plan, or you request from us, or other administrative notices;

• Operate, evaluate, and improve our Services, including to diagnose and improve our technology and user engagement;

• Comply with and enforce as needed applicable legal requirements, industry standards, our policies and our contractual rights; 

• Monitor the performance of our Services, perform data analytics, and support health care operations and otherwise use such information as permitted under HIPAA, as applicable; and

• For any other purpose specified at the point of collection or as described in your express authorization.

We may use and disclose non-personal, non-individual statistics or demographic information in aggregate form without restriction.

We may disclose your personal information to third parties without your consent as provided in this Policy and particularly in the following circumstances:

• as you direct us, such as with healthcare providers and health plans, care managers or care coordinators, and for other purposes that you specify;

• as permitted by law, including, for example, with service providers that we believe need the information to perform a technology, business, or other professional function for us (examples include IT services, maintenance and hosting of our Services, and other vendors), provided that we only provide such vendors with information so they can perform their required functions on our behalf; or

• (i) if we are required to do so by law or legal process, (ii) when we believe disclosure is necessary to prevent harm or financial loss, (iii) in connection with an investigation of suspected or actual fraudulent or illegal activity; or (iv) under exigent circumstances to protect the personal safety of our staff, users or the public.

We reserve the right to transfer the personal information we maintain in the event we sell or transfer all or a portion of our organization or assets. If we engage in such a sale or transfer, we will make reasonable efforts to direct the recipient to use your personal information in a manner that is consistent with this Policy. 

Where appropriate, we will limit sharing of your information in accordance with the choices you have provided us and applicable law.

We may disclose aggregated and/or deidentified information that does not identify an individual.

We offer you certain choices about what information we collect from you, how we use and disclose the information, and how we communicate with you. 

• Cookies: Web browsers may offer users the ability to disable receiving certain types of cookies; however, if cookies are disabled, some features or functionality of our websites and mobile apps may not function correctly.

• Text messages: Some Services may allow you to enroll in our text message program for service-related and/or promotional messages. If you affirmatively consent to receive text messages from us and enroll in such a program, you will receive updates via text unless you opt-out of the text message program. These messages may be unencrypted. Message frequency may vary based on the Services. If at any time you would like to stop receiving text message notifications, please text “STOP” in reply to our message, we will send you a reply message to confirm that you have been unsubscribed and you will no longer receive messages from us. If you want to join again, just sign up as you did the first time and we will start sending messages to you again. If at any time you forget what keywords are supported, just text “HELP” back to us and we will respond with instructions on how to use our service as well as how to unsubscribe.

• Marketing emails: We will not use your PHI for marketing except as permitted by HIPAA, such as with your written authorization If you wish to opt out of receiving any marketing emails or other such communications from us, please notify us as provided below. You may choose not to receive marketing emails from us by clicking on the unsubscribe link in the marketing emails or other such communications from you receive from us.

• Patient records: You are entitled under HIPAA to exercise certain rights regarding your PHI, such as access to patient records. For more information, please see your applicable HIPAA Notice Of Privacy Practices.

Certain states, including California, may provide rights to individuals and households with respect to the collection and use of personal information collected by businesses subject to the law. This may include the right to request that a business: (i) disclose personal information maintained about the individual; (ii) correct or delete personal information maintained about the individual (subject to certain exceptions); or (iii) not sell personal information about the individual to a third party (excluding qualified service providers). It can be unlawful to discriminate against an individual for exercising such rights. You can submit such requests to us via the contact information provided below and we will endeavor to fulfill any obligations that are legally-required, otherwise we will respond to requests in our discretion. Any rights associated with PHI are subject to your applicable HIPAA Notice Of Privacy Practices.

Our Services may contain links to other websites or apps. Please be aware that we are not responsible for the content or privacy practices of such other websites or apps, and we encourage you to be aware when you leave our Services and to read the privacy statements of any other website or app that collects personal information. 

We endeavor to maintain reasonable administrative, technical and physical safeguards designed to protect the personal information we maintain against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. However, we cannot ensure the security of any information you transmit to us, or guarantee that this information will not be accessed, disclosed, altered, or destroyed. We will make any legally required disclosures in the event of any compromise of personal information. To the extent the law allows us to provide such notification via e-mail or conspicuous posting on the Services, you agree to accept notice in that form. 

If you (on behalf of yourself or your organization) are a healthcare provider under a contractual relationship with us to use these Services in connection with your practice, we may additionally collect your business contact information and other data regarding your use of our Services for analytics, marketing or promotional activities, to the extent permitted by law and our contractual relationship. This may include advertising products or services that may be of interest to you. In addition to communicating with you regarding your and your patients’ use of the Services, we may from time to time contact you to provide announcements, alerts, surveys, or other marketing or general communications. In order to improve our Services, we may be notified when you open an email from us or click on a link therein. 

We provide general audience online Services and do not knowingly collect personal information directly from children under the age of 13. We will endeavor to delete that information as quickly as possible upon discovery or when reported to us. 

Our Services are controlled and operated by us from the United States and are not intended to subject us to the laws or jurisdiction of any state, country or territory other than those of the United States. Any information you provide through use of the Services may be stored and processed, transferred between and accessed from the United States and other countries which may not guarantee the same level of protection of personal information as the one in which you reside. However, we will handle your personal information in accordance with this Policy regardless of where your personal information is stored or accessed.

The terms of this Policy may change, so please check it from time to time. We reserve the right to amend this Policy at our discretion and at any time. When we make changes to this Policy, we will post the updates on our website and update the Policy’s effective date. By continuing to use the Services following updates and changes to this Policy, you are accepting those updates and changes.

If you have any questions, concerns or comments about this Policy, our privacy practices, or if you would like us to update information or preferences you provided to us, please contact us via email to: compliance@wellvana.com, mail to Wellvana, 20 Burton Hills Blvd, Suite 100, Nashville, TN 37215; or by phone at: (615) 410-9744.

This Privacy Policy was last updated November 30, 2023.