Privacy Policy

Last modified: August 4, 2023

1. Introduction

iHealth Labs, Inc., (“iHealth,” or “we,” or “our,” or “us”) respects your privacy, and we are committed to protecting it through our compliance with this policy.


This Privacy Policy (our “Privacy Policy”) explains our practices regarding the collection, use maintenance, protection and disclosure of certain information in connection with use of our website https://www.ihealthlabs.com (our “Website”) and our mobile application iHealth Unified Care (our “Application”), devices, products, services, portals, and other related materials and technologies (collectively with the Website and Application, our “Services”)

NOTE, IHEALTH IS NOT A MEDICAL GROUP. ANY TELEMEDICINE CONSULTS OBTAINED THROUGH OUR WEBSITE, APPLICATION OR SERVICES ARE PROVIDED BY INDEPENDENT MEDICAL PRACTITIONERS (EACH, A “PROVIDER”).  YOUR PROVIDER IS RESPONSIBLE FOR PROVIDING YOU WITH A NOTICE OF PRIVACY PRACTICES DESCRIBING ITS COLLECTION AND USE OF YOUR HEALTH INFORMATION, NOT IHEALTH. IF YOU DO NOT AGREE TO BE BOUND BY THOSE TERMS, YOU ARE NOT AUTHORIZED TO ACCESS OR USE OUR WEBSITE, APPLICATION, OR SERVICES, AND YOU MUST PROMPTLY EXIT OUR WEBSITE OR APPLICATION. IN THE EVENT OF A CONFLICT BETWEEN THIS PRIVACY POLICY AND THE NOTICE OF PRIVACY PRACTICES, THE NOTICE OF PRIVACY PRACTICES SHALL PREVAIL.

This policy applies to information we collect:

It does not apply to information collected by:

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is to not use our Services. Where you access or use our Services, you agree to this Privacy Policy. This Privacy Policy may change from time to time (see Changes to Our Privacy Policy). Your continued use of our Services after we make changes is deemed to be acceptance of those changes, so please check this Privacy Policy periodically for updates.

2. Children Under the Age of 18

We do not knowingly collect personal information from children under the age of 18 without consent from their parents or legal guardians. If you are under the age of eighteen (18) and wish to create an account with iHealth, your parent or legal guardian must create the account, submit your personal information, and agree to our Terms of Use and this Privacy Policy on your behalf. If you are under the age of 13, you may only use our Services and access our Website and Application with the supervision and consent of your parents or legal guardians, including the Provider consultation services. If we learn that we have collected personal information from someone under the age of 13 that was not provided with the supervision and consent of the minor’s parents or legal guardian, we will promptly delete that information. If you believe we have impermissibly collected personal information from someone under the age of 13, please contact us at support@iHealthlabs.com or call us at (855) 816-7705.

California residents under 16 years of age may have additional rights regarding the collection and sale of their personal information. Please see State Specific Privacy Rights in Section 10 for more information.

3. Information We Collect About You and How We Collect It

Generally

We collect several types of information from and about users of our Services, specifically information:

We collect this information:

Information You Provide to Us

The information we collect on or through our Service includes information that you provide to us or grant us access to when you use our Services and the details of transactions you carry out through our Website or Application and of the fulfillment of your orders. You may be required to provide financial information before placing an order through our Website or Application. Your Provider or Facility may provide us with your medical history and communications between you and your Provider, including but not limited to information collected in the course of providing support or monitoring related to an individual’s use of the Services, such as biometric information collected through our digital health technologies, surveys, photographs taken and uploaded to the Services by you, or during the audio or video communications with your Provider.

The information we collect through the Services may be maintained or associated with Personal Data we collect in other ways or receive from third parties, such as your Provider or Facility.

Information We Collect Through Automatic Data Collection Technologies

As you navigate through and interact with our Website and Application, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns:

Details of your visits to our Website and Application, such as traffic data, location, logs, referring/exit pages, date and time of your visit to our Website and use of our Application, error information, clickstream data, and other communication data and the resources that you access and use on the Website and Application;

Information about your computer, mobile device, and Internet connection, specifically your IP address, operating system, browser type, and Application version information;

Where video files and photographs are submitted through the Application, the Application collects metadata and other information associated with those photographic and videographic images; and

The Application collects real-time information about the location of your device. If you do not want us to collect this information do not download the Application or delete it from your device. For more information, see Choices About How We Use and Disclose Your Information.

The information we collect automatically may include Personal Data or we may maintain it or associate it with Personal Data we collect in other ways or receive from third parties.

The technologies we use for this automatic data collection may include:

We may use cookies to receive and store certain types of information whenever you interact with our Website and Application through your computer or mobile device. A cookie is a small file or piece of data sent from a website and stored on the hard drive of your computer or mobile device. On your computer, you may refuse to accept browser cookies by activating the appropriate setting on your browser, and you may have similar capabilities on your mobile device in the preferences for your operating system or browser. However, if you select this setting you may be unable to access certain parts of our Website or Application. Unless you have adjusted your browser or operating system setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website or Application.

We use Mixpanel, a web and mobile application analytics service provided by Mixpanel, Inc. (“Mixpanel”) to collect certain information relating to your use of the Application. Mixpanel is integrated into our Application to help us analyze how users use the Application.

Our Website uses Hotjar’s services, a third party service provider, which records a user’s activities on our Website to help us better understand our users experience. For example, Hotjar records your interaction with our Website through your keyboard strokes, mouse movements and clicks, and how you scroll across multiple pages to find out how our user’s interact with different features and elements. This information enables us to build and maintain our Website and Services with user feedback. Hotjar uses cookies, session recording and other technologies to collect data on our users’ behavior and their devices (in particular device's IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s privacy policy by clicking on this link. You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this "Do Not Track" link.

Information We Collect From Third Parties

If you provide your third-party account credentials to us or otherwise sign in to the service through a third party site or service, you understand some content and/or information in those accounts (“Third Party Account Information”) may be transmitted into your account with us if you authorize such transmissions, and that Third Party Account Information transmitted to our Services is covered by this Privacy Policy; for example, information from your public profile, if the third party service and your account settings allow such sharing. The information we receive will depend on the policies and your account settings with the third party service.

We may request from your Provider or a Facility where you are receiving care. Your coverage, benefit, and related information on your behalf in order to provide the Service to you. Such requests do not include reviewing any prior authorization, referral, or medical necessity requirements.

We receive information collected by third parties about your use of the Services. For example, we may use analytics service providers to analyze how you interact and engage with the Service, so we can learn and make enhancements to offer you a better experience. Some of these entities may use cookies, web beacons and other technologies to collect information about your use of the Service and other websites, which may include tracking activity across time and unaffiliated properties, including your IP address, web browser, pages viewed, time spent on pages, links clicked and conversion information. Third parties may also help us provide you with customer support, and provide us with information so that we may help you use our Service.

4. How We Use Your Information

We use information that we collect about you or that you provide to us, including any Personal Data:

We may also use your information to contact you about devices, products and Services that may be of interest to you, including through newsletters. If you wish to opt-out of receiving such communications, you may do so at any time by clicking unsubscribe at the bottom of these communications. For more information, see Choices About How We Use and Disclose Your Information.

Some information iHealth collects constitutes protected health information (“PHI”) under the U.S. Health Insurance Portability and Accountability Act (“HIPAA”). As set forth above, your Provider or Facility will provide you with a Notice of Privacy Practices describing its collection, use, and disclosure of your health information. iHealth will use and disclose PHI only as permitted in accordance with the Notice of Privacy Practices and we only collect the PHI we need to fully perform our Services and to respond to you or your Provider or Facility. We may use your PHI to contact you to the extent permitted by law, to provide requested services, to provide information to your insurers, to obtain payment for our services, to respond to your inquiries and requests, and to respond to inquiries and requests from your insurers. We may combine your information with other information about you that is available to us, including information from other sources, such as from your insurers, in order to maintain an accurate record of our participants. PHI will not be used for any other purpose, including marketing, without your consent.

5. Disclosure of Your Information

We do not share, sell, or otherwise disclose your Personal Data for purposes other than those outlined in this Privacy Policy. However, we may disclose aggregated information about our users, and information that does not identify any individual, without restriction.

We may disclose Personal Data that we collect or you provide as described in this privacy policy:

We may also disclose your Personal Data:

6. Choices About How We Use and Disclose Your Information

We do not control the collection and use of your information collected by third parties described above in Disclosure of Your Information. When possible, these organizations are under contractual obligations to use this data only for providing the services to us and to maintain this information strictly confidential. These third parties may, however, aggregate the information they collect with information from their other customers for their own purposes.

In addition, we strive to provide you with choices regarding the Personal Data you provide to us. We have created mechanisms to provide you with control over your Personal Data:

You can set your browser or operating system to refuse all or some cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of our Website or Application may then be inaccessible or not function properly.

If you do not wish to have your email address used by iHealth to promote our own products and Services, you can opt-out at any time by clicking the unsubscribe link at the bottom of any email or other marketing communications you receive from us. If we have sent you a promotional email, you may send us a return email asking to be omitted from future email distributions. This opt out does not apply to information provided to iHealth as a result of a product purchase, warranty registration, product service experience or other transactions.

California residents may have additional personal information rights and choices. Please see State Specific Privacy Rights for more information.

7. Your Rights Regarding Your Information and Accessing and Correcting Your Information

You can review and change your Personal Data by logging into our Website or Application and visiting the profile page of our Application or Website. You may also notify us through the Contact Information below of any changes or errors in any Personal Data we have about you to ensure that it is complete, accurate, and as current as possible or to delete your account. We cannot delete your personal information except by also deleting your account with us. We may also not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect.

California residents may have additional personal information rights and choices. Please see State Specific Privacy Rights for more information.

With respect to any PHI iHealth may obtain, you have certain rights under HIPAA to access your data, to restrict use and disclosure of it, to request communication methods, to request corrections to your data, to receive an accounting of disclosures and to receive notice of any breach. See iHealth’s Notice of Privacy Practices for more information.

8. Do Not Track Signals

Some web browsers permit you to broadcast a signal to websites and online services indicating a preference that they “do not track” your online activities. At this time, we do not honor such signals, but we currently do not use automated data collection technologies to collect information about your online activities over time and across third party websites or other online services (behavioral advertising).

9. Data Security

We have implemented measures designed to secure your Personal Data from accidental loss and from unauthorized access, use, alteration, and disclosure. We use encryption technology for information sent and received by us.

The safety and security of your information also depends on you. Where you have chosen a password for the use of our Website or Application, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted through our Services. Any transmission of Personal Data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained in our Services.

10. State Specific Privacy Rights

The law in some states may provide you with additional rights regarding our use of Personal Data. To learn more about any additional rights that may be applicable to you as a resident of one of these states, please see the privacy addendum for your state that is attached to this Privacy Policy.

11. Changes to Our Privacy Policy

We may change this Privacy Policy at any time. It is our policy to post any changes we make to our Privacy Policy on this page with a notice that the Privacy Policy has been updated on the Services. If we make material changes to how we treat our users’ Personal Data, we will notify you by email to the email address specified in your account. The date this Privacy Policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you.

12. Contact Information

If you have any questions, concerns, complaints or suggestions regarding our Privacy Policy or otherwise need to contact us, you may contact us at the contact information below.

How to Contact Us:

iHealth Labs, Inc.

880 W. Maude Ave.

Sunnyvale, CA 94085

Telephone: (855)-816-7705

Email: support@iHealthlabs.com

iHealth Privacy Addendum for California Residents

Effective Date: August 2, 2021

Last Reviewed on: August 4, 2023

This Privacy Addendum for California Residents (“Privacy Addendum”) supplements the information contained in the iHealth Privacy Policy that this is attached to and applies solely to all visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”), as amended, and any terms defined in the CCPA have the same meaning when used in this notice. Personal Information that is regulated under the CCPA may represent a limited portion of Personal Data as described in the iHealth Privacy Policy; therefore, this Privacy Addendum applies solely to the Personal Information as defined below. We may update this Privacy Addendum for California Residents as necessary and in the event of changes in the CCPA. Note that this notice does not apply to our personnel. Please contact your supervisor if you are personnel and would like additional information about how we process your personal information.

INFORMATION WE COLLECT

Our Services collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“Personal Information”). In particular, iHealth collects and has collected Personal Information through its Services from its consumers, as provided below.

Categories of Personal Information iHealth has collected in the preceding 12 months:

Personal Information does not include information that is: (a) publicly available information from government records; (b) deidentified or aggregated consumer information; or (c) certain information excluded from the scope of CCPA, including health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA).

Categories of sources from which iHealth has collected Personal Information:

USE OF PERSONAL INFORMATION

We may use or disclose the Personal Information we collect for one or more of the following business purposes:

iHealth will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

SHARING PERSONAL INFORMATION

We do not sell, rent, release, disclose, disseminate, make available, transfer, or otherwise communicate your Personal Information to another organization for monetary or other valuable consideration. However, iHealth may disclose your Personal Information to a third party for one or more business purposes. When we disclose Personal Information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract.

We share your Personal Information with the following categories of third parties:

Disclosures of Personal Information for a business purpose:

In the preceding twelve (12) months, iHealth has disclosed the following categories of Personal Information for a business purpose:

We disclose your Personal Information for a business purpose to the following categories of third parties:

Sales of Personal Information:

We do not sell your Personal Information. In the preceding twelve (12) months, iHealth had not sold any Personal Information.

YOUR RIGHTS AND CHOICES

The CCPA provides consumers (California residents) with specific rights regarding their Personal Information. This section describes your CCPA rights and explains how to exercise those rights.

Access request rights

You have the right to request that iHealth disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access and Deletion Rights), we will disclose to you:

Deletion request rights

You have the right to request that iHealth delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access and Deletion Rights), we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

  1. Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
  2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  3. Debug products to identify and repair errors that impair existing intended functionality.
  4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
  7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  8. Comply with a legal obligation.
  9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising Access and Deletion Rights

To exercise the access and deletion rights described above, please submit a verifiable consumer request to us by either:

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf (an “Authorized Representative”), may make a verifiable consumer request to access or delete your Personal Information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access twice within a 12-month period. The verifiable consumer request to access or delete must:

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. With few exceptions, we will only review and fulfill a request from your Authorized Representative if (a) you grant the Authorized Representative written permission to make a request on your behalf, (b) you or the Authorized Representative provides us notice of that written permission, and (c) we are able to verify your identity in connection with that notice and the request.

Making a verifiable consumer request does not require you to create an account with us.

We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

For instructions on exercising sale opt-out rights, see Personal Information Sales Opt-Out and Opt-In Rights.

Response Timing and Format

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 45 days), we will inform you of the reason and extension period in writing.

If you have an account with us, we will deliver our written response to the contact information you provided in that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data access requests, we will select a format to provide your Personal Information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Personal Information Sales Opt-Out and Opt-In Rights

We do not sell the Personal Information of consumers and therefore do not provide any opt-in or opt-out capabilities on our Services or otherwise.

NON-DISCRIMINATION

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

CHANGES TO OUR CALIFORNIA ADDENDUM

We reserve the right to amend this Privacy Addendum at our discretion and at any time. When we make changes to this Privacy Addendum, we will post the updated notice on the Website and update the notice’s effective date. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.

CONTACT INFORMATION

If you have any questions or comments about this Privacy Addendum, the ways in which iHealth collects and uses your information described here and in the Privacy Policy, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:

Phone: (855) 816-7705

Email: support@iHealthlabs.com

Postal Address:

iHealth Labs, Inc.

ATTN: Mingwei Guan, Corporate Compliance Officer

880 W. Maude Ave.

Sunnyvale, CA 94085