Privacy Policy

Changes to this privacy policy and notifications

We reserve the right to amend this Privacy Policy at any time. We will notify you and/or require you to accept the updated Privacy Policy only if the supplemented, amended or otherwise modified Privacy Policy implements material changes from our then-current Privacy Policy. It is your responsibility to carefully review this Privacy Policy each time you visit, access or use the Service.

Rovi Health may provide you with notices, including those regarding changes to this Agreement, using any reasonable means now known or hereafter developed, including by email, regular mail, text message, or postings on the Platform. Such notices may not be received if you violate this Agreement by accessing the Platform in an unauthorized manner. You agree that you are deemed to have received any and all notices that would have been delivered had you accessed the Services in an authorized manner. We will not make retroactive changes that reduce your privacy rights unless we are legally required to do so. Your continued use of our Services after we make changes shall constitute your acceptance of those changes, so please check this Privacy Policy periodically for updates. Any amended Privacy Policy supersedes all previous versions.

Information we collect about you

The Personal Information we collect depends on how you interact with us, the portions of the Service you use, and the choices you make. We receive and collect information (a) that you directly submit to us, (b) that we receive from your employer or insurance company, (c) that we received from our Affiliated Providers, including information we obtain from health information exchanges*, and (d) that we gather when you use our Services, including:

1. Personal information such as your name, phone number, email, demographic information (e.g., age, race, gender, birth date, ethnicity, address), information about you that we receive from communications with you via text, email, or phone, and information related to your insurance coverage and health history, including diagnoses, medications, labs, and other diagnostic tests ("Healthcare Information")(together, "Personal Information").
2. Non-personal information such as IP addresses and device information, usage data, including information that is passively or automatically collected through cookies, your browser or device, or other use of the Services.
3. Inferences from other data we collect, including using automated means to generate information about your likely preferences or other characteristics. For example, we infer your general geographic location (such as city, state, and country) based on your IP address. We may also collect information on your physical location, which may be provided by you or collected through the use of our Services.

When you are asked to provide Personal Information, you may decline. And you may use web browser or operating system controls to prevent certain types of automatic data collection. But if you choose not to provide or allow information that is necessary for certain services or features, those services or features may not be available or fully functional.

Healthcare Information

Rovi Health is not a healthcare provider. However, Rovi Health is a business associate to its customers, including payors, self-insured employers, and Affiliated Providers, and is therefore subject to the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, and its related regulations and amendments from time to time (collectively, "HIPAA") and other state laws regarding specific protections for medical records information ("Privacy Laws"). For information regarding how Rovi Health and its Affiliated Providers protect your Healthcare Information, please see the applicable "Notice of Privacy Practices". Information collected through the public-facing Website is protected in accordance with applicable state law and this Privacy Policy. Personal Information collected by all other means is protected in accordance with applicable state law and this Privacy Policy, and additionally in accordance with HIPAA.

Cookies and Other Data Collection Tools

A cookie is a small piece of data sent from a website and stored on your computer by your web browser. Cookies contain information about your computer, such as a user ID, user settings, browsing history and activities conducted while using the Services. Cookies are not themselves personally identifiable but may be linked to Personal Information. A cookie typically contains the name of the domain (internet location) from which the cookie originated, the "lifetime" of the cookie (i.e., when it expires) and a randomly generated unique number or similar identifier.

We use cookies and similar technologies (such as server logs and web beacons) to operate, secure, and improve our Services. Some cookies are strictly necessary for the Services to function (for example, to maintain your session, authenticate users, and prevent fraud) and are set automatically when you use the Services. We may also use limited, non-advertising analytics to understand how the Services are used and to improve performance and user experience. You can manage cookies through your browser or device settings, including deleting cookies and blocking certain cookies; however, blocking strictly necessary cookies may cause parts of the Services to stop working. We may use web beacons in our email messages to understand engagement (for example, whether an email was opened or a link was clicked); you can opt out of marketing emails at any time by using the unsubscribe link in those messages.

How do we and our partners use cookies and similar technologies?

We, and our analytics and advertising partners, use these technologies to collect Personal Information (such as the pages you visit, the links you click on, and similar usage information, identifiers, and device information) when you use our Services, including Personal Information about your online activities over time and across different websites or online services. We use the following categories of cookies:

• Strictly Necessary Cookies: Essential for the Services to function and cannot be disabled. These enable core functionality such as security, network management, and accessibility.
• Performance/Analytics Cookies: Collect information about how you use our Services to help us improve performance and user experience.
• Functional Cookies: Remember your preferences and choices to provide enhanced features.

This data is used to store your preferences and settings, enable you to sign-in, analyze how our websites perform, track your interaction with the site, develop inferences, combat fraud, and fulfill other legitimate purposes.

Overall, cookies help us provide you with a better experience with Rovi Health, by enabling us to monitor which pages you find useful and which you do not.

You can accept or decline cookies. Most web browsers automatically accept cookies, but you can modify your browser setting to decline cookies if you prefer. To find out more about cookies, including how to manage and delete cookies, visit www.allaboutcookies.org. Some web browsers (including some mobile web browsers) provide settings that allow a user to reject cookies or to alert a user when a cookie is placed on the user's computer, tablet or mobile device. Most mobile devices also offer settings to reject mobile device identifiers. Although users are not required to accept cookies or mobile device identifiers, blocking or rejecting them may prevent access to some features available through the Services.

The table below provides details about the specific third-party tools and technologies we use on our Services:

Note: We do not currently respond to web browser "do not track" signals or other mechanisms that provide a method to opt out of the collection of information across the networks of websites and online services in which we participate. If we do so in the future, we will describe how we do so in this Privacy Policy.

How we use your Personal Information

Rovi Health processes your Personal Information for legitimate business purposes, the fulfillment of our Services to you, and compliance with our legal obligations. We use Personal Information to:

• fulfill the reason for which you shared such information. For example, to help with appointment scheduling;
• provide you with information, products, or services you request. For example, if you elect to receive healthcare services, we may share your Personal Information with a third-party lab provider or an Affiliated Provider;
• request information from health information exchanges on behalf of our Affiliated Providers;
• communicate with you about and manage your account;
• understand you and your preferences to enhance your experience and enjoyment using our services;
• properly store and track your data within our system;
• determine your eligibility for the products and services available through the Services, including confirming your location;
• respond to lawful requests from public and government authorities, and to comply with applicable state/federal law, including cooperation with judicial proceedings and court orders;
• protect our rights, privacy, safety, or property, and/or that of you or others by providing proper notices, pursuing available legal remedies, and acting to limit our damages;
• manage and improve our operations and the Services, including the development of additional functionality;
• evaluate the quality of service you receive, identify usage trends, conduct research, and improve your experience;
• develop, test, or improve the Service and content, features and/or products or services offered via the Service, and identify or create new products or services;
• keep our Services safe and secure;
• send you information about changes to our terms, conditions, and policies;
• provide you with alerts and other communications related to your health and healthcare; and
• testing, research, analysis and product development.

In some states, we may be required to obtain your consent prior to using certain sensitive Personal Information that constitutes Healthcare Information. We may de-identify your information and use, create and sell such de-identified information or any business or other purpose not prohibited by applicable law. We will never sell your Personal Information.

Text Messaging

By opting to use the Services provided by Rovi Health, you consent to receive SMS (text) messages from Rovi Health, its affiliates, and its partners pertaining to your health and healthcare, including services you have requested, and your interaction with Rovi Health's Services. These messages may include, but are not limited to, appointment reminders, reminders regarding standard healthcare diagnostics and screenings, scheduling details, medication fulfillment, and other information relevant to your use of the Services.

You acknowledge and agree that:

1. You are the owner of the mobile device you used in order to initiate the SMS Enrollment and that you are authorized to consent to receive and pay for messages at that number;
2. SMS messages may be sent using automated technology;
3. You do not have to consent to receive SMS messages as a condition of purchasing any goods or services;
4. Standard message and data rates may apply to any SMS messages sent or received;
5. The frequency of messages varies – you may receive messages periodically based on your interaction with Rovi Health's Services; and
6. We shall not be liable for delayed or undelivered messages.

To opt out of SMS messages at any time, reply "STOP" to any message you receive. Upon receiving your request, we will send you a confirmation message and cease sending you SMS messages. For assistance or more information, reply "HELP."

If you are experiencing any issues with our text messaging services, or if you have any concerns about sending or receiving any sensitive information through text or email, please contact us directly at support@rovihealth.com. If you have questions specific to your text or data plan, please contact your wireless provider.

Advertising and Marketing Analytics and Opting Out

We may use the following analytics program(s) to collect information about you and your behaviors as a consumer. To learn more about the analytics program(s) and how you can opt out of information sharing, see below.

1. Google Analytics: Privacy Policy; Opt Out Settings
2. Vercel Analytics: Privacy Policy
3. PostHog: Privacy Policy

You can also use third party opt-out controls such as NAI and DAA.

Disclosure of your Personal Information

We do not sell, share, or otherwise disclose your Personal Information for reasons other than those described in this Privacy Policy.

We may disclose your Personal Information to a few third parties, including:

• Affiliated Providers from whom you choose to receive products or services
• the third-party service providers and business associates we use to support our business and deliver service to you (e.g., cloud hosting providers, database and authentication services, SMS delivery services, analytics providers, error monitoring services, and health information exchange platforms);
• law enforcement or government agencies in order to protect the security, safety, and rights of our users and ourselves or when we believe that doing so is necessary to comply with applicable law or respond to valid legal process
• to any company we might merge with or acquire, or that acquires us, or in the event of structural change of our company of any form (e.g., a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding).

We may also disclose, without restriction, aggregated information about our users and information that does not identify any individual user. Our continued use of aggregated and de-identified data will comply with applicable law.

Your Rights

If you have any questions about how to access other Personal Information, or if you would like to correct or delete any Personal Information we collect and maintain, please contact us at support@rovihealth.com. We will accommodate requests as required by law. Otherwise, we will retain a record of your request, and your Personal Information will be maintained in accordance with this Privacy Policy and our data retention and deletion policies ("Retention Policies").

How we keep your Personal Information secure

We retain Personal Information as long as it is necessary and relevant for our operations. We also retain Personal Information from closed accounts to comply with applicable law, prevent fraud, resolve disputes, troubleshoot problems, assist with investigations, enforce our Terms of Service, and take other actions permitted by law. After it is no longer necessary for us to retain information, we dispose of it according to our Data Retention Policies.

We strive to use industry-standard data collection, storage, and processing practices and security measures, including data encryption in transit and at rest, to protect against any unauthorized access to, accidental loss of, or disclosure of your information. These safeguards may vary based on the sensitivity of the information that we collect and store. Except for Personal Information collected through the public-facing Website, all Personal Information is protected in accordance with HIPAA, the Notice of Privacy Practices, and any additional contractual requirements of Affiliated Providers.

Unfortunately, no security method or combination of methods is foolproof. We will always do our best and will work with third-party service providers that strive to do the same, but we cannot warrant or guarantee the absolute security of any Personal Information that may be transmitted to or from our Services. There is no guarantee that Personal Information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or administrative safeguards. Therefore, any transmission of Personal Information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Services or your computer or mobile device.

We are not responsible for any interception or interruption of any communications through the internet or for changes to or losses of data. You are responsible for maintaining the security of any password, user ID or other form of authentication involved in obtaining access to password protected or secure areas of our Services. To protect you and your data, we may suspend your use of any of the Services without notice, pending an investigation, if any breach of security is suspected. If you have reason to believe that the security of your Account has been compromised, please notify us immediately at support@rovihealth.com.

Please note that we will never send you an email requesting confidential information, such as account numbers, usernames, passwords, or Social Security Numbers.

In the event of a data or security breach, we will take the following actions: (i) promptly investigate the security incident, validate the root cause, and, where applicable, remediate any vulnerabilities within our control which may have given rise to the security incident; (ii) comply with laws and regulations directly applicable to us in connection with such security incident; (iii) as applicable, cooperate with any affected user in accordance with the terms of our contract with such user; (iv) document and record actions taken by us in connection with the security incident; and (v) conduct a post-incident review of the circumstances related to the incident and actions/recommendations taken to prevent similar security incidents in the future. We will notify you of any data or security breaches as required by and in accordance with applicable law.

Data Retention

We may retain your Personal Information for as long as necessary for our business purposes, or as required to comply with our legal obligations, resolve disputes, and enforce our agreements. We reserve the right to retain and use your information as necessary to provide our Services and fulfill our business operations. We may dispose of or delete any such information at our discretion, subject to any other agreement you may have with us or as required by applicable law.

Similarly, our Affiliated Providers may retain your Personal Information for periods they deem necessary for their operational purposes, to comply with their legal obligations, to resolve disputes, and to enforce their agreements. These Affiliated Providers may dispose of or delete your information in accordance with their own retention policies, except as otherwise outlined in any agreements you have with them or as required by law.

Children under the age of 18

The Services are not for persons under the age of 18 (collectively, "Minors"). Minors are not authorized to use the Services, or to provide any information through the Services. However, adult users may use the Services to manage the care for their dependents under the age of 18. We do not solicit or knowingly collect information from Minors, and if we become aware of any such information being collected, we will take immediate action to delete it. Should you become aware that we have collected Personal Information from a Minor, please contact us at support@rovihealth.com.

Jurisdiction and cross-border transfer

We are located in the United States. We may store and process your Personal Information in any country where we have facilities or in which we engage service providers. By using the Services, you understand that your information may be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country.

Contacting us

If you'd like to receive additional information about our privacy practices, have questions, or would like to make a request, you may contact us at the below email address.

Data Security Officer
Tarun Vallabhaneni, tarun@rovihealth.com