Last Updated: June 4, 2021

Say Health, LLC (“Say Health,” “we,” or “our”) takes our customers’ (“you” or “your”) privacy seriously, and we are conscious about how we handle your data. Your use of Say Health’s mobile applications and web-based tools (collectively, our “Services”) and your participation are voluntary. This set of policies covers what types of information (the “Data”) our Services collect, how we store the Data, how we use the Data, and how we may share the Data.

Consent of use of Personal Information

By using our Services, you acknowledge that you accept the practices and policies outlined here. You also consent to allow us to collect, use, and share your information as described in this privacy policy.

Our Services are not designed to deliver medical care nor intended to be professional medical advice or a substitute for such advice in order to; diagnose, treat, cure, or prevent any health conditions. You should not rely on our Services as such. You should always seek the advice of physicians or other qualified health care providers if you have questions about any medical condition or any information you receive from our Services. Do not ignore or delay obtaining professional medical advice because of any information or other content you get from our Services.

Who We Are

Say Health is a technology service company providing solutions to the health insurance industry. Our Services enable a customer to allow us to access your health information and medical records via the “right of access” granted to you under the Health Insurance Portability and Accountability Act (“HIPAA”).

Information that We Collect

Personal Information Defined

As used in this Privacy Policy, “Personal Information” means any information that can be used to identify you or a member of your family or household. Personal information includes, among other things, your name, address, email address, and telephone number. It may also include your IP address or the hardware address from one or more of your devices.

Information that You Provide to Us

Account Information

We collect your “Personal Information” when you register for a Say Health account and during your use of our Services. For account setup and maintenance, we will request Personal Information from you. Your name, address, email address, phone numbers, birth date, medical or health plan record numbers, and information about your medical providers and health plans are among the types of account information that may be collected, as applicable or permitted by law. We’ll tell you when requesting some data if it is optional or required at the time of collection to access our Services.

Protected Health Information

We collect Protected Health Information (“PHI”) that originates from the health plans or business associates that pay for your access to our Services. You may also provide us with PHI (as defined under HIPAA) or authorize us to obtain PHI from third parties. PHI may include:

  • PHI that might be contained in electronic health or medical records (including medications)
  • Medicare claims and encounter data
  • You are responsible for determining the uses and disclosures of your PHI and the potential impact such uses and disclosures might have on your family members when it involves data regarding genetic and family health histories.
  • PHI may contain data about your health status, the use of health care services, or the payment for health care by you or by others in your family.

Your Information

Personal Information and Protected Health Information are referred to collectively as “Your Information.” If we need to obtain Your Information from a third party, we will ask for your consent first.

Information that we automatically collect

Non-Personal Information

We collect non-personal information that does not identify you or members of your family or household personally. Non-personal information like your operating system, device type, or date/time stamp for your visit.

User Content

We collect information related to the user usage of our Services. Such as authentication tokens you use to link your account with patient portals, health plan member portals, or connected health applications to our Services. When you authorize us to retrieve and import information from business associates, vendors, or other third parties on your behalf, we collect information on your behalf.

Third-party sources

We may collect information about you from partners, service providers, and other third parties and combine it with information we already have. If you interact with our third-party partners (such as analytics service providers), we automatically log certain non-personal information such as IP address, device type, operating system, and date/time stamps. We also collect and store analytics data to aid in the improvement of our Services. Our third-party service providers may collect information about your online activities over time and across other websites and apps.

Location Information

We may collect information about your location through your smartphone or Alexa device or use similar capabilities to bring you a better user experience.

Cookies

We collect information about your use of our Services through various technologies, including cookies and other tracking methods. We collect this information to make it easier for you to access and use our Services and improve our overall service. We use these technologies to retain user preferences, save session settings and activity, assist users in authenticating their access, allow users to auto-fill pages of websites they often visit, and to troubleshoot and assess our website’s performance. Our system ignores Do-not-track requests. When using our Services, you may be able to disable some tracking and cookies and adjust browser settings to block and delete cookies, although this may or may not impact their performance.

How We Use Your Data

We may use your Personal Information in the following instances:

  • To respond to your inquiries,
  • To provide you with content you have requested;
  • To administer your account;
  • To understand what features of our services are most popular;
  • To identify users who may need additional training or support;
  • To send you information that we believe may interest you;
  • To invite you to provide feedback on our services;
  • For our business purposes, such as data analysis, audits, fraud monitoring, fraud prevention, and development.
  • As deemed necessary to protect our legal rights and our property, protect other users or any third party, or prevent personal injury or loss.

How We Share the Information We Collect

  • Your Consent: We will share Your Information with companies, organizations, or individuals outside of Say Health only when we have your prior consent to do so, except as otherwise specified herein.
  • Compliance with laws and protection of our rights: If required by law, we may share anonymized data to the United States Department of Health and Human Services agencies, the Office for Human Research Protections, and other agencies or courts as required by law.
  • Aggregate or non-identifying data: We may combine Your Information without identifying information (stripping out information such as name, DOB, and email address) with others’ data (also without identifying information) for quality improvement initiatives our Services.
  • Vendors and other third parties: When we work with third parties who provide services on our behalf, we take steps to limit the personally identifiable information provided to them. The information shared is reasonably necessary for them to perform the functions for the allowable purposes listed above. We require them to agree to handle and process the information per our instructions and maintain the Data’s security and confidentiality by applying appropriate organizational and technical safeguards.
  • Sale of the Business: We reserve the right to disclose and otherwise transfer your Data to an acquirer, successor, or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, or in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets, to the extent and in the way as prescribed by applicable law.

Except as described in this privacy policy, we will not sell, rent, lease, give away, disclose or share your contact information, and will not disclose Your Information we collect through our Services without your consent. Information collected by our Services will not be shared with or sold for advertising purposes.

How We Secure Your Data

Say Health has implemented appropriate safeguards to prevent unlawful use or disclosure of Your information. These include administrative, physical, and technical security safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of information we receive, maintain, or transmit. Nevertheless, while the security of Your Information is of tremendous importance to us, no data transmission (over the internet or any wireless network) or method of electronic storage can be guaranteed to be 100% secure. In the event of a security breach, We will notify affected individuals, regulatory authorities, and others consistent with requirements under federal law, state law, and contractual obligations.

Information retention

Say Health’s collection, use, and disclosure of information are generally governed by this Privacy Policy and by Federal Law, including HIPAA. Information acquired to provide our Services to our customers is retained only for as long as we have a valid business purpose and in accordance with applicable laws. Say Health may retain Your Information as necessary to comply with legal obligations, resolve disputes, enforce our agreements, and other authorized uses under this Privacy Policy. Upon termination of your account, you can request deletion of Your Information. For user accounts that have been dormant for an extended time, we will contact individuals directly before removing the account and associated health information. Please note that closing your account affects only Your Information that is stored on Say Health servers if you are an individual user. It does not affect, alter or accomplish the deletion of any of Your Information that is stored or maintained on other systems, such as those of your healthcare providers or other third parties that may have, with your permission, provided us with Your Information. Say Health will indefinitely store Non-Personal Information.

Information you can access and modify

Some of the Data collected can be viewed, edited, and shared using our Services.

You can remove your account and stop using our Services at any time by utilizing the delete account feature and uninstalling our Services or contacting us at support@say.health. We will stop collecting new data from you after your account is terminated from our Services, but the previously submitted data will not be discarded or deleted.

By logging into your account and changing your profile information, you can make changes to the information you’ve provided. By contacting support@say.health, you can stop using our Services and prevent Say Health from using Your Information. Say Health will destroy all of your PHI from our data repositories if you withdraw your consent to use Your Information. Your Personal Information, on the other hand, may be kept in our backup files for up to a year and in our audit files for more extended periods, per federal and state regulations.

Please be aware that copies of the information you’ve updated, edited, or deleted may persist for some time in cached and archived pages of the site or application. You may also contact us directly at support@say.health if you want to review, update, modify, remove, or otherwise limit our use of Your Information that you have already supplied to us. Although we will make reasonable attempts to do so, it is possible that we will not be able to erase every record of Your Information from our systems due to technological limitations. We must back up our systems to protect information from accidental loss; a copy of Your Information may exist in a non-erasable form that will be difficult or impossible for us to identify and remove.

You will not be able to view, edit, or delete information that you have shared with another user or a third party through our Services. You’ll need to make direct contact with the other user or third party. You will also be unable to view, edit, or remove information submitted by another user of our website or services that identifies you.

Furthermore, we may be required to retain such information indefinitely under applicable laws or regulations. For disaster recovery and business continuity purposes, we also keep copies of data held by our website for indeterminate lengths of time.

Children’s Privacy

We do not intentionally collect or maintain personal information from children under thirteen years of age. None of our Services are intended for anybody under the age of thirteen.

International Users

Our Services are hosted in the United States and are solely intended for users located within the United States and its territories. No one located outside of the United States should access our Services or provide us with personal information.

Third-Party Websites

We are not responsible for the practices of websites that link to or from ours, nor for the information or content contained therein. Links to other websites are frequently offered only as references to material on issues that our users may find helpful. Please keep in mind that our Privacy Policy no longer applies when you click on a link from our site to another site. Your interaction on any other website, including websites to which we provide a link, is subject to the rules and policies of that website. Before proceeding, please review their regulations and policies.

Protection of Your Personal Information

We have implemented appropriate organizational, technical, and administrative measures to protect Personal Information within our organization, including security controls to prevent unauthorized access to our systems. While we take reasonable steps to secure your Personal Information from loss, misuse, interference, unauthorized access, modification, and disclosure, please understand that no security procedures or protocols are ever guaranteed.

The safety and security of Your Information also depends on you; You are responsible for keeping all passwords that allow you to access our Services confidential.

Limitations and Terms Related To Your Use of our Services

When you download our Services, you receive a non-exclusive, non-transferable, non-assignable license (without the right to sublicense) to install and use one copy of our Services solely for your personal, non-commercial use to connect with our Services community. You must own or control the device on which you download our Services. By downloading and using our Services, you agree that you will not do anything to interfere with or disrupt our Services’ operation. You agree to provide only accurate and current information through our Services and will not impersonate anyone else in your use of our Services. You further agree not to transmit content that you do not have the right to transmit or infringe the rights of any party, and you agree to use our Services in compliance with all applicable laws. You understand that our Services or portions may be subject to patent, copyright, trademark, and other intellectual property protection. The ownership of the software and other intellectual property related to our Services and the goodwill associated in addition to that remains with Say Health. You agree that any improvements or other changes to our Services are the property of Say Health.

To the maximum extent permitted by law, our Services are provided “As Is” and “As Available,” with all faults and without warranty of any kind, and Say Health and its licensors disclaim all warranties, either implied or statutory, including, but not limited to, the implied warranties of merchantability, satisfactory quality, fitness for a particular purpose, accuracy, quiet enjoyment, and non-infringement of third party rights. To the extent not prohibited by applicable law, in no event shall Say Health be liable for personal injury or any incidental, special, indirect, or consequential damages whatsoever arising out of or related to your use or inability to use our Services.

Mergers, Acquisitions, and Other Business Transactions

Say Health may decide to sell, buy, merge, or otherwise reorganize our business. If that occurs, Say Health will notify you via email or a prominent notice on our websites of any ownership change and any changes in the use of your Data. These transactions may involve disclosing personal information to prospective or actual purchasers or receiving it from sellers. We seek appropriate protection for Personal Information in these types of transactions.

Changes to this Privacy Policy

We may need to update this Privacy Policy from time to time. Say Health will post any changes on our website or within the application.

How to Contact Us

If you have any questions, comments, or requests regarding this policy or our data handling, please email us at support@say.health.