Privacy Policy
Last Updated: May 23, 2023
Recora, Inc. (“Recora” “we” “us”) is concerned about privacy issues and wants you to be familiar with how we collect, use and disclose information and does so in accordance with laws applicable to our business. This Privacy Policy describes our practices in connection with information that we collect through websites operated by us from which you are accessing this Privacy Policy (the “Website”), through the software applications made available by us to you for use on or through computers and mobile devices (the “Apps”), and through our social media pages that we control from which you are accessing this Privacy Policy, as well as through HTML-formatted email messages and SMS messages that we may send to you (all of the foregoing, collectively, the “Services”).
Personal Information
Personal Information We May Collect
“Personal Information” is information that identifies you as an individual or relates to an identifiable person, including, but not limited to: full name, email address, and personal health information. If you submit any Personal Information relating to other people to us or to our service providers in connection with the Services, you represent that you have the authority to do so and to permit us to use such Personal Information in accordance with this Privacy Policy.
How We May Collect Personal Information
We may collect Personal Information in a variety of ways, including:
- Through the Services: We may collect Personal Information directly from you through the Services (e.g., in connection with the interviews and questionnaires we make available to you through the Services (the “Surveys”) or when you register for an account).
- From Other Sources: We may receive your Personal Information from other sources with your consent or as permitted by applicable law, such as from your insurance or healthcare provider, public databases, and other third parties as described herein.
How We May Use and Disclose Your Personal Information
Recora may have an arrangement with your insurance or healthcare provider and under that arrangement may be permitted to use and disclose your Personal Information as directed by them, to provide the Services as described below:
- To respond to your inquiries, fulfill your requests, and send you communications that you request, such as the results of any Survey that you have taken.
- To send administrative information to you, for example, information regarding the Services and changes to our terms, conditions and policies.
- To personalize your experience on the Services, for example, by presenting Surveys and similar products to you.
- For our internal management and business purposes, such as data analysis, developing new services, enhancing, improving or modifying the Services, audits, fraud monitoring and prevention, identifying usage trends, but, in some cases that will be only to the extent such use of Personal Information is permitted or required by your insurance or healthcare provider.
- As we believe to be necessary or appropriate, and only as permitted under the Health Insurance Portability & Accountability Act and amendments thereto (HIPAA) or other applicable laws: (a) to comply with legal process; (b) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (c) to protect our operations or those of any of our affiliates, including in connection with investigating security incidents; or (d) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.
- For such other lawful purposes to which you consent.
Your Personal Information may be transferred or disclosed:
- To our third party service providers who assist us to provide the Services (such as website hosting, data analysis, information technology and related infrastructure provision, email delivery, auditing and other services), and with whom we have a contract that includes appropriate privacy obligations.
- To third parties, such as your insurance or healthcare provider, consistent with your instructions. For example, you may opt in to allow us to share your responses to and results of any Surveys.
- As we believe to be necessary or appropriate, and only as permitted under HIPAA and other applicable laws: (a) to comply with legal process; (b) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (c) to protect our operations or those of any of our affiliates, including in connection with investigating security incidents; or (d) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.
- For such other lawful purposes to which you consent.
- All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.
Other Information
Other Information We May Collect
“Other Information” is any information that does not reveal your specific identity or does not directly relate to an individual, such as:
- Browser and device information
- Apps usage data
- Information collected through cookies, pixel tags and other technologies
- General demographic information
- Aggregated information
If we are required to treat Other Information as Personal Information under applicable law, then we may use it for the purposes for which we use and disclose Personal Information as detailed in this Privacy Policy.
How We May Collect Other Information
We and our third party service providers may collect Other Information in a variety of ways, including:
- Through your browser or device: Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version and the name and version of the Services (such as the App) you are using. We use this information to ensure that the Services function properly.
- Through your use of the Apps: When you download and use the Apps, we and our service providers may track and collect usage data, such as the date and time the App on your device accesses our servers and what information and files have been downloaded to the App based on your device number.
- Using pixel tags and other similar technologies: Pixel tags (also known as web beacons and clear GIFs) may be used in connection with some Services to, among other things, track the actions of users of the Services (including email recipients), and compile statistics about usage of the Services and response rates.
- Analytics: We use Google Analytics, which uses cookies and similar technologies to collect and analyze information about use of the Services and report on activities and trends. This service may also collect information regarding the use of other websites, apps and online resources. You can learn about Google’s practices by going to https://www.google.com/policies/privacy, and opt out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.
- IP Address: Your IP address is a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP). An IP address may be identified and logged automatically in our server log files whenever a user accesses the Services, along with the time of the visit and the page(s) that were visited. Collecting IP addresses is standard practice and is done automatically by many websites, applications and other services. We use IP addresses for purposes such as calculating usage levels, diagnosing server problems and administering the Services. We may also derive your approximate location from your IP address.
- Physical Location: We may collect the physical location of your device by, for example, using satellite, cell phone tower or WiFi signals. We may use your device’s physical location to provide you with personalized location-based services and content. You may be permitted to allow or deny such use, but, if you do, we may not be able to provide you with the applicable personalized services and content.
- From you: Information such as your preferred means of communication is collected when you voluntarily provide it.
How We May Use and Disclose Other Information
We may use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law. In some instances, we may combine Other Information with Personal Information. If we do, we will treat the combined information as Personal Information as long as it is combined.
Third Party Services
This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any site or service to which the Services link. The inclusion of a link on the Services does not imply endorsement of the linked site or service by us or by our affiliates. In addition, we are not responsible for the information collection, use, disclosure or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including with respect to any Personal Information you disclose to other organizations through or in connection with the Services.
Security and Retention
We seek to use administrative, physical, and technical safeguards that are reasonable and appropriate for the protection of the Personal Information in our custody or control. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us in accordance with the “Contacting Us” section below. We will retain your Personal Information in a file specific to you at our offices and the data centers of our service providers. We will retain your Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law. As our operations are conducted from the U.S., all Personal Information that we collect is used and stored in the U.S., is subject to U.S. laws, and may be subject to disclosure to U.S. governments, courts or law enforcement or regulatory agencies pursuant to those laws.
Individual Rights
You may opt-out of receiving promotional communications as well as accessing, modifying or deleting your Personal Information from our database, as applicable, by contacting us at hello@recorahealth.com. In some cases, we may not be able to remove your Personal Information, in which case we will explain why we are unable to do so.
State Specific Rights
Your California, Colorado, Connecticut, Utah and Virginia Privacy Rights
If you are a resident of California, Colorado, Connecticut, Utah or Virginia, the law in your state provides you with the following rights with respect to your Personal Information:
- The right to know what Personal Information we have collected, used, disclosed, and sold about you, including the categories of Personal Information, the categories of sources from which the Personal Information is collected, the business or commercial purpose for collecting, selling, or sharing Personal Information, the categories of third parties to whom we disclose Personal Information, and the specific pieces of Personal Information we have collected about you.
- The right to obtain a copy of Personal Information we have obtained about you in a portable and, to the extent technically feasible, readily usable format.
- The right to correct inaccurate Personal Information about you, taking into account the nature of the Personal Information and the purposes of the processing.
- The right to request that we delete any Personal Information we have about you.
- If we deny your request, the right to appeal our decision.
Submitting Requests
If you are a resident of California, Colorado, Connecticut, Utah or Virginia, you may submit your requests to opt out, correct, delete, and/or to know/obtain Personal Information we have collected about you by contacting us at hello@recorahealth.com. We will respond to your request in compliance with the requirements of your state’s privacy law. In addition, as permitted under your state’s privacy law, you may appeal a decision we have made regarding your request by emailing us at hello@recorahealth.com and we will respond to your request in accordance with the timing requirements for such law.
You may permit an authorized agent to submit a request to know or to delete your Personal Information. If we receive a request on your behalf, we will ask that person to give us proof that you gave that person written permission to make a request for you. If that person does not provide us with written proof, we will deny their request so that we can protect your Personal Information.
Personal Information Collected by Us in the Preceding 12 Months
In the preceding twelve (12) months, we have disclosed the following categories of Personal Information for a business purpose:
- Identifiers: Name, residential address, Internet Protocol (IP) address, email address, or other similar identifiers
- Customer records information: Name, address, telephone number, medical information, health insurance information
- Characteristics of protected classifications under state or federal law: Race, gender identity, age
We disclose your Personal Information for a business purpose to the following categories of third parties:
- Service Providers: Cloud hosting, email delivery, medical record management, telehealth video platform, service desk management, platform usage analytics, business analytics, SMS delivery, log aggregation, geolocation
Sale of Personal Information
In the preceding twelve (12) months, we have not sold any Personal Information.
Updates to This Privacy Policy
We may change this Privacy Policy. The “Last Updated” legend at the top of this page indicates when this Privacy Policy was last revised. Any changes will become effective when we post the revised Privacy Policy on the Services. Your use of the Services following these changes means that you accept the revised Privacy Policy.
Contacting Us
If you have any questions about this Privacy Policy, please contact us at hello@recorahealth.com. Because email communications are not always secure, please do not include sensitive information in your emails to us.