Created: February 9, 2023
Coralis Health, LLC
Mobile Application Privacy Notice for Patients
At Coralis Health, LLC (“Coralis Health”, “Company”, “we”, “our” or “us”), we value your trust. We are committed to acting responsibly when we collect, use and protect your non-personal and personal information. Federal and state laws say that we must tell you how we collect, share and protect your personal information. This Privacy Notice (“Privacy Notice”) is designed to help you understand how we collect, use, share and safeguard the information you provide to us and to assist you in making informed decisions when using our application named Coralis Health for Patients (“App”).
This Privacy Notice describes:
- The types of information we may collect or that you may provide when you download, install, purchase a subscription to, register an account on, access or use our App for patients and/or caregivers (“Patients”) that provides Patients access to a directory of healthcare providers (“Providers”) and telehealth services in the areas of mental health and developmental behavioral pediatrics, care coordination and scheduling tools, interact with us, opt-in for in-App push notifications, participate in marketing emails, or engage with any pages, features, or content we own, operate and/or provide on the App (collectively with the App the “Services”).
- Our practices for collecting, using, maintaining, protecting, and disclosing that information.
In this Privacy Notice, “you” and “your” refers to caregivers and/or patients who are at least eighteen (18) years of age that purchase a subscription to, register an account on, or use the App. You represent and warrant that you are at least eighteen (18) years of age and will use and access the Services in accordance with this Privacy Notice, and if applicable, will be responsible for ensuring that you are legally authorized to share data of a minor if a sub-account is created in order for them to receive Services through the App, and/or if applicable, will be responsible for ensuring that any minor authorized by you, if you are the parent or guardian, to use and access the App does so with your supervision and in accordance with applicable Terms of Service.
For information about how Coralis Health may use and disclose your medical information, including information that is provided through the App, how Patients can get access to this information and other rights under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), please review our Notice of Privacy Practices (“Notice”) here.
By accessing and using the Services, you consent to our collection, storage, use and disclosure of your information as described in this Privacy Notice. The Services are intended for users located in the United States only, and you hereby expressly acknowledge and agree that if you are accessing and/or using the Services that you reside in the United States and will only access and/or use the Services in the United States. The use of the App is subject to the Terms of Service for Patients located here.
This Privacy Notice applies only to information we collect in our App, information we receive from service providers, collect in email, ,and other electronic communications sent through, or in connection with the App.
This Privacy Notice DOES NOT apply to information that:
- We collect offline or on any other Company apps or websites, including websites you may access through our App.
- You provide to or is collected by any third-party service provider UNLESS SPECIFICALLY DISCLOSED IN THIS PRIVACY NOTICE (see “How We Share Your Personal Information”).
Our websites and apps, and these other third parties may have their own privacy policies, which we encourage you to read before providing information on or through them.
Please read this Privacy Notice carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, do not download, register for an account on, or otherwise use our App. This Privacy Notice may change from time to time (see “Changes to This Privacy Notice” below). Your continued use of our App after we revise this Privacy Notice means you accept those changes, so please check this Privacy Notice periodically for updates.
Children Under the Age of 13
The Children’s Online Privacy Protection Act (“COPPA”) requires that online service providers get parental consent before they knowingly collect personally identifiable information online from children under the age of thirteen (13). Our App is not designed for children under 13, and we do not intentionally or knowingly collect Personal Information from users who are under the age of 13 or from other websites or services directed at children. If we discover that a child under 13 has provided us with Personal Information, we will delete such information. If you are under eighteen (18) years of age, you may use the App only with the involvement of a parent or guardian. If you believe that a child under the age of 13 may have provided us Personal Information without the proper consent of a parent or a guardian, please contact us at firstname.lastname@example.org.
Types of Data We Collect
We collect “Non-Personal Information” and “Personal Information” and the information we collect from you depends on how you use the Services. “Non-Personal Information” includes information that cannot be used to personally identify you, such as anonymous usage data, general demographic information we may collect, referring/exit pages and URLs, platform types, preferences you submit and preferences that are generated based on the data you submit and number of clicks. “Personal Information” means data that allows someone to identify or contact you, including, for example, your name, address, telephone number, email address, as well as any other non-public information about you that is associated with or linked to any of the foregoing data. This includes:
|Types of Data that we may process
|Primary Purpose for Collection and Use Data
|App User Information with or without an account
|We collect your first and last name and email address if you contact us.
|We have a legitimate interest in contacting our customers and communicating with them in relation to the Services.
|Account Information and Scheduling of Consultations
|We collect your name, email address, phone number, home address, including the patient’s zip code and state if you schedule a consultation, login, and password information if you set up a membership account through the App. If you schedule a consultation for a child through the Services, we will collect their date of birth from you.
|We have a legitimate interest in contacting our customers and communicating with them in relation to the Services and providing the Services. The patient’s phone number, zip code and state information are also needed for legal and compliance purposes in order for us and our Providers to determine if we can provide the requested services including telehealth services, in that location.
|We collect JWT token, profile images and user’s basic profile information.
|We use App cache to make the Services operate efficiently and to analyze App performance for the purpose of improvement. To clear your App cache, please refer your iPhone or Android device’s instructions for clearing the cache.
|We collect Personal Information from you contained in any inquiry you submit to us regarding the Services, such as calling or emailing for the purposes of general inquiries, support requests, or to report an issue. When you communicate with us over the phone, your calls may be recorded and analyzed for training, quality control and for sales and marketing purposes. During such calls we will notify you of the recording via either voice prompt or script and advise you of our privacy policies.
|We have a legitimate interest in receiving, and acting upon, your feedback, issues, or inquiries.
|We collect information from your mobile device such as unique identifying information broadcast from your device when using the Services.
|We have a legitimate interest in identifying unique visitors, and in understanding how users interact with us on their mobile devices.
|We use technology to monitor how you interact with the Services. This may include: IP addresses, preferences, app screens you visited prior to using the Services, information about your network, device (version, operating system, internet service provider, preference settings, unique device IDs and language and other regional settings), information about how you interact with the Services (such as timestamps, clicks, scrolling, app screen times, searches, transactions, referral pages, load times, and problems you may encounter, such as loading errors).
|We have a legitimate interest in understanding how you interact with the Services to better improve the Services, and to understand your preferences and interests and to select offerings that you might find most useful. We also have a legitimate interest in detecting and preventing fraud.
|We collect transactional information, including information about the products and services you purchase or download or about which you make an inquiry.
|We have a legitimate interest in our customers’ transactional information to fulfil contractual obligations related to Services. We also have a legitimate interest in understanding your preferences and interests so we could select offerings that you might find most useful.
|We collect information, including your app screen, operating system, Internet Protocol (“IP”) address (a number that is automatically assigned to a computer when the Internet is used), domain name, click-activity, referring website, and/or a date/time stamp for visitors.
|We have a legitimate interest in monitoring networks and the visitors to our App and access and use of the Services to provide the Services and enhance the Services.
|We collect Personal Information, such as location including patient’s zip code and state, and date of birth if you schedule a consultation.
|The patient’s zip code and state information are needed for legal and compliance purposes in order for us and our Providers to determine if we can provide the requested services including telehealth services, in that location. We also have a legitimate interest in understanding our users and providing tailored Services.
|When you use our App and Services we collect your location from the GPS, Wi-Fi, and/or cellular technology in your device to determine your location to better serve you.
|We have a legitimate interest in understanding our users and providing tailored Services. In some contexts, our use is also based upon your consent to provide us with geo- location information.
See the “Integrations and Third-Party Services” section below to learn more about how your information may be shared with us and Providers by our integration partners for the purpose of Patient care coordination on our apps.
Information You Provide to Us
- We collect Personal Information from you such as your first and last name, e-mail, mailing address, phone number, username, password when you choose to subscribe to our Services and set up an account on the App; the patient’s phone number, zip code, state and date of birth if you schedule a consultation through the Services. If you provide us feedback or contact us via email, we may collect your name, if stated, and email address, as well as any other content included in the email, in order to send you a reply.
- We will maintain the information you send via email in accordance with applicable federal law.
- You agree not to include any protected health information (“PHI”), or electronic protected health information (“e-PHI”) which is a subset of PHI, (collectively referred to hereinafter as PHI) as such terms are used in the Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Rule (“HIPAA Information”), in any communications over email, telephone, fax or any other non-secure messaging system. Only communicate HIPAA Information over secure messaging systems via the App and/or a third-party service provider’s secure system and only to your healthcare provider or Provider who has provided you with prior notice of his/her privacy practices pursuant to HIPAA.
- In compliance with the CAN-SPAM Act, all emails sent from our organization will clearly state who the email is from and provide clear information on how to contact the sender. In addition, all email messages will also contain concise information on how to remove yourself from our mailing list so that you receive no further e-mail communication from us.
Collected via Technology
- In an effort to improve the quality of the Services, we reserve the right to track information provided to us by our software application when you view or use the Services, such as app screens you visited prior to using the Services, the device from which you connected to the Services, the time and date of access, and other information that does not personally identify you.
- For information we collect from third party integrated services, please see ‘” section below.
- We reserve the right to use technological equivalents of Cookies, including social media pixels. These pixels allow social media sites to track visitors to outside websites so as to tailor advertising messages users see while visiting that social media website. We reserve the right to use these pixels in compliance with the policies of the various social media sites.
- Some content or applications on the Services are served by third parties, including content providers, and application providers. These third parties may use beacons or other tracking technologies to collect information about you when you use our Services. The information they collect may be associated with your Personal Information or they may collect information, including Personal Information, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content. We do not control these third parties’ tracking technologies or how they may be used and we are not liable for any third party providers, acts or omissions. If you have any questions about an advertisement or other targeted content, you should contact the third party provider directly.
Use of Your Personal Information
In general, Personal Information you submit to us is used either to respond to requests that you make, or to aid us in serving you better. We use your Personal Information in the following ways:
- to facilitate the creation of and secure your in-App account;
- to provide you the Services as you requested;
- to identify you as a Patient in our system;
- to provide improved administration of the Services;
- to improve the quality of experience when you interact with the Services;
- to send you administrative email notifications, such as security or support and maintenance advisories;
- to give you notices about your subscription, including expiration and renewal notices;
- carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including billing and collection;
- to respond to your inquiries or requests;
- to send in-App push notifications if you opt-in to receive them;
- to perform data analysis;
- to send you direct marketing emails, if applicable;
- to comply with legal obligations, as part of our general business operations, and for other business administration purposes;
- to notify you when App updates are available, and of changes to any products or services we offer or provide through it;
- The usage information we collect helps us to improve our App and to deliver a better and more personalized experience by enabling us to:
- Estimate our audience size and usage patterns.
- Store information about your preferences, allowing us to customize our Services according to your individual interests.
- Speed up your searches.
- Recognize you when you use the App; and
- in very limited circumstances where we believe necessary to investigate, prevent or act regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or violations of this Privacy Notice.
Use of Non-Personal Information
In general, we use Non-Personal Information to help us improve the Services and customize the user experience. We also aggregate Non-Personal Information in order to track trends and analyze use patterns on the Services. This Privacy Notice does not limit in any way our use or disclosure of Non-Personal Information and we reserve the right to use and disclose such Non-Personal Information to our partners, advertisers and other third parties at our discretion.
How We Share Your Personal Information
As a general rule, we do not sell, rent, lease or otherwise transfer any information collected either automatically or through your voluntary action. We may disclose your Personal Information as described below and as described elsewhere in this Privacy Notice.
Providers. We share your Personal Information, such as your zip code and state, with Providers to determine if they can provide the requested services including telehealth services, in that area.
Third Party Service Providers. We may share your Personal Information with third party service providers to provide you with the Services that we offer you; to conduct quality assurance testing; to run data analysis; to facilitate creation of accounts; to provide technical support; and/or to provide future Services to you. When required by HIPAA, we have business associate agreements (“BAA”) with our third-party service providers to provide for the safeguarding of PHI that is received or created on our behalf. The third-party service providers we are engaged with and/or third-party products and/or services we use to provide the Services include without limitation:
Integrations and Third-Party Services. We integrate third-party Application Programming Interface (“API”) in connection with the Services that we offer you. User data collected via the API is subject to the privacy policies of those third parties and Coralis Health does not own or control those third parties. The API third-party partners include:
Payment Processors. Our payment processors, Google Pay and Apple Pay, process your in-App purchases directly. We do not process any of your payment information. To learn more about the payment processors we use and their policies related to privacy, learn more at:
Google Pay Privacy; for the purpose of payment processing.
Apple Pay Privacy; for the purpose of payment processing.
Business Transfers. If (i) Coralis Health is acquired by, merges with, or receives investment from another company or (ii) if any of the Coralis Health’s assets are or may be transferred to another company, whether as part of a bankruptcy or insolvency proceeding or otherwise, we may transfer the information we have collected from you to the other company. As part of the business transfer process, we may share certain of your Personal Information with lenders, auditors, attorneys and consultants.
Other Disclosures. Regardless of any choices you make regarding your Personal Information (as described below), we may disclose Personal Information if it believes in good faith that such disclosure is necessary (a) in connection with any legal investigation; (b) to comply with relevant laws or to respond to subpoenas or warrants served on us; (c) to protect or defend our rights or property, or the rights or property of users of the Services; (d) to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person and/or (e) to investigate or assist in preventing any violation or potential violation of the law, this Privacy Notice, or any agreements you may have with us, as applicable.
Links to Third Party Websites and Third Party Providers
Managing Your Subscription
If you purchase a subscription to the Provider directory, or any other in-App subscription through the Apple App Store or Google Play, you can add, change and/or cancel your subscription(s) by clicking here for Apple Store and here for Google Play. Changes to your subscription(s) will take place at the end of your current subscription period and as further described in the Terms of Service for Patients located here.
Your Rights and Choices Regarding Your Personal Information
If applicable privacy laws allow, you may have rights over your Personal Information. This includes, but is not limited to:
- Right to Know. You have the right to request disclosure about our Personal Information collection practices during the prior 12 months, including the categories of Personal Information we collected, the sources of the information, our business purposes for collecting or sharing the information and the categories of third parties with whom we shared such information. You may request a copy of the specific pieces of Personal Information we may have collected about you in the last 12 months.
- Right to Delete. You may request that we delete (and direct our service providers to delete) your Personal Information, subject to certain exceptions.
- Right to Opt-Out. You have the right to opt-out of any ‘sales’ of your Personal Information, if a business is selling your information. For clarity, we do not sell your Personal Information.
- Non-Discrimination. You have the right to not be discriminated against for exercising these rights.
You can make the following choices regarding your Personal Information:
- Access To Your Personal Information. You may request access to your Personal Information by contacting us at the address below. If required by law, upon request, we will grant you reasonable access to the Personal Information that we have about you. We will provide this information in a portable format, if required. Note that California residents may be entitled to ask us for a notice describing what categories of Personal Information (if any) we share with third parties or affiliates for direct marketing.
- Changes To Your Personal Information. We rely on you to update and correct your Personal Information. Please contact us at the address below immediately if there are any changes to your Personal Information. Note that we may keep historical information in our backup files as permitted by law.
- Deletion Of Your Personal Information. Typically, we retain your Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Notice, unless a longer retention period is required or permitted by law, or as otherwise described in this Privacy Notice. You may, however, request information about how long we keep a specific type of information, or request that we delete your Personal Information by contacting us at the address below. If required by law we will grant a request to delete information, but you should note that in many situations we must keep your Personal Information to comply with our legal obligations, resolve disputes, enforce our agreements, or for another one of our business purposes.
- Deleting your in-App Account. If you wish to delete your in-App account, you may do so by selecting “Delete My Account” on your profile page. Deleting your Coralis Health account in-App will:
- Sign you out immediately
- Remove or anonymize any identifiable user information
- Remove your email from our mailing lists.
IMPORTANT: Legal requirements may compel us to maintain your account or digital health records associated with your account. If you choose to delete your account before the expiry of your subscription date we will retain your Personal Information as described below in the “How We Retain Your Personal Information” section of this Privacy Notice.
You will receive an email when account deletion is completed.
- Objection to Certain Processing. You may object to our use or disclosure of your Personal Information by contacting us at the address below.
- Online Tracking. You may select “Ask App Not to Track” on your iPhone or Android device.
- Revocation Of Consent. If you revoke your consent for the processing of Personal Information, then we may no longer be able to provide you Services. In some cases, we may limit or deny your request to revoke consent if the law permits or requires us to do so, or if we are unable to adequately verify your identity. You may revoke consent to processing (where such processing is based upon consent) by contacting us at the address below.
Security of Your Personal Information and Personal Data
We implement security measures designed to protect your information from unauthorized access, alteration, disclosure and/or destruction. Because the internet is not a completely secure environment, we cannot warrant the security of any information a user transmits to us or guarantee that information on the Services may not be accessed, disclosed, altered, and/or destroyed by breach of any of our physical, technical and/or managerial safeguards. Any account you have on our App is protected by your account password and we urge you to take steps to keep your Personal Information safe by not disclosing your password and by logging out of your account after each use. We further protect your information from potential security breaches by implementing certain technological security measures; however, these measures do not guarantee that your information will not be accessed, disclosed, altered or destroyed by breach of such firewalls and secure server software. While we use reasonable efforts to protect your Personal Information, we cannot guarantee the Services are absolutely secure.
How We Retain Your Personal Information
We will retain your Personal Information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. The precise periods for which we keep your Personal Information vary depending on the nature of the information and why we need it but typically, we retain your Personal Information for 1 (one) month within our database. To determine the appropriate retention period for Personal Information, we consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorized use and/or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymize your Personal Information (so that it can no longer be associated with a user) for research or statistical purposes in which case we may use this information indefinitely without further notice. We may retain information (including without limitation your personally identifiable information) for a commercially reasonable time for backup, archival, audit purposes, and/or to comply with legal obligations, resolve disputes and enforce agreements. In some cases, if you choose not to provide us with requested information, you may not be able to use the Services. You can request further details of retention periods for different aspects of your Personal Information by contacting us.
Please note that in the course of providing the Services, we collect and maintain aggregated, anonymized, or de-personalized information which we may retain indefinitely.
For data retention policies of your in-App subscriptions purchased directly through the Apple App Store or Google Play, or your AthenaHealth related account services, please refer to their respective terms and conditions and privacy policies.
If you are visually impaired, you may access this Privacy Notice through your browser’s audio reader.
Changes to This Privacy Notice
We reserve the right to change this Privacy Notice or any agreement you entered into with Coralis Health from time to time. We will notify you of significant changes to this Privacy Notice by placing a prominent notice on the App and will change the “Created” or “last updated”, as the case may be, date listed above. Significant changes will go into effect thirty (30) days following such notification. Non-material changes or clarifications will take effect immediately. You should periodically check the App and this Privacy Notice for updates.
Coralis Health is located in the United States. The Services are hosted in, provided from the United States, and intended for those that reside in the United States. Personal information that you submit through the Services may be transferred outside of the jurisdiction in which you live. We also store Personal Information such as user login and profile information locally on the devices you use to access the Services. Your Personal Information may be transferred to other jurisdictions that do not have the same data protection laws as the jurisdiction in which you initially provided the information. The following provisions may apply to you depending on where you are located.
This notice is provided to you pursuant to state law. Nevada state privacy laws permit us to make marketing calls to existing users, but if you prefer not to receive marketing calls, you may be placed on our internal opt-out list by emailing us at email@example.com or you may also contact the Nevada Bureau of Consumer Protection, Office of the Nevada Attorney General, 555 E. Washington St., Ste 3900, Las Vegas, NV 89101; telephone 702-486-3132; email: AGCinfo@ag.nv.gov. We do not make marketing calls to existing users.
In accordance with Vermont law, we will not share information we collect about you with companies outside of Coralis Health except as described herein, or otherwise required or permitted by law.
This Section is only applicable to you if you are a resident of the state of Virginia (“Virginia Residents”). If you have a complaint, first contact us at firstname.lastname@example.org . We will respond within 45 days after receipt of your request, and such time may be extended for an additional 45 days if it is reasonably necessary. We will notify you of any extension within the initial 45-day period. If you are not satisfied with our responses, you have the right to appeal. We will respond within 60 days of receipt of your appeal. If you still have an unresolved complaint, please direct your complaint to the Virginia Attorney General at email@example.com or call (804)786-2071.
At this time, California Privacy laws (California Consumer Privacy Act, California Privacy Rights Act) do not apply to us, but we will still protect your Personal Information as outlined in this Privacy Notice. If you feel this is incorrect, please contact us at firstname.lastname@example.org .
If you have any questions, comments, or complaints concerning our privacy practices, please contact us by sending an email to email@example.com, calling us at (708)722-6061 or send correspondence via mail to:
Coralis Health, LLC
47 W Division St, #360
Chicago, IL 60610
We will attempt to respond to your request and to provide you with additional privacy-related information.
If possible, please provide a hyperlink to that section of PN.