Membership Privacy Policy

December 15, 2022 – Description of Changes: Added language related to Allay Health’s subscription tele-nutritionist offering.

Note: This privacy policy applies to our collection, use, and disclosure of data received or created due to your access to and use of certain items provided by us, Allay Health, Inc. (referred to here as “Allay,” “we,” “us,” or “our”). These items consist of our website at https://www.allayhealth.net/ (the “Site”), the Allay mobile application (the “Application”), and any services we provide to you. The Site, Application, and any services are referred to collectively as the “Services.”

Your Consent

By accessing or using the Services, you are consenting to our processing of the information described in this Privacy Policy. “Processing,” means using cookies on a computer or mobile device or using or touching information in any way, including, but not limited to, collecting, storing, deleting, using, combining, and disclosing information. Information processed by the Services will be transferred, processed, and stored in accordance with United States state and federal law, as well as law and regulation of regions where our Services are available.

What information is collected by the Services and how is it used?

We collect personal information (such as your name, mailing address, email address and phone number) from you when you download and log into the Application and/or submit information to us through the Site (“User Information”). We keep User Information to provide you with the Services. For us to provide you with the Services, it is required that we collect the User Information.

We collect your User Information, including but not limited to, health and wellness information, current and prior diseases, ailments, inputs from user surveys, synced devices, etc., as part of the Services workflow (“Application Information”). Application Information may include clinical information (such as height and weight, current disease information, symptom history and other medical data related to your health) and non-clinical lifestyle information (such as eating habits and exercise activity). Allay will only use this information as it relates to providing the Services.

In addition, the Site and Application may collect certain information automatically, such as the type of mobile device you use, your mobile device’s unique device ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browsers you use, and information about your use of the Application (“Usage Data”). Usage Data will be used by us either individually or in aggregated form to enhance and improve the Application.

A note about Cookies: Cookies are pieces of information stored directly on the device that you are using. Cookies allow us to collect information such as browser type, time spent on our Website or Application, pages visited, language preferences, and other traffic data. We and our service providers use the information for security purposes, to facilitate navigation, to display information more effectively, and to personalize your experience while using the Website and Application. We also use cookies to gather statistical information about use of the Website and Application in order to continually improve their design and functionality, to understand how they are used, and to assist us with resolving questions regarding them.

We may also use cookies for marketing purposes. Among other uses, these cookies limit the number of times you may see our advertisements and help us measure the effectiveness of our outreach campaigns. The advertising or social media networks that we work with place these cookies on our behalf. They may track that you have visited this Website, and we then share this information with the advertising network, either automatically, or manually (this practice is sometimes referred to as “retargeting”). We may work with advertising networks, and more information about their policies, and how you can customize or opt out of certain types of ads, are available by contacting us at: hello@allayhealth.net.

We may use information that we collect from you to contact you or send you information, for example, to send you our newsletters, marketing or promotional materials, and other information that we think may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or the instructions provided in any email we send.

Do third parties see and/or have access to information obtained by the Services?

User Information and Usage Data may be shared with the third-party service providers who host and support the application on our behalf. Third party service providers may use Usage Data or other User Information according to the terms of their own terms of use or privacy notices. We do not have any control over the use of User Information by third party service providers.

What are my opt-out rights?

If you do not wish to receive marketing emails from us, you can opt out of future marketing emails by following the instructions provided in the marketing emails. Opting out of marketing emails will not affect our administrative emails to you (e.g., emails about your transactions or policy changes).

Data retention policy

We retain personal information about you for as long as you use the Site, Application, or consume the Services, and for a reasonable period after you stop using the Application. We use and retain Usage Data, in both individualized and/or in aggregate form, indefinitely. We may de-identify User Information and such de-identified versions will be our property. We may use and disclose such de-identified data for any lawful purpose.

HIPAA and Your Protected Health Information (“PHI”)

If you are enrolled in our subscription tele-nutritionist offering, you understand that we will have access to certain information collected or created about you by Modulla Health, our licensed nutritionist partner. Information received by us from Modulla is known as “protected health information” or “PHI” and is regulated by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Any PHI we obtain about you will be considered User Information as defined in this Privacy Policy.

While all of your personal information is sensitive and needs to be protected, special rules apply to our use of PHI. We will only use PHI in accordance with the “Patient Request for Health Information” form that you agreed to when you subscribed to our tele-nutritionist offering. You also understand that we may de-identify PHI as long as our deidentification methods comply with the HIPAA Rules. We will de-identify PHI in a way that leaves no reasonable basis for identifying you as the source of the PHI. Once de-identified, we may use the de-identified information for any lawful purpose, such as improving our products or services, or conducting research.

You may revoke your authorization for us to have access to your PHI at any time. While revoking our access to your PHI in no way prevents you from continuing to receive services from Modulla, you understand that you will be unable to continue participating in Allay’s subscription offering unless we have access to your PHI, because we use your PHI to provide you with reports and insights through our App.

Your Personal Information Rights

You may request information regarding our use of your personal information by emailing us at hello@allayhealth.net. We will make commercially reasonable efforts to respond to any request we receive, about personal information and will comply with all legal requirements. We may need to verify your identity before acting on your request. Requests may include:

1. You may request to review and obtain a copy of your personal information we keep. We will provide a copy or a summary of your information, usually within 30 days of your request. We may charge a reasonable, cost-based fee.
2. You may request to amend your personal information. You can ask us to correct personal information about you that you think is incorrect or incomplete. In your request, please make clear what personal information you would like to have changed. We may say “no” to your request, but we will tell you why in writing within 60 days.
3. You may request to restrict use or disclosure of Personal Information in certain circumstances. Although we do not sell personal information about our users, you do have the right to explicitly ask us not to sell your personal information to third-parties. This opt-out right does not apply to personal information that we share with third-party service providers involved in the operation of the Site or the Application.

Age Requirements

The Site and Application are not designed or intended to appeal to minors, and we do not knowingly collect User Data from children under the age of thirteen. As a tool for providing the Services, users of the Application may enter Application Information related to minors into the application where a parent or guardian has consented to use of the Services with that individual. It is your responsibility to make sure that consent from the parent or guardian is collected and documented.

If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at hello@allayhealth.net so we can promptly delete such information.

Security

We are concerned about protecting the confidentiality of all information that we interact with in providing the Services. We and our service providers make use of physical, electronic, and procedural safeguards to protect the information that we process and maintain. Although we endeavor to provide security for the information that we process and maintain based on the sensitivity of that information, no security system can prevent all potential security breaches.

In addition to the security safeguards we provide, we urge you to take precautionary measures in maintaining the integrity of your data. Please be responsible and make sure that no one can see or access your account or log-in/password information, or your mobile device.

Links to other sites and services

The Site or Application may contain links to other sites or services that are not operated by us. If you click an outside link, you will be directed to that outside site or service. We strongly advise you to review the privacy policy of every site you visit. We are not responsible for the privacy practices or the content of any outside sites or services.

Changes

We reserve the right to modify this Privacy Policy at any time in our sole discretion by including such alteration and/or modification in this Privacy Policy, along with a notice of the effective date of such modified Privacy Policy. Any continued use by you of the Site after the posting of such modified Privacy Policy shall be deemed to indicate your agreement to such modified Privacy Policy. Accordingly, if at any time you do not agree to be subject to any modified Privacy Policy, you may no longer use the Site.