Your Privacy Matters
The categories of information we collect depend on whether you are a current or former User, and/or Client. Examples of instances when we collect Personal Information include:
- when you answer questions on the Site or in the App to determine what services or features we might recommend if you were to become a Client,
- when you register to open an account either as a User or a Client,
- when you contact us with questions through the site, app, or email, or
- when you become a Client.
Information We Collect from Users
We collect Personal Information from Users, including but not limited to your:
- name, e-mail address, telephone number, zip code, Internet Protocol address, birth date;
- medical information, as shared by your healthcare provider(s) in your patient portal;
- insurance information, as shared by your insurance company (or companies) in your user account on their website;
- pharmacy, medication, and financial information, as shared by your pharmacy (or pharmacies) in your user account on their website;
- link to our Services (medical, insurance, pharmacy, or lab information), any challenge and/or security questions associated with those accounts and any information contained in those accounts Note: Vessel may store login credentials used to link Account Information (as defined below). If you choose to link to our Services, we user that information to aggregate, access and retrieve your Account Information. Any Account Information that we store or transmit to a third-party service provider is stored and transmitted via end-to-end encryption, and any credentials are additionally encrypted at rest.
Information We Collect from Clients
If you choose to become a Client, in addition to the information we collect from you as a User, described above, we will ask you for certain additional Personal Information, including but not limited to:
- your and your family members’ full legal name, contact information, address, birth date, citizenship, marital status; and
- your healthcare objectives, diagnoses, providers, and associated clinical and/or medical information as provided to you by healthcare organizations you have visited;
Information We Collect when Acting As a User’s or Client’s Authorized Agent
The primary goal of Vessel Health is to aggregate information from accounts at across medical institutions and/or healthcare organizations in one place on our Site or in our App; in enabling this functionality, Vessel Health acts as an agent to retrieve the User or Client account information maintained by such third-party healthcare organizations or medical institutions with which the User or Client has a legally-binding relationship (“Account Information”). This Account Information may include account balances, appointments, and all provided clinical or medical information from the linked healthcare organizations or medical institutions.
By choosing to use our Services to aggregate and analyze your Account Information, you expressly authorize and direct Vessel Health, on your behalf, to electronically retrieve all Account Information associated with the username and password that you use to link the account. Vessel Health may store login credentials used to link Account Information. Any Account Information that Vessel Health receives is read-only. Account Information may be processed by Vessel Health in order to display that information in a user-friendly way. Original data is always available and can be disclosed or shared upon request to email@example.com. Vessel Health does not and will not update any records or Account Information as it is stored in the linked Organizations. As in, any additional data, Personal Information, or Account Information provided to Vessel Health via user interaction, automated or manual integration will not get transmitted back to linked Organizations.
Information Regarding Children
Due to the nature of our business, our Services are not made available to minors. Except for beneficiary information as described above, Vessel Health does not knowingly solicit Personal Information from or about children under the age of 18.
If you are under the age of 18, please do not submit any Personal Information to Vessel Health. If we learn that we have collected Personal Information directly from a minor, we will delete such information from our files.
If a parent or guardian becomes aware that his or her child under the age of 18 has directly provided us with Personal Information without his or her consent, he or she should contact us at firstname.lastname@example.org and we will delete such information from our files.
Other Ways We Collect Information
Other means by which we collect Personal Information include the following:
- Automatic Data Collection. We may collect certain information when you use our Services. This information may include your Internet protocol (“IP”) address, cookie identifiers, mobile carrier, mobile advertising and other unique identifiers, details about your browser, operating system or device, location information, Internet service provider, pages that you visit before, during and after using the Services, information about the links you click, and other information about how you use the Services. Information we collect may be associated with accounts and other devices.
- Anonymized or aggregated Information. Vessel Health’s Site and App record certain anonymized or aggregated information about your use or evaluation of our Services. Anonymized or aggregated information is used for a variety of functions, including the measurement of Users’ interest in and use of various portions or features of the Site and App. Anonymized or aggregated information is not Personal Information, and we may use such information in a number of ways, including internal analysis and research. We may share this information with third-parties for our purposes in an anonymized or aggregated form that is designed to prevent anyone from identifying you.
- Pixel Tags. Along with cookies, we may use “pixel tags,” also known as “web beacons,” which are small graphic files that allow us to monitor the use of our Sites. A pixel tag can collect information such as the IP address of the computer that downloaded the page on which the tag appears; the URL of the page on which the pixel tag appears; the time the page containing the pixel tag was viewed; the type of browser that fetched the pixel tag; and the identification number of any cookie on the computer previously placed by that server.
- Site and App Activity. Vessel Health may also use third-party tracking technology, such as Google Analytics, to record similar information regarding you and your activity on our Site and App. “Do Not Track” Technology. We do not collect Personal Information about your online activities over time and across different web sites or online services. Therefore, our Site does not respond to Do Not Track (“DNT”) signals. We do not knowingly authorize third-parties to collect Personal Information about your online activities over time and across different web sites or online services.
- Surveys. We may contact you to participate in surveys. If you decide to participate, you may be asked to provide certain information which may include Personal Information.
How we use Information
No Renting, Selling or Trading Out Identifiable Information
We will never rent, sell or trade your identifiable (as defined by HIPAA identification procedures) Personal Information to anyone. Ever. We reserve the right to rent, sell, license, or trade your medical information in a de-identified manner for business purposes.
User Personal Information
We use your Personal Information for a variety of business purposes, such as to help you evaluate our Services, offer you new products or services, enhance our Services, and for research and internal analysis.
Client Personal Information
Vessel Health stores, processes, and maintains Personal Information related to you for a variety of business reasons such as to provide client support, analyze and improve our Services, offer new products or services and provide our Services to Clients in accordance with the rules of regulatory bodies. As a User, you may choose not to provide such information to us, but if you choose not to provide such information, you will not be able to become a Client.
Your browsing activity may be tracked across different websites and different devices or apps. For example, we may attempt to match your browsing activity on your mobile device with your browsing activity on your computer. To do this, we may analyze your browsing patterns, geo-location and device identifiers to match the information of the browser and devices that appear to be used by the same person.
Social Media and Links to Other Web Sites and Applications
We may run sweepstakes and contests. Contact information you provide may be used to reach you about the sweepstakes or contest and for other Vessel Health promotional or marketing purposes. In some jurisdictions, we are required to publicly share some winner information.
Information Sharing and Onward Transfer
We will not share or disclose your Personal Information (whether you are a current or former User and/or Client) to any nonaffiliated third-parties except:
- To Protect Ourselves or Others. We may share your Personal Information as required by law, such as when we reasonably believe it is necessary or appropriate to investigate, prevent, or take action regarding illegal activities, suspected fraud, front running or scalping, situations involving potential threats to the personal safety of any person, if we believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; to protect your, our or others’ rights, property, or safety; enforce our policies or contracts; or collect amounts owed to us.
- Affiliates. Vessel Health may share your Personal Information among affiliated Vessel Health entities in connection with the provision of Services to Clients and Users.
- Service Providers. There are certain circumstances in which we may share your Personal Information with non-affiliated third-party service providers, including to perform certain business and technology related functions and to support the provision of the Services. We may share your Personal Information with non-affiliated third-party service providers for the provision of services, which includes but is not limited to the following: mailing information; data processing and storage; payment processing; identification verification and fraud detection; customer support; and marketing.
- Business Partners. We may provide Personal Information to business partners with whom we jointly offer products or services. For example, we may share the information required to become a Client with a third party who helps us acquire Account Information from a Linked Organization.
- Disclosure in the Event of Merger, Sale, or Other Asset Transfers. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, then your Personal Information may be transferred as part of such a transaction, as permitted by law and/or contract.
Your Choices and Opting Out
You may decline to provide Personal Information to Vessel Health. Declining to provide Personal Information may disqualify you from using Vessel Health Services, Site, and App features that require certain Personal Information.
Opting-Out - Obtaining and Withdrawing Consent
Where you have consented to Vessel Health’s use of your Personal Information, you may withdraw that consent at any time and opt out by contacting us by email, phone or physical mail via the contacts indicated under the “Questions and Contacting Us” section below. Additionally, before we use Personal Information for any new purpose we will provide information regarding the new purpose. Even if you opt out, we may still collect and use non-personal information regarding your activities on our Services and for other legal purposes as described above.
Email and Telephone Communications.
We process requests to be placed on do-not-mail, do-not-phone and do-not-contact lists as required by applicable law.
We may send you push notifications through our mobile application. You may at any time opt-out from receiving these types of communications by changing the settings on your mobile device. We may also collect location-based information if you use our mobile applications. You may opt-out of this collection by changing the settings on your mobile device.
Accessing Your Personal Information
Users or Clients may contact us at email@example.com to request information about how to access your Personal Information.
- Vessel Health provides all Clients with continuous access via the Site which contains information about account status, securities positions and balances.
- Clients can access or amend their Personal Information at any time by signing in to their Vessel Health account via our Site or App. Amending your Personal Information in Vessel Health does not guarantee that that information will be conveyed to any healthcare providers or Linked Organizations.
- Your requests will be processed in line with local laws, including without undue delay and in accordance with any required time frames. Although Vessel Health makes good faith efforts to provide individuals with access to their Personal Information, there may be circumstances in which we are unable to provide access, including but not limited to: where the information contains legal privilege, would compromise others’ privacy or other legitimate rights, where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question or where it is commercially proprietary. If we determine that access should be restricted in any particular instance, we will endeavor to provide you with an explanation of why that determination has been made within one month of the request, a contact point for any further inquiries and any other legally required information. To protect your privacy, we will take commercially reasonable steps to verify your identity before granting access or making any changes to your Personal Information.
Retention and Deletion
You may request deletion of Personal Information by contacting us at firstname.lastname@example.org and providing us enough information to identify your account and prove that you are the owner of the identified account. However, due to regulatory recordkeeping obligations we may retain information related to you and your account, as well as any data related to your trades, in accordance with applicable laws. After processing a Personal Information deletion request, in no case will we share your individual medical data unless required by regulators or other government bodies, to support processing of settlement of your transactions, or in accordance with applicable laws.
Vessel Health takes reasonable steps, endeavoring to use appropriate technical or organizational measures, to protect your Personal Information from loss, misuse, unauthorized access, alteration, disclosure, or destruction. However, no Internet, email, or electronic operating system that enables the transmission of data is ever fully secure or error free; therefore, we cannot ensure or warrant the security of any information you transmit to us.
Other Important Information
California Privacy Rights
California law permits Users and Clients who are California residents to request and obtain from us once a year, free of charge, a list of the third-parties to whom we have disclosed their Personal Information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of Personal Information disclosed to those parties. Vessel Health does not share Personal Information with third-parties for their own marketing purposes.
The California Consumer Privacy Act permits certain Users (users of our financial planning services who have shown no indication of becoming a Client) who are California residents to request and obtain from us twice a year, free of charge, information related to Personal Information we have collected in the 12 months preceding the request. The California Consumer Privacy Act also gives Users the right to request permanent deletion of Personal Information, which Users can do by following the procedure above.
Vessel Health does not sell your identifiable data. Vessel Health ensures that all Third Parties that may have access to your Healthcare Information will be contractually obligated to make no attempt to re-identify you based off of any information shared. Full names and contact information will not be shared, or will only be shared in accordance with HIPAA de-identification standards. You have the right to request information from us regarding whether we share certain categories of your Personal Information with third parties for Vessel Health’s business purposes. To the extent we share your Personal Information in this way, you may request information related to (i) the categories of information we disclosed to third parties for such purpose during the 12 months and (ii) the names and addresses of third parties that received such information.
Questions and Contacting Us
Vessel Health Technology
52 Manchester St
San Francisco, CA 94110