Today History History Droplet Plus Symbol Chat Community More Message Bubble Tip Camera Padlock Checked Circle

Virta Privacy Policy

Last Updated: April 20, 2017

Welcome, and thank you for your interest in Virta Health Corp. ("Virta", "we," or "us"), and any related web sites, networks, embeddable widgets, downloadable software, other mobile applications (including tablet applications), and other services provided by us (collectively, together with the Site, our "Service").

This Privacy Policy (this “Policy”) describes the information that we gather from you on the Service, how we use and disclose such information, and the steps we take to protect such information. By using the Service, you acknowledge the privacy practices described in this Policy and further acknowledge receipt of the Notice of Privacy Practices (as described below) of the health care provider that you engage through our Service (“Provider”). Providers accessible through the Service are employed by or contract independently with a professional corporation or other professional entity (“Provider Group”), which is affiliated with Virta.

Capitalized terms used but not defined in this Policy have the meaning given to them in the Virta Terms of Service (the “Terms of Service”).

The information we collect on the Service:

How we use the information we collect. We use information we collect on the Service in a variety of ways in providing the Service and operating our business, including the following:

When we disclose information. Except as described in this Policy, we will not disclose your information that we collect on the Service to third parties without your consent. We may disclose information to third parties if you consent to us doing so, as well as in the following circumstances:

Protected Health Information

Some of the information you submit or that is created through your use of the Service may constitute “protected health information” (“PHI”) as defined by the Health Insurance Portability and Accountability Act (“HIPAA”). Even though Virta is not a “covered entity” as defined by HIPAA, Provider Group and/or a Provider may be a “covered entity” and therefore Provider Group, a Provider and Virta may be subject to certain requirements under HIPAA. As a result, Provider Group has adopted a HIPAA Notice of Privacy Practices (the “Notice of Privacy Practices”) to describe how Provider Group and the Providers use and disclose your PHI. In connection with certain services we provide to or on behalf of the Provider Group and/or the Providers, Provider Group has requested that we disseminate to you the Notice of Privacy Practices of Provider Group and the Providers, which is attached to this Privacy Policy. By using the Service, you acknowledge receipt of the Notice of Privacy Practices. Virta may be a “business associate” of Provider Group or a Provider under HIPAA, and as a result, as and to the extent Virta is in fact a “business associate” of Provider Group or the Provider(s) under HIPAA, Virta’s use and disclosure of PHI will be limited as and to the extent required by HIPAA. Any information that does not constitute PHI may be used or disclosed in any manner permitted under this Privacy Policy. PHI does not include information that has been de-identified in accordance with HIPAA.

Your Choices

You may, of course, decline to share certain personal information with us, in which case we may not be able to provide to you some of the features and functionality of the Service. You may update, correct, or delete your profile information and preferences at any time by accessing your account preferences page on the Service. You may request that we provide to you the information we hold about you, update your information, or request that we delete your information or correct any inaccuracies by emailing us at with the subject heading “personal information request”. Please note that while any changes you make will be reflected in active user databases within a reasonable period of time, we may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so. Where your data cannot feasibly be deleted we will continue to store such data according to all applicable laws and this Policy.

You may ask us to contact you at a specific phone number or to send mail or notices to a specific mailing address or email address. If you receive commercial email from us, you may unsubscribe at any time by following the instructions contained within the email. You may also opt out from receiving commercial email from us, and any other promotional communications that we may send to you from time to time, by sending your request to us by email at or by writing to us at the address given at the end of this policy. We may allow you to view and modify settings relating to the nature and frequency of promotional communications that you receive from us in user account functionality on the Service.

Please be aware that if you opt out of receiving commercial email from us or otherwise modify the nature or frequency of promotional communications you receive from us, it may take up to ten business days for us to process your request, and you may receive promotional communications from us that you have opted-out from during that period. Additionally, even after you opt out from receiving commercial messages from us, you will continue to receive administrative messages from us regarding the Service.

Residents of the State of California have the right to request from certain businesses with whom the California resident has an established business relationship a list of all third parties to which the business, during the immediately preceding calendar year, has disclosed certain personally identifiable information for direct marketing purposes. We are only required to respond to a customer request once during any calendar year. To obtain this information, you should send a written request to with the subject heading “California Privacy Rights.” In your request, please attest to the fact that you are a California resident and provide a current California address for our response. Please be aware that not all information sharing is covered by the California Privacy Rights requirements and only information on covered sharing will be included in our response.

Third-Party Services

The Service may contain features or links to Web sites and services provided by third parties, and the Service may allow you to display, use or make available content, data, information, applications or materials from third parties. Any information you provide on third-party sites or services is provided directly to the operators of such services and is subject to those operators’ policies, if any, governing privacy and security, even if accessed through the Service. We are not responsible for the content or privacy and security practices and policies of third-party sites or services to which links or access are provided through the Service. We encourage you to learn about third parties’ privacy and security policies before providing them with information.

Children's Privacy

Protecting the privacy of young children is especially important. Our Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under the age of 13 without obtaining parental consent. If you are under 13 years of age, then please do not use or access the Service at any time or in any manner. If we learn that a person under 13 years of age has used or accessed the Service or any personally identifiable information has been collected on the Service from persons under 13 years of age, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 13 years of age has obtained an account on or otherwise accessed the Service, then you may alert us at and request that we delete that child’s personally identifiable information from our systems.

Data Security

We use certain physical, technical, and administrative measures in an effort to protect the integrity and security of personal information that we collect and maintain. We cannot, however, ensure or warrant the security of any information you transmit to us or store on the Service, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or administrative measures.

As part of providing you the Services, we may need to provide you with certain communications (via in app message, text and email), such as appointment reminders, service announcements, encouragement, advice and administrative messages. These communications are considered part of the Service and may occur via emails, text messages or in app messages. You acknowledge that you are aware that email and text messages are not secure methods of communication and that your communication with us is not encrypted, and that you agree to the risks including the risk that the information contained within emails or texts could be read by a third party. If you would prefer not to exchange PHI via email or text message, please notify us at

Privacy Settings

Although we may allow you to adjust your privacy settings to limit access to certain personal information, please be aware that no security measures are perfect or impenetrable. We are not responsible for circumvention of any privacy settings or security measures on the Service. Additionally, we cannot control the actions of other users with whom you may choose to share your information. Further, even after information posted on the Service is removed, caching and archiving services may have saved that information, and other users or third parties may have copied or stored the information available on the Service. We cannot and do not guarantee that information you post on or transmit to the Service will not be viewed by unauthorized persons.

Jurisdictional Issues

The Service may only be used within certain jurisdictions within the United States as set forth in the Terms of Service. Accordingly, this Privacy Policy, and our collection, use, and disclosure of your information, is governed by U.S. law, and by using the Service, you acknowledge that the Service will be governed by U.S. law. Using the Service from outside the United States is prohibited under our Terms of Service and may subject you to termination under such Terms of Service. In no event will Virta or any of its officers, directors, employees, consultants, subsidiaries, agents, and affiliated entities, including Provider Group or any Provider, be liable for any losses or damages arising from your use of the Service outside of the United States, and you waive any claims that may arise under the laws of your location outside the United States. Notwithstanding the foregoing, we do not represent or warrant that the Service is appropriate or available for use in any particular jurisdiction. If you choose to use the Service from the European Union or other regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you are transferring your personal information outside of those regions to the United States for storage and processing. Also, we may transfer your data from the United States to other countries or regions in connection with storage and processing of data, fulfilling your requests, and operating the Service. By providing any information, including PHI, on or to the Service, you consent to such transfer, storage, and processing.

Changes and Updates to this Policy

Please revisit this page periodically to stay aware of any changes to this Policy, which we may update from time to time. If we modify this Policy, we will make it available through the Service, and indicate the date of the latest revision. In the event that the modifications materially alter your rights or obligations hereunder, we will make reasonable efforts to notify you of the change. For example, we may send a message to your email address, if we have one on file, or generate a pop-up or similar notification when you access the Service for the first time after such material changes are made. Your continued use of the Service after the revised Policy has become effective indicates that you have read, understood and agreed to the current version of this Policy.

Our Contact Information

Please contact us with any questions or comments about this Policy, your personal information, our use and disclosure practices, or your consent choices by email at

Virta Health Corp.
535 Mission Street 20th Floor
San Francisco, CA 94105

Notice of Privacy Practice