Today History History Droplet Plus Symbol Chat Community More Message Bubble Tip Camera Padlock Checked Circle

Virta Privacy Policy

Last Updated: July 2, 2018

This Privacy Policy (this “ Policy ”) describes the information that Virta Health Corp (“ Virta ", “ we ", “ our ,” or “ us ”) and its affiliates may gather from you on or through our website (https://www.virtahealth.com) (the “ Site ”), mobile application (the “ App ”), and activities offline in connection with the App or Site, such as invoicing or communicating with employers or health plan providers (together with the Site and the App, the “ Service ”); how we use and disclose such information; and the steps we take to protect such information. By accessing or using the Service, you signify that you have read, understood and agree to our privacy practices described in this Policy and the Virta Terms of Service (the “ Terms ”). This Policy is incorporated by reference into the Terms. Any capitalized terms used but not defined in this Policy have the meaning given to them in the Terms.

IF YOU ARE A PATIENT USING THE SERVICE, YOU ALSO ACKNOWLEDGE AND AGREE TO THE “SPECIAL TERMS FOR PATIENTS” IDENTIFIED IN SECTION 13 BELOW.

1. The information we collect on the Site:

2. How we use the information we collect

We use information we collect on the Service in a variety of ways in providing the Service and operating our business, including the following:

3. When we disclose information

Except as described in this Policy, we will not disclose your information that we collect on the Service to third parties without your consent. We may disclose information to third parties if you consent to us doing so, as well as in the following circumstances:

Remember, our Service allows you to connect and interact with others.  Your profile information, including your name, photo, and other personal information, will be available publicly to other members of the Service  by default when you create a profile, interact with others on the Service in public groups, and post content to public spaces.

4. Your Choices

You may, of course, decline to share certain personal information with us, in which case we may not be able to provide to you some of the features and functionality of the Service. You may update, correct, or delete your profile information and preferences at any time by accessing your account preferences page on the Service. You may request that we provide to you the information we hold about you, update your information, request that we remove your name or comments from our Service or publicly displayed content or request that we delete your information or correct any inaccuracies by emailing us at privacy@virtahealth.com with the subject heading “personal information request.” Please note that while any changes you make will be reflected in active user databases within a reasonable period of time, we may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so. We may not be able to modify or delete your information in all circumstances.

You may ask us to contact you at a specific phone number or to send mail or notices to a specific mailing address or email address. If you receive commercial email from us, you may unsubscribe at any time by following the instructions contained within the email. You may also opt out from receiving commercial email from us, and any other promotional communications that we may send to you from time to time, by sending your request to us by email at privacy@virtahealth.com or by writing to us at the address given at the end of this Policy. We may allow you to view and modify settings relating to the nature and frequency of promotional communications that you receive from us in user account functionality on the Service.

Please be aware that if you opt out of receiving commercial email from us or otherwise modify the nature or frequency of promotional communications you receive from us, it may take up to ten (10) business days for us to process your request, and you may receive promotional communications from us that you have opted out from during that period. Additionally, even after you opt out from receiving commercial messages from us, you will continue to receive administrative messages from us regarding the Service.

5. Third-Party Tracking and Online Advertising.

Interest-Based Advertising . We may participate in interest-based advertising and use third-party advertising companies to serve you targeted advertisements based on your browsing history. We may share or we may permit third-party online advertising networks, social media companies, and other third-party services to collect information about your use of our website over time so that they may play or display ads on other websites, apps, or services, including on Facebook. Typically, though not always, the information we share is services such as reporting, attribution, analytics, and market research.

Social Media Widgets and Advertising . Our Service may include social media features, such as the Facebook Like button, Google Plus, LinkedIn, Snapchat, Instagram, Twitter, or other widgets. These social media companies may recognize you and collect information about your visit to our Service, and they may set a cookie or employ other tracking technologies. Your interactions with those features are governed by the privacy policies of those companies.

We may display targeted advertising to you through social media platforms, such as Facebook, Twitter, Google+, and others. These companies have interest-based advertising programs that allow us to direct advertisements to users who have shown interest in our Service while those users are on the social media platform or to groups of other users who share similar traits, such as likely commercial interests and demographics. These advertisements are governed by the privacy policies of those social media companies that provide them.

Cross-Device Linking . We, or our third-party partners, may link your various devices so that content you see on one device can result in relevant advertising on another device. We do this by collecting information about each device you use when you are logged in to our Service. We may also work with third-party partners who employ tracking technologies or the application of statistical modeling tools to determine if two or more devices are linked to a single user or household. We may share a common account identifier (such as an email address or user ID) with third-party advertising partners to help recognize you across devices. We, and our partners, can use this cross-device linkage to serve interest-based advertising and other personalized content to you across your devices, to perform analytics, and to measure the performance of our advertising campaigns.

Your Choices:

Google Analytics and Advertising . We use Google Analytics to recognize you and link the devices you use when you visit our site or Service on your browser or mobile device, log in to your account on our Service, or otherwise engage with us. We share a unique identifier, like a user ID or hashed email address, with Google to facilitate the service. Google Analytics allows us to better understand how our users interact with our Service and to tailor our advertisements and content to you. For information on how Google Analytics collects and processes data, as well as how you can control information sent to Google, review Google's site “How Google uses data when you use our partners’ sites or apps” located at  www.google.com/policies/privacy/partners/ . You can learn about Google Analytics’ currently available opt outs, including the Google Analytics Browser Ad-On here https://tools.google.com/dlpage/gaoptout/.

We may also utilize certain forms of display advertising and other advanced features through Google Analytics, such as Remarketing with Google Analytics, Google Display Network Impression Reporting, the DoubleClick Campaign Manager Integration, and Google Analytics Demographics and Interest Reporting. These features enable us to use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick advertising cookie) or other third-party cookies together to inform, optimize, and display ads based on your past visits to the Service. You may control your advertising preferences or opt out of certain Google advertising products by visiting the Google Ads Preferences Manager, currently available at https://google.com/ads/preferences , or by vising NAI’s online resources at http://www.networkadvertising.org/choices.

6. Third-Party Services

The Service may contain features or links to Web sites and services provided by third parties, and the Service may allow you to display, use or make available content, data, information, applications or materials from third parties. Any information you provide on third-party sites or services is provided directly to the operators of such services and is subject to those operators’ policies, if any, governing privacy and security, even if accessed through the Service. We are not responsible for the content or privacy and security practices and policies of third-party sites or services to which links or access are provided through the Service. We encourage you to learn about third parties’ privacy and security policies before providing them with information.

7. Children’s Privacy

Protecting the privacy of young children is especially important. Our Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under the age of 13 without obtaining parental consent. If you are under 13 years of age, then please do not use or access the Service at any time or in any manner. If we learn that a person under 13 years of age has used or accessed the Service or any personally identifiable information has been collected on the Service from persons under 13 years of age, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 13 years of age has obtained an account on or otherwise accessed the Service, then you may alert us at privacy@virtahealth.com and request that we delete that child’s personally identifiable information from our systems.

8. Data Security

We use certain physical, technical, and administrative measures in an effort to protect the integrity and security of personal information that we collect and maintain. We cannot, however, ensure or warrant the security of any information you transmit to us or store on the Service, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or administrative measures.

As part of providing you the Service, we may need to provide you with certain communications (via in app message, text and email), such as service announcements and administrative messages. These communications are considered part of the Service and may occur via emails, text messages or in app messages. You acknowledge that you are aware that email and text messages are not secure methods of communication and that your communication with us is not encrypted, and that you agree to the risks including the risk that the information contained within emails or texts could be read by a third party.

9. Privacy Settings

Although we may allow you to adjust your privacy settings to limit access to certain personal information, please be aware that no security measures are perfect or impenetrable. We are not responsible for circumvention of any privacy settings or security measures on the Service. Additionally, we cannot control the actions of other users with whom you may choose to share your information, including, without limitation, any and all User Content or information you share on community platforms. Further, even after information posted on the Service is removed, caching and archiving services may have saved that information, and other users or third parties may have copied or stored the information available on the Service. We cannot and do not guarantee that information you post on or transmit to the Service will not be viewed by unauthorized persons.

10. Jurisdictional Issues

The Service may only be used within certain jurisdictions within the United States as set forth in the Terms. Accordingly, this Policy, and our collection, use, and disclosure of your information, is governed by U.S. law, and by using the Service, you acknowledge that the Service will be governed by U.S. law. Using the Service from outside the United States is prohibited under our Terms and may subject you to termination under such Terms. In no event will Virta or any of its officers, directors, employees, consultants, subsidiaries, agents, and affiliated entities, including Provider Group (defined below) or any Provider, be liable for any losses or damages arising from your use of the Service outside of the United States, and you waive any claims that may arise under the laws of your location outside the United States. Notwithstanding the foregoing, we do not represent or warrant that the Service is appropriate or available for use in any particular jurisdiction. If you choose to use the Service from the European Union or other regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you are transferring your personal information outside of those regions to the United States for storage and processing. Also, we may transfer your data from the United States to other countries or regions in connection with storage and processing of data, fulfilling your requests, and operating the Service. By providing any information, including PHI (defined below), on or to the Service, you consent to such transfer, storage, and processing.

11. Changes and Updates to this Policy

Please revisit this page periodically to stay aware of any changes to this Policy, which we may update from time to time. If we modify this Policy, we will make it available through the Service, and indicate the date of the latest revision. In the event that the modifications materially alter your rights or obligations hereunder, we will make reasonable efforts to notify you of the change. For example, we may send a message to your email address, if we have one on file, or generate a pop-up or similar notification when you access the Service for the first time after such material changes are made. Your continued use of the Service after the revised Policy has become effective indicates that you have read, understood and agreed to the current version of this Policy.

12. Our Contact Information

Please contact us with any questions or comments about this Policy, your personal information, our use and disclosure practices, or your consent choices by email at privacy@virtahealth.com .

Virta Health Corp.
535 Mission Street 14th Floor
San Francisco, CA 94105

13. Special Terms for Patients

BY USING THE SERVICE, YOU ALSO ACKNOWLEDGE RECEIPT OF THE NOTICE OF PRIVACY PRACTICES (AS DEFINED IN THIS SECTION 13) OF THE HEALTH CARE PROVIDER THAT YOU ENGAGE THROUGH OUR SERVICE (“ PROVIDER ”). Providers accessible through the Service are employed by or contract independently with a professional corporation or other professional entity (“ Provider Group ”), which is affiliated with Virta.

In addition to the information described above in Section 1 of this Policy, you may provide us with and we may collect your personal information from you when you (i) post User Content; (ii) interact with Providers or your Program Lead (as defined below); and/or (iii) provide us or have others provide us on your behalf, either via a request for information form or otherwise, with your health information such as information or records relating to your medical or health history, health status and laboratory testing results, diagnostic images, and other health-related information.

In addition to the uses we described in Section 2 of this Policy, we may use your information to:

In addition to the disclosures in Section 3 of this Policy, we may disclose your information to third parties in the following circumstances:

Claims and Pharmacy Data . We seek to give you better service and care. To help us give you the right care, in the right place and at the right time, a group health plan (“Health Plan”) may be created and, at the direction of your Health Plan, any agent, contractor or vendor of your Health Plan may electronically share information with us about your care. This information will include things like visits to the doctor or hospital, medical conditions, and prescriptions you have had in the past and moving forward. Having this information will help Virta give you the best possible care, because we will have the most up-to-date information about your health. Your privacy is very important to us, and you control the use of your personal information. We put important safeguards in place to make sure all your medical information is safe. By agreeing to this Policy, you agree to allow your Health Plan to share your personal health information with Virta, except for information that the Health Plan cannot share including, but not limited to, certain information relating to alcohol or substance abuse treatment.

Protected Health Information, HIPAA and Communications . Some of the information you submit or that is created through your use of the Service may constitute “protected health information” (“ PHI ”) as defined by the Health Insurance Portability and Accountability Act (“ HIPAA ”). PHI does not include information that has been de-identified in accordance with HIPAA. Even though Virta is not a “covered entity” as defined by HIPAA, Provider and/or a Provider Group may be a “covered entity” and therefore a Provider, Provider Group and/or Virta may be subject to certain requirements under HIPAA. As a result, Provider Group has adopted a HIPAA Notice of Privacy Practices (the “ Notice of Privacy Practices ”) to describe how Provider Group and the Providers use and disclose your PHI. In connection with certain services we provide to or on behalf of the Provider Group and/or the Providers, Provider Group has requested that we disseminate to you  the Notice of Privacy Practices of Provider Group and the Providers , which is currently available at   https://www.virtahealth.com/privacypractice . Virta may be a “business associate” of Provider Group or a Provider under HIPAA, and as a result, as and to the extent Virta is in fact a “business associate” of Provider Group or the Provider(s) under HIPAA, Virta’s use and disclosure of PHI will be limited as and to the extent required by HIPAA, which may include, for example, providing you with certain communications via emails, text messages or in app messages that contain PHI, such as appointment reminders, encouragement, and advice.  If you would prefer not to exchange PHI via email or text message, please notify us at  privacy@virtahealth.com. You may also request we update, correct, or delete your PHI by contacting us at  privacy@virtahealth.com ; provided however, that we may retain any PHI that we are required to maintain in accordance with HIPAA. Any information that does not constitute PHI may be used or disclosed in any manner permitted under this Policy.