Last Updated: January 14, 2025

The privacy of your personal information is important to us. This Privacy Policy describes what information is collected by Jaspr Health, how it is gathered, how it is used, to whom it is disclosed, and how it is secured, updated and deactivated on our website and through our services (collectively our “Services”).

What Information Does Jaspr Health Collect?

Jaspr Health collects personal information (such as contact information and date of birth), Protected Health Information (such as, but not limited to, data about health status, thoughts and behaviors pertaining to suicide, use of alcohol and other substances, and provision of healthcare), and non-personally identifiable information (i.e., information that is not traced back to any individual and is not used on its own to identify an individual) about your use of the application through, by way of example and without limitation, the use of cookies, even if you have not registered, including the referring website, if applicable, the type of browser or device you use, and the time and date that you accessed the application. We obtain information from a variety of sources, including:

• Typing in data (such as when you register for our Services, type a message to send to us, type a search request, or complete a measure or other form);
• Uploading a document, image or other data file;
• Authorizing us to retrieve and import information from another user or other third party on your behalf, including, without limitation, from your provider or patient or electronic health record;
• Authorizing us to export information on your or your provider’s or provider organization’s behalf to your provider or patient or electronic health record;

Jaspr Health does not knowingly collect any information from anyone under 13 years of age.

Who Can Access Information?

Jaspr Health restricts access to information using appropriate technical and organizational safeguards based on the nature of the information. Information inputted by individuals and reports compiled by Jaspr Health using this information may be viewed by individuals  and Jaspr Health. Jaspr Health information and reports may be added to an individual’s electronic health record, becoming part of the record shared by healthcare and other organizations as part of the patient’s treatment.

Information inputted by providers and other healthcare organization representatives may be viewed by subject patients and other healthcare organization representatives, depending on their administrative permissions, and access to patient electronic health records within those organizations. Jaspr Health does not control and is not responsible for the administrative permissions of healthcare organizations.

Protected health information collected by Jaspr Health, if applicable, is used and disclosed only as is permitted by the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act. Only persons explicitly authorized by patients to have access to their healthcare information will be provided access.

We do not sell or rent your personal information to third parties. We may disclose your information to third parties as described previously. We may disclose personal information to our service providers and vendors in order to provide the services you have requested from us, such as use of our software applications if you authenticate through a third-party service. These third parties are obligated to protect your personal information in strict accordance with our policies, HIPAA, and HITECH.

We may at times be required to disclose personal information you provide us as required by a legal obligation, such as in response to a court order or applicable statute. In the event of a reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings), we may have a legitimate interest in disclosing or transferring your information to a third party — such as an acquiring entity and its advisers.

Why Do We Gather Your Personal Information?

We gather personal information for the following purposes:

• Personal and healthcare information inputted by patients is gathered by healthcare providers and healthcare organizations for purposes of allowing a healthcare provider to plan and deliver care to patients
• Information inputted by healthcare providers and healthcare organizations regarding patients, which may include healthcare information and personal information, is gathered for purposes of health care delivery
• Administrative announcements about features, functionality, terms, or other aspects of our Services
• Research purposes—anonymized data (stripped of all personally identifying information) is aggregated with the anonymous data of other users into a data repository for data analysis and clinical research to better understand behavioral and other health problems and improve health care; anonymous data may be shared with other third party recipients for the purposes of research (depending on our agreement with the third party, Jaspr Health may or may not charge for this information)
• Product development purposes and improvement activities, such as estimating our audience size and usage patterns;

• In order to provide you with our Services or fulfilling the purposes for which you provided the data or that were described when it was collected;
• To provide, support, personalize, and develop our websites, products, and/or services, and for generating performance analytics, identity verification and authorization, site and application optimization, and quality control;

• To create, maintain, customize, and secure your account with us;
• Notifying you about changes to our Services;
• To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses;
• To help maintain the safety, security, and integrity of our Website, products and services, databases and other technology assets, and business including undertaking activities to prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, or confidentiality of stored or transmitted consumer health data or that otherwise threaten to compromise the performance, security, or integrity of our business;
• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations and for complying with our legal obligations and risk management, audit, investigations and reporting, and other legal and compliance reasons;
• To fulfill any other purpose for which you provide personal information;
• Internal research and development of our Services;
• Recordkeeping and auditing;

• Any other use that you consent to in advance; and
• Any other purpose described in this Policy or the applicable Terms of Service applicable to the Service.

How Is Information Viewed, Updated, and Deactivated?

Upon written request by the account holder, an account will be deactivated and archived. We retain archived information for a period of five (5) years (or longer if required by applicable law or regulation) as necessary to comply with legal obligations, resolve disputes, enforce our agreements and other authorized uses under this Policy. Unless otherwise required by law, Jaspr Health shall be under no obligation to retain any of your account information and may delete the same immediately following deactivation of your account.

HIPAA grants patients certain rights to access and correct certain health information their healthcare providers retain about them. Patients should submit requests to access or correct their health information directly to their healthcare providers. Certain personal information can also be corrected within our application or through our webpage. If you believe that we have inaccurate personal information, and are unable to correct it through the application or webpage, please contact us at: privacy@jaspr.health.com

Please note that de-identified health information is stored indefinitely in our anonymized data repository.

How We Protect Your Personal Information

Jaspr Health takes administrative, technical, and physical measures to safeguard your personal information against loss, theft, and misuse, as well was unauthorized access, disclosure, and destruction.

Changes to this Policy

Revisions of our Privacy Policy will be posted on this webpage, within the app(s) and/or sent to you via email to the last email address you provided to us (if any). By your continued use of Jaspr Health Services following the new effective date will constitute your acceptance of such changes or modifications.

Cookies

As is standard practice on many webpages, Jaspr Health uses “cookies” and other technologies to help us understand how our users interact with our website. Cookies contain information that is transferred to your computer’s hard-drive. These cookies are used to store information, such as the time that the current visit to our webpage occurred, whether you have visited our webpage before, and what third party page, if any, referred you to our webpage.

If you prefer not to enable cookies, you can disable them in your browser. Please note that certain features of our webpage and application may not be available once cookies are disabled. As is true of most webpages, we gather certain information automatically and store it in log files. This information includes Internet Protocol (IP) addresses, browser type, Internet Service Provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data.

Children’s Privacy

Jaspr Health is committed to protecting the privacy of children and abiding by the provisions of the Children’s Online Privacy Protection Act (COPPA). Our Services are not designed or intended to attract children under the age of 13. In the event that Jaspr Health is notified or becomes aware that our Services have been used by a child under the age of 13 to store information of that child without parental consent, Jaspr Health shall be and is authorized to delete, in its entirety, any of the information stored by that child. Jaspr Health also reserves the right to revoke any license to use the Services which are being used or has been used by a child under the age of 13.

State Privacy Disclosures

State consumer privacy laws may provide their residents with additional rights regarding our use of their personal information.

Colorado, Connecticut, Virginia, and Utah each provide their state residents with rights to:

• Confirm whether we process their personal information

• Access and delete certain personal information
• Data portability
• Opt-out of personal data processing for targeted advertising and sales

Colorado, Connecticut, and Virginia also provide their state residents with rights to:

• Correct inaccuracies in their personal information, taking into account the information’s nature processing purpose
• Opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects

To exercise any of these rights please use the appropriate feature in the Services, and if you are unable to resolve the exercise of such right through the Services, please email us at: privacy@jasprhealth.com. To appeal a decision regarding a consumer rights request please email us at privacy@jasprhealth.com.

Consumer Health Data Privacy Policy for Washington Residents

This Washington Consumer Health Data Privacy Policy (“Policy”) describes the practices of Jaspr Health (“Jaspr Health” or “We”) for collecting and using Washington residents’ consumer health data. Consumer health data is any data that is linked or reasonably linkable to a specific individual and that identifies that individual’s past, present, or future physical or mental health status that Jaspr Health collects or controls the collection of Washington residents’ “consumer health data,” as that term is defined in the Washington My Health My Data Act (RCW 19.373.005-900).

This Policy applies to the sites, products, applications, platforms, or other services linking to this Policy. This Policy does not apply to any sites, products, applications, platforms, or other services not directly linking to this Policy.

Please read this Policy carefully to understand our policies and practices regarding your consumer health data and how we will treat it. If you do not agree with our policies and practices, you should not use the sites, products, applications, platforms, or other services linking to this Policy.

Other privacy policies may apply for your personal information that is not consumer health data and if you are not a Washington resident. To view our privacy notice describing how we treat other personal information, read the entire policy herein.

Consumer Health Data We May Collect About You

We collect and use different types of consumer health data from and about you, including:

• Information about any of the following:
  • individual health conditions, treatment, diseases, or diagnoses;
  • diagnostic testing, treatment, or medication;
  • social, psychological, behavioral, or medical interventions;
  • use or purchase of prescribed medication; or
  • bodily functions, vital signs, symptoms, or measurements of physical or mental health status.
• Data identifying a consumer seeking health care services. Health care services means any service provided to a person to assess, measure, improve, or learn about a person’s mental or physical health, including but not limited to:
  • individual health conditions, status, diseases, or diagnoses;
  • social, psychological, behavioral, and medical interventions;
  • health-related surgeries or procedures;
  • use or purchase of medication;
  • bodily functions, vital signs, symptoms, or measurements of the information described in this subsection;
  • diagnoses or diagnostic testing, treatment, or medication;
  • reproductive health care services; or
  • gender-affirming care services.
• Any inferences of the above categories derived, extrapolated, or inferred from non-health information.

Consumer Health Data Sources

We collect consumer health data from the following sources:

• You, including when you provide information to us through our services.
• Your device when you visit or interact with our sites, applications, or services, including through cookies, web beacons, and similar technologies that automatically send us information when you browse, use, visit, or otherwise interact with our sites, applications, or services.
• Authorized/legal representatives, family members, and caregivers.
• Health care providers.

Consumer Health Data Disclosures

We do not sell your consumer health data.

We may disclose any of the consumer health data categories listed above to processors, service providers, and contractors that help us provide products and services to you. We instruct these processors, service providers, and contractors to only use consumer health data as permitted by our contracts with them and consistent with applicable law.

We may also disclose consumer health data as permitted by applicable law, including:

• With your consent.
• To prevent, detect, protect from, or respond to security incidents, identity theft, fraud, harassment, or malicious or deceptive activities.
• To a third party acquiring our assets if Jaspr Health sells its business or otherwise is part of a merger, acquisition, bankruptcy, or other transaction involving a third party taking control of our assets or business.
• To investigate, report, or take legal action to protect our rights, property, and safety and the rights, property, and safety of others.
• To protect your or others’ vital interests, including health and safety.

Your Privacy Rights

You have specific rights with respect to your consumer health data. You have the right to:

• Request confirmation that we collect, share, or sell your consumer health data.
• Request access to your consumer health data that we have collected or control, including:
  • a list of all third parties and affiliates that we have shared or sold your consumer health data to; and
  • the email addresses or other online method to contact those third parties and affiliates.
• Withdraw your consent for our collection and sharing of your consumer health data.
• Request that we delete your consumer health data.

To exercise any of your rights under Washington consumer health privacy law, please contact us at privacy@jasprhealth.com.

Contact Information

To make an inquiry or comment about this Policy or our privacy practices, contact us at:

privacy@jasprhealth.com

Data Privacy for California Residents

This section applies solely to visitors and users of our Services who reside in the State of California. We have adopted this notice to comply with the California Consumer Privacy Act of 2018 (the “CCPA”) and the California Online Privacy Protection Act (“CalOPPA”), and any terms defined in the CCPA or CalOPPA have the same meaning when used in this notice.

For the purposes of this section “California Data Subject” shall mean: (1) an individual who is in the State of California for other than a temporary or transitory purpose, and (2) an individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose.

Information We Collect
Jaspr Health collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California Data Subject or device (“personal information”). In particular, Jaspr Health has collected the following categories of personal information from California Data Subjects within the last twelve (12) months:

• Identifiers (i.e. real name, alias, postal address, unique personal identifier, online identifier, internet protocol (IP) address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers)
  • Yes, we collect this data​
• ​Characteristics of protected classifications under California or federal law (i.e. race, gender, ethnicity, disability status)
  • No, we do not collect this data​
• ​Commercial information (i.e. records of personal property, products, or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies)
  • No, we do not collect this data
• Biometric information (i.e. fingerprint, facial pattern, voice, typing cadence)
  • No, we do not collect this data
• Internet or other electronic network activity information (i.e. information regarding usage of a site, software, or app)
  • Yes, we collect this data
• ​Geolocation data (i.e. physical location)
  • Yes, we collect this data
• Audio, electronic, visual, thermal, olfactory, or similar information (i.e. recordings of a California Data Subject)
  • No, we do not collect this data
• Professional or employment-related information (i.e. place of work, current occupation, duration of occupation, position/title)
  • No, we do not collect this data
• Education information (i.e. information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act, or FERPA)
  • No, we do not collect this data
• Inferences drawn from any of the information identified above (i.e. information used to create a profile about the California Data Subject reflecting their preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes)
  • Yes, we collect this data

Sources of Personal Information
Jaspr Health obtains the personal information listed above from the following sources:

• Directly from you (i.e. from forms you complete or orders for products and services you purchase)
  • Yes, we receive from this source
• Indirectly from you (i.e. from observing your actions on the Service)
  • Yes, we receive from this source
• Third Parties (i.e. we are provided information by our third party vendors such as: Technology Partners, Healthcare Providers)
  • ​Yes, we receive from this source

Use of Personal Information

We may use or disclose the personal information we collect for one or more of the purposes listed in Why Do We Gather Your Personal Information, above, and as described to you when collecting your personal information or as otherwise set forth in the CCPA.

Jaspr Health will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Jaspr Health does sell your personal information, however we share personal information with our third party service providers and vendors solely in order to provide you the Service(s).

Your Rights and Choices
This section describes your CCPA rights and explains how to exercise those rights.

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and verify your request, we will disclose to you:

• The categories of personal information we collected about you;
• The categories of sources for the personal information we collected about you;
• Our business or commercial purpose for collecting or selling that personal information;
• The categories of third parties with whom we share that personal information;
• The specific pieces of personal information we collected about you (also called a data portability request);
• If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:

• • sales, identifying the personal information categories that each category of recipient purchased; and

• • disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and verify your request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service providers to:

• Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
• Debug products to identify and repair errors that impair existing intended functionality;
• Exercise free speech, ensure the right of another California Data Subject to exercise their free speech rights, or exercise another right provided for by law;
• Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.);
• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;
• Enable solely internal uses that are reasonably aligned with California Data Subject expectations based on your relationship with us;
• Comply with a legal obligation; and
• Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

To exercise the access, data portability, and deletion rights described above, please submit a verifiable California Data Subject request to us by sending us an email at privacy@jasprhealth.com or calling us toll free at (800) 275-1343.

Only you or a person registered with the California Secretary of State, that you authorize to act on your behalf, may make a verifiable California Data Subject request related to your personal information. You may also make a verifiable California Data Subject request on behalf of your minor child.

You may only make a verifiable California Data Subject request for access or data portability twice within a twelve (12) month period. The verifiable California Data Subject request must:

1. Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and
2. Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable California Data Subject request does not require you to create an account with us. We will only use personal information provided in a verifiable California Data Subject request to verify the requestor’s identity or authority to make the request.

We aspire to respond to a verifiable California Data Subject request within forty five (45) days of receipt of the request. If we require more time (up to ninety (90) days) we will inform you of the reason(s) why an extension is needed and how long we anticipate the period to be. Any disclosure we provide will only cover the twelve (12) month period preceding the receipt of your request. If applicable, the response may provide the reasons why we cannot comply with your request. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable California Data Subject request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. We reserve the right to refuse to respond to verifiable California Data Subject requests that are excessive, repetitive, or manifestly unfounded.

Right of Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. We will not take any of the following actions against you in response to an exercise of your rights:

• Deny you goods or services.
• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
• Provide you a different level or quality of goods or services.
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

California Do-Not-Track Disclosures

Our webpage does not track users over time and across third party websites and therefore does not respond to Do Not Track signals. We do not allow third parties to place and trackers or cookies that allow them to track users across websites.

Contact Us

You may contact us at:

Jaspr Health
9450 SW Gemini DrPMB 68735
Beaverton, Oregon 97008-7105

Email address: privacy@jasprhealth.com

Sources of Personal Information
Jaspr Health obtains the personal information listed above from the following sources: