Privacy Policy

 

Last Updated: Mar 19, 2024

The privacy of your personal information is important to us. This Privacy Policy describes what information is collected by Jaspr Health, how it is gathered, how it is used, to whom it is disclosed, and how it is secured, updated and deactivated.

What Information Does Jaspr Health Collect?

Jaspr Health collects personal information (such as contact information and date of birth), Protected Health Information (such as data about health status, thoughts and behaviors pertaining to suicide, and provision of healthcare), and non-personally identifiable information (i.e., information that is not traced back to any individual and is not used on its own to identify an individual) about your use of the application through, by way of example and without limitation, the use of cookies, even if you have not registered, including the referring website, if applicable, the type of browser you use, and the time and date that you accessed the application and that users voluntarily submit by:

  • Typing in data (such as when you register for our Services, type a message to send to us, type a search request, or complete a measure or other form);
  • Uploading a document, image or other data file;
  • Authorizing us to retrieve and import information from another user or other third party on your behalf, including, without limitation, from your provider or patient or electronic health record;
  • Authorizing us to export information on your or your provider’s or provider organization’s behalf to your provider or patient or electronic health record;
  • Jaspr Health does not knowingly collect any information from anyone under 13 years of age.

Who Can Access Information?

Information inputted by patients and reports compiled by Jaspr Health using this information may be viewed by patients, the healthcare organization providing treatment, providers at the healthcare organization and Jaspr Health. Jaspr Health information and reports may be added to the patient’s electronic health record, becoming part of the record shared by healthcare and other organizations as part of the patient’s treatment.

Information inputted by providers and other healthcare organization representatives may be viewed by subject patients and other healthcare organization representatives, depending on their administrative permissions, and access to patient electronic health records within those organizations. Jaspr Health does not control and is not responsible for the administrative permissions of healthcare organizations.

Protected health information collected by Jaspr Health is used and disclosed only as is permitted by the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act. Only persons explicitly authorized by patients to have access to their healthcare information will be provided access.

We do not sell or rent your personal information to third parties. We may disclose your information to third parties as described previously. We may disclose personal information to our service providers and vendors in order to provide the services you have requested from us, such as use of our software applications if you authenticate through a third-party service. These third parties are obligated to protect your personal information in strict accordance with our policies, HIPAA, and HITECH.

We may at times be required to disclose personal information you provide us as required by a legal obligation, such as in response to a court order or applicable statute. In the event of a reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings), we may have a legitimate interest in disclosing or transferring your information to a third party — such as an acquiring entity and its advisers.

Why Do We Gather Your Personal Information?

We gather personal information for the following purposes:

  • Personal and healthcare information inputted by patients is gathered by healthcare providers and healthcare organizations for purposes of allowing a healthcare provider to plan and deliver care to patients
  • Information inputted by healthcare providers and healthcare organizations regarding patients, which may include healthcare information and personal information, is gathered for purposes of health care delivery
  • Administrative announcements about features, functionality, terms, or other aspects of our Services
  • Research purposes—anonymized data (stripped of all personally identifying information) is aggregated with the anonymous data of other users into a data repository for data analysis and clinical research to better understand behavioral and other health problems and improve health care; anonymous data may be shared with other third party recipients for the purposes of research (depending on our agreement with the third party, Jaspr Health may or may not charge for this information)
  • Product development purposes and improvement activities
  • Any other purpose described in this Policy or the Terms of Service

How Is Information Viewed, Updated, and Deactivated?

Upon written request by the account holder, an account will be deactivated and archived. We retain archived information for a period of five (5) years (or longer if required by applicable law or regulation) as necessary to comply with legal obligations, resolve disputes, enforce our agreements and other authorized uses under this Policy. Unless otherwise required by law, Jaspr Health shall be under no obligation to retain any of your account information and may delete the same immediately following deactivation of your account.

HIPAA grants patients certain rights to access and correct certain health information their healthcare providers retain about them. Patients should submit requests to access or correct their health information directly to their healthcare providers. Certain personal information can also be corrected within our application or through our webpage. If you believe that we have inaccurate personal information, and are unable to correct it through the application or webpage, please contact us at: privacy@jaspr.health.com

Please note that de-identified health information is stored indefinitely in our anonymized data repository.

How We Protect Your Personal Information

Jaspr Health takes administrative, technical, and physical measures to safeguard your personal information against loss, theft, and misuse, as well was unauthorized access, disclosure, and destruction.

Changes to this Policy

Revisions of our Privacy Policy will be posted on this webpage, within the app(s) and/or sent to you via email to the last email address you provided to us (if any). By your continued use of Jaspr Health Services following the new effective date will constitute your acceptance of such changes or modifications.

Cookies

As is standard practice on many webpages, Jaspr Health uses “cookies” and other technologies to help us understand how our users interact with our website. Cookies contain information that is transferred to your computer’s hard-drive. These cookies are used to store information, such as the time that the current visit to our webpage occurred, whether you have visited our webpage before, and what third party page, if any, referred you to our webpage.

If you prefer not to enable cookies, you can disable them in your browser. Please note that certain features of our webpage and application may not be available once cookies are disabled. As is true of most webpages, we gather certain information automatically and store it in log files. This information includes Internet Protocol (IP) addresses, browser type, Internet Service Provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data.

Children’s Privacy

Jaspr Health is committed to protecting the privacy of children and abiding by the provisions of the Children’s Online Privacy Protection Act (COPPA). Our website and services are not designed or intended to attract children under the age of 13. In the event that Jaspr Health is notified or becomes aware that the site or services have been used by a child under the age of 13 to store information of that child without parental consent, Jaspr Health shall be and is authorized to delete, in its entirety, any of the information stored by that child. Jaspr Health also reserves the right to revoke any license to use the site and service which is being used or has been used by a child under the age of 13.

Data Privacy for California Residents

This section applies solely to visitors and users of our Site and Services who reside in the State of California. We have adopted this notice to comply with the California Consumer Privacy Act of 2018 (the “CCPA”) and the California Online Privacy Protection Act (“CalOPPA”), and any terms defined in the CCPA or CalOPPA have the same meaning when used in this notice.

For the purposes of this section “California Data Subject” shall mean: (1) an individual who is in the State of California for other than a temporary or transitory purpose, and (2) an individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose.

Information We Collect
Jaspr Health collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California Data Subject or device (“personal information”). In particular, Jaspr Health has collected the following categories of personal information from California Data Subjects within the last twelve (12) months:

Sources of Personal Information
Jaspr Health obtains the personal information listed above from the following sources:

Use of Personal Information
We may use or disclose the personal information we collect for one or more of the following business purposes:

  • To fulfill the purpose for which you provided the information. For example, if you share your name and contact information to create an account on our site or services, we will use that personal information to establish the account. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns. In addition, we may use the above information:
    • To provide, support, personalize, and develop our websites, products, and/or services;
    • To create, maintain, customize, and secure your account with us;
    • To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses;
    • To help maintain the safety, security, and integrity of our Website, products and services, databases and other technology assets, and business;
    • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations; and
    • As described to you when collecting your personal information or as otherwise set forth in the CCPA.

Jaspr Health will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Jaspr Health Jaspr Health does share personal information with our third party service providers and vendors in order to provide you the Service.

Your Rights and Choices
This section describes your CCPA rights and explains how to exercise those rights.

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and verify your request, we will disclose to you:

  • The categories of personal information we collected about you;
  • The categories of sources for the personal information we collected about you;
  • Our business or commercial purpose for collecting or selling that personal information;
  • The categories of third parties with whom we share that personal information;
  • The specific pieces of personal information we collected about you (also called a data portability request);
  • If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
    • sales, identifying the personal information categories that each category of recipient purchased; and
    • disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and verify your request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service providers to:

  • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
  • Debug products to identify and repair errors that impair existing intended functionality;
  • Exercise free speech, ensure the right of another California Data Subject to exercise their free speech rights, or exercise another right provided for by law;
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.);
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;
  • Enable solely internal uses that are reasonably aligned with California Data Subject expectations based on your relationship with us;
  • Comply with a legal obligation; and
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

To exercise the access, data portability, and deletion rights described above, please submit a verifiable California Data Subject request to us by sending us an email at privacy@jasprhealth.com or calling us toll free at (800) 275-1343.

Only you or a person registered with the California Secretary of State, that you authorize to act on your behalf, may make a verifiable California Data Subject request related to your personal information. You may also make a verifiable California Data Subject request on behalf of your minor child.

You may only make a verifiable California Data Subject request for access or data portability twice within a twelve (12) month period. The verifiable California Data Subject request must:

  1. Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and
  2. Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable California Data Subject request does not require you to create an account with us. We will only use personal information provided in a verifiable California Data Subject request to verify the requestor’s identity or authority to make the request.

We aspire to respond to a verifiable California Data Subject request within forty five (45) days of receipt of the request. If we require more time (up to ninety (90) days) we will inform you of the reason(s) why an extension is needed and how long we anticipate the period to be. Any disclosure we provide will only cover the twelve (12) month period preceding the receipt of your request. If applicable, the response may provide the reasons why we cannot comply with your request. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable California Data Subject request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. We reserve the right to refuse to respond to verifiable California Data Subject requests that are excessive, repetitive, or manifestly unfounded.

Right of Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. We will not take any of the following actions against you in response to an exercise of your rights:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

California Do-Not-Track Disclosures

Our webpage does not track users over time and across third party websites and therefore does not respond to Do Not Track signals. We do not allow third parties to place and trackers or cookies that allow them to track users across websites.

Contact Us

You may contact us at:

Jaspr Health
9450 SW Gemini DrPMB 68735
Beaverton, Oregon 97008-7105

Email address: privacy@jasprhealth.com

 

Category
Examples
Do we collect this data?
Identifiers
Real name, alias, postal address, unique personal identifier, online identifier, internet protocol (IP) address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers
Yes
Characteristics of protected classifications under California or federal law
Race, gender, ethnicity, disability status
No
Commercial information
Records of personal property, products, or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies
No
Biometric information
Fingerprint, facial pattern, voice, typing cadence
No
Internet or other electronic network activity information
Information regarding usage of a site, software, or app
Yes
Geolocation data
Physical location
No
Audio, electronic, visual, thermal, olfactory, or similar information
Recordings of a California Data Subject
No
Professional or employment-related information
Place of work, current occupation, duration of occupation, position/title
No
Education Information
Information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (FERPA)
No
Inferences drawn from any of the information identified above
Information used to create a profile about the California Data Subject reflecting their preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes
No

Sources of Personal Information
Jaspr Health obtains the personal information listed above from the following sources:

Source
Example
Do we receive from this source?
Directly from you
From forms you complete or orders for products and services you purchase
Yes
Indirectly from you
From observing your actions on the Service
Yes
Third Parties
We are provided information by our third party vendors such as: Technology Partners, Healthcare Providers
Yes