Privacy Policy
Last Updated: February 13th, 2024
Headlight Health, Inc. (“Headlight”, “we”, or “us”) is a mental health care company that delivers high quality services, including therapy, medication management, and esketamine treatments. We provide one or more applications that connect users to care coordinators and experienced mental health professionals (the “Application”). We also operate a website (the “Site”) to promote our services. In this Privacy Policy, we refer to the Site and Application together as the “Services.“
This Privacy Policy explains:
- How we collect, use, and share personal information about visitors to our Site (see ‘Website Information’ below); and
- How we handle your information when you sign up for and use the Application (see ‘Application Information’ below).
This section describes how we collect, use, and share personal information relating to visitors to our Site who do not sign up to use the Application.
Personal Information We Collect
We collect the following categories of personal information:
- Information you submit on our Site, such as inquiries and other communications with us, and any other information you provide.
- Automatic data collection, including information that we automatically log about your interaction over time with our Services, including via cookies and other similar technologies, such as pixel tags, web beacons, and software development kits. This information includes:
- Usage data, such as pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about or replays of your activity on a page or screen or your interactions with our Site, access times, and duration of access, and whether you have opened our emails or clicked links within them.
- Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, device type (e.g., phone, tablet), IP address, unique identifiers, language settings, and general location information (derived from IP address) such as city, state/province or geographic area.
- Personal information from other sources, including personal information you provide to third-parties, such health plans and other entities that collaborate with us to offer the Services.
How We Use Personal Information
We use personal information for the following purposes:
- Operating and administering the Services. This includes:
- Providing, operating, and monitoring the Services;
- Responding to inquiries, providing customer service, communicating with you, and addressing your questions and feedback; and
- Understanding your needs and interests, and personalizing your experience and our communications.
- To market our Services. Where permitted by applicable laws, we may use personal information for marketing and advertising purposes, including:
- Development and improvement of the Services. We may use personal information for research and product development purposes, including to develop aggregated or de-identified statistics, to analyze and improve the Services, to identify usage trends, and to operate and expand our business activities.
- Direct marketing. We may send you newsletters and email and text message marketing in accordance with your preferences, and we may tailor our communications with you to accommodate your interests and use of the Services. We may also contact you by telephone to provide you with information about our Services.
- Interest-based advertising. To the extent permitted by applicable laws, we may engage third-party advertising companies to display ads promoting our services across the web. These companies may use cookies and similar technologies to collect information about interactions over time across the Internet and use that information to serve online ads that they think will be of interest.
- Compliance and protection. We may use your personal information to: protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); audit our internal processes; comply with applicable laws, lawful requests, and legal process; and prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
How We Share Your Personal Information
We may share personal information with the following parties:
- Service providers. We may share personal information with companies and individuals that provide services on our behalf or help us operate the Services (such as text messaging platforms hosting, analytics, marketing, and other information technology services).
- Advertising partners. We may share personal information that we collect on our Sites with third party advertising companies, where permitted by applicable laws.
- Professional advisors. We may share personal information with professional advisors, such as lawyers, auditors, bankers, and insurers, where necessary in the course of the professional services that they render to us.
- Authorities and others. We may share personal information with law enforcement, government authorities, and private parties, where we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.
- Business transferees. We may share personal information with acquirers and other relevant participants in business transactions (or negotiations for such transactions) involving without limitation, a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, Headlight (including, in connection with a bankruptcy or similar proceedings) in accordance with applicable law.
Your Choices
Opt out of marketing communications. You may opt out of our marketing-related communications by following the opt out or unsubscribe instructions contained in the marketing communication we send you.
Online tracking opt out. There are a number of ways to opt out of having your online activity and device data collected on our Site, which we have summarized below:
- Blocking cookies in your browser. Most browsers let you remove or reject cookies, including cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org.
- Blocking advertising ID use in your mobile settings. Your mobile device settings may provide functionality to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.
- Using privacy plug-ins or browsers. You can block our websites from setting cookies used for interest-based ads by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, Ghostery, or uBlock Origin, and configuring them to block third party cookies/trackers. You can also opt out of Google Analytics by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout.
Note that because these opt out mechanisms are specific to the device or browser on which they are exercised, you will need to opt out on every browser and device that you use.
Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
Security
We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect. However, no security measures are fail-safe and we cannot guarantee the security of your personal information.
Children
Our Site is not intended for children under the age of 18. If we learn that we have collected personal information from children, we will take reasonable measures to promptly delete such data from our records. If you become aware of any data we have collected from children, please contact us as provided in the “Contact Us” section below.
Changes to This Privacy Policy
We may modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy unless otherwise required by applicable law.
How to Contact Us
If you have questions regarding our Privacy Policy, please contact us at [email protected].
2. Application Information
When you use the Application, we may collect the following categories of information:
- Contact details, such as name and phone number.
- Biographical information, such as date of birth, gender, and zip code.
- Health information that you provide on our intake questionnaire to sign up for the Application and to be connected to an appropriate provider. This includes information about your care history, treatment history, medication history, mental state, and any other information you provide.
- Treatment and scheduling information, such as information about previous and upcoming appointments, health conditions and diagnoses, and treatments and care requirements.
- Billing, payment, and insurance information, such as address, payment information, and insurance number and provider.
- Any other content you provide on the Application.
- Data we collect automatically through your use of the Application, including usage data and device data as defined in the ‘Personal Information We Collect’ section above.
- Personal information from other sources, including personal information you provide to third-parties, such health plans and other health care professionals.
We may share this information with healthcare organizations that provide services to you through or in connection with the Application, such as our affiliated health care providers and/or medical groups. We may also share this information as otherwise necessary to provide the Services. For example, we may share information with service providers, such as IT providers that host and support the Services, and with insurance verification service providers. We may also share this information where required by law and for the “compliance and protection” purposes described below.
The information we collect from patients on the Application may be “Protected Health Information” or “PHI” subject to the Health Insurance Portability and Accountability Act (“HIPAA”). As a “business associate” under HIPAA to healthcare organizations, we are required to protect PHI in accordance with HIPAA. Please see my.headlight.health/consents/hipaa for our HIPAA Notice of Privacy Practices.