Effective Date: May 20, 2024
Last Updated: May 20, 2024
In this Privacy Policy (“Policy”), we describe how MindGlow Health LLC and its affiliated medical professional entities, including MGH Medial Group KS, P.A., MGH Medical Group CA, P.C., MGH Medical Group NJ, P.C., MGH Medical Group TX, PLLC, and MGH Medical Group OH, LLC (collectively, “MindGlow Health” or “Company”) collects, uses, and discloses information that we obtain about visitors to our website URL (the “Website”), users of our mobile Application (the “App”), and the services available through our Website (collectively, the “Services”). This Policy does not describe how we collect or use your Protected Health Information (as defined under the Health Information Portability and Accountability Act of 1996, “HIPAA”), which is covered by our HIPAA Notice of Privacy Practices.
If you are a resident of Connecticut or Nevada, please see sections 12 and 13, respectively, for additional information about the “consumer health data” we process about you and/or the rights you may have under Connecticut and Nevada law.
If you are a resident of Washington, please see our Washington Consumer Health Data Privacy Policy for additional information about the “consumer health data” we process about you and the rights you may have under Washington law.
By visiting the Website, using or downloading the App, or using any of our Services, you agree that your personal information will be handled as described in this Policy. Your use of our Website or Services, and any dispute over privacy, is subject to this Policy and our Terms of Service including its applicable limitations on damages and the resolution of disputes. The Terms of Service are incorporated by reference into this Policy.
We may update this Policy from time to time. The effective date of the Policy will be shown next to “Last Updated” at the top of this page. We encourage you to read this Policy periodically to ensure you stay up-to-date on our privacy practices. For material changes to this Policy, we will provide you with notice before the changes are effective by sending a message to the email address associated with your account. By continuing to access or use the Services after changes to this Policy become effective, you accept the revised Policy. If any changes are unacceptable to you, you may stop using our Services at any time.
Table of Contents
- The Personal Information We Collect About You
- How We Use Your Personal Information
- How We Share Your Personal Information
- Aggregate and De-identified Information
- Our Use of Cookies and Other Tracking Mechanisms
- Third-Party Links
- Security of My Personal Information
- What Choices Do I Have Regarding Use of My Personal Information?
- Minors and Privacy
- Contact Us
- Changes to this Policy
- Residents of Connecticut
- Residents of Nevada
1. The Personal Information We Collect About You
We collect information about you directly from you and from third parties, and automatically through your use of our Website or Services.
Protected Health Information. In certain circumstances, we may collect or use your information through our Website and Services while acting as a Covered Entity or Business Associate under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), which may constitute “Protected Health Information” or “PHI”. A Covered Entity includes an entity that operates as a health care provider, including telehealth providers. A “Business Associate” includes an entity that provides services to a HIPAA Covered Entity that involves the use or disclosure of PHI. If your health care provider or health insurance company qualifies as a Covered Entity, and we provide services to them or on their behalf, we may qualify as their Business Associate. PHI as defined under HIPAA, generally means information about you that identifies you and that relates to your physical or mental health or condition, the provision of health care to you, or payment for health care provided to you. To the extent your PHI is collected while operating as Covered Entity or Business Associate under HIPAA, we will only use and disclose your information as permitted by HIPAA, which may include, but not be limited to, fulfilling our service obligations, our internal management and administration, to carry out our legal responsibilities, de-identify or aggregate data, or as otherwise required by law. For additional details on how we handle PHI as a Covered Entity, please consult our HIPAA Notice of Privacy Practices.
Personal Information We Collect Directly From You. The information we collect from you depends on how you use our Services. We may collect your e-mail, contact information, device identifier, IP address, and any other information you volunteer when contacting us through the Website. We may collect certain basic information about your medical history before you create an account to become a patient. When you create an account with us, we will collect your name, address, phone number, email address, birth date, sex, gender information, credit card or insurance company information, and health information. Certain additional Personal Information may also be collected through your use of the Services, including but not limited to audio, images, and video of you; information that may be shared in chat functionality, and data shared with your service provider through the Service. This information may constitute Protected Health Information covered under our HIPAA Notice of Privacy Practices. You are responsible for the accuracy of any information you provide to us.
Personal Information We Collect Automatically. We automatically collect information about your use of our Website and App through cookies, web beacons, and other technologies, including technologies designed for mobile apps. To the extent permitted by applicable law, we combine this information with other information we collect about you, including your personal information. Please see the section “Cookies and Other Tracking Mechanisms” below for more information.
The Website may collect the following:
- Your browser type, IP address and operating system;
- Web pages you view on the Website; links you click on the Website;
- The length of time you visit our Website and or use our Services; and
- The referring URL, or the webpage that led you to our Website.
The App may collect the following:
- Your mobile device ID, device name and model, operating system type, name, and version;
- Language information;
- Activities within the App and the length of time that you are logged into our App; and
- With your permission, we may collect location information from your mobile device to tailor our Services. You may turn off this feature through the location settings on your mobile device.
Personal Information We Collect from Third Parties. Depending on your permissions, we may receive your Personal Information from your internet service and mobile device providers. Users of mobile devices who do not want to receive interest-based advertising may opt-out in several ways. Learn more about your choices for mobile devices by visiting Your Ad Choices. To end all targeting on a mobile device immediately, turn on “Limit Ad Tracking” in the device settings. To limit Ad Tracking on an Apple device, please see here. To limit Ad Tracking on an Android device, please see here.
Social Media
Depending on your permissions, we may also receive your Personal Information from your social media accounts. You can edit or remove Personal Information usage permissions by using privacy settings on your social media account. Click below for instructions on how to change or remove third party access on each platform:
2. How We Use Your Personal Information
We use your information, including your personal information, for the following purposes:
- Services and support. To provide our Services to you and to fulfill your orders; to communicate with you about your use of our Services, notify you of appointments, to respond to your inquiries, to connect you with health care providers, to improve our Services to you, and for other customer service purposes; and to tailor the content and information that we may send or display to you, to offer location customization, and personalized help and instructions, and to otherwise personalize your experiences while using the Services. Your information may be available or provided to third-party service providers in order to provide you with the information or to support the Services you request. These third-party service providers are contractually obligated to protect your information.
- Communications. To send you news, updates and newsletters about our Services, your account, or other health or support information that we believe may be useful for you.
- Business Operations. We analyze, and may engage third parties to analyze, your personal information and usage data to determine the usefulness of our Website, App, and other elements of the Services. Analytics help us determine how effective our website and app navigation is in helping users reach the information they are looking for and to tailor features and functionalities to our users’ needs and preferences.
- Security. Internet services are susceptible to security risks. To help keep you safe while using our Services via the Internet, we process certain personal information such as your device information, log-in information, website activity information and other relevant information to monitor and manage privacy and security risks. We use this information to combat spam, malware, or malicious activities to reduce security risks; improve and enforce our security measures; and to monitor and verify your identity to prevent unauthorized users from gaining access to your information.
- Legal Obligations. To comply with legal obligations, as part of our general business operations, and for other business administration purposes. Where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or violations of our Terms of Service or this Policy.
- Analytics and improvement. To better understand how users access and use our Services and for other research and analytical purposes, such as to evaluate and improve our Services and business operations, to develop Services, features and new products and offerings, and for internal quality control and training purposes.
- Marketing and advertising. For marketing and advertising purposes. For example, to send you information about our Services, such as newsletters, and other marketing content, as well as any other information that you sign up to receive. We also may use certain personal information that we collect to manage and improve our advertising campaigns (both online and offline) so that we can better reach individuals with relevant content.
3. How We Share Your Personal Information
We may share your information, including personal information, as follows:
- Our Personnel. We engage employees and contractors to work with us to administer and provide the Services or to promote our Services. These personnel have access to your personal information only for the purpose of performing services on our behalf and are expressly obligated not to disclose or use your personal information for any other purpose.
- Our Affiliates. We work with our subsidiaries and affiliates to make certain services available to consumers. We may share your personal information with our affiliated entities in order to provide services to you or to respond to your requests and inquiries.
- Service Providers. We disclose the information we collect from you to service providers, contractors, or agents who perform functions on our behalf. These service providers may include but are not limited to technology service providers, such as Microsoft or Google, administrative service providers, or payment processors.
- Advertising and analytics platforms, providers, and networks. We may disclose or make available personal information to the platform providers and vendors that we use to provide or make available certain features or portions of the Services, or as necessary to respond to your requests. We may also make certain information (such as browsing information) available to advertising platforms, providers and networks in support of our marketing, advertising, and campaign management.
- Company Users. Information you post to our Website, including, without limitation, reviews, comments, and text will be available to, and searchable by, all users of the Website and Services.
We also disclose information in the following circumstances:
- Business Transfers. If (i) we or our affiliates are or may be acquired by, merged with, or invested in by another company, or (ii) if any of our assets are or may be transferred to another company, whether as part of a bankruptcy or insolvency proceeding or otherwise, we may transfer the information we have collected from you to the other company. As part of the business transfer process, we may share certain of your personal information with lenders, auditors, and third-party advisors, including attorneys and consultants.
- In Response to Legal Process. We disclose your information to comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a court order or a subpoena.
- To Protect Us and Others. We disclose your information when we believe it is appropriate to do so to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Service or this Policy, to protect the property, rights and safety of a third party, our users, or the public, to protect our intellectual property, or as evidence in litigation in which we are involved.
4. Aggregate and De-identified Information
To the extent permitted by applicable law, we may receive, use, and disclose aggregate and other non-identifiable information related to our business and Services for quality control, analytics, research, development, and other purposes. Some of this information may be considered “de-identified” under U.S. privacy laws (i.e., information that it is no longer linked or reasonably linkable to an identified or identifiable consumer). Where we rely on information that has been “de-identified,” as defined by U.S. privacy laws, we will: (i) take reasonable measures to ensure that the de-identified information cannot be associated with an individual, household, or device; (ii) commit to maintain and use the information in de-identified form and not attempt to re-identify the information; and (iii) contractually obligate any further recipient to comply with this Section 4.
5. Our Use of Cookies and Other Tracking Mechanisms
We and our third-party service providers use cookies and other tracking mechanisms to track information about your use of our Website or Services. We may combine this information with other personal information we collect from you (and our third-party service providers may do so on our behalf).
Cookies. Cookies are alphanumeric identifiers that we transfer to your device’s hard drive through your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our Website and Services, while others are used to enable a faster log-in process or to allow us to track your activities at our Website and Service. There are two types of cookies: session and persistent cookies.
- Session Cookies. Session cookies exist only during an online session. They disappear from your device when you close your browser or turn off your device. We use session cookies to allow our systems to uniquely identify you during a session or while you are logged into the Website and Services. This allows us to process your online transactions and requests and verify your identity, after you have logged in, as you move through our Website and Services.
- Persistent Cookies. Persistent cookies remain on your device after you have closed your browser or turned off your device. We use persistent cookies to track aggregate and statistical information about user activity.
Disabling Cookies. Most web browsers automatically accept cookies, but if you prefer, you can change your browser options to block them in the future on each device and each browser. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Visitors to our Website and Services who disable cookies will be able to browse certain areas of the Website, but some features may not function.
Clear GIFs, pixel tags and other technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web and app pages. We may use clear GIFs (e.g., web beacons, web bugs or pixel tags), in connection with our Website and Services to, among other things, track the activities of Website visitors and app users, help us manage content, and compile statistics about Website usage. We and our third-party service providers also use clear GIFs in HTML e-mails to our customers, to help us track e-mail response rates, identify when our e-mails are viewed, and track whether our e-mails are forwarded.
Third Party Analytics. We use automated devices and applications, such as Google Analytics, to evaluate usage of our Website, and to the extent permitted, our App. We also may use other analytic means to evaluate our Website and App. We use these tools to help us improve our Website’s and App’s performance and user experiences. These entities may use cookies and other tracking technologies, such as web beacons or local storage objects (LSOs), to perform their services. To learn more about Google’s privacy practices, please review the Google Privacy Policy at https://www.google.com/policies/privacy/. You can also download the Google Analytics Opt-out Browser Add-on to prevent their data from being used by Google Analytics at https://tools.google.com/dlpage/gaoptout.
Do-Not-Track. Currently, our systems do not recognize browser “do-not-track” requests. You may, however, disable certain tracking as discussed in this section (e.g., by disabling cookies).
6. Third-Party Links
Our Website and Services may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Policy, but instead is governed by the privacy policies of those third-party websites. We are not responsible for the information practices of such third-party websites.
7. Security of My Personal Information
We have implemented reasonable precautions to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our best efforts, no data security measures can guarantee security.
You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.
8. What Choices Do I Have Regarding Use of My Personal Information?
We may send periodic informational emails to you. You may opt-out of promotional emails by following the opt-out instructions contained in the email. Please note that it may take up to ten (10) business days for us to process opt-out requests. If you opt-out of receiving promotional emails, we may still send you emails about your account or any services you have requested or received from us.
9. Minors and Privacy
Our Website and Services are not designed for individuals under 18 years old. If we discover that a person under the age of 18 has provided us with personal information, we will delete such information from our systems. If you are a parent or guardian and believe we have collected your minor’s information, please contact us as set forth in Section 10. Contact Us.
10. Contact Us
If you have questions about the privacy aspects of our Services or would like to make a complaint, please contact us at support@MindGlowHealth.com.
11. Changes to this Policy
This Policy is current as of the Effective Date set forth above. We may change this Policy from time to time, so please be sure to check back periodically. We will post any changes to this Policy on our Website and the App. If we make any changes to this Policy that materially affect our practices with regard to the personal information we have previously collected from you, we will endeavor to provide you with notice in advance of such change by highlighting the change on our Website and the App.
12. Residents of Connecticut
Residents of Connecticut require additional disclosures under the Connecticut Data Privacy Act (the “CTDPA”) where a business processes “consumer health data” (as that term is defined under the CTDPA).
Sale of Personal Information
While we do not disclose personal information to third parties in exchange for monetary compensation, we may “sell” the following categories of personal information: identifiers, such as unique personal identifiers, online identifiers, IP address, or other similar identifiers; commercial information; location data; and Internet and network activity information. We may disclose these categories to third-party advertising networks and analytics providers for purposes of marketing and advertising and to improve and measure our ad campaigns.
Consumer Rights
Residents of Connecticut may have additional rights under applicable privacy laws, subject to certain limitations, which may include:
- Access. To confirm whether we are processing their personal information and to obtain a copy of their personal information in a portable and, to the extent technically feasible, readily usable format.
- Deletion. To delete their personal information provided to or obtained by us.
- Correction. To correct inaccuracies in their personal information.
- Opt Out. To opt out of certain types of processing, including:
- to opt out of the “sale” of their personal information;
- to opt out of targeted advertising by us; and
- to opt out of any processing of personal information for purposes of making decisions that produce legal or similarly significant effects.
You may submit a request to exercise most of your privacy rights by emailing us at support@MindGlowHealth.com.
To exercise your right to opt out, you can adjust your cookies settings here or on your device.
When you submit a request, we will take steps to verify your identity and request by matching the information provided by you with the information we have in our records. In some cases, we may request additional information in order to verify your identity, or where necessary to process your request. If we are unable to verify your identity after a good faith attempt, we may deny the request. If your request is denied, we will explain the basis for the denial.
If we deny your request, you will be able to appeal our decision according to the instructions we provide in our response.
You may also designate someone as an authorized agent to act on your behalf to submit an opt out request.
13. Residents of Nevada
This section of the Policy applies to the collection of “consumer health data” subject to the Nevada Consumer Health Data Privacy Act (“NCHDPA”) collected through our website at www.MindGlowHealth.com and mobile application. This Policy does not apply to information or practices that are not subject to the NCHDPA, such as publicly available information, personal health information governed by the Health Insurance Portability and Accountability Act of 1996 and related regulations (“HIPAA”), which is governed by our HIPAA Notice of Privacy Practices, personal information governed by the Fair Credit Reporting Act, or job applicant and employee information.
This Policy does not apply to provision of mental health and substance abuse services that we directly provide, as the personal information we collect in that context is subject to HIPAA and exempt from the NCHDPA. This Policy applies to general website visitors and those who engage with MindGlow Health outside of receiving direct telehealth services from MindGlow Health professionals.
The Categories of Consumer Health Data We Collect
The data we collect depends on the context of your interactions with MindGlow Health. Due to the broad definition of “consumer health data” under NCHDPA many of the categories of data we collect could also be considered consumer health data. We may collect the following categories of “consumer health data”:
- Individual health conditions, treatment, diseases, or diagnosis;
- Health-related surgeries or procedures;
- Use or purchase of prescribed medication;
- Social, psychological behavioral, and medical interventions;
- Bodily functions, vital signs, symptoms, or measurements of the information described in this Section 1;
- Data that identifies a consumer seeking healthcare services, such as internet, network, or other electronic activity relating to your interaction with our websites or advertisements;
- Information processed to associate or identify a consumer with the data described above that is derived or extrapolated from non-health information.
Purposes of Collection and How MindGlow Health Uses Consumer Health Data
Generally, we may collect and use the consumer health data that we collect for the purposes set forth below:
- As reasonably necessary to provide you with the products or services you have requested;
- To provide support in connection with the use of our products and services;
- To enroll you in our membership plans and/or subscriptions;
- To communicate with you;
- To establish and manage your account;
- To administer the services and our relationship with you;
- To send you updates about MindGlow Health and the products and services we offer;
- To detect security incidents;
- To protect against malicious or illegal activity;
- To ensure the appropriate use of our products and services;
- To improve our products and services and to develop new products and services;
- For short-term transient use of online identifiers;
- For quality and safety assurance;
- For internal research and development to evaluate the effectiveness of our products and services;
- For purposes of marketing, advertising, and product promotion, including to contact you regarding our programs, products, and services, surveys, and topics that be of interest or useful to you; and
- To comply with our legal and regulatory obligations.
The Categories of Sources From Which We Collect Consumer Health Data
In general, we may collect consumer health data from the following categories of sources:
- Directly from you;
- Those authorized to provide personal information on your behalf, such as your guardian, caregiver, or authorized representative;
- Your devices;
- Data analytics partners; and
- Advertising networks.
The Categories of Consumer Health Data That We Share
We may share the following categories of consumer health data with third parties and affiliates:
- Individual health conditions, treatment, diseases, or diagnosis;
- Health-related surgeries or procedures;
- Use or purchase of prescribed medication;
- Social, psychological behavioral, and medical interventions;
- Bodily functions, vital signs, symptoms, or measurements of the information described in Section 1;
- Data that identifies a consumer seeking healthcare services, such as internet, network, or other electronic activity relating to your interaction with our websites or advertisements;
- Information processed to associate or identify a consumer with the data described above that is derived or extrapolated from non-health information.
The Categories of Third Parties and Specific Affiliates with Whom We Share Consumer Health Data
MindGlow Health may share the categories of consumer health data included in Section 4 with the following categories of third parties and specific affiliates:
- Affiliates including FHE Health;
- Government entities;
- Regulators;
- Operating systems and platforms;
- Those authorized to act on your behalf, such as your guardian, caregiver, or authorized representative;
- Third parties we, our affiliates, or subsidiaries are or may be acquired by, merged with, financed by, or invested in by another company, or if any of our assets are or may be transferred to another company, whether as part of a bankruptcy or insolvency proceeding or otherwise, we may transfer the information we have collected about you to the other company. We may also share certain personal information as necessary prior to the completion of such a transaction or corporate transactions such as financings or restructurings, to lenders, auditors, and other advisors, including attorneys and consultants, as part of due diligence or as necessary to plan for a transaction; and
- Advisors and agents.
Purposes for Sharing Consumer Health Data
MindGlow Health may share the categories of consumer health data included in Section 4 for the following purposes:
- To provide the Services to you or to respond to your requests and inquiries;
- For marketing, advertising, and campaign management;
- If (i) we or our affiliates are or may be acquired by, merged with, or invested in by another company, or (ii) if any of our assets are or may be transferred to another company, whether as part of a bankruptcy or insolvency proceeding or otherwise, we may transfer the information we have collected from you to the other company. As part of the business transfer process, we may share certain of your personal information with lenders, auditors, and third-party advisors, including attorneys and consultants;
- To comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a court order or a subpoena.
- To Protect Us and Others. We disclose your information when we believe it is appropriate to do so to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Service or this Policy, to protect the property, rights and safety of a third party, our users, or the public, to protect our intellectual property, or as evidence in litigation in which we are involved; and
- At your direction or where you have consented to such sharing.
Your Privacy Rights
NCHDPA provides consumers with the following rights:
- Know/Access: The right to confirm whether MindGlow Health collects, shares, or sells your consumer health data and the right to access such consumer health data;
- Sharing/Sales: The right to know the names of all third parties with whom MindGlow has shared your consumer health data or to whom MindGlow has sold your consumer health data.
- Withdraw consent: The right to withdraw consent from MindGlow Health’s collection, sharing, and selling of your consumer health data; and
- Deletion: The right to have your consumer health data deleted.
Exercising Your Privacy Rights
Requests to Know/Access, Obtain Information About Sharing/Sales, and Delete
To make a request to know/access, obtain information about sharing/sales, or delete your consumer health data, please email us at support@MindGlowHealth.com. Before completing your request, we may need to verify your identity or your authority to make a request on behalf of another person. We may send you a link to verify your email address and may request additional documentation or information solely for the purpose of verifying your identity, depending on the type of your request.
Requests to Withdraw Consent
- Collection: To opt out of MindGlow Health’s collection of your consumer health data, please email us at support@MindGlowHealth.com. Please note that if you withdraw your consent to MindGlow Health’s collection of your consumer health data, we may be limited in the manner in which we can provide our services to you.
- Sharing: To opt out of MindGlow Health’s sharing of your consumer health data with third parties and affiliates, please email us at support@MindGlowHealth.com.
- Sale: We do not sell consumer health data.
If your request to exercise a right under the NCHDPA is denied, we will provide instructions for how you can appeal our decision. If your appeal is unsuccessful, you can file a complaint with the Nevada State Attorney General at ag.nv.gov/Complaints/File_Complaint/.