Ellipsis Health, Inc. Privacy Policy

Effective Date: December 11, 2019

Last Updated: April 27, 2021

Ellipsis Health, Inc., and our subsidiaries and affiliates, (collectively, “Ellipsis”, “our,” “we” or “us”) value individual privacy, and we are committed to protecting individuals’ personally identifiable information. We established this privacy policy (“Privacy Policy”) to explain how and why we collect, protect, store, maintain, use, and may disclose personally identifiable information gathered by us when an individual user (“you” or “your”) accesses or uses our website (www.ellipsishealth.com/), any of our mobile applications, our software as a service or other technology platform(s), or any of our related websites, applications, or services (including any associated content, and any customizations made to those websites, platforms, and applications) (collectively, the “Site”), or accesses or uses the services accessible through the Site, including without limitation any information gathered from any email, text and other electronic messages through the Site (collectively, the “Services”).  

Please review this Privacy Policy carefully to understand our practices and treatment of information. By using the Site and/or Services, you agree to our information practices as outlined in this Privacy Policy, including how we may use and disclose your personally identifiable information. If you do not agree with this Privacy Policy, you cannot use the Site or Services. If you use the Site on behalf of someone else (such as a child) or an entity (such as your employer), you represent and warrant that you are authorized to accept this Privacy Policy on their behalf.  

This Privacy Policy provides general information about our privacy practices. Each of our applications, platforms, and services might provide more specific details regarding the information it collects, how that information is used and disclosed, and your rights regarding that information. 

Ellipsis is not a healthcare provider. The Site and Services do not provide medical or mental health care, and are not a substitute for medical or mental health care services. If you need medical or mental health care, reach out to your doctor for a referral. If you are having a medical emergency or mental health crisis, call 911. You can also call the National Suicide Prevention Lifeline at 800-273-8255.

This Privacy Policy covers the following:

You can print out a copy of this Privacy Policy for your records. You can also Contact Us if you would like to request that we send you a copy of this Privacy Policy.

Information We Collect And How We Collect It


Your Personal Information.

To provide you services intended to meet your needs and preferences, we may need to collect information that can reasonably identify you (“Personal Information”) and other information. You always have the option to not provide us with any Personal Information by choosing not to use the Site or Service. If you decide not to provide required Personal Information, if any, some functions of the Site or Services might not be available to you. By deciding to provide Personal Information to us, you agree to our methods of collection, use and disclosure, as well as the other provisions of this Privacy Policy. Once you provide us with Personal Information, you will not be anonymous to us.

The types of Personal Information that we may collect from your use of the Site or Services include (without limitation):

  • Name(s) (including aliases and your signature), phone number(s), email(s) or physical mailing address(es);

  • Age/date of birth, educational/professional/employment related information, gender/gender identity/gender expression, sexual orientation, race, ethnicity, religion or creed, veteran or military status, or other profile information;

  • Health information, including information about your physical health, mental health, substance use disorder, genetic information, developmental disabilities, communicable diseases (including HIV/AIDs) and any other health or health-related information you choose to share with us;

  • Biometric information, including your voice recordings;

  • Internet Protocol (IP) address(es) and device identifier(s);

  • Inferences our Site or Services draw from any of the Personal Information we collect, such as your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes; and

  • Other identifying information you voluntarily choose to provide us, including without limitation, any unique identifiers (e.g., personal identifiers, online identifiers, the account name you create with us, identifications cards like driver’s license or passport) and information exchanged on the Site or in connection with the Services (whether orally or in writing).

Protected Health Information.  

Personal Information we gather from you may be considered protected health information (“PHI”) as that term is defined by the Health Insurance Portability and Accountability Act and its implementing regulations as amended from time to time (collectively, “HIPAA”), such as when we are providing the Site or Services to you on behalf of your health plan or health care provider. We cannot control how your health plan or health care provider uses or shares your PHI or other information. Read your health plan’s or health care provider’s HIPAA Notice of Privacy Practices for more information on how your PHI can be used and disclosed under HIPAA.

Information from Third Parties.  

Some third parties, such as our business partners and service providers, may provide us with Personal Information about you. If you interact with a third party service when using our Site or other websites, the third party service may also send us certain information if the third party service and your account settings allow for such sharing. The information we receive will depend on the privacy policies and your account settings with the third party service. The information transmitted to and maintained by us is covered by this Privacy Policy. Read the section of this Privacy Policy on Your Choices Regarding Online Advertising for more details on how you can manage what third parties can do with your information.

Other Information We Collect Automatically.

As part of the standard operation of the Site, we may automatically collect information from your computer or device, including IP address, domain name (that you visited from www.company.com, for example), referral or exit data (the last website that you visited before coming to the Site and the next website you visit afterwards), as well as browser and platform type (a Google browser or an Apple platform, for example). We also collect information about how you use the Site, such as the date and time of your visit, the amount of time you spend on the Site, how often you visit the Site, the areas or pages that you spend the most time on, and other click-stream data. Information collected automatically is generally statistical data, but may include Personal Information. To learn more about how we collect this information read the section of this Privacy Policy on Cookies and Similar Technologies.

Cookies and Similar Technologies.

When you use the Site we may automatically collect information by using any of the following automated electronic means with or without the help of a third party service provider:

  • Cookies. A Cookie is a small text file that is stored on your computer or device when you access the Site. We use Cookies on the Site in order to collect the information described above. You can manage the use of Cookies through your web browser. You may still use the Site if you reject cookies, but it may limit your ability to use some areas of the Site or otherwise diminish your experience of the Site and/or Services.

  • Locally Stored Objects/HTML5. Locally Stored Objects (also called a flash cookies) and local storage (such as HTML5) is a feature on our Site that collects and stores information about your preferences (like volume) and navigation to, from, and on our Site, but is not managed by the same browser setting as are used for Cookies. Such features can be managed at: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html. Your browser may also offer options for managing local storage.

  • Web Beacons. A Web Beacon is a small electronic file, sometimes referred to as clear gifs, pixel tags, and single-pixel gifs, that permits us, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).

We use these technologies to help us improve the Site and Services, as well as estimate our audience size, audience usage patterns, store information about your preferences, customize the Site and Services to you, and to recognize you when you return to the Site. The technology services our Site and Services utilize include (but are no way limited to) Google Cloud and Twilio. The terms and conditions and privacy policies for Google (https://cloud.google.com/terms) and Twilio (https://www.twilio.com/legal) are incorporated herein by reference.

You may manage how your browser handles Cookies and similar technologies by adjusting your browser’s privacy and security settings. Refer to your browser’s instructions to learn about Cookie-related and other privacy and security settings that may be available. Although you are not required to accept our Cookies and similar technologies, if you block or reject them, you may not have access to all features available through the Site and/or Services.

Do Not Track (DNT) Signals

Some web browsers provide “do not track” (DNT) signals or other similar mechanisms that allow you to tell websites that you do not want to have your online activities tracked. No uniform technology standard for recognizing and implementing DNT signals has been finalized. We do not currently respond to a browser’s DNT signal. Although we may use data analytic services and other third party tracking tools for the Site as described in this Privacy Policy, we are not aware if (and do not knowingly allow) other third parties to collect Personal Information about you or any individual users when such individual uses the Site and/or Services. You can also opt-out of being targeted online by certain third party advertising companies as described in the section of this Privacy Policy on Your Choices Regarding Online Advertising.

Aggregated, De-Identified or Anonymized Information.
Your Personal Information does not include aggregated, de-identified or anonymized information.

 

Retention and Storage of Personal Information

 

We retain your Personal Information for as long as you have an open account with us, as otherwise necessary to provide the Site and/or Services to you, resolve disputes, prevent fraud, enforce any agreement between you and us, or as otherwise permitted or required by applicable law. Afterwards, we may choose to retain some information in any aggregated, de-identified or anonymized form, but not in a way that would identify you personally. We store your Personal Information in accordance with our security practices as described in the section of this Privacy Policy on Security.

 

How We May Use Personal Information

 

We (including our subsidiaries and affiliates) may use Personal Information and other information we collect for the following purposes:

  • To present the Site and its contents;

  • To provide any Services, information or products, including to provide you with notices regarding your account or resources you may be interested in;

  • To provide, maintain, and improve our content the Site, including performing internal research on demographics, interests, traffic patterns, usage, and behavior;

  • To improve our Services and develop new Services. For example, if you participate in the Ellipsis Health Voice Analysis Project (EH VAP) or similar mobile applications of our Services we will use the information we collect to improve our Artificial Intelligence tools;

  • To respond to your questions or requests for information, or to fulfill any other purpose for which you provide your information to us through the Site or Services, including customer support, to resolve disputes and troubleshoot problems;

  • To provide you with information about any of our Site, Services, updates (including updates to our Terms of Use and Privacy Policy), editorial content, industry education, invitations to upcoming events, and similar information (including to advertise our Site and Services to you);

  • To better understand how visitors use the Site, including measuring and monitoring user traffic and using aggregate statistical analysis, which informs future enhancements and changes to the Site, or by combining information collected through the Site with information about our users collected by other means;

  • To detect and protect us against error, fraud, or other criminal activity;

  • To carry out our obligations and enforce our rights under any contract or agreement between you and Ellipsis (including our Terms of Use);

  • For any other purpose that we describe at the time we collect your information or in this Privacy Policy; and

  • For any other purpose with your consent.

 

How We May Disclose Personal Information

 

Protecting your Personal Information is a priority for us. Listed below are the circumstances under which we may disclose your Personal Information and other information:

  • Purpose. We may disclose Personal Information and other information to fulfill the purpose for which you provide it, including to deliver the Site, Services, other information, products or to fulfill an obligation to you, your health care provider or health plan, or as otherwise provided for in this Privacy Policy. For example, if you are using the Site or Services through one of our customers or business partners, we may share your Personal Information with that customer or business partner.

  • Contractors. We will also need to disclose Personal Information and other information to our third party contractors (including any agents and service providers). These contractors may use and disclose Personal Information and other information to support any of the purposes for which we may use and disclose your Personal Information as described in this Privacy Policy. We require our third party contractors to protect the confidentiality and security of your Personal Information, including via sub business associate agreements (as applicable). At present we work with Google Cloud and Twilio, among others, to deliver certain services. Their privacy policies and terms of service, some of which are linked below, are incorporated herein by reference.
    https://cloud.google.com/terms/cloud-privacy-notice
    https://policies.google.com/terms
    https://www.twilio.com/legal/tos
    https://www.twilio.com/legal/privacy

  • Conferences, Workshops and Investor Meetings/Presentations. If permitted by applicable law, we may use and disclose your voice recording (or an excerpt of your voice recording) at conferences and/or workshops which we attend and at meetings with (or presentations for) our investors or potential investors. We will not use your voice recording with your name, date of birth, contact information or any other Personal Information that could be used to identify you as the person who is the subject of the voice recording. Your consent to the disclosure of your voice recording at conferences and/or workshops which we attend, or for meetings with (or presentations for) investors, is not a condition to your use of the Site and/or Services. If you do not want us to use and disclose your voice recording for these purposes, please contact us at: hello@ellipsishealth.com.

  • Buyers or Successors. We may disclose Personal Information and other information to a buyer or other successor of Ellipsis in the event of a merger, divestiture, restructuring, reorganization, change of control, dissolution, or other sale or transfer of some or all of Ellipsis’ assets, including but not limited to, as part of a bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us about users of the Site and/or Services is among the assets transferred.

  • Legal Requests/Rights. We may disclose Personal Information or any other information we collect about you if we determine in good faith that such disclosure is needed to: (1) comply with or fulfill our obligations under applicable law, regulation, court order or other legal process (including responding to a governmental or regulatory request, or to cooperate with law enforcement investigations); (2) protect the rights, property, or safety of you, Ellipsis, or another party; or (3) enforce any or our contractual rights, take precautions against liability, investigate suspected or actual illegal activities, or to investigate and defend ourselves against third-party claims or allegations. If we receive a verified law enforcement or other government official request to disclose your Personal Information in connection with your involvement in an alleged crime or other illegal activity, we can (and you authorize us to) disclose your name, city, state, telephone number, email address, username history, and fraud complaints without a subpoena.

  • Consent. We may disclose your Personal Information for any other purpose with your consent.

We do not, and will not, sell your Personal Information to any third party for marketing or commercial purposes without your consent.

 

Research

Ellipsis also participates in research in an effort to better understand and solve the unmet needs of behavioral health. Your health care provider or health plan may ask us to contact you to participate in a research study. You can also contact us to ask about participating in research studies at hello@ellipsishealth.com. Ellipsis complies with all applicable laws when it engages in research.

 

Third Party Links

 

The Sites may contain links that are not owned or controlled by us. Please be aware that we are not responsible for the privacy practices of such third parties. We encourage you to read the privacy statements of each and every third party platform that collects personally identifiable information. This Privacy Policy applies only to information collected by Ellipsis.

 
 

Security

 

We take reasonable steps and follow generally accepted industry data practices to protect Personal Information submitted to us from accidental loss and from unauthorized access, use, alteration, and disclosure. Unfortunately, there is no completely secure or error-free method of data transmission over the Internet, and we cannot guarantee the absolute security of your Personal Information. 

Please be aware that email communications and text messaging on your device’s text messaging application are not secure (encrypted) methods of communication. There are risks associated with unsecured communications that you should consider. These risks include (without limitation) that unsecure communications could be intercepted or read by other people. Please do not use unsecure methods of communication to communicate with us or others about confidential matters. By using the Site and/or Services you are agreeing to accept these risks and consent to receive unsecure communications.

 

Your Rights To Access, Change And Delete Personal Information

 

If you wish to access, correct, update, or delete Personal Information about you, please email us at hello@ellipsishealth.com, or contact us by mail as provided below. In responding to your request, we may request information from you and use information previously collected to verify your identity, or take other actions that we believe are appropriate. 

Please understand that we may not be able to alter or delete your Personal Information if we are required under applicable law to maintain that information. We are also not obligated to comply with requests that are unreasonably burdensome or expensive, or with requests that would interfere with the rights of another individual. In some circumstances, we may charge a reasonable fee to fulfill your request.

 

Please also see the Section of this Privacy Policy on your Rights Under State and International Law to learn more about additional rights you may have under state law with respect to your Personal Information.

 

Rights Under State and International Law

 

You may have additional rights under the law of the country or state where you reside, including if you are a California resident, resident of the European Union, the United Kingdom, Brazil, or South Korea. These rights are in addition to your rights under other parts of this Privacy Policy. For example, if you are a California resident (or resident in a state with privacy laws similar to California), your state or non-US law may provide you with the right to:

  • Request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months (a “Right to Know Request”). Once we receive and confirm your Right to Know Request, we will disclose to you:

    • The categories of Personal Information we collected about you;

    • The categories of sources for the Personal Information we collected about you;

    • The categories of third parties with whom we share that Personal Information;

    • The specific pieces of Personal Information we collected about you (in California, it’s called a “data portability request”);

    • Our business or commercial purpose for collecting or selling* that Personal Information.

    • The categories of Personal Information about you we have disclosed for a business purpose in the past 12 months; and

    • The categories of third parties to whom we have disclosed your Personal Information for a business purpose in the past 12 months.
      *Please note: In the past 12 months, we have not sold any Personal Information about consumers. We do not, and will not, sell Personal Information without gaining your consent.

  • To request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions (a “Deletion Request”). Once we receive and confirm your consumer request, we will delete your Personal Information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our contractors or subcontractors to:

    • Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;

    • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;

    • Debug products to identify and repair errors that impair existing intended functionality;

    • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;

    • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.) or other required state or international laws, if applicable, including the General Data Protection Requirement (GDPR) for all European Union persons;

    • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;

    • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;

    • Comply with a legal obligation; or

    • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

You can make a Right to Know Request or a Deletion Request by contacting us by email at Hello@EllipsisHealth.com, on our website at EllipsisHealth.com, by mail at 118 2nd Street, 2nd Floor, San Francisco, CA 94105, United States,  or at 1 (800) 410-5383 (toll free in the United States). Please note that depending on your state or country only you or an authorized person may make such requests related to your Personal Information.

  

Additionally, your state or country may limit the number of consumer requests you can make and what information you must provide for us to process such requests. For example, if you are a California resident you may only make a consumer request for access or Right to Know Request twice within a 12-month period. Your request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative;

  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it; and

  • We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.

We respond to such consumer requests within the time periods and manner required by applicable law. 

We will not discriminate against you for exercising any of your rights. Unless permitted by law, we will not:

  • Deny you goods or services;

  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;

  • Provide you a different level or quality of goods or services; or

  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

 

Consent to International Transfers of Personal Information

 

For the purposes described in this Privacy Policy, we may transfer information across borders, including from your country or jurisdiction to other countries or jurisdictions around the world, where applicable laws may not provide the same level of protection of Personal Information as the laws of the country or jurisdiction where you are located. In those cases, we take steps to ensure that information will be provided the same level of protection in the recipient country or jurisdiction. 

By visiting or using the Site and/or Services, you hereby consent to the transfer of your Personal Information to countries where applicable laws may not provide the same level of protection of Personal Information as the laws of the country or jurisdiction where you are located, including, without limitation, the United States, in accordance with this Privacy Policy. 

 

Our Article 27 data protection representative in the European Union and United Kingdom is currently EDPO, LLC. You may contact them using the up to date contact information listed at https://edpo.com/.

 

Your Choices Regarding Online Advertising

 

We have or may soon have engaged third parties to manage our advertising on other websites. These third parties may collect information from you, such as tracking and categorizing your activity and interests over time across different websites and mobile applications, as well as identifying the different device(s) you use to access websites and mobile applications. These third parties may use this information to provide advertising to you based upon your browsing activities and interests.

We do not have access to or control over the information that these third parties may collect, nor the tracking or categorization technologies that may be placed by the third party advertising servers, all of which are subject to the privacy policies of these various third parties. Please consult the applicable privacy policy before providing any Personal Information.  

If you prefer not to have information collected or used by third parties for the purpose of serving you personalized ads, you may learn more about your choices, opt-out, or change your preferences at http://preferences-mgr.truste.com/ or http://www.google.com/settings/ads, or if you are located in the EEA at http://www.youronlinechoices.eu/.

 

Children’s Privacy

 

Generally, you must not use this Site or our Services if you are under 18 years of age. The Site is not intended for minor children under the age of 18, and we do not knowingly collect or solicit Personal Information from minor children. If we learn that we have collected or received Personal Information from a minor child without parental consent, or without verifiable reasons to believe the minor child under 18 is legally allowed to provide his or her own consent, we will delete that information. If you believe that we may have any Personal Information about a minor child, please contact us as provided in this Privacy Policy. 

With limited exceptions, such as use at the direction of your school or health care provider and with parental consent, you must not use this Site or our Services if you are under 18 years of age. The Site is not intended for minor children under the age of 18 outside of certain studies and engagements we may from time to time be a part of, and we do not knowingly collect or solicit Personal Information from minor children outside of those studies. 

If you are a person under the age of majority in your jurisdiction (country or US state), you must have your parent or legal guardian’s consent to use our Site, app, or other services, and that use must be part of a school sanctioned study or other program, or through your health care provider. If you do not have your parent or legal guardian’s consent, you must not use our Site, app, or services. The data you give us, including potentially the interactions you have with us and our Site and recordings of your voice through our app’s recording functions, may be stored and analyzed for the purposes of providing Services and for other purposes in full compliance with all applicable laws.  

Parents:  If you believe your child’s data may have been given to Ellipsis Health inadvertently, or if you wish to revoke your consent or have any questions about our practices or policies, please do not hesitate to contact us at the contact information below.  Please know that we seek to keep the data collected by our apps and partners in a respectful and privacy-conscious manner, often including the use of de-identification procedures and the minimization of data collection. 

Entities utilizing our Site or Services:  Do not direct or allow children under the age of 18 to utilize our Site or Services without 1) The consent of their parents or legal guardians, and 2) Our prior authorization.

 

Changes To Our Privacy Policy

 

We may update this Privacy Policy to reflect changes to our information practices. If we make any material changes to how we treat the Personal Information of visitors to the Site or Services, we will provide notice by updating the Effective Date of this Privacy Policy. We encourage you to periodically review this page to learn of any changes we have made to this Privacy Policy.

 

Terms Of Use

 

Your use of the Site is also subject to Ellipsis Health, Inc.’s Terms of Use. Any disputes related to this Privacy Policy will be governed by the applicable provisions of the Terms of Use, which are incorporated into this Privacy Policy by reference.

 

Contact Us

 

Please feel free to contact us with any questions, comments, complaints, or suggestions regarding this Privacy Policy or our information practices. You can email us at hello@ellipsishealth.com or contact us by postal mail at: 118 2nd Street, 2nd Floor, San Francisco, CA 94015.