Effective Date: December 11, 2019
Last Updated: April 27, 2021
Ellipsis is not a healthcare provider. The Site and Services do not provide medical or mental health care, and are not a substitute for medical or mental health care services. If you need medical or mental health care, reach out to your doctor for a referral. If you are having a medical emergency or mental health crisis, call 911. You can also call the National Suicide Prevention Lifeline at 800-273-8255.
Information We Collect And How We Collect It
Your Personal Information.
The types of Personal Information that we may collect from your use of the Site or Services include (without limitation):
Name(s) (including aliases and your signature), phone number(s), email(s) or physical mailing address(es);
Age/date of birth, educational/professional/employment related information, gender/gender identity/gender expression, sexual orientation, race, ethnicity, religion or creed, veteran or military status, or other profile information;
Health information, including information about your physical health, mental health, substance use disorder, genetic information, developmental disabilities, communicable diseases (including HIV/AIDs) and any other health or health-related information you choose to share with us;
Biometric information, including your voice recordings;
Internet Protocol (IP) address(es) and device identifier(s);
Inferences our Site or Services draw from any of the Personal Information we collect, such as your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes; and
Other identifying information you voluntarily choose to provide us, including without limitation, any unique identifiers (e.g., personal identifiers, online identifiers, the account name you create with us, identifications cards like driver’s license or passport) and information exchanged on the Site or in connection with the Services (whether orally or in writing).
Protected Health Information.
Personal Information we gather from you may be considered protected health information (“PHI”) as that term is defined by the Health Insurance Portability and Accountability Act and its implementing regulations as amended from time to time (collectively, “HIPAA”), such as when we are providing the Site or Services to you on behalf of your health plan or health care provider. We cannot control how your health plan or health care provider uses or shares your PHI or other information. Read your health plan’s or health care provider’s HIPAA Notice of Privacy Practices for more information on how your PHI can be used and disclosed under HIPAA.
Information from Third Parties.
Other Information We Collect Automatically.
Cookies and Similar Technologies.
When you use the Site we may automatically collect information by using any of the following automated electronic means with or without the help of a third party service provider:
Locally Stored Objects/HTML5. Locally Stored Objects (also called a flash cookies) and local storage (such as HTML5) is a feature on our Site that collects and stores information about your preferences (like volume) and navigation to, from, and on our Site, but is not managed by the same browser setting as are used for Cookies. Such features can be managed at: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html. Your browser may also offer options for managing local storage.
Web Beacons. A Web Beacon is a small electronic file, sometimes referred to as clear gifs, pixel tags, and single-pixel gifs, that permits us, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
We use these technologies to help us improve the Site and Services, as well as estimate our audience size, audience usage patterns, store information about your preferences, customize the Site and Services to you, and to recognize you when you return to the Site. The technology services our Site and Services utilize include (but are no way limited to) Google Cloud and Twilio. The terms and conditions and privacy policies for Google (https://cloud.google.com/terms) and Twilio (https://www.twilio.com/legal) are incorporated herein by reference.
You may manage how your browser handles Cookies and similar technologies by adjusting your browser’s privacy and security settings. Refer to your browser’s instructions to learn about Cookie-related and other privacy and security settings that may be available. Although you are not required to accept our Cookies and similar technologies, if you block or reject them, you may not have access to all features available through the Site and/or Services.
Do Not Track (DNT) Signals
Aggregated, De-Identified or Anonymized Information.
Your Personal Information does not include aggregated, de-identified or anonymized information.
Retention and Storage of Personal Information
How We May Use Personal Information
We (including our subsidiaries and affiliates) may use Personal Information and other information we collect for the following purposes:
To present the Site and its contents;
To provide any Services, information or products, including to provide you with notices regarding your account or resources you may be interested in;
To provide, maintain, and improve our content the Site, including performing internal research on demographics, interests, traffic patterns, usage, and behavior;
To improve our Services and develop new Services. For example, if you participate in the Ellipsis Health Voice Analysis Project (EH VAP) or similar mobile applications of our Services we will use the information we collect to improve our Artificial Intelligence tools;
To respond to your questions or requests for information, or to fulfill any other purpose for which you provide your information to us through the Site or Services, including customer support, to resolve disputes and troubleshoot problems;
To better understand how visitors use the Site, including measuring and monitoring user traffic and using aggregate statistical analysis, which informs future enhancements and changes to the Site, or by combining information collected through the Site with information about our users collected by other means;
To detect and protect us against error, fraud, or other criminal activity;
For any other purpose with your consent.
How We May Disclose Personal Information
Protecting your Personal Information is a priority for us. Listed below are the circumstances under which we may disclose your Personal Information and other information:
Conferences, Workshops and Investor Meetings/Presentations. If permitted by applicable law, we may use and disclose your voice recording (or an excerpt of your voice recording) at conferences and/or workshops which we attend and at meetings with (or presentations for) our investors or potential investors. We will not use your voice recording with your name, date of birth, contact information or any other Personal Information that could be used to identify you as the person who is the subject of the voice recording. Your consent to the disclosure of your voice recording at conferences and/or workshops which we attend, or for meetings with (or presentations for) investors, is not a condition to your use of the Site and/or Services. If you do not want us to use and disclose your voice recording for these purposes, please contact us at: email@example.com.
Buyers or Successors. We may disclose Personal Information and other information to a buyer or other successor of Ellipsis in the event of a merger, divestiture, restructuring, reorganization, change of control, dissolution, or other sale or transfer of some or all of Ellipsis’ assets, including but not limited to, as part of a bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us about users of the Site and/or Services is among the assets transferred.
Legal Requests/Rights. We may disclose Personal Information or any other information we collect about you if we determine in good faith that such disclosure is needed to: (1) comply with or fulfill our obligations under applicable law, regulation, court order or other legal process (including responding to a governmental or regulatory request, or to cooperate with law enforcement investigations); (2) protect the rights, property, or safety of you, Ellipsis, or another party; or (3) enforce any or our contractual rights, take precautions against liability, investigate suspected or actual illegal activities, or to investigate and defend ourselves against third-party claims or allegations. If we receive a verified law enforcement or other government official request to disclose your Personal Information in connection with your involvement in an alleged crime or other illegal activity, we can (and you authorize us to) disclose your name, city, state, telephone number, email address, username history, and fraud complaints without a subpoena.
Consent. We may disclose your Personal Information for any other purpose with your consent.
We do not, and will not, sell your Personal Information to any third party for marketing or commercial purposes without your consent.
Ellipsis also participates in research in an effort to better understand and solve the unmet needs of behavioral health. Your health care provider or health plan may ask us to contact you to participate in a research study. You can also contact us to ask about participating in research studies at firstname.lastname@example.org. Ellipsis complies with all applicable laws when it engages in research.
Third Party Links
We take reasonable steps and follow generally accepted industry data practices to protect Personal Information submitted to us from accidental loss and from unauthorized access, use, alteration, and disclosure. Unfortunately, there is no completely secure or error-free method of data transmission over the Internet, and we cannot guarantee the absolute security of your Personal Information.
Please be aware that email communications and text messaging on your device’s text messaging application are not secure (encrypted) methods of communication. There are risks associated with unsecured communications that you should consider. These risks include (without limitation) that unsecure communications could be intercepted or read by other people. Please do not use unsecure methods of communication to communicate with us or others about confidential matters. By using the Site and/or Services you are agreeing to accept these risks and consent to receive unsecure communications.
Your Rights To Access, Change And Delete Personal Information
If you wish to access, correct, update, or delete Personal Information about you, please email us at email@example.com, or contact us by mail as provided below. In responding to your request, we may request information from you and use information previously collected to verify your identity, or take other actions that we believe are appropriate.
Please understand that we may not be able to alter or delete your Personal Information if we are required under applicable law to maintain that information. We are also not obligated to comply with requests that are unreasonably burdensome or expensive, or with requests that would interfere with the rights of another individual. In some circumstances, we may charge a reasonable fee to fulfill your request.
Rights Under State and International Law
Request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months (a “Right to Know Request”). Once we receive and confirm your Right to Know Request, we will disclose to you:
The categories of Personal Information we collected about you;
The categories of sources for the Personal Information we collected about you;
The categories of third parties with whom we share that Personal Information;
The specific pieces of Personal Information we collected about you (in California, it’s called a “data portability request”);
Our business or commercial purpose for collecting or selling* that Personal Information.
The categories of Personal Information about you we have disclosed for a business purpose in the past 12 months; and
The categories of third parties to whom we have disclosed your Personal Information for a business purpose in the past 12 months.
*Please note: In the past 12 months, we have not sold any Personal Information about consumers. We do not, and will not, sell Personal Information without gaining your consent.
To request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions (a “Deletion Request”). Once we receive and confirm your consumer request, we will delete your Personal Information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our contractors or subcontractors to:
Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
Debug products to identify and repair errors that impair existing intended functionality;
Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.) or other required state or international laws, if applicable, including the General Data Protection Requirement (GDPR) for all European Union persons;
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;
Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
Comply with a legal obligation; or
Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
You can make a Right to Know Request or a Deletion Request by contacting us by email at Hello@EllipsisHealth.com, on our website at EllipsisHealth.com, by mail at 118 2nd Street, 2nd Floor, San Francisco, CA 94105, United States, or at 1 (800) 410-5383 (toll free in the United States). Please note that depending on your state or country only you or an authorized person may make such requests related to your Personal Information.
Additionally, your state or country may limit the number of consumer requests you can make and what information you must provide for us to process such requests. For example, if you are a California resident you may only make a consumer request for access or Right to Know Request twice within a 12-month period. Your request must:
Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative;
Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it; and
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.
We respond to such consumer requests within the time periods and manner required by applicable law.
We will not discriminate against you for exercising any of your rights. Unless permitted by law, we will not:
Deny you goods or services;
Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
Provide you a different level or quality of goods or services; or
Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Consent to International Transfers of Personal Information
Our Article 27 data protection representative in the European Union and United Kingdom is currently EDPO, LLC. You may contact them using the up to date contact information listed at https://edpo.com/.
Your Choices Regarding Online Advertising
We have or may soon have engaged third parties to manage our advertising on other websites. These third parties may collect information from you, such as tracking and categorizing your activity and interests over time across different websites and mobile applications, as well as identifying the different device(s) you use to access websites and mobile applications. These third parties may use this information to provide advertising to you based upon your browsing activities and interests.
If you prefer not to have information collected or used by third parties for the purpose of serving you personalized ads, you may learn more about your choices, opt-out, or change your preferences at http://preferences-mgr.truste.com/ or http://www.google.com/settings/ads, or if you are located in the EEA at http://www.youronlinechoices.eu/.
With limited exceptions, such as use at the direction of your school or health care provider and with parental consent, you must not use this Site or our Services if you are under 18 years of age. The Site is not intended for minor children under the age of 18 outside of certain studies and engagements we may from time to time be a part of, and we do not knowingly collect or solicit Personal Information from minor children outside of those studies.
If you are a person under the age of majority in your jurisdiction (country or US state), you must have your parent or legal guardian’s consent to use our Site, app, or other services, and that use must be part of a school sanctioned study or other program, or through your health care provider. If you do not have your parent or legal guardian’s consent, you must not use our Site, app, or services. The data you give us, including potentially the interactions you have with us and our Site and recordings of your voice through our app’s recording functions, may be stored and analyzed for the purposes of providing Services and for other purposes in full compliance with all applicable laws.
Parents: If you believe your child’s data may have been given to Ellipsis Health inadvertently, or if you wish to revoke your consent or have any questions about our practices or policies, please do not hesitate to contact us at the contact information below. Please know that we seek to keep the data collected by our apps and partners in a respectful and privacy-conscious manner, often including the use of de-identification procedures and the minimization of data collection.
Entities utilizing our Site or Services: Do not direct or allow children under the age of 18 to utilize our Site or Services without 1) The consent of their parents or legal guardians, and 2) Our prior authorization.