Privacy Policy

Effective Date: April 22, 2023

Brightside Health Inc. (“Brightside”) or (“us”) provides a platform for individuals to learn about depression and anxiety, understand treatment options, and connect with a Healthcare Provider for clinical care, if desired. Our Privacy Policy explains our information practices, the kinds of information we collect, how we use and share that information, and your options as it pertains to the sharing of your information.

Scope

This Privacy Policy applies to personal information processed by us during the course of business, including on our website (“Site”) and other online or offline offerings (collectively, the “Services”). Any individually identifiable information that is provided to us for purposes of rendering clinical services (also referred to as “Protected Health Information” or “PHI”) is subject to Brightside’s Notice of Privacy Practices. The Notice of Privacy Practices describes how Brightside can use and share your PHI, and describes your rights with respect to this information. The Notice of Privacy Practices (and not this Privacy Policy) will govern our privacy practices with respect to your PHI.

Occasionally, there may be discrepancies between laws that underline this Privacy Policy, and laws that underline the Notice of Privacy Practices. If you make a request about the handling of your personal information, Brightside will comply with that request to the fullest extent permitted by all applicable laws.

  1. PERSONAL INFORMATION WE COLLECT. The categories of personal information we collect and our privacy practices depend on whether you are a customer, user, or visitor and the requirements of applicable laws. The following is information which you may provide to us.
    1. Account Creation. When you create a user account, we collect your name, e-mail and password.
      1. All information collected and stored by us or which you provide when creating a Brightside account is considered protected health information (“PHI”) and is governed by applicable state and federal laws, most notably the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). We will not use or disclose this information for advertising, marketing, or other use-based data mining purposes except as otherwise permitted by HIPAA and/or other applicable law. We will never sell PHI or any other potentially identifying information.
      2. We may contact you to participate in surveys about our services. If you decide to participate, you may be asked to provide certain information, which may include personal information. Under no circumstances are your responses to these surveys mandatory, and refusing to reply to them shall have no bearing on the quality of Services afforded to you.
    2. Communications with Us. We may collect personal information from you such as your email address, phone number, or mailing address when you request information about our Services, register for our newsletter, request customer or technical support, or otherwise communicate with us.
  2. INFORMATION AUTOMATICALLY COLLECTED BY US OR OTHERS.
    1. Automatic Data Collection. We may collect certain information automatically when you use the Site or Services. This information may include your Internet protocol (IP) address, user settings, IMEI, MAC address, cookie identifiers, mobile carrier, mobile advertising and other unique identifiers, details about your browser, operating system or device, location information, Internet service provider, pages that you visit before, during and after using the Site or Services, information about the links you click, and other information about how you use the Site or Services. Information we collect may be associated with accounts and other devices.
    2. Cookies, Pixel Tags/Web Beacons, Analytics Information, and Interest-Based Advertising.
      1. We, as well as third-parties that provide content, advertising, or other functionality on the Site or Services, may use cookies, pixel tags, local storage, and other technologies (“Technologies”) to automatically collect information. Technologies are essentially small data files placed on your computer, tablet, mobile phone, or other devices that allow us to record certain pieces of information whenever you visit or interact with our Site or Services.
      2. Cookies. Cookies are small text files placed in visitors’ device browsers to store their preferences. Most browsers allow you to block and delete cookies. However, if you do that, the Site or Services may not work properly.
      3. Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded on the Site that collects information about users’ engagement on that web page. The use of a pixel allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement.
      4. These Technologies may be employed for the following purposes:
        1. Operational Necessity. This includes Technologies that allow you access to our Site, Services, applications, and tools that are required to identify irregular Site behavior, prevent fraudulent activity and improve security or that allow you to make use of our functions such as saved searches.
        2. Performance Assessments. We may use Technologies to assess the performance of our Site and Services, including as part of our analytic practices to help us understand how our visitors use the Site and Services.
        3. Functionality. We may use Technologies that allow us to offer you enhanced functionality when accessing or using our Site and Services. This may include identifying you when you sign into our Site or Services, or keeping track of your specific preferences, interests, or past items viewed.
        4. Advertising or Targeting Related. We may use first-party or third-party Technologies to deliver content, including ads relevant to your interests, on our Site and Services or on third-party sites.
    3. Analytics. We may use Google Analytics or similar analytics software, generally powered by your web browser, to collect information regarding visitor behavior and demographics on our Site and Services. For more information about this software, please view the analytics policy associated with your web browser (e.g. Chrome, Safari, Firefox, etc.). You can opt out of these browsers collecting and processing of data generated by your use of the Site and Services by visiting the browser’s “Settings” page.
    4. Information from Other Sources. We may obtain information about you from other sources, including through third-party services and organizations to supplement information provided by you. This supplemental information allows us to verify information that you have provided to us and enhances our ability to provide you with information about our business, products, and Services.
  3. How We Use Your Information. We use your information for a variety of purposes to fulfill our contract with you and provide you with our Services, such as:
    1. Managing your information and accounts.
    2. Responding to your questions, comments, and other requests.

      3. Providing access to certain areas, functionalities, and features of our Site and Services.

  4. Communicating with you about your account, activities provided through our Site and Services, and policy changes.
  5. Processing your financial information and other payment methods for Services purchased.
  6. Processing your applications and transactions.
  7. Answering your requests for customer or technical support.
  8. Analyzing and improving our Site and Services pursuant to our legitimate interests, such as:
    1. Measuring interest and engagement;
    2. Developing new Site features and Services;
    3. Ensuring internal quality control;
    4. Verifying your identity and preventing fraud;
    5. Detecting bugs or other software issues;
    6. Preventing potentially prohibited or illegal activities;
    7. Enforcing our Terms; and
    8. Complying with our legal obligations, protecting your vital interest, or protecting the public good at large.
  9. For other purposes you consent to, are notified of, or are informed about when you provide personal information.
  10. We may use personal information and other information about you to create de-identified and aggregated information, such as deidentified demographic information and de-identified location information. Deidentified information is not afforded the protections set forth by HIPAA or other state privacy legislation, since the information cannot be tied-back to a specific individual after being deidentified.
  11. Our Site may contain links to other websites, and other websites may reference or link to our website. These other websites are not controlled by us. We encourage our users to read the privacy policies of each website and application with which the user interacts. We do not endorse, screen or approve and are not responsible for the privacy practices or content of such other websites or applications. Visiting these other websites or applications is performed at your own risk.
  • DISCLOSING YOUR INFORMATION TO THIRD PARTIES. We may share your personal information with the following categories of third parties.
    1. Healthcare Purposes. To other covered entities involved in your treatment, payment and/or healthcare operational services.
    2. Business Associates. We may provide personal information or PHI to business associates with whom we contract to help facilitate healthcare operations or to jointly offer products or services. In such cases, these business associates are bound to the privacy and security rules mandated by HIPAA.
    3. Advertising Partners. On our Site, we may allow third-party advertising partners to set Technologies and other tracking tools to collect information regarding your activities and your device (e.g., your IP address, mobile identifiers, page(s) visited, location, time of day) in order to improve advertising. This practice is commonly referred to as “interest-based advertising” or “online behavioral advertising.” We may allow access to certain other data collected through these Technologies to share information that may be useful, relevant, valuable or otherwise of interest to you. If you prefer not to share your personal information with third-party advertising partners, you may make such a request by contacting us as set forth in Section 12 (below) of this Policy.
    4. Disclosures to Protect You, Us, or Others. We may access, preserve, and disclose any information we store associated with you to external parties if we or our providers, in good faith, believe doing so is required or appropriate to comply with law enforcement or national security requests; aspects of the legal process such as a court order or subpoena; to protect your, our or others’ rights, property, or safety; to enforce our policies or contracts; to collect amounts owed to us; or to assist with an investigation or prosecution of suspected or actual illegal activity. This list is not intended to be exhaustive and other circumstances may arise during which time such disclosures will be made.
    5. Disclosure in the Event of Merger, Sale, or Other Asset Transfers. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, then your information may be sold or transferred as part of such a transaction, as permitted by law and/or contract.
    6. International Data Transfers. You agree that all information processed by us may be transferred, processed, and stored anywhere in the world, including but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live. We have taken appropriate safeguards to require that your personal information will remain protected and require our third-party service providers and partners to have appropriate safeguards as well. Further details can be provided upon request.
  • YOUR CHOICES
    1. General. You have certain choices about your personal information. Where you have consented to the processing of your personal information, you may withdraw that consent at any time and prevent further processing by contacting us as described in Section 12 (below). Even if you withdraw consent, we may still collect and use non-personal information regarding your activities on our Site and Services, and for other legal purposes as described above.
    2. Email Communications. If you receive an unwanted promotional email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transactional emails from us to inform you of pertinent business related matters regarding products or Services you have requested, which we are legally required to send. Examples of transactional emails include certain non-promotional communications regarding us and our Services (e.g., communications regarding the Services, updates to our Terms of Use, or this Privacy Policy), and you will not be able to opt out of those communications. We process requests to be placed on do-not-contact lists as required by applicable law.

    3. Mobile and Other Devices. If you download the Brightside mobile application (“the App”), we may aggregate health information about you through the App, but only if you expressly permit the App to extract this data from your mobile device and/or smartwatch (collectively “Devices”). Devices powered by iOS or Android offer native tools that will enable your Devices to collect various health metrics about you including, but not limited to, your daily step count, heart rate, and sleep cycles. Please view these links for a comprehensive list of all metrics that can be derived from Apple Healthkit or Android Health Connect. Apple HealthKit and Android Health Connect can transfer this information to third-party applications, such as the App, if you affirmatively authorize the App to receive and store this data. By downloading the App, we may also send you push notifications to notify you of updates made within the App. You may at any time opt-out from receiving these types of communications by changing the settings on your mobile device.

      In order to enhance the Services, we may occasionally request access to some of this data through the App, which will enable your Healthcare Provider to evaluate your activity levels, vitals and other health related metrics captured by your Device. Please note that at all times this data will be protected in accordance with administrative and security protocols used to safeguard the rest of your health information, and under no circumstances will it be used for advertising, marketing, or use-based data mining not needed to provide the Service. Additionally, you are permitted to revoke the App’s access to some or all of this data at any time, even if you had previously permitted access, by following the instructions in the links provided below.

      1. If you are using an Apple device, you can always stop our App from accessing your data by changing the settings on your device, as described here.
      2. If you are using an Android device, you can always stop our App from accessing your data by changing the settings on your device, as described here.
    4. Do Not Track Adherence. Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
    5. Cookies and Interest-Based Advertising. You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. The online advertising industry also provides websites from which you may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs. You can access these and learn more about targeted advertising and consumer choice and privacy at:
      1. http://www.networkadvertising.org/managing/opt_out.asp
      2. https://youradchoices.ca/choices/
      3. http://www.aboutads.info/choices/
    6. AppChoices. To separately make choices for mobile apps on a mobile device, you can download the AppChoices application from your device’s app store. Alternatively, for some devices you may use your device’s platform controls in your settings to exercise privacy settings. Please note you must separately opt out in each browser and on each device. Advertisements on third-party websites that contain the AdChoices link may have been directed to you based on information collected by advertising partners over time and across websites. These advertisements provide a mechanism to opt out of the advertising partners’ use of this information for interest-based advertising purposes.
    7. Your Privacy Rights. In accordance with applicable law, you may have the right to:
      1. request confirmation of whether we are processing your personal information;
      2. receive an electronic copy of your medical record or ask us to send that information to another company;
      3. seek correction or amendment of inaccurate, untrue, incomplete, or improperly processed personal information; and
      4. request erasure of personal information held about you, subject to certain exceptions prescribed by law.
    8. If you would like to exercise any of these rights, please log into your account or contact us as set forth in Section 12 (below). We will process such requests in accordance with applicable laws. To protect your privacy, we will take steps to verify your identity before fulfilling your request.
  • DATA RETENTION. We store the personal information we receive as described in this Privacy Policy for as long as you use our Services or as deemed necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.
  • SECURITY OF YOUR INFORMATION.

    We take steps to ensure that your information is treated securely and wholly in accordance with this Privacy Policy. Unfortunately, no system is 100% secure, and we cannot ensure or warrant the security of any information you provide to us. To the fullest extent permitted by applicable law, we do not accept liability for any unintentional disclosures.

    By using the Site or Services, or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Site or Services. If we learn of a security or privacy breach that may contain your personal information, we may attempt to notify you electronically by posting a notice on the Site, sending you an email, or by sending traditional mail.

  • CHILDREN’S INFORMATION. The Services are not intended for children under the age of 18, and we do not knowingly collect personal information from children. If you learn that your child has provided us with personal information, you may email [email protected]. If we learn that we have collected any personal information of a child, we will promptly take steps to delete such information and terminate the child’s account.
  • CHANGES TO OUR PRIVACY POLICY. We may revise this Privacy Policy from time to time at our sole discretion. If there are any material changes to this Privacy Policy, we will notify you as required by applicable law. You understand and agree that you will be deemed to have accepted the updated Privacy Policy if you continue to use the Site or Services after the new Privacy Policy takes effect.
  • RESIDENTS OF CERTAIN STATES: Residents of California, Colorado, Connecticut, Utah and Virginia have additional consumer rights afforded to them through state law. These rights may include, but are not limited to:
    1. The right to request personal information stored by Brightside to be deleted;
    2. The right to correct an inaccurate data about your personal information;
    3. The right to know the specific types of personal information Brightside has collected about you.
    4. The right to opt-out of the sharing of personal information.
    5. The right to not be retaliated against for making requests related to the handling of your personal information.
    6. The right to opt-out of automated decision making technology (which Brightside currently does not use).
    7. Please note that certain laws, such as federal healthcare laws, may conflict with or modify the way in which Brightside responds to requests about your personal information.
    8. We encourage you to view your state’s applicable privacy laws for more details:
      1. California Consumer Privacy Act
      2. California Privacy Rights Act (Proposition 24)
      3. Colorado Privacy Act
      4. Connecticut Data Privacy Act
      5. Utah Consumer Privacy Act
      6. Virginia Consumer Protection Privacy Act
  • CONTACT US. If you have any questions about our privacy practices or this Privacy Policy, or if you wish to submit a request to exercise your rights as detailed in this policy, please contact the Member Support team by emailing [email protected].
    • 741-741

    If you’re in emotional distress, text HOME to connect with a counselor immediately.

    988

    Call or text the National Suicide Prevention Lifeline for 24/7 emotional support.

    911

    If you’re having a medical or mental health emergency, call 911 or go to your local ER.