Privacy Policy
Last Updated: 11 January 2023This Privacy Policy (this “Policy”) provides comprehensive information relating to how Healthstro Inc (“we,” “us,” or “our”) collects, uses, and shares your Personal Information, as defined below, and the rights you have in relation to this data when you access or use our website at https://healthstro.com/ (the “Site”), download, install, register with, access, or use our mobile application (the “App”), purchase our products, subscribe to our newsletter, emails, send us messages, or otherwise access or use the various content, features, or other services offered by us through the Site or App, (collectively, the “Services”). This Privacy Policy does not apply to information that we collect offline unless we specifically refer to this Privacy Policy in our offline communication with you. This Privacy Policy also does not apply to information that you provide to or that is collected by any third party, even if you access such third parties through the Services. By using the Services, you consent to and agree that we may collect, process, use, retain, share, and transfer your Personal Information as described in this Privacy Policy. This Privacy Policy supplements and is incorporated into our Terms of Use, which may be accessed here. By accessing, registering with, uploading, downloading, subscribing to, or otherwise using our Services, you agree to this Privacy Policy and our Terms of Use, including any updates thereto.
- Collecting Personal Information: Definition, Methods, Categories; Purposes; Third-Party Collections
- Personal Information: When you access our Services, we collect the information you provide to us, and certain information about your device and interaction with the Services. In this Privacy Policy, we refer to any information that can uniquely identify an individual as “Personal Information.” Personal Information does not include PHI. See the list below for more information about the means of collecting Personal Information, the categories of Personal Information we collect, the purpose of collection, and to whom we may disclose it and why. This Privacy Policy in no way restricts or limits our use of aggregate data.
- Information you provide to us: Personal Information you provide to us is collected directly from you for the business purposes of connecting those seeking to improve their intimate health life (“Users”) with medical Providers and therapists (“Providers”), monitoring and tracking User health information to be accessed by their assigned Providers, recommending products to Users based on their respective needs, tracking revenue of Providers for the purposes of billing and account management, processing payment information, communicating with Users and Providers, and screening our Services for potential risk, copyright infringement, or fraud. You may provide us with your Personal Information when you visit or use our Services, when you communicate via email, text, or other electronic messages with our Services, when you use mobile or desktop applications that provide interaction between you and our Services, when you interact with our advertising and applications on third-party websites and services, if those applications or advertising include links to this policy. If you elect to provide us with your Personal Information, you consent to its transfer and storage on our servers.
- Identifiers: Such as your name, billing address, shipping address, email address, and phone number.
- Providers Information: Such as a description and scope of the services provided by the Providers, the Provider’s experience, education, and related certificates and licenses, and any other non-confidential information that may assist Users in selecting a Providers.
- Financial Information: Such as payment information and credit card numbers.
- Protected Health Information: Certain demographic, health and/or health-related information that Healthstro collects about Users as part of providing the Services may be Protected Heath Information (“PHI”) and governed by the Health Insurance Portability and Accountability Act (“HIPAA”) and its implementing regulations. For HIPAA Notice of Privacy Practices you can reach out to Healthstro Legal Department for any details on how we can use and share your PHI, as defined by HIPAA. The HIPAA Notice of Privacy Practices only applies to PHI.
- Sensitive Information: Unless it is related to your use of the Services, we ask that you not send us or disclose any sensitive personal information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, criminal background, or trade union membership).
- Device and Services Interaction Information: Device and Services interaction information is collected automatically and indirectly through the use of IP addresses, and information collected through cookies, web beacons, and other tracking technologies. This information is collected for the business purpose of loading and administering the Services accurately for you and to perform analytics on usage to optimize our Services and aid our understanding of who our users are.
- Tracking and Mobile Data: In order to perform our Services, when you use certain features of the Services, we may receive, collect, store, and process different types of information about your location, including not only general information (e.g., your IP address and zip code), but also more specific location-related information (e.g., precise geolocation).
- Analytics: We use services like Google Analytics, Google Lighthouse and others to help us understand how our Services are used. You can read more about how Google uses your Personal Information here: https://policies.google.com/privacy?hl=en.You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
- BehavioralAdvertising: We may use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you.
- Third Party Collection: Certain third parties may use automatic information collection technologies, including cross-site tracking technologies, to collect Personal Information about you or your device. These third parties may include, but are not limited to, your internet service provider, your web browser, your mobile service provider, your mobile device manufacturer, online advertisers, and data analytics companies. We do not control these third parties or how they collect, use, or disclose your Personal Information. As stated above, this Privacy Policy is not applicable to third party collection, use, or disclosure of your Personal Information. If you have any questions about the privacy practices of any third party, you should contact the responsible third party directly.
- Social Media: The Services may contain links to our accounts on Facebook Twitter, LinkedIn or other similar social network. Clicking on any such links means that the respective social network will receive information on from which website you accessed the platform and may collect other Personal Information. It is also possible, if you are currently logged in as a user to the social network in question, that the social network will link this information to your account with the social network.
- Sharing Personal Information: Categories, Purposes
- Subsidiaries, Affiliates, and Business Partners: We may share your Personal Information within our corporate group, including with our subsidiaries, parent organization, and business affiliates in accordance with this Privacy Policy and applicable law. We do so for the purposes of fulfilling your requests to us, performing our contract with you, providing better service to our customers, and managing warranty, repair, or customer feedback. Your information is not shared within our corporate group for commercial purposes.
- Service Providers and Contractors: We may share your Personal Information with service providers and contractors to help us provide our Services and fulfill obligations to you. These service providers and contractors may include database and cloud service providers, billing systems, customer management services, payment processors, shipping companies, installation and cybersecurity services, professional services such as legal and accounting, and advertising and marketing.
- Advertising: We may provide advertisements targeted to you based on the Personal Information we retain about you, such as information relevant to your general location. In some circumstances we may also sell your Personal Information to advertisers and other partners.
- Asset Transfer: We may share your Personal Information with a buyer or successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us is among the assets being transferred.
- Legal Requests: We may share your Personal Information when required to do so by law enforcement, court order, or other legal process such as a subpoena. We generally do not disclose Personal Information unless we have a good faith belief that an information request by law enforcement or private litigants meets applicable legal standards. We may share your Personal Information when we believe it is necessary to comply with applicable laws, to protect our interests or property, to prevent fraud or other illegal activity perpetrated through the services or using our name, or to protect the safety of any person. This may include sharing Personal Information with other companies, lawyers, agents, or government agencies. Nothing in this Privacy Policy is intended to limit any legal defenses or objections that you may have to a third party’s, including a government’s, request to disclose your information.
- Sharing with Consent: We may share your Personal Information at your direction or any time we have your consent to do so, including implicit and tacit consent. This includes sharing your Personal Information as we have disclosed in this Privacy Policy.
- Depersonalized Information: We may share your Personal Information after it is aggregated or otherwise depersonalized such that it is no longer considered Personal Information.
- Your Choices and Rights: Sharing Choices, U.S. Law, European Economic Area, International Transfers
- Your Choices: We respect your privacy and seek to provide you with options to manage the Personal Information collected about you while you are using our Services. We abide by the privacy laws applicable to you based upon your jurisdiction.
- Emails and Newsletters: You may opt-out of receiving marketing messages from us and any of our Affiliates by unsubscribing through the unsubscribe or opt-out link in an email. We will try to comply with your request(s) as soon as reasonably practical. Please note that even if you opt-out of receiving marketing-related emails from us, we will still send you important account, purchase confirmation, and administrative messages.
- Push Notifications: You can opt out of receiving push notifications through your device settings. Please note that opting out of receiving push notifications may impact your use of the Services (such as receiving a notification that an appointment is about to begin).
- Managing Cookies: You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact the functionality of the Services and your experience accessing our Services. Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as allaboutcookies.org.
- Do Not Track: Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.
- Notice to California Residents: Each capitalized term used, but not defined, in this section shall have the meaning given to such term in the California Consumer Privacy Act of 2018 (“CCPA”). Personal Information as defined in the CCPA shall be included in Personal Information as used in this Privacy Policy. If you are a resident of California, and if CCPA applies to the processing of your information, you have the right to access the Personal Information we hold about you, to ask that your Personal Information be corrected, updated, ported, or erased, and to opt out of the sale of your Personal Information. If you would like to exercise these rights, please contact us through the means indicated at the end of this Privacy Policy. If you would like to designate an authorized agent to submit these requests on your behalf, please contact us through the means indicated at the end of this Privacy Policy.
- Right of Access to Specific Information: You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Once we receive and confirm your verifiable Consumer request, we will disclose to you:
- The categories of Personal Information we collected about you;
- The categories of sources for the Personal Information we collected about you;
- Our business or commercial purpose for collecting, sharing, or selling that Personal Information;
- The categories of third parties with whom we share that Personal Information;
- The specific pieces of Personal Information we collected about you (also called a data portability request) and provide a copy to you in an electronic or paper format; and
- The categories of Personal Information, if any, we disclosed for a business purpose to a third party.
- Deletion Request Right: You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable Consumer request, we will delete (and direct our Contractors and Service Providers to delete) your Personal Information from our (and their) records, unless an exception applies (as described below).
- Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
- Debug products to identify and repair errors that impair existing intended functionality;
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.);
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
- Comply with a legal, regulatory or law enforcement obligation; or
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
- Exercising Access, Data Portability, Correction, and Deletion Rights: To exercise the access, data portability, and deletion rights described above, please submit a verifiable Consumer request to us by calling using the contact information at the end of this Privacy Policy. Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable Consumer request related to your Personal Information. You may only make a verifiable Consumer request for access or data portability twice within a 12-month period. To be verifiable, the Consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative of that person and
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
- Non-Discrimination: We will not discriminate against you simply for exercising your rights under the CCPA.
- Notice to Nevada Residents: If you are a Nevada resident who wishes to exercise your sale opt-out rights under Nevada Revised Statutes Chapter 603A you may submit a request to the contact information listed at the end of this Privacy Policy.
- Notice to Residents of Non-U.S. Countries: Our headquarters is in the United States. The Personal Information we or our service providers and contractors collect may be stored and processed in servers within or outside of the United States and certain Personal Information may be accessible by persons or companies outside of the United States who provide services for us. As such, we and our service providers and contractors may transfer your Personal Information to, or access it in, jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction. We will take reasonable steps to ensure that your Personal Information receives an adequate level of protection in the jurisdictions in which we process it.
- Notice to Residents of the European Union and United Kingdom: If you are a resident of the European Union or the United Kingdom (also referred to as a “Data Subject”), the General Data Protection Regulation (“GDPR”) provides you with additional rights regarding our use of your Personal Information. This section is provided pursuant to the GDPR. Each capitalized term used, but not defined, in this section shall have the meaning given to such term in the GDPR. This section describes how we collect, share, disclose, and process the Personal Information of residents of the European Union and United Kingdom. “Personal Information” means any information relating to an identified or identifiable natural person (referred to ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person and includes all “Personal Information” referred to in this Policy.
- Rights of European Union and United Kingdom Residents: If you are located in the European Union or the United Kingdom, you have certain rights regarding the Personal Information that we maintain about you, which in certain circumstances you will be able to exercise. The rights are as follows:
- Access: You may request a copy of the Personal Information we maintain about you.
- Portability: If we maintain your Personal Information based on your consent or so that we can enter into or perform under a contract with you, you have the right to obtain your Personal Information from us that you consented to give us, that is necessary to enter into or perform the contract, or that is necessary to provide member benefits to you. We will give you your Personal Information in a structured, commonly used and machine-readable format.
- Correction: If you believe your Personal Information is incorrect, you may request that we correct, amend or delete your Personal Information that is inaccurate or incomplete.
- Deletion or Restriction of Processing: You may request that we erase or restrict the processing of your Personal Information.
- Object to Processing: You may object to the processing of your Personal Information in certain circumstances when we process your Personal Information for the purposes of our legitimate interests.
- Right to Complain: You have the right to file a complaint with a supervisory authority, in particular in the European member state of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your Personal Information infringes upon your rights.
- Withdraw Consent: If we are processing your Personal Information based on your consent to do so, you may withdraw that consent at any time.
- Collection of Personal Information: We collect Personal Information that is reasonably necessary for us to provide our Services. Subject to applicable exceptions, we will obtain your consent before collecting, using and disclosing your Personal Information for the specified purposes. In addition to circumstances in which you consent to the use of your Personal Information, the Personal Information we collect may be used or processed where we have a legitimate interest in or other legal basis for processing such data.
- Sharing Personal Information: The ways in which we share your Personal Information and the purposes for which we share it are indicated above in the section entitled “Sharing Personal Information.” If we use Personal Information in ways other than described in this Policy, we will provide you with specific notice at the time of collection.
- Processing Personal Information: We only process Personal Information when we have a legal basis to do so including:
- When you have consented to the processing of your Personal Information, including processing your Personal Information consistent with this Policy, including the advertising purposes disclosed in this Policy;
- When processing is necessary to perform our obligations to you or fulfill a request you have made to us;
- When processing is necessary to comply with a legal obligation that applies to us; or
- When processing is necessary for purposes that are in our legitimate interests and you have given any required explicit or implicit consent to such processing, including protecting the security of our Services, improving the functioning of our Services, or providing you with information about products in which you have expressed interest.
- General Disclosures
- Protecting Children: Our Services are for adults and are not directed to children. Should an individual whom we know to be a child, under the age of 18, send Personal Information to us, we will delete or destroy such information as soon as reasonably possible. If you believe a child has provided us with Personal Information, please contact us through the means indicated at the end of this Policy to request deletion.
- Retention: When you access our Services, we will retain your Personal Information as long as it is necessary for the processing purpose in question or in accordance with our data retention policy. We determine the appropriate retention period based on the nature and sensitivity of the Personal Information being processed, the risk of harm due to unauthorized access versus the benefit of retention, and whether we can achieve the purposes of processing through other means. We may retain your Personal Information for longer periods if required by law, if you give us your permission, or in case of a legal dispute in which your Personal Information may be used as evidence.
- Automatic Decision-Making: We do not profile or use automated decision making.
- Telephone Monitoring: As part of our customer service assurance practice, telephone conversations over phones may be monitored or recorded as a part of normal business operations. Monitored or recorded calls will be used for quality assurance and training purposes.
- Cybersecurity: We use robust security measures to protect your information from unauthorized access, maintain data accuracy, and help ensure the appropriate use of information. To protect your Personal Information, we use physical safeguards including secured access to our facilities. We also limit access to your Personal Information to only those employees and service contractors that have a need to access it. Additionally, when the Services are accessed using the Internet, we use Transport Layer Security (TLS) technology to protect information using both server authentication and data encryption. We also implement other advanced technology measures to prevent interference or access from outside intruders. We offer enhanced security features within the Services that permit users to configure security settings to the level they deem necessary, such as forced password changes and IP-restrictions.
- The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password and/or username for access to certain parts of our Service, you are responsible for keeping such information confidential. We ask you not to share your password or username with anyone. We ask you to select unique and secure passwords when setting up profiles in our Service.
- Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to protect your information, we cannot guarantee the security of your information transmitted to our Service. Any transmission of Personal Information is at your own risk.
- Changes to this Privacy Policy: We may update this Privacy Policy from time to time. The current version of this Privacy Policy can be accessed here.
- Contact Information: For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us at: