Last Revised: January 5, 2021

Privacy Policy

Recora, Inc. is concerned about privacy issues and wants you to be familiar with how we collect, use and disclose information and does so in accordance with laws applicable to our business. This Privacy Policy describes our practices in connection with information that we collect through websites operated by us from which you are accessing this Privacy Policy (the “Website”), through the software applications made available by us for use on or through computers and mobile devices (the “Apps”), and through our social media pages that we control from which you are accessing this Privacy Policy, as well as through HTML-formatted email messages that we may send to you that link to this Privacy Policy (all of the foregoing, collectively, the “Services”).  From time to time, we may make changes to this Privacy Policy. The Privacy Policy is current as of the “last revised” date which appears at the top of this page.

Personal Information

Personal Information We May Collect

“Personal Information” is information that identifies you as an individual or relates to an identifiable person, including: Name, Email address, Health Information in connection with the interviews and questionnaires we make available through the Services (the “Surveys”). If you submit any Personal Information relating to other people to us or to our service providers in connection with the Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy.

How We May Collect Personal Information

We and our service providers may collect Personal Information in a variety of ways, including:

  • Through the Services: We may collect Personal Information directly from you through the Services, e.g., when you answer a Survey or register for an account.
  • From Other Sources: We may receive your Personal Information from other sources with your consent or as permitted by applicable law, such as from your insurance or healthcare provider, public databases, joint marketing partners and other third parties.

How We May Use and Disclose Your Personal Information

Recora, Inc. may have an arrangement with your insurance or healthcare provider and under that arrangement may be permitted to use and disclose your Personal Information as directed by them, uses and discloses Personal Information to provide the Services as described below.  We may use Personal Information:

  • To respond to your inquiries, fulfill your requests, and send you communications that you request, such as the results of any Survey that you have taken.
  • To send administrative information to you, for example, information regarding the Services and changes to our terms, conditions and policies.
  • To personalize your experience on the Services, for example, by presenting Surveys and similar products to you.
  • For our internal management and business purposes, such as data analysis, developing new services, enhancing, improving or modifying the Services, audits, fraud monitoring and prevention, identifying usage trends, but, in some cases that will be only to the extent such use of Personal Information is permitted or required by your insurance or healthcare provider.
  • As we believe to be necessary or appropriate, and only as permitted under the Health Insurance Portability & Accountability Act and amendments thereto (HIPAA) or other applicable law: (a) to comply with legal process; (b) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (c) to protect our operations or those of any of our affiliates, including in connection with investigating security incidents; or (d) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.
  • For such other purposes as you may consent.

Your Personal Information may be transferred or disclosed:

  • To our third party service providers who assist us to provide the Services (such as website hosting, data analysis, information technology and related infrastructure provision, email delivery, auditing and other services), and with whom we have a contract that includes appropriate privacy obligations.
  • To third parties, such as your insurance or healthcare provider, consistent with your instructions. For example, you may opt in to allow us to share your responses to and results of any Surveys.
  • As we believe to be necessary or appropriate, and only as permitted under HIPAA or other applicable law: (a) to comply with legal process; (b) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (c) to protect our operations or those of any of our affiliates, including in connection with investigating security incidents; or (d) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.
  • To such third parties and for such purposes to which you consent.

Other Information

Other Information We May Collect

“Other Information” is any information that does not reveal your specific identity or does not directly relate to an individual, such as:

  • Browser and device information
  • Apps usage data
  • Information collected through cookies, pixel tags and other technologies
  • General demographic information
  • Aggregated information

If we are required to treat Other Information as Personal Information under applicable law, then we may use it for the purposes for which we use and disclose Personal Information as detailed in this Policy.

How We May Collect Other Information

We and our third party service providers may collect Other Information in a variety of ways, including:

  • Through your browser or device: Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version and the name and version of the Services (such as the App) you are using. We use this information to ensure that the Services function properly.
  • Through your use of the Apps: When you download and use the Apps, we and our service providers may track and collect usage data, such as the date and time the App on your device accesses our servers and what information and files have been downloaded to the App based on your device number.
  • Using pixel tags and other similar technologies: Pixel tags (also known as web beacons and clear GIFs) may be used in connection with some Services to, among other things, track the actions of users of the Services (including email recipients), and compile statistics about usage of the Services and response rates.
  • Analytics: We use Google Analytics, which uses cookies and similar technologies to collect and analyze information about use of the Services and report on activities and trends. This service may also collect information regarding the use of other websites, apps and online resources. You can learn about Google’s practices by going to https://www.google.com/policies/privacy, and opt out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.
  • IP Address: Your IP address is a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP). An IP address may be identified and logged automatically in our server log files whenever a user accesses the Services, along with the time of the visit and the page(s) that were visited. Collecting IP addresses is standard practice and is done automatically by many websites, applications and other services. We use IP addresses for purposes such as calculating usage levels, diagnosing server problems and administering the Services. We may also derive your approximate location from your IP address.
  • Physical Location: We may collect the physical location of your device by, for example, using satellite, cell phone tower or WiFi signals. We may use your device’s physical location to provide you with personalized location-based services and content. You may be permitted to allow or deny such use, but, if you do, we may not be able to provide you with the applicable personalized services and content.
  • From you: Information such as your preferred means of communication is collected when you voluntarily provide it.

How We May Use and Disclose Other Information

We may use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law. In some instances, we may combine Other Information with Personal Information. If we do, we will treat the combined information as Personal Information as long as it is combined.

Third Party Services

This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any site or service to which the Services link. The inclusion of a link on the Services does not imply endorsement of the linked site or service by us or by our affiliates. In addition, we are not responsible for the information collection, use, disclosure or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including with respect to any Personal Information you disclose to other organizations through or in connection with the Services.

Security and Retention

We seek to use administrative, physical, and technical safeguards that are reasonable and appropriate for the protection of the Personal Information in our custody or control. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us in accordance with the “Contacting Us” section below. We will retain your Personal Information in a file specific to you at our offices and the data centers of our service providers.  We will retain your Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.As our operations are conducted from the U.S., all Personal Information that we collect is used and stored in the U.S., is subject to U.S. laws, and may be subject to disclosure to U.S. governments, courts or law enforcement or regulatory agencies pursuant to those laws.

Individual Rights

The following six rights are collectively referred to as the “Individual Rights.”

  1. The right to access - You have the right to request copies of your personal data that Recora, Inc. possesses. We may charge you a small fee for this service;
  2. The right to rectification - You have the right to request that Recora, Inc. correct any information you believe is inaccurate. You also have the right to request that Recora, Inc. complete information you believe is incomplete;
  3. The right to erasure — You have the right to request that Recora, Inc. erase your personal data, under certain conditions;
  4. The right to restrict processing - You have the right to request that Recora, Inc. restrict the processing of your personal data, under certain conditions;
  5. The right to object to processing - You have the right to object to Recora, Inc.’s processing of your personal data, under certain conditions; and
  6. The right to data portability - You have the right to request that Recora, Inc. transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you would like to exercise any of your Individual Rights regarding Personal Information that you have previously provided to us, you may do so by logging into your account within the Services or by contacting us in accordance with the “Contacting Us” section below. In your request, please make clear what Individual Right you are exercising. For your protection, we may only implement requests with respect to the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable and in compliance with applicable law.  Where appropriate, we will transmit the amended information to third parties having access to your Personal Information. We may be prevented from complying with a request to exercise an Individual Right. In such circumstances, we will respond to your request to exercise your Individual Right with a response stating that we cannot comply with such a request and, if legally allowed, why.

California Residents

If you are a resident of California the following information and rights are provided to you as required by the California Consumer Privacy Act of 2018 (“CCPA”).  Any terms defined in the CCPA have the same meaning when used in this notice. Personal information under CCPA does not include:

  • Publicly available information from government records.
  • De-identified or aggregated consumer information.
  • Information excluded from the CCPA's scope, such as:
    • Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data.
    • Financial Information covered by the Gramm-Leach-Bliley Act, and implementing regulations.

In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:

  • Identifiers: Name, residential address, Internet Protocol (IP) address, email address, or other similar identifiers
  • Customer records information: Name, address, telephone number, medical information, health insurance information
  • Characteristics of protected classifications under California or federal law: Race, gender identity, age

We disclose your personal information for a business purpose to the following categories of third parties:

  • Service Providers: Cloud hosting, email delivery, medical record management, telehealth video platform, service desk management, platform usage analytics, business analytics, SMS delivery, log aggregation, geolocation

Sale of Personal Information

In the preceding twelve (12) months, we have not sold any personal information.

Your Rights and Choices

The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you any of the following, as requested:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you.
  • If we disclosed your personal information and identify the personal information categories that each category of recipient obtained.

Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service providers to:

  1. Comply with legal obligations.
  2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  3. Debug products to identify and repair errors that impair existing intended functionality.
  4. Make other internal and lawful uses of that information that are compatible with the context in which you provided it

Response Timing and Format

We endeavor to respond to a verifiable consumer request within 45 days of its receipt.  If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.  If you have an account with us, we will deliver our written response to that account.  If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.  Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt.  The response we provide will also explain the reasons we cannot comply with a request, if applicable.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information.  You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

Updates to This Privacy Policy

We may change this Privacy Policy. The “Last Updated” legend at the top of this page indicates when this Privacy Policy was last revised. Any changes will become effective when we post the revised Privacy Policy on the Services. Your use of the Services following these changes means that you accept the revised Privacy Policy.

Contacting Us

If you have any questions about this Privacy Policy, please contact us at hello@recorahealth.com. Because email communications are not always secure, please do not include sensitive information in your emails to us.