Legal
Effective Date: January 24, 2026
Table of Contents
This Consumer Health Data Privacy Policy ("CHD Policy") supplements the main VirtuallyWell Privacy Policy and applies specifically to "Consumer Health Data" as defined by applicable state laws, including but not limited to:
This CHD Policy is provided by VirtuallyWell LLC ("VirtuallyWell," "we," "us," or "our") to explain in detail how we collect, use, share, protect, and manage your Consumer Health Data in compliance with applicable state consumer health data privacy laws.
This CHD Policy supplements and is incorporated into our main Privacy Policy. In the event of a conflict between our main Privacy Policy and this CHD Policy with respect to Consumer Health Data, this CHD Policy shall govern to the extent required by applicable law. You should read this CHD Policy in conjunction with our main Privacy Policy and our Terms of Use to understand the full scope of our data practices.
This CHD Policy does not apply to the following categories of information:
Protected Health Information (PHI) Subject to HIPAA: Information that is collected, used, or disclosed by VirtuallyWell in its capacity as a "business associate" (as that term is defined under the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations, collectively "HIPAA") to healthcare providers that are "covered entities" under HIPAA. Such information is governed by HIPAA, our Business Associate Agreements with covered entities, and the Notice of Privacy Practices provided by your healthcare provider.
Information Subject to Other Federal Privacy Laws: Information governed by the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act, the Family Educational Rights and Privacy Act, the Driver's Privacy Protection Act, or other federal privacy laws that preempt state consumer health data privacy laws.
This CHD Policy applies to residents of states that have enacted consumer health data privacy laws, to the extent that we collect, use, or share Consumer Health Data as defined by those laws. If you are a resident of a state without such laws, the provisions of our main Privacy Policy will apply to your health-related information.
For purposes of this CHD Policy, the following terms have the meanings set forth below:
"Aggregate Data" or "Aggregated Data" means data that has been combined with data from other consumers such that the data can no longer reasonably identify a particular consumer or household.
"Biometric Data" means data generated from the measurement or technological processing of an individual's biological characteristics, including but not limited to fingerprints, voiceprints, retina or iris scans, facial geometry, gait, and other unique biological patterns or characteristics that can be used to identify an individual.
"Collect" or "Collection" means buying, renting, accessing, retaining, receiving, acquiring, inferring, deriving, or otherwise processing Consumer Health Data in any manner.
Individual health conditions, treatment, diseases, or diagnoses.
Social, psychological, behavioral, and medical interventions.
Health-related surgeries or procedures.
Use or purchase of prescribed medication.
Bodily functions, vital signs, symptoms, or measurements of the information described in this definition.
Diagnoses or diagnostic testing, treatment, or medication.
Gender-affirming care information.
Reproductive or sexual health information.
Biometric data.
Genetic data.
Precise location information that could reasonably indicate a consumer's attempt to acquire or receive health services or supplies.
Data that identifies a consumer seeking health care services.
Any information that is derived or extrapolated from non-health information (such as proxy, derivative, inferred, or emergent data by any means, including algorithms or machine learning) that is used to identify a consumer's health status or condition.
"De-Identified Data" means data that cannot reasonably be used to infer information about, or otherwise be linked to, a particular consumer or household, provided that the business that possesses the data:
Takes reasonable measures to ensure that the data cannot be associated with a consumer or household.
Publicly commits to process the data only in a de-identified fashion and not to attempt to re-identify the data.
Contractually obligates any recipients of the data to satisfy the criteria set forth in this definition.
"Process" or "Processing" means any operation or set of operations performed on Consumer Health Data, including but not limited to the collection, use, storage, disclosure, analysis, deletion, or modification of Consumer Health Data.
"Sale" or "Sell" means the exchange of Consumer Health Data for monetary or other valuable consideration. Under some state laws, this may include sharing data with third parties for cross-context behavioral advertising or other purposes.
"Share" or "Sharing" means to release, disclose, disseminate, divulge, make available, provide access to, license, or otherwise communicate orally, in writing, or by electronic or other means, Consumer Health Data by a regulated entity to a third party or affiliate.
"Third Party" means an entity other than VirtuallyWell, a consumer, or an affiliate of VirtuallyWell.
VirtuallyWell collects various categories of Consumer Health Data depending on how you interact with our Services. The specific data we collect about you will vary based on the services you use, the information you choose to provide, and the permissions you grant. Below is a comprehensive description of the categories of Consumer Health Data we may collect:
We collect information about your current and past health conditions, diagnoses, and treatments. This includes information you provide when you:
Complete medical intake questionnaires or health assessments.
Consult with a healthcare provider through our telehealth platform.
Purchase prescription medications or health-related products.
Communicate with our customer support team about health-related matters.
Examples of this data include: chronic conditions (e.g., diabetes, hypertension), acute illnesses (e.g., infections, injuries), mental health conditions (e.g., anxiety, depression), and any treatments or therapies you have received or are currently receiving.
We collect information about your mental and emotional health, lifestyle factors, and any therapeutic interventions you have undergone. This may include:
Information about your mental health history, including past or current diagnoses of mental health conditions.
Information about behavioral health interventions, such as counseling, therapy, or substance abuse treatment.
Information about social determinants of health, such as living situation, employment status, and access to resources.
Information about lifestyle factors that may affect your health, such as diet, exercise, sleep patterns, and stress levels.
We collect information about any past or planned surgeries or medical procedures. This includes both major surgical procedures and minor outpatient procedures. You may provide this information as part of your medical history when seeking healthcare services through our platform.
We collect information about medications you have been prescribed or have purchased. This includes:
Prescription medications you order through our platform.
Information about medications you are currently taking or have taken in the past, which you provide as part of your medical history.
Information about medication allergies or adverse reactions.
Information about your adherence to prescribed medication regimens.
We collect information about your physical health status, including:
Vital signs such as heart rate, blood pressure, respiratory rate, body temperature, and oxygen saturation.
Body measurements such as height, weight, body mass index (BMI), and waist circumference.
Symptoms you are experiencing, such as pain, fatigue, nausea, or other physical or mental symptoms.
Information about bodily functions, such as sleep patterns, menstrual cycles, or digestive health.
We collect information related to diagnostic tests, diagnoses, and treatments, including:
Results of laboratory tests (e.g., blood tests, urinalysis, genetic tests).
Results of imaging studies (e.g., X-rays, MRIs, CT scans).
Diagnoses you have received from healthcare providers.
Treatment plans and recommendations from healthcare providers.
Information about medications prescribed as part of a treatment plan.
We collect information related to gender identity and any gender-affirming care you have received or are seeking. This may include:
Information about your gender identity and expression.
Information about hormone therapy or other medical interventions related to gender transition.
Information about surgical procedures related to gender affirmation.
We collect information concerning your reproductive health, sexual orientation, and sexual activity. This may include:
Information about pregnancy, fertility, contraception, and family planning.
Information about menstrual health and menopause.
Information about sexual orientation and sexual activity.
Information about sexually transmitted infections (STIs) and related testing or treatment.
Information about reproductive health conditions such as polycystic ovary syndrome (PCOS) or endometriosis.
We may collect biometric data in certain circumstances, such as:
Facial recognition data used for identity verification purposes.
Voiceprint data if you use voice-activated features.
Fingerprint data if you use biometric authentication to access your account.
We collect biometric data only with your explicit consent and in accordance with applicable laws.
We may collect genetic data if you choose to use genetic testing services offered through our platform or if you provide us with genetic information as part of your medical history. Genetic data may include:
DNA sequences and genetic markers.
Information about genetic predispositions to certain health conditions.
Information about ancestry or ethnic background derived from genetic analysis.
We may collect precise location information from your mobile device if you grant us permission to do so. This information may be used to:
Verify your location for purposes of providing telehealth services (as many states require that both the patient and provider be located in the same state during a telehealth consultation).
Provide location-based services, such as finding nearby pharmacies or healthcare facilities.
Infer health-related information, such as visits to healthcare facilities.
We collect any information that identifies you in connection with your efforts to seek, receive, or inquire about healthcare services or products. This includes:
Information you provide when creating an account or registering for services.
Information you provide when scheduling appointments or consultations.
Information you provide when purchasing products or services.
Information about your interactions with our customer support team.
We may infer, derive, or extrapolate health-related information from other data we collect. This includes:
Inferences about your health status based on your browsing activity on our website or app (e.g., if you view content related to a specific health condition, we may infer that you have an interest in that condition).
Inferences about your health status based on your purchase history (e.g., if you purchase products related to a specific health condition, we may infer that you have that condition).
Inferences generated by algorithms or machine learning models that analyze your data to predict health outcomes or identify health risks.
While not always considered "Consumer Health Data" on its own, we collect contact and demographic information that may be linked to your health data, including:
Name, email address, phone number, and mailing address.
Date of birth, age, and gender.
Racial or ethnic origin (if you choose to provide it).
Preferred language.
We collect payment information necessary to process transactions, including:
Credit card or debit card information.
Bank account information (if you pay via ACH transfer).
Billing address.
This information may be linked to your health data (e.g., to identify which health products or services you have purchased).
We collect information necessary to create and manage your account, including:
Username and password.
Security questions and answers.
Multi-factor authentication credentials.
We automatically collect technical information when you use our Services, including:
IP address and general location data (city, state, country).
Device identifiers (e.g., device ID, advertising ID).
Device type, operating system, and browser type.
Cookies, web beacons, and similar tracking technologies.
This information may be used to infer health-related information (e.g., if you visit health-related pages on our website).
We automatically collect information about how you use our Services, including:
Pages or screens you view and the time you spend on each page or screen.
Links you click and actions you take.
Search queries you enter.
Dates and times of your visits.
This information may be used to infer health-related information (e.g., if you frequently search for information about a specific health condition).
We collect Consumer Health Data from the following sources:
The primary source of Consumer Health Data is information you voluntarily provide to us. This includes information you provide when you:
Create an account or register for our Services.
Complete medical intake forms, health assessments, or questionnaires.
Consult with a healthcare provider through our telehealth platform.
Purchase products or services.
Communicate with our customer support team via email, phone, chat, or other channels.
Participate in surveys, research studies, or feedback requests.
Post content in public forums or community features (if available).
We automatically collect certain information when you access or use our Services. This includes:
With your consent, we may receive Consumer Health Data from healthcare providers, medical groups, or other healthcare entities that participate in our platform. This may include:
Medical records and health information from your healthcare provider.
Prescription information from your prescribing provider.
Laboratory test results or diagnostic reports.
We may receive information from pharmacies that fulfill your prescription orders, including:
Confirmation that your prescription has been filled.
Information about the medication dispensed.
Information about your medication adherence.
We may obtain Consumer Health Data from third-party sources, including:
We may receive Consumer Health Data from other companies within the VirtuallyWell corporate family. This allows us to provide a consistent level of service across our various platforms and offerings.
In some cases, we may receive Consumer Health Data about you from other users of our Services. For example, if another user refers you to our Services or if you are listed as an emergency contact for another user.
We collect and use Consumer Health Data only with your valid consent or as necessary to provide the products or services you have requested. The specific purposes for which we collect and use this data are detailed below:
We use Consumer Health Data to provide, operate, and manage our Services, including:
We use Consumer Health Data to communicate with you about our Services, including:
Sending you appointment reminders and follow-up messages.
Notifying you of changes to our Services, policies, or terms.
Responding to your questions and requests.
Providing you with information about your health and wellness.
We use Consumer Health Data to personalize your experience with our Services, including:
Recommending products, services, or content that may be of interest to you based on your health profile and preferences.
Customizing the content and features you see on our website or app.
Tailoring our communications to your individual needs.
With your explicit consent, we may use Consumer Health Data for advertising and marketing purposes, including:
Sending you promotional emails, text messages, or push notifications about our products, services, or special offers.
Displaying targeted advertisements to you on our website, app, or on third-party websites and platforms.
Creating lookalike audiences for advertising purposes (i.e., identifying other consumers who have similar characteristics to our existing customers).
Conducting cross-context behavioral advertising (i.e., tracking your activity across different websites and apps to serve you targeted advertisements).
You have the right to opt out of these marketing activities at any time. See Section 7 for information on how to exercise your rights.
We use Consumer Health Data to analyze how our Services are used and to identify opportunities for improvement, including:
Analyzing usage patterns and trends to understand how users interact with our Services.
Conducting research and development to improve existing features and develop new products and services.
Testing new features and functionalities.
Measuring the effectiveness of our marketing campaigns.
We use Consumer Health Data as necessary to comply with legal obligations, protect our rights, and ensure the safety of our users, including:
Complying with applicable laws, regulations, and legal processes (e.g., responding to subpoenas or court orders).
Enforcing our Terms of Use and other agreements.
Detecting, preventing, and investigating fraud, security incidents, or other illegal activity.
Protecting the rights, property, and safety of VirtuallyWell, our users, and the public.
We may use de-identified or aggregated Consumer Health Data for research purposes to advance scientific and medical knowledge. This may include:
Conducting epidemiological studies to understand health trends and outcomes.
Developing new treatments, therapies, or diagnostic tools.
Publishing research findings in scientific journals or presenting them at conferences.
When we use data for research purposes, we take steps to de-identify or aggregate the data so that it cannot reasonably be used to identify individual consumers.
We use Consumer Health Data for general business operations, including:
Managing our business relationships with healthcare providers, pharmacies, and other partners.
Conducting internal audits and quality assurance activities.
Managing our corporate structure and business transactions (e.g., mergers, acquisitions, or asset sales).
The following table summarizes the purposes for which we collect and use Consumer Health Data and the categories of data used for each purpose:
We do not "sell" Consumer Health Data as that term is commonly understood (i.e., we do not exchange your health data for money). However, certain state laws define "sell" or "share" more broadly to include certain types of data sharing for advertising or other purposes. We will only share your Consumer Health Data with your valid consent or as necessary to provide a product or service you have requested.
We may share each of the categories of Consumer Health Data described in Section 3 with the following categories of third parties:
We share Consumer Health Data with independent healthcare providers and medical groups to facilitate the telehealth services you request. This includes:
Sharing your medical history, symptoms, and other health information with the provider conducting your consultation.
Sharing your contact information and appointment details with the provider.
Sharing your prescription information with the provider for purposes of prescribing medication.
The healthcare providers and medical groups are independent entities and are responsible for their own compliance with applicable privacy laws, including HIPAA.
We share Consumer Health Data with independent pharmacies to fulfill your prescription orders. This includes:
Sharing your prescription information, including the medication, dosage, and prescribing provider.
Sharing your contact information and shipping address for delivery purposes.
Sharing your payment information to process payment for the prescription.
The pharmacies are independent entities and are responsible for their own compliance with applicable privacy laws, including HIPAA.
We share Consumer Health Data with third-party service providers who perform services on our behalf. These service providers are contractually obligated to protect your data and are prohibited from using it for their own purposes. Categories of service providers include:
We may share Consumer Health Data with other companies within the VirtuallyWell corporate family. This allows us to:
Ensure a consistent level of service across our various platforms and offerings.
Conduct joint marketing or promotional activities.
Share resources and infrastructure to operate our business more efficiently.
Our affiliates are required to comply with this CHD Policy and applicable privacy laws.
With your explicit consent, we may share certain Consumer Health Data with advertising networks and marketing partners to facilitate targeted advertising and promotional campaigns. This may include:
Sharing hashed email addresses or other identifiers with advertising platforms (e.g., Facebook, Google, YouTube) to display targeted advertisements to you or to create lookalike audiences.
Allowing third-party advertising networks to collect information about your browsing activity on our website or app for purposes of cross-context behavioral advertising.
You have the right to opt out of this type of data sharing. See Section 7 for information on how to exercise your rights.
We may disclose Consumer Health Data to law enforcement, government agencies, or other third parties if we believe it is necessary to:
Comply with a legal obligation, such as a subpoena, court order, or other legal process.
Protect the safety of any person or prevent imminent harm.
Detect, prevent, or investigate fraud, security incidents, or other illegal activity.
Enforce our Terms of Use or other agreements.
Protect the rights, property, and safety of VirtuallyWell, our users, and the public.
If VirtuallyWell is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of its assets, your Consumer Health Data may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your data and provide you with choices regarding your data to the extent required by law.
We will share your Consumer Health Data with any other third party at your direction or with your explicit consent. For example, if you ask us to share your health information with a family member, caregiver, or another healthcare provider.
We may share Consumer Health Data with our professional advisors, such as attorneys, accountants, and consultants, who are bound by confidentiality obligations.
We maintain a list of the specific affiliates and key third-party service providers with whom we share Consumer Health Data. You may request this list by exercising your right to access as described in Section 7.
Under applicable state consumer health data privacy laws, you have certain rights with respect to your Consumer Health Data. The specific rights available to you may vary depending on your state of residence. Below is a comprehensive description of the rights you may have:
You have the right to confirm whether we are collecting, sharing, or selling your Consumer Health Data. If we are collecting such data, you have the right to access that data, including:
A copy of the specific pieces of Consumer Health Data we have collected about you.
The categories of Consumer Health Data we have collected about you.
The categories of sources from which we collected the data.
The purposes for which we collected and used the data.
The categories of third parties and affiliates with whom we have shared or sold the data.
An active email address or other online mechanism to contact the third parties with whom we have shared your data (to the extent required by applicable law).
To the extent that we rely upon your consent for the collection, use, or sharing of your Consumer Health Data, you have the right to withdraw that consent at any time. Withdrawing consent will only affect future collection, use, or sharing of your data; it will not affect data that was collected, used, or shared while your consent was in effect.
Please note that if you withdraw consent for the collection or use of data that is necessary to provide a service you are actively using, we may need to terminate your access to that service.
You have the right to request that we delete your Consumer Health Data. Upon receiving a verified deletion request, we will delete your Consumer Health Data from our records and instruct our service providers to delete the data from their records, except to the extent that we are required or permitted to retain the data under applicable law.
We may deny a deletion request if retaining the data is necessary for us or our service providers to:
Complete the transaction for which the data was collected, provide a service you requested, or fulfill the terms of a written warranty.
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activity.
Debug to identify and repair errors that impair existing intended functionality.
Comply with a legal obligation.
Otherwise use the data internally in a lawful manner that is compatible with the context in which you provided the data.
You have the right to request that we correct inaccurate Consumer Health Data that we maintain about you. Upon receiving a verified correction request, we will use commercially reasonable efforts to correct the inaccurate data as directed by you.
If we deny your request to exercise any of the rights described above, you have the right to appeal our decision. We will provide you with information on how to submit an appeal in our denial notice. See Section 9 for more information on our appeals process.
You have the right to exercise the rights described above without suffering discrimination. We will not:
Deny you goods or services.
Charge you different prices or rates for goods or services, including through the use of discounts or other benefits or by imposing penalties.
Provide you a different level or quality of goods or services.
Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we may charge you a different price or rate, or provide you a different level or quality of goods or services, if that difference is reasonably related to the value provided to you by your Consumer Health Data.
If we "sell" or "share" your Consumer Health Data as those terms are defined by applicable law, you have the right to opt out of such sale or sharing. To exercise this right, please visit our "Do Not Sell or Share My Personal Information" page or contact us as described in Section 8.
Some state laws provide you with the right to limit our use of "sensitive personal information" (which may include certain types of Consumer Health Data) to uses that are necessary to provide the services you requested. To exercise this right, please contact us as described in Section 8.
To exercise any of the rights described in Section 7, please submit a request through one of the following methods:
When submitting a request, please provide the following information to help us process your request:
Your full name.
Your email address associated with your account (if applicable).
Your phone number.
A description of the right you wish to exercise (e.g., access, delete, correct).
Sufficient detail to allow us to locate your Consumer Health Data in our systems.
To protect your privacy and security, we will take steps to verify your identity before processing your request. The verification process may vary depending on the nature of your request and the sensitivity of the data involved. We may require you to:
Provide Government-Issued Identification: For requests involving highly sensitive data or for deletion requests, we may require you to provide a copy of a government-issued identification document (e.g., driver's license or passport). We will use this document solely for verification purposes and will not retain it longer than necessary.
We will not ask for sensitive information such as your Social Security number or financial account information to verify your identity unless absolutely necessary and permitted by law.
If we are unable to verify your identity to a reasonable degree of certainty, we may deny your request and will provide an explanation of why we were unable to verify your identity.
You may designate an authorized agent to submit a request on your behalf. To do so, you must:
Provide the authorized agent with written permission to act on your behalf, signed by you.
Verify your own identity directly with us (unless you have provided the authorized agent with power of attorney pursuant to applicable law).
We may deny a request from an agent that does not submit proof that they have been authorized by you to act on your behalf.
We will acknowledge receipt of your request within ten (10) business days and will respond to your request within the time period required by applicable law, which is typically:
45 days for requests under the MHMDA, NCDPL, and CTDPA.
We may extend the response period by an additional 45 days if reasonably necessary, provided that we notify you of the extension and the reason for the extension within the initial 45-day period.
Our response will be provided free of charge. If your request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act on the request.
Our response will be provided in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance. For access requests, we will provide the data in a format that is commonly used and machine-readable.
You do not need to have an account with us to exercise your rights. If you do not have an account, we will still process your request to the extent that we can verify your identity and locate your data in our systems.
If we deny your request to exercise any of the rights described in Section 7, in whole or in part, you have the right to appeal our decision. We will provide you with information on how to submit an appeal in our denial notice.
To submit an appeal, please contact us using the same methods described in Section 8 (web form or email) and clearly indicate that you are appealing a denial of your privacy rights request. Please include:
A reference to the original request (e.g., the date you submitted the request and the nature of the request).
An explanation of why you believe our denial was incorrect.
Any additional information or documentation that supports your appeal.
Upon receiving your appeal, we will:
45 days for appeals under the MHMDA.
60 days for appeals under the NCDPL and CTDPA.
We may extend the response period if reasonably necessary, provided that we notify you of the extension.
Provide a Written Response: We will inform you in writing of any action taken or not taken in response to your appeal, including a written explanation of the reasons for our decision.
If your appeal is denied, we will provide you with information on how you can contact your state's Attorney General to submit a complaint. Depending on your state of residence, you may contact:
We take the security of your Consumer Health Data seriously and have implemented and maintain a comprehensive information security program designed to protect the confidentiality, integrity, and availability of your data.
Our administrative safeguards include:
Incident Response Plan: We have an incident response plan in place to address any potential data breaches or security incidents. This plan includes procedures for identifying, containing, and mitigating security incidents, as well as notifying affected individuals and regulatory authorities as required by law.
Vendor Management: We conduct due diligence on third-party service providers who will have access to Consumer Health Data and require them to enter into written agreements that obligate them to protect the data in accordance with applicable laws.
Our technical safeguards include:
Encryption: We use encryption to protect Consumer Health Data both in transit (e.g., when data is transmitted over the internet ) and at rest (e.g., when data is stored on our servers). We use industry-standard encryption protocols, such as TLS (Transport Layer Security) for data in transit and AES (Advanced Encryption Standard) for data at rest.
Our physical safeguards include:
While we take reasonable precautions to protect your Consumer Health Data, no security system is impenetrable, and we cannot guarantee the absolute security of your information. The internet and electronic communications are inherently insecure, and we cannot guarantee that your data will not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or administrative safeguards.
If we become aware of a security incident that compromises the security of your Consumer Health Data, we will notify you and any applicable regulatory authorities as required by law.
We retain Consumer Health Data for as long as necessary to fulfill the purposes for which it was collected, to provide our Services, to comply with our legal obligations, to resolve disputes, and to enforce our agreements.
The specific retention period for different categories of Consumer Health Data may vary depending on the nature of the data, the purposes for which it is used, and applicable legal requirements. General retention periods include:
If you submit a verified deletion request as described in Section 7.3, we will delete your Consumer Health Data from our records, except to the extent that we are required or permitted to retain the data under applicable law.
When we delete Consumer Health Data, we use secure deletion methods to ensure that the data cannot be recovered or reconstructed. For electronic data, this may include overwriting the data multiple times or using cryptographic erasure techniques. For paper records, this may include shredding or incineration.
In some cases, instead of deleting Consumer Health Data, we may de-identify the data so that it can no longer reasonably be used to identify you. De-identified data is not subject to this CHD Policy and may be retained indefinitely for research, analytics, or other purposes.
We may create de-identified or aggregated data from your Consumer Health Data. De-identified and aggregated data is not subject to this CHD Policy because it cannot reasonably be used to identify individual consumers.
When we de-identify Consumer Health Data, we take the following steps:
We may use de-identified data for a variety of purposes, including:
Conducting research and analytics to understand health trends and outcomes.
Developing new products, services, or features.
Improving the quality and effectiveness of our Services.
Publishing research findings or sharing insights with the public, healthcare providers, or policymakers.
We may also create aggregated data by combining Consumer Health Data from multiple individuals in a way that does not identify any individual consumer. For example, we may aggregate data to report that "X% of our users have condition Y" without identifying any specific users.
Aggregated data is not subject to this CHD Policy and may be used and disclosed without restriction.
We collect, use, and share Consumer Health Data only with your valid consent or as necessary to provide a product or service you have requested.
Under applicable state consumer health data privacy laws, we are required to obtain your consent before:
Collecting Consumer Health Data (except to the extent that collection is necessary to provide a service you requested).
Sharing Consumer Health Data with third parties (except to the extent that sharing is necessary to provide a service you requested or is otherwise permitted by law).
Using Consumer Health Data for purposes other than those for which it was originally collected (except to the extent that such use is compatible with the original purpose).
We obtain your consent through various means, including:
For consent to be valid under applicable laws, it must be:
You have the right to withdraw your consent at any time. To withdraw consent, please contact us as described in Section 8. Withdrawing consent will only affect future collection, use, or sharing of your data; it will not affect data that was collected, used, or shared while your consent was in effect.
If you withdraw consent for the collection or use of data that is necessary to provide a service you are actively using, we may need to terminate your access to that service. We will notify you of any such consequences before processing your withdrawal of consent.
We do not use geofencing technology to track or identify consumers for the purpose of sending health-related advertisements or messages.
Geofencing is a technology that uses global positioning coordinates, cell tower connectivity, cellular data, radio frequency identification, wireless fidelity technology data, or any other form of spatial or location detection to establish a virtual boundary (a "geofence") around a physical location. When a consumer's device enters or exits the geofenced area, the technology can trigger certain actions, such as sending a notification or advertisement.
We do not establish geofences around healthcare facilities (such as hospitals, clinics, doctors' offices, or pharmacies) for the purpose of:
Identifying or tracking consumers who enter those facilities.
Inferring that consumers who enter those facilities are seeking healthcare services.
Sending those consumers health-related advertisements or messages based on their presence at those facilities.
We may collect and use precise location information for other purposes, such as:
Verifying your location for purposes of providing telehealth services (as required by law).
Providing location-based services, such as finding nearby pharmacies or healthcare facilities, at your request.
Analyzing general geographic trends in the use of our Services (using aggregated or de-identified data).
Our Services are not intended for individuals under the age of 18, and we do not knowingly collect Consumer Health Data from children under 18.
By using our Services, you represent and warrant that you are at least 18 years of age. If you are under 18, you are not permitted to use our Services or provide any information to us.
We do not provide services to minors, even with parental consent. If we become aware that we have collected Consumer Health Data from a child under 18 without verification of parental consent, we will take steps to delete that information as soon as possible.
If you are a parent or guardian and you believe that your child under 18 has provided us with Consumer Health Data, please contact us immediately at support@virtuallywell.com so that we can delete the information.
The following provisions apply to residents of specific states that have enacted consumer health data privacy laws:
If you are a Washington resident, you have the following rights with respect to your Consumer Health Data under the MHMDA (Wash. Rev. Code § 19.373):
Geofencing Prohibition: We do not use geofencing technology to establish a virtual boundary within 2,000 feet of any mental health facility, reproductive health facility, or other healthcare facility for the purpose of identifying, tracking, collecting data from, or sending notifications to consumers.
Consent Requirement: We will not collect or share your Consumer Health Data without first obtaining your valid consent, except as necessary to provide a product or service you requested.
If you are a Nevada resident, you have the following rights with respect to your Consumer Health Data under the NCDPL (Nev. Rev. Stat. § 439.840 et seq.):
Right to Know: You have the right to confirm whether we are collecting, using, or disclosing your Consumer Health Data and to access that data.
Right to a List of Categories of Third Parties: You have the right to a list of the categories of third parties with whom we have shared your Consumer Health Data.
If you are a Connecticut resident, the CTDPA (Conn. Gen. Stat. § 42-520 et seq.) provides you with certain rights regarding your "consumer health data." These rights include:
If you are a resident of a state that has enacted a consumer health data privacy law not specifically addressed above, you may have similar rights. Please contact us at support@virtuallywell.com for more information about your rights under your state's law.
We may update this CHD Policy from time to time to reflect changes in our practices, the law, or for other operational, legal, or regulatory reasons.
If we make material changes to this CHD Policy that significantly affect your rights or our data practices, we will notify you by:
Posting the updated CHD Policy on our website and updating the "Date of Last Revision" at the top of this policy.
Sending you an email notification to the email address associated with your account (if you have an account ).
Posting a notice on our website or app.
Providing notice through other means as required by applicable law.
We will provide such notice at least thirty (30) days before the effective date of the changes, unless we determine in good faith that the changes are required sooner to comply with applicable law or to address a security or fraud concern.
Your continued use of our Services after the effective date of any changes to this CHD Policy constitutes your acknowledgment and acceptance of the changes. If you do not agree to the revised CHD Policy, you must stop using our Services and may request that we delete your Consumer Health Data as described in Section 7.3.
We encourage you to review this CHD Policy periodically to stay informed about our data practices and your rights. The "Date of Last Revision" at the top of this policy indicates when the policy was last updated.
If you have any questions, comments, or concerns about this CHD Policy, our data practices, or your rights, please contact us at:
VirtuallyWell LLCAttn: Privacy Officer1633 W Innovation Way, 5th FloorLehi, UT 84043Email: support@virtuallywell.com
We are committed to working with you to address any concerns you may have about your Consumer Health Data. If you believe that we have not complied with this CHD Policy or applicable law, please contact us first so that we can work to resolve the issue. If you are not satisfied with our response, you may have the right to file a complaint with your state's Attorney General or other regulatory authority.
By using the Services, you acknowledge that you have read, understood, and agree to this Consumer Health Data Privacy Policy.