Privacy Policy

Last Modified: June 21, 2023

This Privacy Policy applies to the Iron Health (“Iron Health,” “we,” “us,” or “our”) mobile application, web application, and other websites or services operated by Iron Health that link to this Privacy Policy (collectively, the “Services”). Users of the Services are referred to as “users,” “you,” or “your.”

This Privacy Policy describes how we collect Personal Information through the Services, how we use and disclose that information, and your rights with respect to such information. This Privacy Policy does not apply to information that we collect on any other applications or websites. This Privacy Policy also does not apply to the practices of any third parties, which have their own privacy policies. We encourage you to read their privacy policies to learn more about how they collect and process your information. For example, parts of the Services may be hosted by our vendor, Healthie, which has its own privacy policy at gethealthie.com/privacy.

Please review this Privacy Policy carefully before using the Services. By using the Services, you acknowledge the practices and policies outlined in this Privacy Policy and agree that we may collect and use your information as described in this Privacy Policy.

1. Protected Health Information

Applicable law and agreements may apply to and further restrict our use and disclosure of certain Personal Information that we collect, such as protected health information (“PHI”). PHI is defined under the Health Insurance Portability and Accountability Act and its implementing regulations (collectively, “HIPAA”), and generally refers to any information that:

• We create, receive, maintain, or transmit for or on behalf of a health care provider that is subject to HIPAA;
• Identifies you or reasonably can be used to identify you; and
• Relates to your past, present, or future physical or mental health or condition; the provision of health care to you; or the past, present, or future payment for the provision of health care to you.

Such PHI is subject to requirements under HIPAA, a federal law and set of regulations that protects the confidentiality of your PHI. In addition, because we generally collect and handle PHI as a business associate of health care providers like OB/GYN practices, we may only use or disclose PHI as permitted by those health care providers’ Notices of Privacy Practices and our business associate agreements with them. The PHI that we collect about you may be subject to more limited uses and disclosures than those described in this Privacy Policy. We recommend that you review your OB/GYN practice’s Notice of Privacy Practices to learn more about how your PHI may be used or disclosed and your rights with respect to your PHI (such as your right to access your own PHI).

2. What We Mean by “Personal Information”

This Privacy Policy applies to “Personal Information,” which, for purposes of this Privacy Policy, means any information from or about you that either identifies you directly or that makes you identifiable when combined with other information from or about you from any source.

3. Information That We Collect from and About You

1. Information That You Directly Provide to Us

When you access or use the Services, we may collect certain Personal Information that you provide directly to us or our customers (OB/GYN practices), including:

• Name, preferred pronouns, gender identity, and information related to your family and living situation
• Contact information (e.g., mailing address, email address, and telephone number)
• Account credentials (e.g., user IDs)
• Health insurance information
• Health-related information (e.g., health conditions, health-related measurements, medications, and health care providers)
• Information that you provide to us through an online form, by sending us an email, by requesting additional information, or by otherwise contacting us
• Other information that you provide to us

1. Information That We Collect Automatically  

When you access or use the Services, we may collect certain information automatically, including:

• Logs: Parts of the Services may automatically create logs regarding user sessions that contain information about the features you use, the actions you take, and the information you access. As part of these logs, we may collect information about your visits and use of the Services automatically, such as IP address, device type and settings, browser type and settings, operating system, mobile network information, and dates and times of visits and interactions with the Services.
• Cookies: Certain sections of the Services may use cookies, pixel tags, or similar technologies to help us provide, improve, protect, and promote our Services. For example, these technologies help us study traffic patterns on the Services so we can make suitable improvements to the Services and provide you with a better user experience. Note that advertising technologies are not used in areas where users must log in to access the Services. A cookie can be used to uniquely identify you, but it cannot retrieve data from your hard drive, pass on computer viruses, or directly capture your email address. In general, cookies can securely store a user’s ID and password specific to a website, personalize home pages, identify which parts of a website have been visited, or keep track of selections in a form or shopping cart. Most browsers automatically accept cookies, and you may manually disable them. For more information on disabling cookies, go to the “help” menu on your browser or to www.networkadvertising.org/choices/ or www.youronlinechoices.com. The Services may still be viewed if you choose to disable cookies, but your use and enjoyment of the Services may be adversely affected.
• Analytics: The Services may use Google Analytics or other analytics services. These services use cookies to help us analyze how visitors use our Services and optimize the performance of our Services and content. Information generated by these services may be transmitted to and stored by these service providers on servers in the U.S. or elsewhere, and these service providers may use this information for purposes such as evaluating your use of the Services, compiling reports on the Services’ activity, and providing other services relating to the Services’ activity and other Internet usage.

1. Information That We Collect from Other Sources

In connection with the Services, we may receive information from our business partners and other third parties in accordance with their privacy policies. We may combine information that we receive from third parties with other information that we collect from you as described in this Privacy Policy. In addition, we may review, collect, and use information that you provide to us or post publicly about us or our activities on social media platforms, blogs, or other third-party websites and services.

4. How We Use Your Information

1. Personal Information

We may generally use your Personal Information as follows, subject to applicable legal restrictions:

• To evaluate and treat you, and otherwise provide the Services to you
• To communicate with you regarding your health care and the Services, including connecting you with services that may be of interest to you
• To receive payment for our provision of the Services (e.g., creating invoices) and otherwise operate our business
• To respond to your requests, comments, and questions
• To improve, test, and monitor the effectiveness of the Services
• To resolve technical issues
• To send you communications regarding updates to the Services, security-related notices, and other Service-related notices
• To de-identify the information and create non-personally identifiable information
• To fulfill other purposes in accordance with your consent

1. Non-Personally Identifiable Information

We may use non-personally identifiable information – information that cannot reasonably be used to identify you – for any purpose.

5. How We Share Your Information

1. Personal Information

We may generally share Personal Information as follows, subject to applicable legal restrictions:

• To other health care providers who are treating you
• To the extent necessary for service providers that support our business and are contractually obligated to keep Personal Information confidential (examples include website hosting providers, information hosting providers, customer support providers, communications vendors, remote patient monitoring vendors, and billing vendors)
• As necessary to comply with an applicable law, regulation, legal process, or government request
• Where we reasonably believe that such disclosure is necessary to protect your safety or the safety of others, to protect our rights or property, to address fraud, or to address a security or technical issue
• To subsidiaries and affiliates
• As part of a transaction or as part of the process leading up to a transaction (e.g., due diligence) in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Iron Health’s assets
• To other parties in accordance with your consent

We will never sell your Personal Information to any third parties without your consent.

2. Non-Personally Identifiable Information

We may share non-personally identifiable information – information that cannot reasonably be used to identify you – for any purpose.

6. Security and Processing

We use reasonable and appropriate safeguards to protect Personal Information under our control. However, no method of transmission or electronic storage is fully secure, and we cannot guarantee absolute security.

Note that data privacy laws vary across jurisdictions. By using the Services, you consent to the processing of information in the United States or other countries in which Iron Health, its affiliates, or its service providers maintain facilities.  

7. Retention

We will not store Personal Information for longer than necessary to provide the Services, to comply with our legal obligations, to resolve disputes, to enforce our agreements, or for other legitimate business purposes.

8. Children’s Privacy

The Services are not intended for children under the age of 13, and we do not knowingly solicit, collect, sell, or process any information from anyone we know to be under the age of 13.

9. Modifications

We may change this Privacy Policy from time to time. If we do, we will post the revised Privacy Policy on this page and update the “Last Modified” date at the top. Unless otherwise noted, all changes are effective when posted. By continuing to use the Services following notice of such changes, you acknowledge such changes and agree to be bound by the updated Privacy Policy.

10. Contact Us

If you have any questions or complaints, or would like more information on our privacy practices, you may contact us at info@ironhealth.io.