Privacy Policy | Nudj Health

Last Updated Date. August 3, 2022.

THIS NOTICE DESCRIBES HOW YOUR PERSONAL INFORMATION MAY BE COLLECTED, USED, AND DISCLOSED. PLEASE REVIEW IT CAREFULLY.

Nudj Health, Inc. (“Nudj Health,” “Company,” “we,” “us,” or “our”) respects your privacy and is committed to protecting it through our compliance with this policy. Nudj Health operates the Nudj Health Collaborative Care Platform located at app.nudjhealth.com (the “Platform”), the Nudj Health mobile application named NUDJ (the “APP”), and the websites located at www.nudjhealth.com, patient.nudjhealth.com (the “Website”), and other websites, products, services, that link to this Privacy Policy (collectively, the “Services”). Users of the Services are referred to below as “Users,” “you,” or “your.”

This privacy policy (“Privacy Policy”) explains how we collect, use, and share Personal Information and Protected Health Information from or about Users who use our Services. This Privacy Policy also tells you about your rights and choices with respect to Personal Information, and how you can contact us if you have any questions or concerns. By using our Services, you agree to the collection, use, disclosure, and procedures this Privacy Policy describes. In addition to this Privacy Policy, your use of our Services is also subject to our Terms of Use, which is incorporated herein.

For the purpose of this Privacy Policy, “Personal Information” means any information that, by itself or in combination with other information, identifies or can reasonably be used to identify an individual, such as their name, email address, telephone number, address, date of birth, or healthcare information. Personal Information does not include information that is anonymized. The Personal Information includes Protected Health Information we receive or obtain through your use of the Services may also be subject to different state and federal privacy laws, including the Health Insurance Portability and Accountability Act of 1996.

“Protected Health Information” (“PHI”) has the meaning defined in the Health Insurance Portability and Accountability Act (“HIPAA”), and is subject to our HIPPA Notice of Privacy Practices (the “Notice of Privacy Practices”), which is incorporated herein, and includes any information that identifies you, whether in electronic, oral, or written form, and includes information such as your name, contact information, demographics such as your age, gender, and ethnicity, your medical history, conditions, treatments, and medications, healthcare insurance information, or other information defined to be protected health information under the law. WHERE NUDJ HEALTH COLLECTS, CREATES, MAINTAINS, USES AND DISCLOSES PHI THAT IS PROTECTED BY HIPAA, IT WILL ALSO BE IN ACCORDANCE WITH THE NOTICE OF PRIVACY PRACTICES.

Please read this Privacy Policy and the Notice of Privacy Practices carefully before using the Services. By visiting or using any of the Services, you are accepting the privacy practices described herein. If you do not agree with our policies and practices, your choice is to not use our Services. By accessing or using the Services, you agree to this Privacy Policy and Notice of Privacy Practices, which may be updated or changed from time to time.

Changes to This Privacy Policy

It is our policy to post any changes we make to our Privacy Policy on this page. If we make material changes to how we treat our Users’ Personal Information or PHI, we will notify you. The date the Privacy Policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting this Privacy Policy to check for any changes.

Information We Collect

We collect several types of information from and about users of our Services, including the information described below, which includes information as you navigate through and interact with our Services, as follows:

Registration and Profile Information. We collect the information you provide when you create a Nudj Health account, including your name, phone number, email address, username, password, date of birth, and gender. We may ask you to confirm the information that you or an authorized Healthcare Provider has provided to us prior to your registration, if any. We may collect your information if you contact us through the Services or we obtain your contact information from a Healthcare Provider with which we partner.
Information You Provide to Us. We collect all Personal Information and PHI that you supply directly to the Service. For example, records and copies of your correspondence, including your name, email address, phone number, and the contents of your communications and any other information that choose to provide. You also can provide additional information to us, such as PHI or other health information to enhance your use of the Service.
Protected Health Information / Authorized Healthcare Providers or Third Parties. We may collect PHI from your doctor, hospital, clinic, healthcare practice, office, or facility, or other healthcare providers (“Healthcare Provider”) that you expressly authorize with respect to you and your PHI on or through the Services, to communicate with you via the Services, to provide information to your personal health record on or through the Services. We may also collect information from other third-parties that you expressly authorize to send information to the Services.
Location Services. When you use our Services, including our mobile application, if you allow us, we may receive your precise location information to provide certain location-based services. If you wish to change our access or permissions, you may do so in your device’s settings.
Device Information. We may request information about the device, software, and internet connection to access our Services, including your IP address, device and application identification numbers, web browser type, operating system version, phone carrier and manufacturer, installed applications, device identifiers, mobile advertising identifiers, and push notification token.
Usage Information. When you use our Services, we automatically receive information about your interactions with our Services that are recorded in log files, such as the pages or other content you view, any content you post, and the dates and times of your visits, and other communication data and the resources that you access and use on the Services.
Access to Services on Mobile Device. We may request access or permission to certain features from your mobile device, including the camera, microphone, text messages, reminders, Bluetooth, calendar, and other features on your device. If you wish to change our access or permissions, you may do so in your device’s settings.
Push Notifications. We may request to send you push notifications regarding your account or certain features of the Services. If you wish to opt out from receiving these types of communications, you may tum them off in your device’s settings.

How We Use Your Information We Collect

We use Personal Information that we collect about you or that you provide to us for various reasons, including:

To operate, provide, maintain, improve and enhance our Services.
To personalize your experience on our Services.
To develop new services, features, and functionality.
To connect you with your authorized Healthcare Providers and facilitate the exchange of information and communication between you and your Healthcare Provider.
For business purposes to facilitate account authentication and management, quality assurance purposes, to prevent fraud, to conduct billing-related activities as requested by you, including sharing your PHI with third-parties for billing purposes.
For advertising, marketing, and/or promotional efforts.
To communicate with you about changes or updates to our Services, changes to terms, conditions or policies, and otherwise provide customer support
To enable communications with other users or participate in interactive features on our Services, if available.
For compliance purposes to carry out our legal obligations and enforce our rights.
To aggregate or otherwise de-identify information collected through the Services; and
To fulfill any other purpose with your consent.

How We Disclose and Share the Information We Collect

We may disclose de-identified and aggregated information about our Users that does not identify any individual, without restriction.

We may disclosure and share the Personal Information and PHI that we collect or you provide as follows:

To Healthcare Providers, business associates, or other third parties participating in the Service that are expressly authorized by you in order to facilitate your healthcare.
To service providers and other third parties we use to support our business and who are bound by contractual obligations to keep Personal Information confidential, including technical support, billing services, or other services.
To aggregate and de-identify your Personal Information and PHI.
To comply with any court order, law, or legal process, including to respond to any government or regulatory request
When we believe in good faith that disclosure is necessary to protect your safety or the safety of others, to protect our rights, to investigate fraud, or to respond to a government request.
To a buyer or other successor in connection with a corporate transaction, including a merger, sale, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Nudj Health’s assets, which remain subject to the provisions of the Terms of Use, Privacy Policy and Notice of Privacy Practices.
For marketing and advertising purposes, including sending you customized marketing and advertising communications. We do not sell any information about you to our third-party partners without your consent.
To fulfill any other purpose disclosed by us when you provide the information.

Accessing and Correcting Your Information

We strive to provide you with choices regarding the Personal Information you provide to us. We have created mechanisms to provide you with the following control over your information:

Account Information. Certain Personal Information is required for account functionality and can be edited but not deleted; whereas you can add, edit, or delete optional Personal Information appearing in your account.
Protected Health Information. You can amend and add certain health information stored in your account.
Marketing Communications. You can unsubscribe from our marketing communications, such as announcements of new features or special offers, via the link provided in the emails, replying “STOP” or “UNSUBSCRIBE” to the SMS messages that we send, or by contacting us using the details provided below.
Notifications. Nudj Health will ask you if you want to receive notifications when you open an account. If you agree, we may send you email, text messages, or mobile push notifications. You may opt out at any time by adjusting your notification settings in your account.
Do Not Track. We do not currently respond to Do Not Track browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.
Deactivating Your Account. Upon your request to deactivate or terminate your account, including if this option is available in the mobile application or platform, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements. If you have questions or comments about your privacy rights, you may contact us using the details provided below.
Revocation of Authorized Access. You may revoke any authorized Healthcare Providers’, third-party’s, or authorized individual or representative’s access to your account, to communicate with you through the Services, or request information from you through the Services.

Specific Privacy Rights for California Residents

California consumer privacy laws provide their residents with additional rights regarding our use of their Personal Information. This portion of the Privacy Policy is for California Residents and applies solely to Users who reside in the State of California. This notice is to comply with the California Consumer Privacy Act of 2018 (“CCPA”). If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact methods provided below.

In particular, the Services have collected the following categories of Personal Information from consumers within the last twelve (12) months:

Category	Examples	Collected
A. Identifiers.	A real name, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, or other similar identifiers.	YES
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).	A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.	YES
C. Protected classification characteristics under California or federal law.	Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).	YES
D. Commercial information.	Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	No
E. Biometric information.	Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.	YES
F. Internet or other similar network activity.	Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.	No
G. Geolocation data.	Device location.	YES
H. Sensory data.	Audio, electronic, visual, thermal, olfactory, or similar information.	No
I. Professional or employment-related information.	Current or past job history or performance evaluations.	No
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).	Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.	No
K. Inferences drawn from other Personal Information.	Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.	No

Your Rights and Choices Under California Law
The CCPA provides California residents with specific rights regarding their Personal Information. This section describes your CCPA rights and explains how to exercise those rights.

Right to Know Under CCPA You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Once we receive your request and confirm your identity (as discussed in the section below about Exercising Your Rights to Know or Delete), we will disclose to you:
- The categories of Personal Information we collected about you.
- The categories of sources for the Personal Information we collected about you.
- Our business or commercial purpose for collecting or selling that Personal Information.
- The categories of third parties with whom we share that Personal Information.
- If we sold or disclosed your Personal Information for a business purpose, two separate lists disclosing:
- The specific pieces of Personal Information we collected about you (also called a data portability request).
Right to Delete Under CCPA You have the right to request that we delete any of your Personal Information that we collected from you and retained. Once we receive your request and confirm your identity (as discussed in the section below about Exercising Your Rights to Know or Delete), we will respect your request and delete your Personal Information, subject to certain exceptions provided by law, including, but not limited to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities, debug services, or comply with a legal obligation.
Exercising Your Rights to Know or Delete Under CCPA Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your Personal Information.
- You may only submit a request to know twice within a 12-month period.
- Your request to know or delete must: (a) provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative; and (b) describe your request with sufficient details that allows us to properly understand, evaluate, and respond to it.
- We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. We will delete such additionally provided information as soon as we finish verifying you.
Personal Information Sales Opt-Out and Opt-In Rights Under CCPA You may request to opt out from future selling of your Personal Information to third parties. Consumers who opt-in to Personal Information sales may opt-out of future sales at any time. We will only use Personal Information provided in an opt-out request to review and comply with the request.
Non-Discrimination under CCPA We will not discriminate against you for exercising any of your privacy rights under the CCPA.
Response Timing and Format for Request Under CCPA We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please use a different method to contact us as set forth below.
We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

De-Identified Information

Nudj Health may use “de-identified information” created by us without restriction, which means any information that is neither used nor intended to be used to personally identify you.

Retention of Information

We take measures to retain your Personal Information for a period that is no longer than necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). When determining the retention period, we consider various criteria, such as the type of Services provided to you, the nature and length of our relationship with you, the impact on the Services we provide to you if we delete some Personal Information from or about you, and mandatory retention periods provided by law and the relevant statute of limitations.

Children

Our Services are not intended to be used by persons under 18 years of age. Nudj Health does not knowingly collect or maintain personally identifiable information from persons under 18 years old. IF YOU ARE UNDER 18, DO NOT ACCESS OR USE THE SERVICES AT ANY TIME OR IN ANY MANNER, EXCEPT AS ALLOWED IN ACCORDANCE WITH OUR TERMS OF USE.

Where permitted, any Personal Information relating to those children will be PHI governed by the HIPPA Notice of Privacy Practices. If we learn we have collected or received Personal Information from a child under 18 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 18, please contact us as indicated below.

Data Security

We have implemented commercially reasonable measures designed to secure and protect your Personal Information from accidental loss and from unauthorized access, use, alteration, and disclosure. We also use certain administrative, physical, and technical safeguards designed to comply with HIPPA security standards for interactions subject to HIPAA security regulations.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted on or through our Services. Any transmission of Personal Information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Services.

Contact us

To ask questions about this Notice and our privacy practices, please contact us as follows:

Mail – Nudj Health, Inc., [Attn: Earl Bray], 101 E. Green Street, Suite 11, Pasadena, CA 91105

Email – legalnotices@nudjhealth.com

Phone – Toll-free number: 833-411-5835