Privacy Policy
Last updated: September 18, 2024
This Privacy Policy applies to information collected by Mindful Mental Wellness, P.A. (FL), Mindful Mental Wellness, P.C. (CA), Mindful Mental Wellness P.A. (KS), and Mindful Mental Wellness P.C. (NJ) (the “Medical Groups”), and its parents, subsidiaries, affiliates, and the medical practices it supports (collectively, “MMW,” “we,” “our,” or “us”), in connection with the telehealth service we provide. This includes information collected online through our websites, mobile applications, other online communications, through healthcare provider visits, or other medical services (collectively, our “Services”).
This Privacy Policy explains how information may be collected, used, or disclosed through our Services. This Privacy Policy is incorporated into the Terms of Use of our Services. By using our Services, you are accepting the Privacy Policy and Terms of Use. Additional terms may apply depending on the Services you use.
Thank you for choosing to be part of our community at MMW. We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about our policy, or our practices with regards to your personal information, please contact us at support@getmindfulhealth.com.
This Policy does not describe how we collect or use your Protected Health Information (as defined by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), which such collection and/or use is covered by our Notice of Privacy Practices (“Notice of Privacy Practices”). The Notice of Privacy Practices describes how MMW may use and disclose your Protected Health Information. If you do not agree to be bound by those terms, which are available below, you are not authorized to access or use MMW’s Services:
Notice of HIPAA Privacy Practices
Please read this privacy policy carefully as it will help you make informed decisions about sharing your personal information with us.
1. WHO DOES THIS POLICY APPLY TO?
This Policy applies to any visitors to the public portions of MMW’s websites (including www.getmindfulhealth.com and futurehealth.ai) and apps, users who create accounts on our platform (“Members“), and medical providers who are using the Platform to deliver Services.
This Policy does not apply to the collection and use of information for employees or independent contractors (not including medical providers) of MMW.
2. WHAT INFORMATION DO WE COLLECT ABOUT YOU?
The information we collect about you depends on the context and your relationship with MMW, but may include the following categories:
- Identifying information you disclose to us
We collect personal information that you voluntarily provide to us when registering for or using MMW’s Services, when you express an interest in obtaining information about us or our Services, or otherwise contact us. This information may include your name, address, contact email information, passwords, and payment information.
- Personal information provided by you.
We collect data about your health, medical records, financial information (e.g., credit card number) that you provide in connection with the Services.
- Credentials.
We collect passwords, password hints, and similar security information used for authentication and account access.
- Payment Data.
We collect data necessary to process your payment if you make purchases, such as your payment instrument number (such as a credit card number), and the security code associated with your payment instrument.
- Information automatically collected
We automatically collect certain information when you visit, use or navigate the Services or Apps. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services or Apps and other technical information. This information is primarily needed to maintain the security and operation of our Services or Apps, and for our internal analytics and reporting purposes, and as otherwise described herein.
- Information collected through our Apps
If you use our Apps, we may also collect the following information:
- Geo-Location Information. We may request access or permission to and track location-based information from your mobile device, either continuously or while you are using our mobile application, to provide location-based services. We use this information to customize our Services offerings and for regulatory compliance. If you wish to change our access or permissions, you may do so in your device’s settings. Enabling geo-location is not required to use the Services.
- Push Notifications. We may request to send you push notifications regarding your account or the mobile application. If you wish to opt-out from receiving these types of communications, you may turn them off in your device’s settings. Enabling push notifications is not required to use the Services.
- Information obtained through the use of cookies or web beacons
We may use “cookies,” “web beacons” or “pixels” that collect certain information about you.
A “cookie” is a small data file that is accessible within a folder on a computer, and it is used for record-keeping purposes. Cookies are used to enhance performance of the Platform, personalize your experience and can be used for Third Party tracking (as described above). For example, cookies may be used to help you quickly log into certain platforms and websites without having to enter your credentials every time.
A “web beacon” or “pixel” is a tiny and sometimes invisible image or embedded code, placed on a web page or email that can report your visit or use to a third party. In general, these tools can be used to monitor the activity of users for the purpose of web analytics, advertising optimization, or page tagging.
3. HOW DO WE USE YOUR INFORMATION?
We process your information for purposes based on legitimate business interests, the fulfillment of our contract with you, compliance with our legal obligations, and/or for marketing and promotional purposes with your consent. In this Privacy Policy, “process” means collecting, storing and using certain data as described in more detail below. Specific uses include:
- To facilitate account creation and logon process. If you choose to link your account with us to a third party account (such as your Google or Facebook account), we use the information you allowed us to collect from those third parties to facilitate account creation and logon process for the performance of the contract.
- For marketing and promotional purposes. We and/or our third-party marketing partners may use the personal information you send to us for our marketing purposes, if this is in accordance with your marketing preferences. You can opt-out of our marketing emails at any time by emailing support@getmindfulhealth.com.
WE DO NOT USE ANY PROTECTED HEALTH INFORMATION, MEDICAL DATA OR INFORMATION OBTAINED DURING SESSIONS WITH MEDICAL PROVIDERS FOR MARKETING PURPOSES. HOWEVER, THE FACT THAT YOU VISITED XXX’S WEBSITE MAY INDICATE THAT YOU HAVE AN INTEREST IN ADHD SERVICES, WHICH MAY RESULT IN PERSONALIZED OR TARGETED ADVERTISING BASED ON YOUR BROWSING BEHAVIOR.
- To send administrative information to you. We may use your personal information to send you product, service and new feature information and/or information about changes to our terms, conditions, and policies.
- Fulfill and manage your orders. We may use your information to fulfill and manage your orders, payments, returns, and exchanges made through the Services or Apps.
- To post testimonials. We may post testimonials on our Services or Apps that may contain personal information. Prior to posting a testimonial, we will obtain your express consent to use your name and testimonial. If you wish to update, or delete your testimonial, please contact us and be sure to include your name, testimonial location, and contact information.
- Feedback requests. We may use your information to request feedback and to contact you about your use of our Services or Apps.
- To respond to legal requests and prevent harm. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
- To manage user accounts. We may use your information for the purposes of managing our account and keeping it in working order.
- To deliver services to you. We use your information to provide you with Services.
- To respond to user inquiries/offer support to users. We may use your information to respond to your inquiries and solve any potential issues you might have with the use of our Services.
- For other business purposes. We may use your information for other Business Purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Services or Apps, products, marketing and your experience. We may use and store this information in aggregated and anonymized form so that it is not associated with individual end users and does not include personal information. We will not use identifiable personal information without your consent.
4. WILL YOUR INFORMATION BE SHARED WITH ANYONE?
Depending on the circumstances and as set forth in more detail below, we may share your data for a variety of reasons, including compliance with legal requirements, providing you Services and, with your consent, for advertising.
- Compliance with legal requirements
Your data may be shared to comply with applicable laws and regulations. For example, a court might subpoena information from us where we would be required to share certain information requested in the subpoena. In many cases, MMW does not have a choice as to whether it is required to provide certain information, nor does it necessarily have an obligation to inform you if it produces records to comply with a legal request. This is not unique to MMW, and applies to all providers of medical services. Further, there are many states that have strict rules governing provider-patient relationships in a telehealth context, and the confidentiality requirements associated with that. MMW ensures that all employees who handle requests for data from law enforcement or regulatory bodies are bound by confidentiality.
- Use of third-party service providers to run our platform
We may share certain data with third parties necessary to provide the best possible Services experiences. Examples include: data hosting and storage providers (like Amazon Web Services or Google Cloud Platform); technology service providers (like Slack or G-Suite); customer service providers (like ZenDesk); billing and payment processing service providers (like Square or PayPal).
- For analytics
If you opt in, we may use analytics from cookies or web beacons to process data for activities including but not limited to analyzing traffic sources, visits, and site interactions. This analysis helps us to improve our products and services and provide the best possible experience for our users.
- For advertising
In order to reach people who may be looking for ADHD treatment, we advertise on some third-party websites and apps. To deliver ads that are relevant, interesting, and personal, if you opt in, we may use cookies, web beacons, IP addresses or other third-party identifiers to process information regarding your activity on our websites, excluding protected health information, for such purposes, including “re-targeting.”
5. HOW LONG DO WE KEEP YOUR INFORMATION AND HOW DO I REQUEST ERASURE?
We keep your information for as long as necessary to fulfill the purposes outlined in this privacy policy unless otherwise required by law*.* We are not required to keep your personal information for longer than the period of time in which users have an account with us or, if longer, the period of time required by applicable law.
Depending on where you live, you may have certain rights under data protection laws, including the right to request that we erase personal data we hold about you, and the right to request a copy of it. The following sections describe how you can exercise those rights.
- Data Erasure
MMW takes requests for data erasure seriously, and requires that requests for erasure comply with the following requirements:
- You must email support@getmindfulhealth.com, and include in the subject “Request for Data Erasure” or a similarly identifiable phrase.
- Only you or your authorized representative (e.g., through a power of attorney) may make a request on your behalf. You may also make a request on behalf of your minor child depending on the applicable laws.
- You must provide sufficient information that allows us to reasonably verify your identity or status as an authorized representative.
- You must provide details that allow us to understand, evaluate, and respond to your request.
In some circumstances, legal or regulatory requirements limit our ability to honor erasure requests. Examples include: if the data is subject to legal hold; if it is necessary to comply with laws and regulations and to maintain business integrity; or if such data pertains to a dispute between you and MMW. Protected health information, including medical records, may not be erased under federal law.
If, for any reason, we don’t intend to comply with a request, then we will tell you why this is the case, and outline how we weighed your rights and freedoms against our legal obligations. In such instances, any information retained will only be used for purposes contemplated under the legally recognized exemption.
6. HOW DO WE KEEP YOUR INFORMATION SAFE?
We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process, including HIPAA-compliant measures where necessary.. However, please also remember that we cannot guarantee that the internet itself is 100% secure. Although we will do our best to protect your personal information, transmission of personal information to and from our Services or apps is at your own risk. You should only access the services within a secure environment. In the very unlikely event that a data breach occurs, we will notify you in compliance with our Notice of Privacy Practices and applicable law.
7. DO WE SELL YOUR DATA?
We will never provide your data to a third party in exchange for monetary or other compensation.
However, California law defines “sale” or “sell” to include the sharing of personal information in exchange for anything of value. If you opt in to our use of advertising cookies and web beacons, this use may be considered a “sale” of personal information in California.****
8. DO WE COLLECT INFORMATION FROM MINORS?
In very limited circumstances, our Services may include online services that will be used to facilitate care for minors. Children under the age of 18 are not eligible to register directly for an account. If your child directly uses their account, either with or without your permission, we may collect information directly from the child. If you prefer for your child to not directly interact with MMW online, please do not provide account credentials to your child. Please note certain state patient privacy laws may permit a child to directly obtain certain types of health care services independent of their parent or guardian. Children’s online privacy is of the utmost importance to MMW, and MMW operates in strict compliance with the Children’s Online Privacy Protection Act (“COPPA”). For more information about COPPA and general tips about protecting children’s online privacy, please click here.
- Registering for Services for minors
Minors cannot directly register for our Services. During the user registration process, the parent or guardian will create a minor’s profile by providing certain information about the minor, including name, birth date, and gender but the child will not have their own login.
- Communication with minors
Other than for providers to provide Services to a minor (with parental or guardian consent), MMW will not knowingly communicate with a minor through the messaging functionality on our platform. If a minor contacts our Services via the messaging functionality and discloses their age, we will discontinue the communication immediately.
- Data collection from minors
We only collect necessary and legally required personal information from children under the age of 13 after obtaining consent from the minor’s parent or legal guardian to treat the minor through our Services. If you are under 13 years of age, then please do not use or access the Services at any time or in any manner without the supervision of a parent or legal guardian. If we learn that a person under 13 years of age has used or accessed the Services or any personally identifiable information has been collected on the Services from persons under 13 years of age without a parent or legal guardian’s consent, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 13 years of age has obtained an account on or otherwise accessed the Service without your consent, then you may alert us at support@getmindfulhealth.com and request that we delete that child’s personally identifiable information from our systems.
- Disclosure of minors’ data
We may share information with clinicians if necessary for them to perform business, professional, or technology services for us, always in accordance with all applicable State and Federal laws including HIPAA. We may also disclose data as required by applicable law or regulation (See Section 4).
- Data access and/or erasure
In addition to your right to revoke your consent for the collection of your child’s personal information, you may request to review and/or erase the personal information we have collected about your child by emailing us at support@getmindfulhealth.com
9. HOW DO I CHANGE MY PRIVACY PREFERENCES?
- Account termination:
You may terminate your account at any time by emailing support@getmindfulhealth.com . Upon account termination, MMW will handle your data in a manner consistent with this Privacy Policy.
- Opting out of email marketing:
Whether you are an active Member or not, you can unsubscribe from our marketing email list at any time by clicking on the unsubscribe link in the emails that we send. You will then be removed from the marketing email list. Please note, however, we will still need to send you service-related emails that are necessary for the administration and use of your account and the Services.
- Opting out of cookies and web beacons:
You can, at any time, opt out of some or all non-strictly necessary cookies and web beacons by updating your cookie settings through the Privacy Preference Center
10. CONTROLS FOR DO-NOT-TRACK FEATURES
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. No uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Policy.
11. DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
Under the California Consumer Privacy Act (“CCPA”) and the California Privacy Rights Act (“CPRA”), California residents have certain rights in addition to those outlined in this Privacy Policy, including notice about the categories of personal information we have collected and processed from them in the preceding twelve (12) months and the purposes for which the information is used or disclosed, and correction of personal information.
- Categories of collection and processing
As defined by California law, we may process the following categories of information, as further set forth in this Privacy Policy.
- Identifiers;
- Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e));
- Protected classification characteristics under California or federal law;
- Commercial information;
- Biometric information;
- Internet or other similar network activity;
- Geolocation data;
- Sensory data;
- Sensitive Personal Information;
- Professional or employment-related information; and
- Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
- Categories of disclosure/sharing
- Identifiers;
- Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e));
- Protected classification characteristics under California or federal law;
- Commercial information;
- Biometric information;
- Internet or other similar network activity;
- Geolocation data;
- Sensory data;
- Sensitive Personal Information;
- Professional or employment-related information; and
- Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
- Correction of personal information
California residents may request the information we have collected and processed about them over the preceding 12 months and, if any personal information is found to be inaccurate, may request that such information be corrected by emailing us at support@getmindfulhealth.com.
- Requests to delete information
You may request deletion of your information as set forth in this Privacy Policy (in particular, Section 5). Once your request is received and verified, we’ll delete your information consistent with our legal obligations and this Privacy Policy. with our legal requirements and retention policies. Reasons we may not delete information include:
- The information is necessary to provide you with Services you have requested
- We need to use the information to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- We need to use the information to debug and repair products.
- We need to comply with applicable laws
- We need the information for other internal and lawful uses of that information that are compatible with the context in which you provided it.
- “Shine the Light”
California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.
12. DO WE MAKE UPDATES TO THIS POLICY?
We may update this privacy policy from time to time. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy policy frequently to be informed of how we are protecting your information.
13. HOW CAN YOU CONTACT US ABOUT THIS POLICY?
If you have questions or comments about this policy, you may email us at support@getmindfulhealth.com.