Privacy Policy

Rovi Health, Inc. ("Rovi Health", "we", "us", "our") provides text-based clinical navigation and access to virtual and text-based concierge clinical care through its affiliated network of expert providers ("Affiliated Providers"). Rovi Health created the Rovi Health website at https://rovi.health (the "Website") and the Rovi Health web-based communication platform (the "Platform"). The Website, Platform, content, products, services, functionality, and affiliated software owned by Rovi Health are collectively the "Services." We commit to protecting your Personal Information and ensuring you understand your rights regarding our use and disclosure of such information.

This Privacy Policy describes:

• Personal Information received when you interact with the Services
• How we use and process Personal Information
• Whether Personal Information may be disclosed to third parties
• Your choices regarding collection and processing of your Personal Information

When you access the Services or send Personal Information via text or electronic means, you consent to receive communications per this Privacy Policy.

Please read carefully. If you disagree, do not use our Services. By accessing or using the Services, you agree you have read this Privacy Policy and understand and consent to its terms. Also review our Terms of Service, which limit our liability. If using Services on behalf of another individual, you represent you are authorized and that individual acknowledges and agrees to these terms.

Changes to this privacy policy and notifications

We reserve the right to amend this Privacy Policy anytime. We will notify you and/or require acceptance of updates only if material changes occur from the current Privacy Policy. Review this Privacy Policy each time you visit or use the Service.

Rovi Health may provide notices, including policy changes, using reasonable means including email, regular mail, text message, or Platform postings. Notices may not be received if you violate this Agreement by unauthorized Platform access. You agree you are deemed to have received notices that would have been delivered with authorized access. We will not make retroactive changes reducing your privacy rights unless legally required. Your continued use after changes constitutes acceptance, so check periodically for updates. Amended Privacy Policy supersedes all previous versions.

Information we collect about you

The Personal Information we collect depends on how you interact, which Services you use, and your choices. We receive and collect information that you directly submit, that we receive from your employer or insurance company, from our Affiliated Providers including health information exchanges, and that we gather when you use our Services:

1. Personal information such as name, phone number, email, demographic information (age, race, gender, birth date, ethnicity, address), communications via text/email/phone, and insurance and health history information including diagnoses, medications, labs, and diagnostic tests ("Healthcare Information") (together, "Personal Information").
2. Non-personal information such as IP addresses, device information, usage data, including information passively or automatically collected through cookies, browser, device, or Service use.
3. Inferences from other collected data, including automated information about likely preferences or characteristics. For example, we infer general geographic location (city, state, country) from your IP address. We may collect physical location information provided by you or through Service use.

A note on health information exchanges

Health information exchanges are secure electronic systems allowing healthcare providers, hospitals, and authorized parties to share patients' medical information to improve care coordination and treatment. Rovi Health's Affiliated Providers request information from health information exchanges regarding your health to improve care and assist in delivering Services. For questions about information received from health information exchanges or to opt out, email support@rovihealth.com.

When asked to provide Personal Information, you may decline. You may use browser or operating system controls to prevent certain automatic data collection. However, declining information necessary for certain services or features may make those unavailable or non-functional.

Healthcare Information

Rovi Health is not a healthcare provider. However, Rovi Health is a business associate to customers including payors, self-insured employers, and Affiliated Providers, and is therefore subject to the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, and related regulations and amendments (collectively, "HIPAA") and other state laws regarding medical records protections ("Privacy Laws"). For information about how Rovi Health and Affiliated Providers protect Healthcare Information, see the applicable Notice of Privacy Practices. Information collected through the public-facing Website is protected per applicable state law and this Privacy Policy. Information collected by other means is protected per applicable state law and this Privacy Policy, and additionally per HIPAA.

Cookies and Other Data Collection Tools

A cookie is a small piece of data sent from a website and stored on your computer by your web browser. Cookies contain information about your computer, such as user ID, settings, browsing history, and activities conducted using the Services. Cookies are not personally identifiable but may be linked to Personal Information. A cookie typically contains the domain name (internet location) origin, lifetime (expiration), and a randomly generated unique identifier.

We use cookies and similar technologies (such as server logs and web beacons) to operate, secure, and improve Services. Some cookies are strictly necessary for Services functionality (maintaining sessions, authenticating users, preventing fraud) and set automatically when using Services. We may also use limited non-advertising analytics to understand Service usage and improve performance and user experience. You can manage cookies through browser or device settings, including deleting and blocking cookies; however, blocking strictly necessary cookies may impair Service functionality. We may use web beacons in email messages to understand engagement (whether emails were opened, links clicked); opt out of marketing emails anytime using unsubscribe links.

How do we and our partners use cookies and similar technologies?

We and our analytics and advertising partners use these technologies to collect Personal Information (pages visited, links clicked, usage information, identifiers, device information) when you use our Services, including information about your online activities over time and across different websites or services. We use these cookie categories:

• Strictly Necessary Cookies: Essential for Services functionality and cannot be disabled. These enable core functionality such as security, network management, and accessibility.
• Performance/Analytics Cookies: Collect information about how you use our Services to help us improve performance and user experience.
• Functional Cookies: Remember your preferences and choices to provide enhanced features.

This data stores your preferences and settings, enables sign-in, analyzes website performance, tracks site interaction, develops inferences, combats fraud, and fulfills other legitimate purposes.

Overall, cookies provide a better Rovi Health experience by enabling us to monitor which pages you find useful and which you do not.

You can accept or decline cookies. Most web browsers automatically accept cookies, but you can modify settings to decline cookies. For more about cookies including management and deletion, visit www.allaboutcookies.org. Some web browsers (including mobile web browsers) provide settings allowing rejection of cookies or alerts when cookies are placed on computers, tablets, or mobile devices. Most mobile devices also offer settings to reject mobile device identifiers. While users are not required to accept cookies or mobile device identifiers, blocking or rejecting them may prevent access to some Features available through Services.

The table below details specific third-party tools and technologies used on our Services:

Note: We do not currently respond to web browser "do not track" signals or mechanisms providing opt-out from collection across networks of websites and services. If we do in the future, we will describe how in this Privacy Policy.

How we use your Personal Information

Rovi Health processes your Personal Information for legitimate business purposes, Services fulfillment to you, and legal obligation compliance. We use Personal Information to:

• fulfill the reason you shared such information. For example, to help with appointment scheduling;
• provide information, products, or services you request. For example, if you elect healthcare services, we may share your Personal Information with third-party lab providers or Affiliated Providers;
• request information from health information exchanges on behalf of our Affiliated Providers;
• communicate about and manage your account;
• understand you and your preferences to enhance your experience and enjoyment using our services;
• properly store and track your data within our system;
• determine your eligibility for products and services available through Services, including confirming your location;
• respond to lawful requests from public and government authorities and comply with applicable state/federal law, including cooperation with judicial proceedings and court orders;
• protect our rights, privacy, safety, or property, and/or that of you or others by providing proper notices, pursuing available legal remedies, and limiting our damages;
• manage and improve our operations and Services, including developing additional functionality;
• evaluate service quality you receive, identify usage trends, conduct research, and improve your experience;
• develop, test, or improve the Service and content, features, and/or products or services offered via Service, and identify or create new products or services;
• keep our Services safe and secure;
• send you information about changes to our terms, conditions, and policies;
• provide you with alerts and other communications related to your health and healthcare; and
• testing, research, analysis and product development.

In some states, we may be required to obtain consent before using certain sensitive Personal Information constituting Healthcare Information. We may de-identify your information and use, create, and sell such de-identified information for any business or other purpose not prohibited by applicable law. We will never sell your Personal Information.

Text Messaging

By opting to use Services provided by Rovi Health, you consent to receive SMS (text) messages from Rovi Health, its affiliates, and partners pertaining to your health and healthcare, including services you requested and your interaction with Rovi Health's Services. These messages may include, but are not limited to, appointment reminders, reminders regarding standard healthcare diagnostics and screenings, scheduling details, medication fulfillment, and other information relevant to your Service use.

You acknowledge and agree that:

1. You are the owner of the mobile device used to initiate SMS Enrollment and are authorized to consent to receive and pay for messages at that number;
2. SMS messages may be sent using automated technology;
3. You do not have to consent to receive SMS messages as a condition of purchasing any goods or services;
4. Standard message and data rates may apply to any SMS messages sent or received;
5. Message frequency varies – you may receive messages periodically based on your Rovi Health Services interaction; and
6. We shall not be liable for delayed or undelivered messages.

To opt out of SMS messages anytime, reply "STOP" to any message received. Upon receiving your request, we will send you a confirmation message and cease sending SMS messages. For assistance or more information, reply "HELP."

If you experience issues with our text messaging services or have concerns about sending or receiving sensitive information through text or email, contact us directly at support@rovihealth.com. For questions specific to your text or data plan, contact your wireless provider.

Advertising and Marketing Analytics and Opting Out

We may use the following analytics program(s) to collect information about you and your behaviors as a consumer. To learn more about the analytics program(s) and how you can opt out of information sharing, see below.

1. Google Analytics: Privacy Policy; Opt Out Settings
2. Vercel Analytics: Privacy Policy
3. PostHog: Privacy Policy

You can also use third party opt-out controls such as NAI and DAA.

Disclosure of your Personal Information

We do not sell, share, or otherwise disclose your Personal Information for reasons other than those described in this Privacy Policy.

We may disclose your Personal Information to few third parties, including:

• Affiliated Providers from whom you choose to receive products or services;
• the third-party service providers and business associates we use to support our business and deliver service to you (e.g., cloud hosting providers, database and authentication services, SMS delivery services, analytics providers, error monitoring services, and health information exchange platforms);
• law enforcement or government agencies in order to protect the security, safety, and rights of our users and ourselves or when we believe doing so is necessary to comply with applicable law or respond to valid legal process;
• to any company we might merge with or acquire, or that acquires us, or in the event of structural change of our company of any form (e.g., a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding).

We may also disclose, without restriction, aggregated information about our users and information that does not identify any individual user. Our continued use of aggregated and de-identified data will comply with applicable law.

Your Rights

If you have questions about accessing other Personal Information, or would like to correct or delete any Personal Information we collect and maintain, contact us at support@rovihealth.com. We will accommodate requests as required by law. Otherwise, we will retain a record of your request, and your Personal Information will be maintained per this Privacy Policy and our data retention and deletion policies ("Retention Policies").

How we keep your Personal Information secure

We retain Personal Information as long as necessary and relevant for our operations. We also retain Personal Information from closed accounts to comply with applicable law, prevent fraud, resolve disputes, troubleshoot problems, assist with investigations, enforce our Terms of Service, and take other actions permitted by law. After it is no longer necessary to retain information, we dispose of it per our Data Retention Policies.

We strive to use industry-standard data collection, storage, and processing practices and security measures, including data encryption in transit and at rest, to protect against unauthorized access, accidental loss, or disclosure of your information. These safeguards may vary based on the sensitivity of the information collected and stored. Except for Personal Information collected through the public-facing Website, all Personal Information is protected per HIPAA, the Notice of Privacy Practices, and any additional contractual requirements of Affiliated Providers.

Unfortunately, no security method or combination of methods is foolproof. We always do our best and work with third-party service providers that strive to do the same, but we cannot warrant or guarantee absolute security of any Personal Information transmitted to or from our Services. There is no guarantee that Personal Information may not be accessed, disclosed, altered, or destroyed by breach of any physical, technical, or administrative safeguards. Therefore, any Personal Information transmission is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Services or your computer or mobile device.

We are not responsible for any interception or interruption of any communications through the internet or for changes to or losses of data. You are responsible for maintaining the security of any password, user ID, or other authentication form involved in obtaining access to password-protected or secure areas of our Services. To protect you and your data, we may suspend your Service use without notice, pending investigation, if any security breach is suspected. If you believe your Account security has been compromised, notify us immediately at support@rovihealth.com.

Please note that we will never send you an email requesting confidential information, such as account numbers, usernames, passwords, or Social Security Numbers.

In the event of a data or security breach, we will take the following actions: (i) promptly investigate the security incident, validate the root cause, and, where applicable, remediate any vulnerabilities within our control which may have caused the security incident; (ii) comply with laws and regulations directly applicable to us in connection with such security incident; (iii) as applicable, cooperate with any affected user per the terms of our contract with such user; (iv) document and record actions taken in connection with the security incident; and (v) conduct a post-incident review of the circumstances related to the incident and actions/recommendations taken to prevent similar security incidents in the future. We will notify you of any data or security breaches as required by and per applicable law.

Data Retention

We may retain your Personal Information as long as necessary for our business purposes, or as required to comply with our legal obligations, resolve disputes, and enforce our agreements. We reserve the right to retain and use your information as necessary to provide our Services and fulfill our business operations. We may dispose of or delete any such information at our discretion, subject to any other agreement you may have with us or as required by applicable law.

Similarly, our Affiliated Providers may retain your Personal Information for periods they deem necessary for their operational purposes, to comply with their legal obligations, to resolve disputes, and to enforce their agreements. These Affiliated Providers may dispose of or delete your information per their own retention policies, except as otherwise outlined in any agreements you have with them or as required by law.

Children under the age of 18

The Services are not for persons under the age of 18 (collectively, "Minors"). Minors are not authorized to use the Services, or to provide any information through the Services. However, adult users may use the Services to manage the care for their dependents under the age of 18. We do not solicit or knowingly collect information from Minors, and if we become aware of any such information being collected, we will take immediate action to delete it. Should you become aware that we have collected Personal Information from a Minor, contact us at support@rovihealth.com.

Jurisdiction and cross-border transfer

We are located in the United States. We may store and process your Personal Information in any country where we have facilities or in which we engage service providers. By using the Services, you understand that your information may be transferred to countries outside of your country of residence, including the United States, which may have data protection rules different from those of your country.

Contacting us

If you'd like to receive additional information about our privacy practices, have questions, or would like to make a request, you may contact us at the below email address.