Reperio Health and Amazon One Medical Redefine the Front Door to Primary Care | Click here to read the press release
Reperio Health and Amazon One Medical Redefine the Front Door to Primary Care | Click here to read the press release
This Privacy Policy explains how Reperio Health, Inc. ("Reperio Health," "we," "us," or "our") collects, uses, discloses, and safeguards information when you use our services, including ReperioKit and ReperioCare, including through our website, mobile application, and related platforms (the "Platform" and, together with ReperioKit and ReperioCare, the "Services").
By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy.
1. Scope of This Privacy Policy
2. Information We Collect
3. How We Use Information
4. When We Disclose Information
5. Data Security
6. Data Retention
7. Your Rights and Choices
8. Cookies and Tracking Technologies
9. Children's Privacy
10. Data Location
11. Changes to This Privacy Policy
12. Contact Us
This Privacy Policy applies to individual end users of the Services, including users who purchase services directly and users whose participation is sponsored by an employer, health plan, or other organization. This Privacy Policy does not apply to information collected by third parties that are not under our control.
Please note that Protected Health Information ("PHI") under to the Health Insurance Portability and Accountability Act ("HIPAA") that is collected through our Services, including the ReperioKit and ReperioCare, is subject to our HIPAA Notice of Privacy Practices. In the event of conflict between this Notice and our HIPAA Notice of Privacy Practices, our HIPAA Notice of Privacy Practices will prevail.
Additionally, telehealth services provided through ReperioCare are subject to a separate Telehealth Consent. Sharing of information with sponsors or primary care providers is governed by the End User Agreement (EUA), where applicable.
We collect personal information about you in a variety of contexts, depending on the nature of your interaction with us.
2.1 Personal Information You Provide
We may collect personal information you provide directly, including:
– Name, email address, phone number, and mailing address
– Date of birth
– Account credentials and profile information
– Communications with Reperio Health
2.2 Health and Biometric Information
We may collect health and biometric information from end users of the ReperioKit and ReperioCare, including:
– Measurements and results generated through our screening kit
– Information you enter during the screening process (such as height, weight, and other health indicators)
– Information collected or generated during a ReperioCare virtual visit, including clinical notes, diagnoses, prescriptions, and referrals
In most cases, this information constitutes PHI and is subject to our HIPAA Notice of Privacy Practices. Please note that when we use the phrase, "biometric information," we mean statistical analysis of biological data, such as measurements of HDL or LDL cholesterol levels. We do not collect biometric information to identify a unique individual, such as a fingerprint, voiceprint, facial geometry or similar information.
2.3 Automatically Collected Information
When you use the Platform, we may automatically collect:
– Device type, operating system, and application version
– IP address and approximate location (non-precise)
– Usage data, logs, and interaction information
– Cookies and similar technologies (see below for additional information)
We use information we collect to:
– Provide, operate, and maintain the Services
– Deliver ReperioKit results and ReperioCare services
– Communicate with you about your account, results, and services
– Improve, monitor, and analyze the performance of the Services
– Conduct internal research and generate aggregated or de-identified insights
– Comply with legal, regulatory, and contractual obligations
– Protect the security and integrity of the Platform
– Detect and prevent fraud or other unlawful conduct and enforce our terms of use
We may disclose any personal information we collect to the following recipients for the purposes outlined above:
4.1 Service Providers
We share information with vendors and service providers who perform services on our behalf, such as cloud hosting, analytics, communications, payment processing, and customer support. These providers are contractually required to protect information and use it only for authorized purposes.
4.2 Telehealth Providers
ReperioCare services are provided by licensed clinicians. These clinicians may access your information as necessary to provide care and are subject to professional confidentiality obligations and applicable law.
4.3 Sponsors and Primary Care Providers
If your participation in the Services is sponsored, or if you authorize sharing with your primary care provider, information may be shared as described in the End User Agreement (EUA).
4.4 Legal and Regulatory Disclosures
We may disclose information if required to do so by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Reperio Health, users, or others.
4.5 Aggregated or De-Identified Information
We may share aggregated or de-identified information that cannot reasonably be used to identify you.
4.6 Corporate Event
We reserve the right to transfer to another entity or its affiliates or service providers some or all information about you in connection with, or during negotiations of, any merger, acquisition, sale of assets or any line of business, change in ownership control, or financing transaction. We cannot promise that an acquiring party or the merged entity will have the same privacy practices or treat your information the same as described in this Privacy Policy.
We maintain administrative, technical, and physical safeguards designed to protect personal information that we collect through the Services. These safeguards include access controls, encryption, monitoring, and regular security testing.
Reperio Health maintains a SOC 2 Type II–aligned security program and conducts ongoing risk assessments and third-party security testing. Access to personal and health information is restricted based on role and job function. While we take reasonable steps to protect information, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.
We retain personal information for as long as necessary to provide the Services or otherwise complete the purpose for which it was collected, or as necessary to comply with legal and regulatory obligations, to defend against potential legal claims, enforce our agreements, or as otherwise necessary to investigate theft or other activities potentially in violation of our policies and procedures applicable to you or against the law, to ensure a secure online environment, or to protect health and safety. When information is no longer required, it is deleted or de-identified in accordance with our data retention practices.
Individual pieces of personal information may exist in different systems that are used for different business or legal purposes. A different maximum retention period may apply to each use case of the information. Certain individual pieces of information may also be stored in combination with other individual pieces of information, and the maximum retention period may be determined by the purpose for which that information set is used.
Depending on your location and applicable law, you may have the right to:
– Know/access personal information we hold about you
– Request correction of inaccurate information
– Request deletion of certain information, subject to legal limitations
– Opt out of marketing communications
– Restrict use of personal information for personalized advertising
– Restrict the "sale" of personal information
– Control our use of personal information considered sensitive
Rights in Certain U.S. States
Residents of certain US states have rights under comprehensive state privacy laws. These states include:
– California
– Colorado
– Connecticut
– Delaware
– Indiana
– Iowa
– Kentucky
– Maryland
– Minnesota
– Montana
– Nebraska
– New Hampshire
– New Jersey
– Oregon
– Rhode Island
– Tennessee
– Texas
– Utah
– Virginia
We recognize the privacy rights of consumers residing in any state with an active consumer privacy law applicable to Reperio Health. If you are a resident of a state with an active consumer privacy law, and you want to ask for additional information about your rights, you may contact us at privacy@reperiohealth.com. Although we may in some cases respond as a courtesy, please note that privacy rights under comprehensive privacy laws are not applicable to PHI subject to HIPAA. For information about your rights with respect to PHI, refer to our HIPAA Notice of Privacy Practices.
If applicable, you may exercise your rights by contacting us using the information described in "Contact Us" (Section 12) section below or using this webform. We may need to verify your identity before fulfilling certain requests. We do this by asking you to provide personal identifiers we can match against information we may have collected from you previously.
Right to Know and Request Access to, Correction of, and Deletion of Personal Information
You may have the right to request access to personal information collected about you in a portable format and to receive information regarding the source of that information, the purposes for which we collect it, and the third parties and service providers with whom we share it. You may also have the right to request we correct inaccurate personal information and to request, in certain circumstances, that we delete any that we have collected directly from you.
California residents may authorize another individual or a business, called an authorized agent, to make requests on your behalf through these means.
In order to process your request, we must verify your identity. We do this by asking you to provide personal information we can match against information we may have collected from you previously and confirm your request using the email account stated in the request.
We may have a reason under the law why we do not have to comply with your request, or why we may comply with it in a more limited way than you anticipated. If we do, we will explain that to you in our response.
Right to Opt Out of Advertising and Sale to Third Parties
We do not "sell" your personal information in exchange for money. However, the use of some website technologies for advertising or similar purposes, such as cookies as described further below, can be considered "sales" under applicable privacy laws or personalized advertising subject to the right to opt out.
Accordingly, you may have the right to opt out of the use and disclosure of your personal information for the purposes of selecting or delivering advertising based on your activity over time and across different online platforms. You may also have the right to opt out of certain disclosures that are considered "sales" under applicable state laws. To opt out of these "sales" or other personalized advertising, you may select "Withdraw your consent" or "Change your consent" (and opt-out of marketing) in our Cookiebot consent management tool. Please note that your right to opt out does not apply to our disclosure of personal information to service providers, as described above in the "How We Share Information" (Section 4) section above.
We do not sell any health or biometric information.
Right to Limit Use of Sensitive Personal Information
Certain personal information we collect may constitute "sensitive" personal information as it is variously defined under applicable privacy laws, such as account credentials or health information. However, at this time, we do not process your sensitive personal information in circumstances that would be subject to a right to limit.
Right to Opt Out of Automated Decisionmaking
Residents of certain states have the right to opt-out of automated profiling in certain instances where such processing would produce legal or other similarly significant effects. At this time, we do not use personal information to make automated decisions about you in any situations where you may have a legal right to opt out.
List of Third Parties to Which Personal Data is Disclosed
If you are a resident of Oregon or Minnesota, you can request a list of the specific third parties to which we have disclosed your personal information. Residents of Rhode Island should refer to our Cookie Policy.
Right to Appeal
If we deny your request, you may have the right to appeal our decision by contacting us as described in "Contact Us" (Section 12) below.
We use cookies, web beacons/pixel tags and similar technologies to operate and improve the Platform, understand usage patterns, enhance your experience, and for advertising and marketing purposes. These technologies help us remember your preferences, analyze performance, ensure the Services function properly, and deliver advertisements.
You may manage cookie preferences through your browser settings. Disabling cookies may affect certain features of the Services. If you are visiting the Services from a mobile device, the operating system of the device may offer you options regarding how the device collects and uses your information for interest-based advertising. Please visit https://thenai.org/opt-out/mobile-opt-out/ for more information.
You may be able to prevent third parties from using your information for interest-based advertisements across the internet by visiting http://www.networkadvertising.org or http://www.aboutads.info. Please note this does not opt you out of being served ads, nor will it prevent the receipt of interest-based advertising from other companies that do not participate in these programs.
The Services are not intended for individuals under 18 years of age, and we do not knowingly or intentionally collect personal information from children. If we have inadvertently collected the personal information of a child under 18, a parent or guardian of that child may contact us at privacy@reperiohealth.com to request that we delete the information from our records or otherwise cease the use of that information.
Personal information is stored and processed in the United States. Any information you provide to us through use of our Services will be stored and processed, transferred between, and accessed from the United States, which may not guarantee the same level of protection of personal information as the one in which you reside.
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. Updates will be posted on our website with a revised "Last Updated" date. If we make material changes, we may provide additional notice through the Platform or by other reasonable means. Your continued use of the Services after an update constitutes acceptance of the revised Privacy Policy.
If you have questions about this Privacy Policy or how Reperio Health handles your personal information, please contact us using the information below.
For questions about your account, screening experience, or use of the Services, you may also reach out to our support team.
Reperio Health, Inc.
Email for end users: support@reperiohealth.com
Email for privacy questions or concerns: privacy@reperiohealth.com
Mailing address: Reperio Health, Inc., 4784 SE 17th Ave., Suite 120 Portland OR 97202
