Privacy Policy June 2025

Privacy Policy   

 

INMYTEAM CORP (“Company,” “we,” “our,” or “us”) is a healthcare technology company that provides specialized software solutions for Home Care Agencies, Home Health Agencies, and Private Duty Agencies. We specialize in secure, cloud-based solutions that streamline operations, care delivery, and patient engagement while rigorously protecting Protected Health Information (“PHI”) under the Health Insurance Portability and Accountability Act (HIPAA), HITECH Act, and state privacy laws. 

 

BY USING OR ACCESSING OUR SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND ACCEPT THE PRACTICES DESCRIBED IN THIS PRIVACY POLICY.  

 

YOUR USE OF OUR SERVICES IS ALSO SUBJECT TO OUR TERMS OF SERVICE, AVAILABLE AT WWW.INMYTEAM.COM/TERMS. 

 

  1. Scope and services covered. This Privacy Policy explains how we collect, use, share, and protect information in connection with our cloud-based software platform, mobile applications, websites, and related services (collectively, “Services”) as follows: 

 

  • INMYTEAM Platform. Web-based operational management tools (scheduling, billing, HR, CRM, EMR). 
  • Caregiver Mobile App. Real-time care documentation and communication. 
  • Patient Portal: Limited-access features for care recipients. 
  • APIs & Integrations. Secure connections with EHRs, payment processors, and other third-party systems. 
  • Reporting Hub Portal. 
  • CareGiver Onboarding Portal. 

 

  1. User ecosystem & data responsibilities.  Our platform serves three distinct user groups with tiered access controls: 

 

User Type 

Definition 

Primary Data Interactions 

Agency Users 

Licensed healthcare providers and administrative staff 

PHI storage, billing, compliance reporting 

Caregiver Users 

Clinicians/aides employed by Agency Users 

Care documentation, secure messaging, GPS visit verification 

Patient Users 

Individuals receiving care 

Appointment tracking, document signing, surveys, payments 

 

This Privacy Policy applies to all information collected through our Services from any User type, whether you are an Agency Owner who has signed a contract with us, Agency Staff using administrative features, a Caregiver or Clinician using our mobile app, or a Patient interacting with our platform. 

 

  1. Compliance Framework 

 

  1. HIPAA & HITECH Obligations. As a HIPAA Business Associate, we: 

 

  • Execute Business Associate Agreements (“BAAs”) with Agency Users; 
  • Implement technical safeguards (AES-256 encryption, TLS 1.3, role-based access); 
  • Adhere to Breach Notification Rule protocols (60-day HHS reporting for 500+ affected individuals) 

 

  1. Contact & Compliance. 

 

Role 

General Duties 

Contact Method 

Privacy Officer 

– Manage BAAs with Agency Users and subcontractors 
– Oversee patient rights requests (access, amendments) 
– Conduct privacy risk assessments 

Victor Lazo 

info@inmyteam.com 

Security Officer 

– Implement AES-256 encryption, MFA, and audit controls1 
– Conduct annual Security Rule risk assessments 
– Lead breach response protocols 

HHS OCR Complaints 

https://www.hhs.gov/ocr/complaints 

 

  1. Information we collect or receive. 

 

While providing our Services, Company collects and/or receives information from and about users of our Services in various ways. The type and scope of information collected depend on your role as an Agency User, Caregiver User, or Patient User. By using our Services, you authorize Company to collect and process this information as described below. This information enables us to deliver, secure, and improve our Services, fulfill legal and regulatory obligations, and support the needs of all user types. 

 

  1. Information you provide to us 

 

  1. Agency Users (agency owners and staff). 

 

  1. Registration and business information: 

 

  • Agency name, business address, mailing address, phone and fax numbers, and primary and secondary contact information. 
  • Administrator and staff names, job titles, email addresses, phone numbers, and user roles. 
  • Business license details, tax identification numbers, National Provider Identifier (NPI), and other credentials required for regulatory compliance. 
  • Agency ownership structure, franchise or network affiliations, and parent organization details (if applicable). 
  • Payment method details for billing purposes, including billing contact, payment preferences, and transaction history. (Note: Full credit card information is processed by a third-party payment processor and not stored by Company.) 
  • Documentation uploads, such as business licenses, insurance certificates, and compliance attestations. 

 

  1. Staff and user management: 

 

  • Employment history, professional qualifications, background check results, and role-based access permissions for each staff member. 
  • Onboarding and training records, including completion of compliance modules and acknowledgments of Company policies. 
  • Internal communications, task assignments, and audit logs of administrative actions within the platform. 

 

  1. Caregiver Users (caregivers and clinicians). 

 

  1. Professional and employment information: 

 

  • Name, contact information (address, email, phone), date of birth, gender, and emergency contact details. 
  • Professional qualifications, certifications, licensure data, employment history, and agency affiliation. 
  • Background check results, credential verification, and disciplinary history, as required by law or agency policy. 
  • Banking information for payroll or payment processing, including account and routing numbers (where applicable). 
  • Work schedule, shift assignments, and timekeeping records. 

 

  1. Mobile application data: 

 

  • Device identifiers, app usage data, secure login credentials, and session activity logs. 
  • Electronic Visit Verification (EVV) data, including clock-in/clock-out times, GPS-based location data, and visit verification photos or signatures, as required for compliance with state and federal regulations. 
  • Documentation of care provided, including progress notes, care plan updates, medication administration records, and incident reports. 
  • Secure communications with patients, agency staff, and other caregivers, including messages, attachments, and call logs. 

 

  1. Training and compliance: 

 

  • Records of complete training modules, certifications, and acknowledgments of Company and agency policies. 
  • Feedback and survey responses regarding training, supervision, and platform usability. 

 

  1. Patient Users (patients and authorized contacts). 

 

  1. Patient information provided by Agencies: 

 

  • Name, address, contact information, date of birth, gender, and emergency contacts. 
  • Insurance details, policy numbers, payer information, and eligibility status. 
  • Diagnoses, medical histories, allergies, care plans, medication lists, treatment notes, and other health-related information necessary for care management and billing. 
  • Advance directives, consent forms, and legal documents (e.g., power of attorney, guardianship). 
  • Appointment history, visit schedules, and service utilization records. 

 

  1. Information provided directly by Patient Users: 

 

  • Account registration details (email, password, security questions, and multi-factor authentication data). 
  • Communications sent through the platform, including messages to caregivers or agency staff, requests for information, and support inquiries. 
  • Electronic signatures on documents, survey responses, satisfaction ratings, and feedback on care or platform experience. 
  • Payment information for invoice processing (processed by a third-party payment processor; Company does not store full credit card data). 
  • Uploaded documents, such as insurance cards, identification, or medical records, for verification or care coordination. 

 

  1. Authorized contacts: 

 

  • Information about family members, legal guardians, or other authorized representatives, including names, contact details, relationships to the patient, and documentation of authorization. 

 

  1. Communication and support. If you contact us for support or inquiries, we collect your name, contact information, the content of your message, attachments, and any additional information you provide to resolve your request. Records of support interactions, including chat transcripts, call recordings, and follow-up communications, may be maintained for quality assurance and compliance purposes. 

 

  1. Information we collect when you use our services 

 

  1. Device and technical information. 

 

  1. Device data: 

 

  • IP address, browser type and version, operating system and version, device identifiers (such as UDID, IMEI, or MAC address), mobile carrier, manufacturer, and model. 
  • Application installations, version numbers, language preferences, and push notification tokens. 
  • Security-related data, such as failed login attempts, session timeouts, and device security status (e.g., jailbroken/rooted status). 

 

  1. Usage data: 

 

  • Pages visited, features used, time spent on the platform, navigation paths, and interaction logs. 
  • Actions taken within the platform, such as document uploads, form submissions, and care documentation entries, or other platform transactions 
  • Frequency and duration of logins, session timestamps, and activity heatmaps to analyze user engagement and identify areas for improvement. 
  • Usage analytics collected through integrated third-party platforms (e.g., analytics and onboarding optimization tools) to enhance user experience and engagement. 

 

  1. Location data: 

 

  • For Caregiver Users, precise location information is collected via the mobile app for EVV compliance, including clock-in and clock-out locations at patient homes, route tracking (if enabled), and geofencing data to ensure visits occur at authorized locations. 
  • For Patient Users, location data may be collected if required for service delivery (e.g., telehealth eligibility, emergency response). 

 

  1. Cookies and similar technologies. 

 

  1. Company uses cookies, pixel tags, web beacons, and similar technologies to: 

 

  • Authenticate users and maintain secure sessions. 
  • Remember user preferences, language settings, and accessibility options. 
  • Analyze usage patterns, measure performance, and improve service functionality. 
  • Support security features, such as detecting suspicious activity or unauthorized access. 
  • Facilitate marketing communications and track the effectiveness of outreach campaigns (with appropriate consent). 

 

You may control cookies through your browser settings, but disabling cookies may affect your experience and certain features of the Services. 

 

  1. User feedback and surveys: 

 

  • Ratings, reviews, and feedback submitted by any user type regarding their experience with the Services, care provided, or support interactions. 
  • Responses to satisfaction surveys, quality assessments, and outcome measures, which may be used for quality improvement, compliance reporting, and service enhancements. 
  • Data collected through HIPAA-compliant survey tools, ensuring encryption, access controls, and audit trails for all feedback containing PHI. 

 

  1. Information we receive from third parties 

 

  1. Background checks and credential verification. For Caregiver Users, Company may receive information from third-party providers who conduct background checks, verify professional credentials, validate licensure status, and report disciplinary actions or exclusions from federal healthcare programs. 

 

  1. Insurance and Payment Verification. Company may receive information from third-party services that verify insurance eligibility, process payments, validate patient benefits, and confirm coverage for specific services or treatments. 

 

  1. Electronic health record (EHR) systems. With appropriate authorization, Company may receive patient information from external EHR systems, health information exchanges, or other healthcare providers through secure healthcare data exchanges. This may include medical histories, lab results, imaging reports, referral notes, and other clinical documentation necessary for care coordination and continuity. 

 

  1. Regulatory and government databases. Company may receive information from government or regulatory databases necessary for compliance, such as Medicare/Medicaid provider directories, state licensing boards, EVV aggregators, and exclusion lists. Data may also be received from public health authorities for reporting, outbreak management, or compliance with legal mandates. 

 

  1. Agency partners and networks. If your agency participates in a network, franchise, or partnership program, Company may receive your information from the parent organization or affiliated partners, as authorized. Information may include agency performance metrics, compliance status, and aggregated operational data for benchmarking and quality improvement. 

 

  1. Tracking and Do-Not-Track settings. We track users’ online activities over time and across third-party websites or online services. We support the Do Not Track (“DNT”) browser setting. DNT is a preference User can set in their browser’s settings to let the websites users visit know that users do not want the websites collecting users’ personal information. 

 

  1. Data security, privacy, and compliance 

 

Company implements a comprehensive, multi-layered security program to protect all information collected and processed through our Services. Key safeguards include: 

 

  1. Data encryption. All PHI and sensitive data are encrypted in transit (using TLS 1.3 or higher) and at rest (using AES-256 or equivalent standards). 

 

  1. Access controls. Role-based access permissions, unique user authentication, and multi-factor authentication restrict access to PHI and sensitive data to only those with a legitimate need. 

 

  1. Audit trails. Comprehensive logging of all access, modifications, and disclosures of PHI, with regular monitoring and review to detect unauthorized activity. 

 

  1. Consent management. Digital consent forms and preference management tools ensure that data collection and processing align with user authorizations and HIPAA requirements. 

 

  1. Data retention and deletion. Data is retained only as long as necessary to fulfill legal, regulatory, and operational requirements, and is securely deleted or de-identified when no longer needed. 

 

  1. Vendor management. All third-party vendors handling PHI must sign Business Associate Agreements (BAAs) and demonstrate HIPAA compliance. 

 

  1. Physical and administrative safeguards. Secure hosting environments, employee training, documented policies and procedures, and regular risk assessments. 

 

THE SPECIFIC TYPES OF INFORMATION COLLECTED MAY VARY DEPENDING ON YOUR ROLE AND HOW YOU INTERACT WITH THE SERVICES. COMPANY ONLY COLLECTS INFORMATION NECESSARY TO PROVIDE AND IMPROVE OUR SERVICES, FULFILL CONTRACTUAL AND LEGAL OBLIGATIONS, AND SUPPORT THE NEEDS OF AGENCY USERS, CAREGIVER USERS, AND PATIENT USERS. FOR MORE DETAILS ON HOW WE USE, SHARE, AND PROTECT YOUR INFORMATION, PLEASE REFER TO THE SUBSEQUENT SECTIONS OF THIS PRIVACY POLICY. 

 

  1. How we use the information we collect or receive 

 

Company collects and processes information from all Users to deliver, maintain, and enhance our Services while ensuring compliance with applicable healthcare privacy laws, including HIPAA. The use of such information is strictly governed by the principles of data minimization, purpose limitation, and user consent where required. 

 

  1. General uses of information from all users. Company uses the information collected from Agency Users, Caregiver Users, and Patient Users to: 

 

  1. Facilitate connections between caregivers and healthcare agencies. Enable Agency Users to efficiently manage and connect with Caregiver Users, supporting workforce scheduling, credentialing, and care delivery coordination. 

 

  1. Provide, improve, expand, and promote our services. Develop new features, optimize platform performance, enhance user experience, and ensure the reliability and security of our Services. 

 

  1. Analyze usage and engagement. Collect aggregate and anonymized data to understand how the Company community interacts with the Services, identify trends, and inform product development. 

 

  1. Communicate with users. Send important service-related notifications, updates, and administrative communications directly or through authorized partners. This includes marketing and promotional messages where permitted by law and user preferences. 

 

  1. Personalize the User experience. Customize content, recommendations, and user interfaces based on individual roles, preferences, and interactions to improve usability and relevance. 

 

  1. Send text messages and push notifications. Deliver timely alerts, reminders, and confirmations related to appointments, care activities, billing, and system updates. 

 

  1. Facilitate transactions and payments. Process billing, payments, and reimbursements securely through third-party payment processors, ensuring financial data integrity and compliance. 

 

  1. Provide customer support. Respond to inquiries, troubleshoot issues, and assist Users through our support channels. 

 

  1. Detect, prevent, and mitigate fraud and security risks. Monitor for unauthorized access, suspicious activities, and violations of Company policies to protect Users and maintain platform integrity. 

 

  1. Additional uses specific to User roles and Services. In addition to the above general uses, Company uses information collected from Users for the following role-specific purposes: 

 

  1. Agency Users: 

 

  • Manage account status and subscription billing. 
  • Verify agency credentials and compliance with regulatory requirements. 
  • Notify Agencies about relevant opportunities, pricing changes, and service updates. 

 

  1. Caregiver Users: 

 

  • Evaluate eligibility and qualifications to provide care services through the platform. 
  • Facilitate scheduling, timekeeping, and Electronic Visit Verification (EVV) compliance. 
  • Communicate job assignments, training opportunities, and policy updates. 

 

  1. Patient Users: 

 

  • Coordinate care delivery, appointment scheduling, and communication with caregivers and agencies. 
  • Process payments for services rendered and provide billing statements. 
  • Enable patients to complete surveys, provide feedback, and electronically sign consent and care documents. 

 

  1. Compliance and legal obligations. Company also uses information as necessary to: 

 

  • Comply with applicable laws, regulations, and lawful requests by public authorities, including law enforcement. 
  • Enforce our Terms of Service and other agreements. 
  • Protect the rights, property, or safety of Company, Users, or others. 

 

COMPANY DOES NOT USE PHI FOR MARKETING PURPOSES WITHOUT EXPLICIT AUTHORIZATION, IN ACCORDANCE WITH HIPAA AND RELATED REGULATIONS. ALL COMMUNICATIONS AND DATA USES ARE CONDUCTED WITH STRICT ADHERENCE TO PRIVACY AND SECURITY STANDARDS TO SAFEGUARD USER INFORMATION. 

 

  1. How we share the information we collect or receive. 

 

Company shares User information in accordance with applicable laws, contractual obligations, and the need to deliver and improve our Services. We are committed to transparency and only sharing data for legitimate purposes that support the functioning, security, and enhancement of our platform. 

 

  1. Sharing between Users. 

 

  1. Connected Users. When users are connected on the platform, such as a caregiver being onboarded with an agency or a patient, certain basic profile information is shared to facilitate communication and collaboration. This may include names, profile photos (if any), ratings, and any details users have added to their profiles. 

 

 

  1. Ratings and feedback. User ratings are shared with other Users on a weekly basis. While we de-identify feedback to protect privacy, we cannot fully prevent the possibility that a User might deduce the identity of the feedback provider based on contextual clues. 

 

  1. Sharing between Company and third parties: API and integration partners. 

 

  1. Third-party integrations. If you connect the Services with third-party platforms (e.g., Electronic Health Record systems, scheduling tools), Company may share relevant usage data with those third parties to enable seamless interoperability and data exchange. 

 

  1. Partner data sharing. We may share your information with our third-party partners to obtain additional data about you, such as verifying credentials or enhancing service offerings. This may include sharing identifiers, contact details, or usage patterns. 

 

  1. Marketing and offers. Company may share your data with third-party partners to create tailored offers, promotions, or educational content that may interest you, always in compliance with applicable laws and your preferences. 

 

  1. Third-party Services. 

 

  1. External websites and products. Our Services may include links or integrations with third-party websites, products, or services, such as accessing external portals. When you use these services, we will share the necessary information (e.g., your name, contact info) to facilitate the transaction. 

 

  1. Privacy practices. We do not control these third parties’ privacy policies or data practices. We encourage you to review their privacy policies before sharing your data or engaging with their services. 

 

  1. Service providers. 

 

  1. Third-party vendors. Company works with trusted service providers to perform functions such as hosting, data storage, payment processing, customer support, and security monitoring. 

 

  1. Data sharing. We share your information with these providers solely to enable them to perform their contracted services on our behalf, under strict confidentiality and security obligations. 

 

  1. Enterprise and organizational partners. 

 

  1. Organizational data sharing. If you are part of an enterprise or organization using the platform, your activity data (such as login times, geolocation during visits, and usage logs) may be shared with your organization’s designated account administrators. 

 

  1. Account updates. If you change organizations or roles, it is your responsibility to update your profile and privacy settings accordingly to ensure appropriate data sharing and privacy preferences. 

 

  1. Other circumstances when we share your information. Company may share your data in the following additional situations, consistent with applicable laws and your consent: 

 

  1. Business transactions. During negotiations, mergers, acquisitions, or asset sales, your information may be transferred as part of the transaction. 

 

  1. Legal and regulatory compliance. When required by law or legal process, such as subpoenas, court orders, or government investigations, we will disclose relevant information. 

 

  1. Protection of rights and safety. To prevent fraud, abuse, or harm, or to protect the rights, property, or safety of Company, Users, or the public, we may share information with law enforcement or other authorities. 

 

  1. Promotions and referrals. If you participate in promotions or referral programs, your data may be shared with referrers or partners to facilitate the program. 

 

  1. Aggregate and de-identified data. We may share anonymized or aggregated data with potential business partners, researchers, or for marketing purposes that cannot reasonably identify you individually. 

 

  1. Your consent: We will share your information whenever you have explicitly authorized us to do so. 

 

  1. Your choices 

 

We believe in giving Users meaningful choices and control over their information. The options below describe how you can manage your preferences regarding communications, data sharing, and account information within our Services. 

 

  1. Email preferences. 

 

  1. Promotional emails. You may unsubscribe from our commercial or promotional emails at any time by following the unsubscribe instructions included in those messages or by updating your communication preferences in your account settings. 

 

  1. Transactional emails. Please note that even if you opt out of promotional communications, you will still receive important transactional or service-related emails (such as account notifications, password resets, billing information, and updates about your use of the Services). 

 

  1. Text messages (SMS) 

 

  1. Opt-in and opt-out. If you opt in to receive SMS/text messages from Company (such as appointment reminders or security alerts), you may opt out at any time by replying “STOP” to the message you receive. After you send “STOP,” we will confirm your unsubscription and you will no longer receive SMS messages from us unless you opt in again. 

 

  1. Help and support. For help regarding SMS services, reply “HELP” to the message or contact us at info@inmyteam.com. 

 

  1. Carrier information. Message and data rates may apply according to your mobile carrier plan. For questions about your text or data plan, please contact your wireless provider. 

 

  1. Push notifications. 

 

  1. Opt-out. You can opt out of receiving push notifications from Company at any time by adjusting your device or app settings. Please be aware that disabling push notifications may affect your ability to receive timely updates, care reminders, or important alerts related to your account or care activities. 

 

  1. Profile information. 

 

  1. Managing profile data. You may review and update your profile information by logging into your account. While your name and certain basic information (such as your role and, if applicable, your profile photo) may be visible to other Users for operational purposes, you may choose to remove or edit additional optional information at any time. 

 

  1. Visibility. Agency Users and Caregiver Users should be aware that organizations may always see names, ratings, and profile photos as part of operational and compliance requirements. 

 

  1. Location information. 

 

  1. Control over location data. Caregiver Users may control location sharing through their device’s operating system settings. However, please note that location data is essential for core features of our Services, such as Electronic Visit Verification (“EVV”) and compliance with healthcare regulations. Disabling location sharing may prevent you from using certain features or fulfilling agency requirements. 

 

  1. Editing and accessing your information. 

 

  1. Review and edit. You may review, update, or correct certain account information at any time by logging into your account settings. 

 

  1. Account termination. If you wish to terminate your account, please contact us through our Help Center or at info@inmyteam.com. Upon receiving your request, we will deactivate your account. Please note that we may retain certain information for a period of time as required by law or for legitimate business purposes, including to: 

 

  • Comply with legal or regulatory obligations 
  • Collect any fees owed 
  • Resolve disputes or troubleshoot problems 
  • Prevent fraud and enforce our Terms of Service 
  • Assist with investigations or audits 

 

  1. Data retention. Retained information will be handled in accordance with this Privacy Policy and applicable laws. 

 

  1. Data security. Company is committed to protecting the security of our User’s data. We use reasonable administrative, technical, and physical safeguards designed to protect your information from unauthorized access, use, or disclosure. However, no method of transmission over the internet or method of electronic storage is completely secure. While we strive to protect your information, we cannot guarantee its absolute security. 

 

  1. Using the Services from outside the U.S. This Privacy Policy is intended to cover the receipt and collection of information for Services to United States residents only. If you are utilizing the Services outside the United States, please know that by using the Services, you understand and agree that your information may be moved to, accumulated and processed in the United States where our servers are located and our central database is operated and such information may be transferred to our third parties with whom we share such information as described in this Privacy Policy. IF YOU ARE IN THE EU/EEA OR OTHERWISE OUTSIDE OF THE U.S., PLEASE DO NOT USE OUR SERVICES. 

 

  1. Children’s privacy. The Children’s Online Privacy Protection Act (“COPPA”) protects the online privacy of children under 13 years of age. Our services are not intended for use by children under the age of 13 (the “Age Limit”). If you are under the Age Limit, please do not use the Services and do not provide us with your personal information. If you are a parent or guardian and you are aware that an individual (of whom you are a parent or guardian) under the Age Limit has provided us with personal information, please contact us. We will, upon notice or discovery, take all reasonable efforts to delete any personal information that may have been collected or stored by us about that individual. 

 

  1. App stores; external websites. Your app store (e.g., iTunes or Google Play) may collect certain information in connection with your use of our App, such as personal information, payment information, geolocational information, and other usage-based data. We have no control over the collection of such information by a third-party app store, and any such collection or use will be subject to that third party’s applicable privacy policies. The App may contain links to third-party websites. We have no control over the privacy practices or the content of these websites. As such, we are not responsible for the content or the privacy policies of those third-party websites. You should check the applicable third-party privacy policy and terms of use when visiting any other websites. 

 

  1. Changes to this privacy policy. This Privacy Policy is effective as of the date stated at the top of this Policy. We may update our Privacy Notice from time to time in response to changing legal, technical, or business developments. By accessing the Services after we make any such changes to this Privacy Policy, you are deemed to have accepted such changes. Please be aware that, to the extent permitted by applicable law, our use of all information collected or received is governed by the Privacy Policy in effect at the time we collect the Information. Please refer to this Privacy Policy on a regular basis. 

 

You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice. 

 

  1. How to contact us. If you have questions about this Privacy Policy, please email us at info@inmyteam.com with “Privacy Policy” in the subject line. Feel free to contact us at any time with any questions or comments about the Privacy Policy, your information, our use and sharing practices, or your consent choices. 

 

 

IF YOU DO NOT AGREE TO BE BOUND BY THE TERMS AND CONDITIONS OF THIS PRIVACY POLICY AND/OR THE APPLICABLE STATE NOTICES BELOW, YOU MAY NOT USE OR ACCESS OUR SERVICES. 

 

 

SUPPLEMENTAL PRIVACY NOTICE FOR RESIDENTS OF CERTAIN U.S. STATES 

 

This Privacy Notice supplements the information contained in our Privacy Policy and applies solely to Users who reside in the below-referenced U.S. states only. Please note that any Protected Health Information (“PHI”) handled by us as a Business Associate under HIPAA is not subject to these state privacy laws and is governed exclusively by HIPAA, as described above. This supplemental policy applies only to personal information not covered by HIPAA. 

 

  1. Nevada residents only. Under Nevada Senate Bill 220 (SB 220), which amends Chapter 603A of the Nevada Revised Statutes, effective October 1, 2019, if you are a Nevada resident, you have the right to opt out of the sale of certain personal information. Company does not currently sell personal information as defined under Nevada law. However, if you wish to submit a verified request to opt out of future sales, please email us using our contact information below with the subject line “Nevada Privacy Rights Opt-Out Request.” We may request additional information to verify your identity and will respond to your request within sixty (60) days. 

 

  1. California residents only. The Shine the Light law, enacted in 2003 and effective as of January 1, 2005, gives California residents the right to request certain information about how businesses share their personal information with third parties for their direct marketing purposes. Once per calendar year and free of charge, California residents may request information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below. Kindly note that we do not currently disclose personal information to third parties for their own direct marketing purposes. If this changes, we will update this section. 

 

  1. California, Colorado, Connecticut, Virginia, Utah, Iowa, Tennessee, Texas, Oregon, Delaware, Montana, New Jersey, Nebraska, and New Hampshire residents. This section applies to residents of the aforementioned states and is intended to comply with: California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CCPA”), Colorado Privacy Act of 2021, effective Jul. 2023 (“CPA”), Connecticut Data Privacy Act of 2021, effective 2023 (“CTDPA”), Virginia Consumer Data Protection Act of 2021, effective Jan. 2023 (“VCDPA”), Utah Consumer Privacy Act of 2022, effective Dec. 2023 (“UCPA”)., Iowa Consumer Data Protection Act, effective January 1, 2025, Tennessee Information Protection Act, effective July 1, 2025, Texas Data Privacy and Security Act, effective July 1, 2024, Oregon Consumer Privacy Act, effective July 1, 2024, Delaware Personal Data Privacy Act, effective January 1, 2025, Montana Consumer Data Privacy Act, effective October 1, 2024, New Jersey Data Privacy Act, effective January 15, 2025, Nebraska Data Privacy Act, effective January 1, 2025, and New Hampshire Consumer Data Privacy Act, effective January 1, 2025. 

 

If you are a resident of one of these states, you may have additional rights regarding your personal information, as described below. 

 

  1. Categories of personal information received and/or collected. Depending on your interactions with us, we may collect the following categories of personal information from users of our Services (excluding PHI covered by HIPAA): 

 

  • Identifiers (e.g., name, email address, IP address) 
  • Contact information (e.g., address, phone number) 
  • Commercial information (e.g., transaction history, service usage) 
  • Internet or other electronic network activity (e.g., browsing history, interactions with our website or app) 
  • Geolocation data (e.g., device location for certain features) 
  • Professional or employment-related information 
  • Audio, electronic, visual, or similar information 
  • Sensitive personal information (e.g., account logins, precise location, communications content) 
  • Inferences drawn from the above and other personal information (e.g., preferences, characteristics) 

 

We collect this information directly from you, automatically through your use of our Services, and from third parties as described in our main Privacy Policy. 

 

  1. Use, sale, and sharing of personal information. We use and share personal information for the purposes described in our main Privacy Policy. We do not sell personal information as defined by applicable laws. We also do not currently share personal information for purposes that qualify as cross-context behavioral advertising under those laws. However, we may share limited information (such as identifiers and internet activity data) with third parties for cross-context behavioral advertising. You may opt out of sharing at any time by: 

 

  • Contacting us as outlined below 

 

  1. Your rights. Depending on your state of residence, you may have the following rights regarding your personal information (excluding PHI governed by HIPAA): 

 

  • Right to know/access. You may request details about the personal information we have collected about you in the past twelve (12) months. 

 

  • Right to request deletion of personal information. You have the right to request the deletion of your personal information collected or maintained by us, subject to certain exceptions permitted by law. 

 

  • Right to correct personal information. You have the right to correct inaccurate personal information that we maintain about you. 

 

  • Right to opt-out of sale or sharing of personal information (CA, CO, CT, VA, UT, and others as specified). Direct us not to sell or share your personal information for cross-context behavioral advertising. We do not sell personal information 

 

  • Right to data portability. You may request a copy of your personal information in a portable format. 

 

  • Right to limit use of sensitive personal information (CA only). You may request that we limit our use of your sensitive personal information to what is necessary to perform our services. 

 

  • Right to opt-out of profiling (CO, CT, VA, OR). You may request that we not use your personal information for profiling in furtherance of decisions that produce legal or similarly significant effects. 

 

  • Right to appeal (CO, CT, VA, OR). If we decline to act on your request, you may appeal our decision within a reasonable time. 

 

  • Right to non-discrimination (CA only). You have the right not to be treated in a discriminatory manner for exercising your privacy rights. We do not use the fact that you have exercised or requested to exercise any privacy rights for any purpose other than facilitating a response to your request. 

 

  1. Scope and frequency limitations: These rights generally apply to personal information collected in the preceding twelve (12) months. You may submit no more than two (2) requests to access, correct, or delete your personal information in a twelve-month period, unless otherwise permitted by law. We will respond within the timeframe required by your state’s law, typically within 45 days, with the option to extend by an additional 45 days when necessary. 

 

  1. Retention of personal information. In accordance with Cal. Civ. Code § 1798.100(a)(3), we retain personal information only as long as reasonably necessary for the disclosed purposes, unless a longer retention period is required by law. Criteria used to determine retention include: 

 

  • The nature of the data and associated risks 
  • Applicable legal requirements 
  • Internal recordkeeping and auditing obligations 
  • The necessity of maintaining business operations 

 

  1. Financial incentives. We do not offer financial incentives, price differences, or service-level variations in exchange for the collection, sale, or sharing of personal information. If we do so in the future, we will provide notice in accordance with Cal. Civ. Code § 1798.125(b). 

 

  1. How to exercise your rights. To exercise any of these rights, please contact us using our contact information. You may authorize an agent to make a request on your behalf, provided we can verify the agent’s identity and their authority to act. 

© Copyright 2019-2025. All rights reserved​ IN MY TEAM