Privacy - Our Commitment
First, a note about Caraway’s commitment to your privacy:
Caraway deeply values its role as your trusted care provider. Central to that promise is safeguarding the privacy of your personal information, including personal information that is protected by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and personal information that may not be considered protected health information (“PHI”).
Our Notice of Privacy Practices (“NPP”) and this Privacy Policy describe Caraway’s privacy practices in user-friendly terms, including what information we collect in order to deliver you high-quality care, what we use your information for, how we may share your information when needed, and the rights and preferences you may have with respect to your personal information.
Here are a few things we want you to know:
- We only collect the personal information we need in order to provide you with Caraway’s integrated care services and products. We do not collect more information than we need. The personal information that we ask you to provide us, or give you the option to provide us, is intended to help us deliver the health care services, health-related services and products you have come to Caraway for, and to do so consistent with our standards of high-quality, integrated care; intuitive technology products; and exceptional member service.
- We do not use your personal information for purposes unrelated to the reasons for which it was collected or your reasonable expectations. We know it is important to you that you be aware of all the reasons that your information is handled by Caraway and its partners. Our stewardship of the information you entrust to us is of the utmost importance. We hold your personal information to the same standard we would expect for ourselves and our families.
- We do not retain personal information for longer than is necessary. We understand the importance of minimizing the personal and sensitive data that we may maintain. We will only retain your data for the period of time required by law and if there is no requirement, then only so long as we need to continue to store it.
- We do not sell your personal information. We will not sell your identifiable personal information to third parties.
- We offer you ways to control your personal information and express your preferences. We provide you with a variety of ways to exercise control over your personal information, including making certain data optional, providing you with direct control over updating and editing your user profile, providing you with unsubscribe options, and providing you the ability to delete your account and data to the extent permitted by law. (As a health care provider, we are required to retain some of your data under law.) We’ve outlined how you can delete data that is not PHI in our Privacy Policy.
Privacy Policy
Effective date: July 2022
Caraway, Inc. and the professional entities for which it provides management and administrative services listed below, including, without limitation, Mind Body Medical Services, P.C. (d/b/a Caraway Medical Services) that provides services in the states listed below (collectively “Caraway”, “us”, “we”, or “our”) are committed to respecting your privacy and protecting your personal information. This Privacy Policy explains the types of personal information we may collect from visitors to our websites, including www.caraway.health and all related websites, mobile applications, including the Caraway mobile application (the “App”) and web-based services (collectively, our “Sites”). This Privacy Policy also describes how we use personal information, the purpose for sharing and recipients of personal information, and your available rights and choices associated with that information.
- Mind Body Medical Services, P.C. (d/b/a Caraway Medical Services): California, Colorado, Michigan, New York, North Carolina, Ohio
We may collect or receive certain personal information and other data about you that is governed by federal law, such as the Health Insurance Portability and Accountability Act (“HIPAA”). Please review our Notice of Privacy Practices which governs our use, disclosure and access to information protected by HIPAA. This Privacy Policy does not intend to include information about how we handle HIPAA-regulated personal health information (“PHI”).
This Privacy Policy does not apply to third-party websites, products, or services, even if they may link to our Sites or our Sites may link to them. We recommend you review the privacy practices of those third parties before connecting accessing third party websites and sharing any personal information.
We also encourage you to review our Terms of Use to understand how we treat your personal information as you make full use of our Sites. Unless otherwise defined in this Privacy Policy, capitalized terms used in this Privacy Policy have the same meanings as in our Terms of Use.
This Privacy Policy is provided in a layered format. You can jump to a specific section by clicking on the section below:
- Collection of personal information. We may collect your personal information when you interact with us through our Sites, including our App, or by other means. We may also automatically collect information regarding your use of our sites as you use them.
- Use of personal information. We may use your personal information for various purposes connected with your interest in our Sites and services, and to allow us to maintain and improve them.
- Sharing of personal information. We may share your personal information with certain third parties, such as with our service providers, as directed by you, and to provide you with opportunities that we believe may be of interest to you.
- Your rights and choices. You may have certain rights and choices regarding our collection, use, and disclosure of your personal information.
- Data security. The security of your personal information is of utmost importance to us and we maintain appropriate safeguards to protect it.
- International data transfers. Our Sites are operated exclusively in the United States.
- Cookie policy. When you visit our Sites, we may collect certain information from you automatically through cookies and other tracking technologies.
- Children's privacy. You must be at least 18 years old or older to use our sites.
- Links to other websites. Our Sites may contain links to other websites that are not operated by us and that are subject to third party privacy policies and other terms.
- Changes to this Privacy Policy. We may change this Privacy Policy from time to time to reflect new services or changes in our data practices or relevant laws.
- Contact us. You may contact us for comments or questions in various ways.
1. Collection of Personal Information
For purposes of this Privacy Policy, “personal information” means any information that relates to an identified or identifiable individual, and does not include PHI. The personal information we collect through our Sites will be apparent by the context of the page, and may include the following types of information.
For information on Caraway’s privacy practices specific to PHI, please see the Notice of Privacy Practices.
- Personal information you provide to us.
We may collect the following personal information about you that you choose to provide us when you use our Sites or App:
- Registration and account information. When you create an account on our App or through other means, you may be asked to provide certain personal information including your legal first and last name, preferred name, birthdate, college you attend, address, emergency contact information, and email address.
- Profile and demographic information. Through your account on our App, we may also invite you to provide additional information about yourself, such as your phone number, preferred pronouns, gender or gender identity, sex at birth, and details about your health and medical history.
- Communications information. When you communicate with us through our Sites, including through use of our synchronous communication and telehealth communication services, we may collect your first and last name, phone number, email address, and any personal information that you choose to provide in the content of your message.
- Payment information. If you sign up for a paid product or service from us, such as our monthly or annual membership, you may be required to provide your payment card or bank account information.
- Health insurance information. If you choose to utilize your health insurance plan, you may be required to provide related information, such as a copy of your insurance card, your member ID and group number.
- Information that we automatically collect
Our Sites may use cookies and other tracking technologies such as web beacons, embedded scripts, and tags (“Cookies”), which collect information from you automatically as you use our Sites, including:
- Browser and device data, such as IP address, device identifier, device type, operating system and Internet browser type, screen resolution, operating system name and version, device manufacturer and model, language, plug-ins, add-ons, and the language version of the Sites you are visiting; and
- Usage data, such as browsing history, time spent on the Sites, pages visited, links clicked, language preferences, patterns of use, and the pages that led or referred you to our Site.
We also collect information about your online activities on websites and connected devices over time and across third-party websites, devices, apps, and other online features and services. For example, we use Google Analytics on our Sites to help us analyze your use of our Sites and diagnose technical issues. Please review our Cookie Policy below for more information about our use of these technologies.
- Aggregated, anonymized, and deidentified information
We may create aggregated, anonymous or de-identified data from personal information by removing data components that make the data personally identifiable to you or through obfuscation or other means. Our use of aggregated, anonymized and de-identified data is not subject to this Privacy Policy and may be further controlled by federal health privacy law as outlined in our Notice of Privacy Practices.
2. Use of Personal Information
We use the personal information we collect to provide, maintain, and improve our Sites and the services that Caraway offers through them (our “Services”). These uses include:
- Providing you with requested Services, including the delivery of physical and mental health services, insurance claim submission, and providing you with information and other services related to your health and wellness
- Providing you with customer service and support, and to facilitate other communications that you request or that are required to render Services to you
- Providing you with information about new Services and other opportunities that we believe may be of interest to you, whether offered by us or third-party partners, and to personalize, measure, and improve such offers
- Performing analytics for new and existing Sites and Services, such as our user accounts and related features
- Maintaining and improving the quality of our Sites and Services
- Growing our business, including performing research and development, understanding our user trends, and understanding the effectiveness of our marketing
- Protecting ourselves, you, and others; preventing fraud; and creating and maintaining a trusted, secure, and reliable online environment
- Evaluating or conducting a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about the users of our Sites or Services is among the assets transferred
- Complying with our legal obligations; respond to subpoenas, court orders, or legal process; or to establish or exercise our legal rights or defense against legal claims
3. Sharing of Personal Information
We may share your personal information with the following categories of third parties:
- Our affiliates. We may share personal information with our affiliates, in which case, we will require such affiliates to comply with the terms of this Privacy Policy.
- Service providers. We share personal information with our service providers to provide services on our behalf, such as payment processing, analytics, advertising, hosting, marketing, customer and technical support, and other services.
- Third party providers, plans, and institutional partners. We may share personal information with third-party partners in connection with our Site and Services, including your care providers, health insurers, and/or your educational institution.
- Third-party platform advertising. We may share your information with third-party platform providers who assist us in serving advertising regarding the Sites and Services to others who may be interested. We also partner with third parties (such as Facebook and Google) who use Cookies to serve interest-based advertising and content on their respective third-party platforms that may be based on your preferences, location and/or interests.
- Affiliate and business transfer. If Caraway is involved in a merger, acquisition or asset sale, your personal information may be shared or transferred in connection therewith.
- Compliance and harm prevention. We may share personal information as we believe necessary (i) to comply with applicable law, rules and regulations; (ii) to enforce our contractual rights; (iii) to investigate possible wrongdoing in connection with the Site and Services; (iv) to protect and defend the rights, privacy, safety and property of Caraway, you or others; and (v) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities.
4. Your Rights and Choices
You may have rights and choices regarding our use and disclosure of your personal information. Unless instructed otherwise, you can exercise these rights and choices using the information in the Contact Us section at the end of this Privacy Policy. Please note that you may have further rights and choices as may be described in our Notice of Privacy Practices.
- Opting out of receiving electronic communications from us. You will not receive promotional electronic communications from us unless you have opted in to receive such communications. If you no longer wish to receive promotional email communications from us, you may opt out via the unsubscribe link included in such emails or by contacting us at support@caraway.health. We will comply with your request as soon as reasonably practicable. Please note that if you opt out of receiving promotional emails from us, we may still send you important administrative messages that are required in order to provide you with our Services or for other reasons disclosed in this Policy.
- Opting out of mobile data tracking. As described in this policy, Caraway will never sell your data directly, nor profit from the sale of your data, to third parties. However, you also have the right to opt out of mobile data tracking collected for the purposes of measuring advertising efficiency and informing the company’s future advertising efforts. If you choose to opt out, you may proceed as follows:
- For iOS users, when you set up the Caraway app your iphone may generate a screen that asks you for permission to track. Please select “Ask App Not to Track” to deny Caraway access. You may also navigate to Settings > Privacy > Tracking at any time to select or modify this permission setting. For more information, please see Apple’s user guide here.
- For Android users, Google enables you to delete your Android advertising ID. If you are using Android 12 or later, you may open the Settings app, and then navigate to Privacy > Ads. Tap “Delete Advertising ID” and then tap it again on the next page to confirm. This will prevent any app on your phone from accessing it again in the future.
- If you are using an earlier version of Android, you can use the privacy controls to reset your Advertising ID and then select “Opt Out of Ads Personalization”.
- For more information, please see Google’s support guide here.
- View or change your account personal information. If you have an account on our App, please visit your account for any privacy rights, choices, or preference options that may be offered. In your Caraway user profile, you are able to add and edit your profile picture, legal first and last name, preferred name, phone number, preferred gender, preferred pronouns, current address, college, and emergency contact information. You can also add, edit, and delete your credit card information, Caraway subscription status and plan, and insurance information.
- Account deletion requests. You have the right to request the deletion of your account with Caraway. If you would like to request that your account be deleted, please contact us at support@caraway.health.
- Your California privacy rights. California residents have certain rights with respect to our sharing of their personal information with third parties for their own direct marketing purposes. We do not disclose personal information to third parties for their own direct marketing purposes. However, because California residents have the right to request information regarding such practices under California’s “Shine the Light” Law, please contact us using the information in the Contact Us section. You must include your full name, email address and postal address in your email or mail request so that we can verify your California residence and respond. “Personal information” under this California law means any information that identified, described, or was able to be associated with an individual at the time of disclosure.
- Your Nevada privacy rights. Nevada residents have the right to request to opt out of any “sale” of their personal information under Nevada SB 220. We do not currently sell personal information under Nevada law; however, you may still request to opt out of the future sale of your personal information. If you are a Nevada resident and would like to make such a request, please contact us using the information in the Contact Us section at the end of this Privacy Policy, and provide “Nevada Privacy Rights” in the subject line. You must include your full name, email address and postal address in your request so that we can verify your Nevada residence and respond. In the event we sell your personal information after the receipt of your request, we will make reasonable efforts to comply with such request.
5. Data Security
The security of your personal information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. We maintain appropriate technical, administrative, and physical safeguards to help protect the security of your personal information against unauthorized access, destruction, loss, alteration, disclosure or misuse. We encourage you to secure your account with a strong password and to keep your password private.
6. International Data Transfers
Our Sites are operated exclusively in the United States and intended for users located in the United States. We may transfer, store, and use information we collect and maintain about you, including personal information outside of your state, province, country, or other governmental jurisdiction. The data protection laws in the jurisdiction in which we process personal information may differ from those of your jurisdiction, and in certain circumstances, your personal information may be subject to access requests from governments, courts, law enforcement agencies or regulatory agencies in those other jurisdictions. By using the Sites or providing us with any information, you consent to the transfer and processing of your information, including personal information, in the United States as set forth in this Privacy Policy.
7. Cookie Policy
When you visit our Sites, we may collect information from you automatically through Cookies. We also rely on partners to provide many features of our Sites using data about your use of the Sites. We use Cookies for the following purposes:
- Necessity. To enable features that are necessary for providing you the services on our Sites, such as keeping you signed in, improving security, and preventing and detecting fraud.
- Preference. To allow us to remember your preferences and identify you when you return to our Sites.
- Analytics. To allow us to understand how our Sites are being used, track site performance and content views, and make improvements to the content, products, or services.
- Advertising. To deliver targeted advertising based on your preferences, location, and/or interests across different services and devices and measuring effectiveness of ads.
- Social Media. To enable the sharing of content from our Sites through social networking and other sites.
You can modify your browser settings to decline or accept Cookies. However, in a few cases, some of our Sites’ features may not function as designed.
If you wish to opt out of our sharing of the data that is gathered when you visit our Site for purposes of targeted digital advertising, we encourage you to visit the Network Advertising Initiative or the Digital Advertising Alliance’s Self-Regulatory Program for Online Behavioral Advertising for more information about opting out of seeing targeted digital advertisements. You may also visit these websites for more information on how you can opt back in to the sharing of data. Please note that Caraway does not maintain this web tracking data in an identifiable manner.
Opting out of advertising networks does not necessarily mean that you will not receive advertisements while using our Sites or on other websites.
We do not support Do Not Track functionality. Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.
8. Children’s Privacy
You must be at least 18 years old or older to register or use our Sites, including our account features. The Sites are intended for a general audience and we do not knowingly collect personal information from children under age 18 through the Sites. If we become aware that we have collected personal information from children under age 18 without verification of parental consent, we will take steps to remove that information from our servers.
If you are a parent or guardian and you are aware that a child under age 13 has provided us with personal information without parental consent, please contact us using the information in the Contact Us section. If we become aware that we have collected personal information from children under age 13 without verification of parental consent, we will take steps to remove that information from our servers.
9. Links to Other Websites
Our Sites may contain links to other websites that are not operated by Caraway. We are not responsible for the content or privacy policy policies of websites we do not own or control, and our privacy policy does not apply to third-party websites. We strongly suggest you review the privacy policies for third-party websites to understand how your personal information is used and stored by those websites.
10. Changes to This Privacy Policy
We may change this Privacy Policy from time to time to reflect new services or changes in our data practices or relevant laws. The “effective date” legend at the top of this Privacy Policy indicates when this Privacy Policy was last revised. Any changes are effective when we post the revised Privacy Policy on the Sites. If we make any material changes to this Privacy Policy, we will take reasonable measures to notify you via email and/or a prominent notice on our Site prior to the change becoming effective, and will update the effective date at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes.
11. Contact Us
If you have any questions about this Privacy Policy or wish to exercise one of your privacy rights, please contact us by emailing support@caraway.health.