Privacy Policy

Effective Date: July 28, 2021

Heartbeat Health, Inc. (“Heartbeat,” “us” or “we”) recognizes the importance of protecting the privacy of your personal information, and we have prepared this Privacy Policy to provide you with important information about the privacy practices that apply to you when you visit our website at heartbeathealth.com, or its affiliated and successor sites (the “Site”), and when you use the products and services we provide through the Site, including our application intended for use by patients, authorized caregivers and guardians and our application intended for use by providers of cardiovascular services (each an “Application” and together with the Site and our other products and services offered through the Site, the “Services”).

This Privacy Policy does not apply to the collection and use of information pertaining to job applicants, employees, owners, directors, officers, or contractors.

For the additional privacy practices that apply to users of the Heartbeat Applications intended for use by patients, authorized caregivers and guardians, please go to the section of this Privacy Policy entitled “Privacy Policy Supplement for Patients and Authorized Caregivers or Guardians”. For the additional privacy practices that apply to users of the Heartbeat Applications intended for use by providers of cardiovascular services, please go to the section of this Privacy Policy entitled “Privacy Policy Supplement for Providers”. Each Privacy Policy Supplement is part of, and should be read in conjunction with, this Privacy Policy, as applicable.

Please read this Privacy Policy carefully as it contains important information about your rights. If you are a user of the Heartbeat Applications, this Privacy Policy, including the specific Privacy Policy Supplement that applies to you, is part of the terms and conditions that are the binding terms between you and Heartbeat and its affiliates for the use of the Heartbeat Applications selected by you. As applicable to you, access and review either the Provider Terms of Service at https://www.heartbeathealth.com/provider-terms/ or the Patient Terms & Conditions at https://www.heartbeathealth.com/terms/.

In this Privacy Policy, we use the term “Personal Information” to refer to information we gather that could be used to identify or contact you and any information we gather concerning your use or potential use of the Services, as further defined in the Privacy Supplement applicable to you. We also collect non-personal information (“Non-Personal Information”) about you through your use of our Services. Non-Personal Information is any information that does not reveal your specific identity or from which your identity has been redacted.

If you do not agree with our policies and practices, you should not access or use our Services. By accessing or using our Services, you agree to this Privacy Policy. This Privacy Policy may change from time to time. In the event of a substantial change we will post a notification on our Services. Your continued use of our Services after we make changes is deemed to be acceptance of all changes. You must check this Privacy Policy periodically for updates.

Our Services are intended for access and use by users that reside within the U.S. and its Territories. If you are not a resident of the U.S. or its Territories you should not attempt to access or use our Services.

Security Safeguards

We use reasonable measures to help protect information using systems and processes consistent with information privacy and security requirements under applicable federal and state laws, including but not limited to HIPAA. You understand and acknowledge that no data management or transmissions system over the Internet or any other public network can be guaranteed to be 100% secure. Also, information collected by third parties may not have the same security protections as information you submit to us, and we are not responsible for protecting the security of such information.

Personal and Non-Personal Information We Collect from All Users (Providers, Patients and Site Visitors)

As you navigate, our Services collect information automatically through the use of cookies, web beacons, and similar technologies. Cookies (e.g., session, persistent and flash) and other technologies can identify your device so that we can continue to enhance your personalized user experience. We collect information about your Internet connection, equipment you use to access our Services and usage details, such as traffic data, logs, referring/exit pages, date and time of you use our Services, error information, and other communication data and the resources that you access through our Services. You may be able to refuse or disable cookies and other technologies by adjusting your web browser settings. Because each web browser is different, please consult the instructions provided by your web browser (typically in the “help” section). If you choose to refuse, disable, or delete these technologies, some of the functionality of the Services may no longer be available to you.

In some instances, we may combine Non-Personal Information with Personal Information (such as combining your zip code with your name, or with your name together with a medical condition). If we combine any Non-Personal Information with Personal Information, the combined information will be treated by us as Personal Information as long as it is so combined.

We also collect the information that you input into forms on our Site, such as your name, email address, phone number, and date of birth.

You also may provide information to be published or displayed (“posted”) on public areas of our Site or Applications or transmitted to other users of our Services or third parties (collectively, “User-Provided content”). Your User-Provided Content is posted and transmitted to others at your own risk. You hereby acknowledge that you have no privacy interest in User-Provided Content and by posting User-Provided Content you are authorizing Heartbeat to use and disclose such content as we see fit.

Non-Personal Information is collected in a variety of ways, including from you, through your device, through a device that is paired to our Applications, through server log files, using your device’s GPS functionality or by de-identifying Personal Information. Because Non-Personal Information does not personally identify you, we may use and disclose Non-Personal Information for any purpose.

How We Disclose the Information of all Users.

We share Personal Information of visitors, patients, and providers as follows:

● For business purposes. We may share your Personal Information with vendors and service providers who help us manage, maintain, or promote our business. These include our data hosting and data storage partners, analytics and advertising providers, technology services and support, and data security vendors. We also may share Personal Information with professional advisors, such as auditors, law firms, and accounting firms.

● For business purposes. We may share your Personal Information with vendors and service providers who help us manage, maintain, or promote our business. These include our data hosting and data storage partners, analytics and advertising providers, technology services and support, and data security vendors. We also may share Personal Information with professional advisors, such as auditors, law firms, and accounting firms.

● With your direction or consent. We may share Personal Information with third parties if you request or direct us to do so.

● With affiliates within our corporate group. We may share your Personal Information with any affiliates within our corporate group.

● Compliance with law. We may share your Personal Information to comply with applicable law or any obligations thereunder, including cooperation with law enforcement, judicial orders, and regulatory inquiries.

● In the context of a transaction. We may share your Personal Information connection with an asset sale, merger, bankruptcy, or other business transaction.

● For other business reasons. We may share your Personal Information to enforce any applicable terms of use or service, and to ensure the safety and security of the Services and/or our users

Information regarding disclosure specific to visitors, patients, and Providers is provided below and in the applicable Privacy Policy Supplement.

How We Disclose the Information of Visitors to Our Site

We may share the Personal Information collected from visitors to our Site with third parties in the circumstances described above and the following purposes :

For business purposes. We may disclose your name, email address, date of birth, phone number, and address if you provided it to us via a form on the website or during an incomplete or failed registration to service providers. We may also share your connection and site usage details (such as the equipment you use to access our data and access records) with service providers to improve the Site and the Services.

We also may disclose your Non-Personal Information for other purposes. Note that if you make any Personal Information publicly available on the Site or Applications, anyone may see and use such information outside of Heartbeat’s control.

To understand how we use the information provided by users of the Heartbeat Application intended for patients, authorized caregivers and guardians, please see the “Privacy Policy Supplement for Patients and Authorized Caregivers or Guardians”. To understand how we use the information provided by users of the Heartbeat Application intended for providers of cardiovascular services, please see the “Privacy Policy Supplement for Providers”.

We do not sell any Personal Information.

Third Party Websites and Links

This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including your health care providers or your health plan, the manufacturer of your mobile device, and any other third party mobile application or website to which the Site or Applications may contain a link, including third party services or platforms such as social media sites. We do not control such third parties and are not responsible for the content of their platforms, their privacy policies, or their use of your information. We encourage you to review the Notice of Privacy Practices of your health care provider or health plan and the privacy policies of each website and application you visit and use. We expressly disclaim any and all liability for the actions of third parties, including but without limitation to actions relating to the use and/or disclosure of Personal Information by third parties. Any information submitted by you directly to these third parties is subject to that third party’s Privacy Policy.

Children’s Privacy

Our Services are not intended for individuals under 18 years of age, and we do not knowingly collect or sell Personal Information from children under 18. If you are under 18, do not use or provide any information to our Services or through any of their features. If we learn we have collected or received Personal Information from a child under 18 without verification of parental consent, we will delete it. If you are the parent or guardian of a child under 18 years of age whom you believe might have provided us with their Personal Information, you may contact us using the below information to request that it be deleted.

Retention of Personal Information

We generally retain records only as long as necessary, and as required for our business operations, for archival purposes, and/or to satisfy legal requirements. When determining the appropriate retention period for Personal Information, we take into account various criteria, such as the amount, nature, and sensitivity of the Personal Information; potential risk of harm from unauthorized use or disclosure; purposes for which we process your Personal Information; whether we can achieve those purposes through other means; and business operations and legal requirements. Because we maintain our Services to protect from accidental or malicious loss and destruction, residual copies of your Personal Information may be retained in our backup and archival systems for a limited period of time, after which the information will be automatically deleted or put beyond use where deletion is not possible.

Privacy Policy Supplement for Patients and Authorized Caregivers or Representatives

Your health care provider, health plan or plan sponsor may offer you access to Heartbeat’s Services or you may choose a provider from among Heartbeat’s registered providers, who are providers of cardiovascular healthcare services authorized to use the Heartbeat Services (each a “Provider”). By creating an account through our Services and thereby accepting our Application Terms and Conditions, you or your authorized caregiver or representative (hereinafter referred to as “you” or “your”) are consenting to our collection, maintenance, use, disclosure, and processing of information about you and your health. Heartbeat is working on behalf of your health care provider or health plan as a “business associate” as defined under the Health Insurance Portability and Accountability Act (“HIPAA”) to provide the IT platform and technologies that support online interactions between you and your health care provider. In order to fulfill this function, we collect, use, disclose, and maintain your Personal Information, including your protected health information.

We will only use, disclose, process and maintain your protected health information according to our agreement with your provider or health plan or as required by law. In connection with your treatment, we may also collect, create, use, disclose, and maintain information and/or your medical records from your past and present health care providers.

Please be aware that this Privacy Policy is distinct from HIPAA Notice of Privacy Practices of the Provider you choose, your health care provider or your plan, which describes in detail how your health care provider or plan uses and discloses your protected health information. If you would like to review a copy of your health care provider’s or plan’s HIPAA Notice of Privacy Practices, please request a copy directly from them. All of the protected health information about you that we collect is part of your entire health record maintained by your provider or health plan. If you wish to request an accounting of any disclosures that we may make, access to or a copy of your protected health information or to amend or correct your medical record, please contact your health care provider or health plan.

We also collect several other types of Personal Information from and about you when you use our Services, including information by which you may be personally identified, such as name, address, e-mail address, home, work, and mobile telephone numbers, date of birth, audio (including recordings and transcripts), images and videos of you, your gender or User-Provided Content and other general health information that you voluntarily provide us on our Site or through our Services. To avoid any doubt, this does not include the protected health information that is collected through your interactions with your health care providers on our Site or through our Services.

When you provide us with your email address or cell phone number you are acknowledging and agreeing that you consider communications via phone, text (SMS) messaging and/or email to be reasonable ways for us to communicate with you. You may opt out of receiving general health and wellness or treatment options that may be relevant to you by emailing us at hello@heartbeathealth.com, by modifying this notification setting in our Application, or by responding STOP to any text (SMS) message. Please be aware that opt-outs may not apply to certain types of communications, such as account status, website updates, or other communications. If you no longer use our Services you may also request that we delete your Personal Information by sending us an email at hello@heartbeathealth.com.

Information Patients Provide to Us

The information we collect on or through our Services includes information provided at the time you register as well as information provided when you interact with your Provider or when you use our other Services. We will collect Personal Information and protected health information when you fill out online forms, via videos, images and recordings and when interact with your healthcare provider on our Site or the Application. We may also ask you to provide your Personal Information when you contact us to report a problem with our Site or Application, and maintain records and copies of any correspondence (including email addresses) to assist in future improvement of our services and the Site .

In order for you to use the Services, we may require you to provide us with Personal Information including, but may not be limited to: (1) your name and your contact data (such as your e-mail address, phone number, billing and physical addresses, and your user name and password to login to our website or Application); (2) demographic data (such as your gender, your date of birth and your zip code); (3) insurance information (such as your insurance carrier and insurance plan); (4) payment information (such as your credit or debit card number); (5) confirmation that your healthcare provider provided services to you; and (6) health and medical data such as the previous doctors, dentists or other healthcare providers you visited, your reason for visiting those providers, your date of visiting providers, your medical history and condition, and other medical and health information you choose to share with us. If you communicate with us by, for example, e-mail or letter, any information provided in such communication may be collected as Personal Information.

All recordings of your online encounters and interactions with your health care providers are subject to HIPAA regardless of the medium (e.g., electronic communication, uploaded documents, audio video) in which these are captured in or collected. Any output from monitoring devices or any audio portion of your medical telehealth visit (including audio from visits that include video) that is recorded for purposes which may include treatment, quality, improvement of health status, customer and patient experience, customer and patient engagement, cost effectiveness, care coordination and/or other purposes relating to operations and provision of telehealth services will become part of your health care provider’s medical record. By using the Services available through our Applications you expressly consent to the recording of the medical visit .

You also may provide information to be published or displayed (“posted”) on public areas of the Site or Application or transmitted to other users of the Site or Application or third parties (collectively, “User-Provided Content”). Your User-Provided Content is posted on and transmitted to others at your own risk. You hereby acknowledge that you have no privacy interest in User-Provided Content and by posting User-Provided Content you are authorizing Heartbeat to use and disclose such content as we see fit.

We also may obtain information about you from third-party data sources. We may combine the personal information about you that we collect from you, with third-party data from other sources and use this to improve the user experience, the Site and Application or the Services we provide. If you access third-party services, such as Facebook, Google, or Twitter, through the Services or login to the Services or share information about your experience on the Services with others, we may collect information from these third-party services. If you provide Heartbeat with express authorization to use certain Personal Information without HIPAA restrictions, we will only use and disclose that Personal Information consistent with the terms of your authorization and this Privacy Policy.

In some instances, we may combine Non-Personal Information with Personal Information (such as combining your zip code with your name, or with your name together with a medical condition). If we combine any Non-Personal Information with Personal Information, the combined information will be treated by us as Personal Information as long as it is so combined.

How We May Use the Personal Information of Patients

We and our third-party service providers may use Personal Information to respond to your inquiries and fulfill your requests, such as to arrange for telehealth services; to facilitate communications with health care professionals who will help manage individual patient needs, identify the appropriate level of care and healthcare setting for the healthcare services you are requesting to send you administrative information, including information regarding our Applications, and changes to our Terms & Conditions and policies, including this Privacy Policy; to schedule and provide services related to the scheduling of an appointment, for example; communicate with you and your Providers regarding your health status, appointments and related services provided by your Provider; obtain or facilitate payments for appointments and related services provided by your health care provider and send you payment receipts; and provide you with related customer service; to confirm that services you request were provided to you by your health care providers; to inform you of studies in which you may be eligible to participate and other opportunities for clinical care; to personalize your experience on our Applications by presenting products and offers tailored to you; as necessary or appropriate under applicable law or to comply with legal processes; to respond to requests from government authorities; to enforce our Terms of Conditions; to protect our operations or those of any of our affiliates; to protect our rights, privacy, safety or property, or that of our affiliates, you or others; at our discretion under emergency circumstances, to notify emergency services or your family members, personal representative or other individuals involved in your care of your location and condition; or to allow us to investigate a security incident or breach of our IT systems and to pursue available remedies or limit the damages that we may sustain.

Subject to certain restrictions set forth in an agreement between Heartbeat and your health care provider, health plan or plan sponsor, we may also de-identify and aggregate your protected health information to perform analytics and gather insights that can be used to improve the health care experience and health outcomes.

How We May Disclose the Personal Information of Patients

We may share the Personal Information collected from patients with third parties in the circumstances described above and the following purposes:

● For business purposes. We may disclose your name, email address, date of birth, phone number, and address if you provided it to us via a form on the website or during an incomplete or failed registration to service providers. We may also share your connection and site usage details (such as the equipment you use to access our data and access records) with service providers to improve the Site and the Services.

● For marketing purposes. We may disclose your Personal Information for marketing purposes relating to our products or services and to third parties to permit them to send marketing communications to you regarding our products or services or the services of your health care providers.

● For treatment, payment, or healthcare operations. We may disclose your Personal Information for other treatment, payment or health care purposes of your health care provider, including disclosure to health care providers to facilitate the Services provided to you, such that your Personal Information may be disclosed to providers who identify you as a patient.

● For research opportunities. We may disclose your Personal Information to third parties that conduct research in which you may be eligible to participate for purposes of notifying you of such studies.

● For emergency purposes. We may disclose your Personal Information at our discretion under emergency circumstances, to notify emergency services or your family members, personal representative or other individuals involved in your care of your location and condition.

Our disclosure of your Personal Information may also be subject to certain restrictions set forth in Heartbeat’s Terms & Conditions.

If you have any concerns or feel that Services are not following our stated policies with respect to your information, you may contact us at hello@heartbeathealth.com.

Privacy Policy Supplement for Providers

Heartbeat offers Providers a cardiovascular-specific virtual telemedicine platform that connects and supports physicians providing cardiovascular care and their patients. As used in this Privacy Policy Supplement for Providers, “Provider” or “you” means the provider of cardiovascular services that has accepted the Provider Terms of Service. A “Provider” may be either an individual physician or an entity (such as a group practice) represented by an individual with authority to bind such entity.

Before any accounts can be fully activated, Providers must agree to the Provider Terms of Service and register each Registered User within Provider’s organization. “Registered Users” means users affiliated with Provider who are authorized to access Heartbeat’s platform, and includes Registered Clinicians and Registered Administrators. A Registered Clinicians is defined as the Registered Physicians (a physician providing cardiovascular care in good standing who is affiliated with the Provider) and nurse practitioners, physician assistants, nurses and other medical providers in good standing affiliated with the Provider and under the supervision of Registered Physicians, all of whom must be authorized to access and use Heartbeat’s platform. In addition, any Registered Administrators, as defined in the Provider Terms of Service, must also be registered in order to access our Services.

Information We Collect

By creating an account on our website or downloading our Application, you are consenting to our collection, maintenance, use, disclosure, and processing of information about you and the Registered Users in the organization you represent. In order to provide the IT platform and technologies that support the online interactions between you and your patients who are authorized to use the Heartbeat Application (or their legal representatives), we collect, use, disclose, and maintain information that includes the Personal Information of Registered Users. We will only use, disclose, process and maintain this Personal Information according to our Provider Terms of Use, this Privacy Policy or as required by law.

We collect several types of information from and about you and your Registered Users through the use of our website and Application, specifically Personal Information by which you or your Registered Users may be personally identified, including but not limited to, demographic information such as name, address, e-mail address, home, work, and mobile telephone numbers, date of birth; employment information such as job title, practice area, primary specialty, and medical license status, languages spoken, educational background, practice location (address and phone number), length of employment, photograph and NPI number(s).

When you or your Registered Users provide us with an email address or cell phone number you understand that we will communicate with you or such Registered User via phone, text (SMS) messaging and/or email. You or your Registered Users may opt out of receiving general health and wellness or treatment options that may be relevant by emailing us at hello@heartbeathealth.com, by modifying this notification setting in our Application, or by responding STOP to any text (SMS) message. Please be aware that opt-outs may not apply to certain types of communications, such as account status, website updates, or other communications. If you no longer use our Services you may also request that we delete your or your Registered Users’ Personal Information by sending us an email at hello@heartbeathealth.com.

All recordings of your online encounters and interactions with your patients using our Applications are subject to HIPAA regardless of the medium (e.g., electronic communication, uploaded documents, audio video) in which these are captured in or collected. Any output from monitoring devices or any audio portion of your medical telehealth visit (including audio from visits that include video) that is recorded for purposes which may include treatment, quality, improvement of health status, customer and patient experience, customer and patient engagement, cost effectiveness and/or other purposes relating to operations and provision of telehealth services will become part of your Patient’s medical record. By using the Services available through our Applications you expressly consent to us recording you and your Registered Users’ medical visit with your Patients. You are expected to capture and collect the content of each Patient encounter or interaction in your own medical record system.

You and your Registered Users also may provide information to be published or displayed (“posted”) on public areas of the Site or Application or transmitted to other users of the Site or Application or third parties (collectively, “User-Provided Content”). User-Provided Content is posted on and transmitted to others at your own risk. You hereby acknowledge that you have no privacy interest in User-Provided Content and by posting User-Provided Content you are authorizing Heartbeat to use and disclose such content as we see fit.

We also may obtain information about you and your Registered Users from third-party data sources. We may combine the personal information about you and your Registered Users that we collect from you or your Registered Users, with third-party data from other sources and use this to improve the user experience, our Applications or the Services we provide. If you or your Registered Users access third-party services, such as Facebook, Google, or Twitter, through the Services or login to the Services or share information about your experience on the Services with others, we may collect information from these third-party services. If you provide Heartbeat with express authorization to use certain Personal Information without HIPAA restrictions, we will only use and disclose that Personal Information consistent with the terms of your authorization and this Privacy Policy. In some instances, we may combine Non-personal information with Personal Information (such as combining your zip code with your name, or with your name together with a medical specialty and NPI number). If we combine any Non-personal information with Personal Information, the combined information will be treated by us as Personal Information as long as it is so combined.

How We May Use Personal Information of Providers

We will use the Personal Information that is provided through the registration process to verify the credentials that were provided about each Registered User to confirm that the information that was provided is accurate, correct and up-to-date. We and our third-party service providers may use Personal Information to confirm that the credentials that provided to us by you or your Registered Users through the onboarding and registration process is accurate, complete and up-to-date. Under the Provider Terms of Service, Provider is obligated to ensure that if there is a change to any Registered Clinician’s personal, employment or educational information, an update will be made as soon as practicable but no later than three (3) business days after Provider becomes aware of such change. Heartbeat may periodically check Registered Clinician’s and Registered Administrator’s Personal Information to ensure that they have not been excluded by the Department of Health and Human Services Office of Inspector General or otherwise sanctioned.

Heartbeat will also use Provider information to arrange for telehealth services; to facilitate communications with Patients; to send administrative information, including information regarding our website and/or Application, and changes to our Terms of Service and policies, including this Privacy Policy; to schedule and provide services related to the scheduling of an appointment, for example, to communicate with you and your Patients regarding their health status, appointments and related services; obtain or facilitate payments for appointments and related services; and provide you with related customer service; to personalize your experience on our website or the Application by presenting products and offers tailored to you; as necessary or appropriate under applicable law or to comply with legal processes; to respond to requests from government authorities; to enforce our Terms of Service; to protect our operations or those of any of our affiliates; to protect our rights, privacy, safety or property, or that of our affiliates, you or others; or to allow us to investigate a security incident or breach of our IT systems and to pursue available remedies or limit the damages that we may sustain.

We may also use your and your Registered Users’ Personal Information along with de-identified or aggregated patient information to perform analytics and to gather insights that will help improve the User experience, the quality of care and health outcomes and lower costs for you and your patients.

How We May Disclose Personal Information of Providers

We may share the Personal Information pertaining to Providers and Registered Users with third parties in the circumstances described above and for the following purposes:

● For business purposes. We may also share Provider Information with other third-party companies that we collaborate with or hire to perform services on our behalf. For example, we may hire a company to help us send and manage email, and we might provide the company with your email address and certain other information in order for them to send you an email message on our behalf. We may also share your connection and site usage details (such as the equipment you use to access our data and access records) with service providers to improve the Site and the Services.

● To facilitate the Services. We share Provider Information with patients and other users to facilitate the provision of the Services.

If you or your Registered Users submit information or a posting to a chat room, bulletin board, or similar “chat” related portion of this website, the information submitted along with your or your Registered User’s screen name will be visible to all visitors, and such visitors may share with others. Therefore, please be thoughtful in what you write and understand that this information may become public.

The Applications may permit you to view your profile and related personal information and to request changes to such information. If this function is available, we will include a link on this website with a heading such as “My Profile” or similar words. Clicking on the link will take you to a page through which you may review your visitor profile and related Personal Information.

If you have any concerns or feel that our website or Application is not following our stated policies with respect to your information, you may contact us at hello@heartbeathealth.com.