LAST MODIFIED: June 06, 2023
If you are a resident of California, please click here for the Notice of Collection and more information.
If you are a resident of Virginia, please click here for more information.
- Websites and mobile applications (each, an “App”) operated by us, which includes a Symptom Checker and other health related intakes, and any subsequent health care services you receive through the same (together, the “Platform”);
- Email and text messages that we send to you or other communications with you; and
- Offline business interactions you have with us.
(1) what types of personal information do we collect?
(2) how we collect personal information
(3) how we use the personal information we collect
(4) when and with whom we share the information
(5) your choices regarding personal information
(6) information about online advertising
(7) third party services, including third party payment services
(9) security; and
Reproductive Health and Law Enforcement:
K Health supports access to reproductive health care services. K Health follows, to the extent applicable, the U.S. Department of Health and Human Services – Office for Civil Rights’ guidance applicable to disclosures of personal information relating to reproductive health care and will not disclose this information to state officials or law enforcement unless (i) we are compelled to do so by law, (ii) the request is enforceable under law, and (iii) we limit the disclosure to the minimum necessary to comply with law.
(1) What types of personal information do we collect?
We and our service providers may collect personal information in a variety of ways, including:
- When accessing the Platform, we may collect certain basic information about your medical history, preferences, and goals before you create an account to become a patient. In addition to your medical history, this personal information may include your name, phone number, date of birth, gender, location, IP address, billing information (name, physical billing address, payment card information (collected by our third party payment processor) and transaction details), email address, insurance coverage, and in some instances, a copy of your driver’s license or other government-issued identification for identity verification purposes.
- The Services also collect personal information such as browser and device information; App usage data; Information collected through cookies, pixel tags and other technologies, including tracking technologies; and demographic information and other information provided by you.
- Sponsor Organizations. If an organization, such as your or your partner’s, spouse’s, or parent/guardian’s employer, university, or health plan (“Sponsor Organization”) offers coverage for access to or usage of the Services on your behalf, in addition to the information described above, use of the Services through a Sponsor Organization may require you to provide additional registration information. This information is collected to confirm your eligibility with the Sponsor Organization. Information collected under these circumstances may include, but not be limited to, name, email address, date of birth and phone number, member and/or group number. The information is required to confirm program or benefit eligibility, your specific benefits and to prevent insurance and benefit fraud.
(2) How we collect personal information
We need to collect personal information in order to provide our Services to you. If you do not provide the personal information requested, we may not be able to provide you with our Services.
- Personal information we collect automatically. When you visit or use our app or website, we may gather, collect, and record personal information about such visits. We do this ourselves or with the help of third parties, including through the use of “cookies” and other tracking technologies, as further detailed below. This personal information may include your IP address (which may also be associated with your domain name or the domain name of your internet service provider), data relating to your use and navigation of the Services, including as related to session replay technology, unique or online identifiers associated with your mobile device and use of the Platform and your geographical location.
- Personal information you direct us to receive, including personal information we receive from third parties and social media. We may collaborate with third parties in connection with providing the Services and these third parties may provide us with personal information about you. For example, as set forth in our Terms of Service and Informed Consent, you consent for us to receive access to your prescription history in order to properly care for you and assess drug-interactions. Additionally, from time to time, we may receive personal information about you from other third parties (such as Apple’s HealthKit or Fitbit) if you have directed your information to be shared with us.
- Your browser or device. Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Mac), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version and the name and version of the Services (such as the App) you are using.
- Your use of the App and our website. When you download and use the Platform, we and our service providers may track and collect Platform usage data, such as the date and time the App on your device or your use of the website accesses our servers and what information and files have been downloaded to the App based on your device number.
- Cookies. Cookies are pieces of information stored in the browser or on the device that you are using. Cookies allow the collection of personal information such as browser type, time spent on the Services, pages visited, language preferences, and other traffic data. We use this information for security purposes, to facilitate navigation, to display information more effectively, and to personalize your experience including to send you advertising, and to measure and analyze such activities. We also gather statistical and other information about use of the Services in order to continually improve their design and functionality, understand how they are used, and assist us with resolving questions regarding them. You may also wish to refer to http://www.allaboutcookies.org/manage-cookies/index.html. If, however, you do not accept cookies, you may experience some inconvenience in your use of the Services.
- Pixel tags and other similar technologies. Pixel tags (also known as web beacons and clear GIFs) may be used to, among other things, track the actions of users of the Services (including email recipients), measure the success of our marketing campaigns, and compile statistics about usage of the Services and response rates. We may use third party pixel tags on some websites. Please refer to their privacy policies regarding their data use.
- Location. We may collect the general or precise location of your device by, for example, using satellite, cell phone tower or WiFi signals. We may use your device’s location to provide you with location-based services and content, and you can adjust the permissions on your device to allow or deny such uses and/or sharing of your device’s location.
(3) How we use the personal information we collect:
We and our service providers use your personal information for the following purposes:
- Providing the Services to you, including access to your account.
- To provide and coordinate your care.
- To respond to your inquiries and fulfill your requests, when you contact us via one of our online contact forms or otherwise, for example, when you send us questions, suggestions, compliments or complaints, or other customer service requests, or when you request other information about our Services.
- To complete your transactions and verify your information.
- To send you changes to our terms, conditions, and policies.
- To allow you to communicate with us through the Services if you choose to do so.
- Το provide you with information about new services, news about us, and/or other marketing materials, and to determine the effectiveness of our promotional campaigns so we can adapt campaigns to the needs of users, and to facilitate social sharing.
- To engage in marketing, advertising, and campaign management. We may disclose certain information that includes personal data to third-party advertising networks, social media platforms, sponsors and/or data analytics and measurement services, who may use this information for their own purposes.
- Το analyze your personal information to improve the Services, including through the use of our artificial intelligence models. Specifically, we may use your personal information in order to improve our artificial intelligence models, so that we are constantly improving the information we provide our users. When you are using our Services, you are not only learning from our data, but our Services also learn from you and your experiences. Over the long term, this growing repository of health experiences and clinical decision-making will accelerate medical research and improve our understanding of human disease. Generally, the information we use for machine learning is aggregated and/or deidentified, and we take reasonable steps not to reidentify you individually unless permitted by law.
- To analyze personal information for business reporting, including, providing personalized services, improve the efficiency of the Services, and to identify usage trends.
- To better understand your preferences so that we can deliver content via our Services that we believe will be relevant and interesting to you.
- Το aggregate and/or deidentify personal information so that it will no longer be considered personal information.
- As described above, we may use the personal information we collect in order to improve our AI models, to improve our Services and the recommendations and information we provide our users and other third parties. We may use and disclose this information for any purpose, as it no longer identifies you or any other individual.
- For audits, to verify that our internal processes function as intended and to address legal, regulatory, or contractual requirements;
- For fraud prevention and fraud security monitoring purposes, for example, to detect and prevent cyberattacks or attempts to commit identity theft;
- For developing new products and services, operating, and expanding our business activities, for example, understanding which parts of our Services are of most interest to our users so we can focus our energies on meeting our users’ interests;
- For enhancing, improving, repairing, maintaining, or modifying our current products and services, as well as undertaking quality and safety assurance measures; and
- For such other purposes we may notify you about or to which you consent.
(4) When and with whom we share your personal information:
We may share your personal information with third parties, including electronically, as follows:
- Partners: We may share your personal information with other companies, such as companies with whom we jointly offer products and services, including third party payers and Sponsor Organizations.
- Service Providers: We may share personal information with certain of our service providers, processors and others who perform functions on our behalf. These may include, for example, hosting and server services.
- Social Media, Advertising, Analytics and Measurement Companies. We may use social media and advertising platforms to serve advertisements to you or to third parties that the advertising platform determines are similar to you. In order to offer these ads, we may share your personal information, such as email addresses or phone numbers, in hashed or unhashed format, with the advertising platform provider, which can match this information to a particular platform user. To deliver information about products and Services that may be of interest to you, we may share personal information with other companies, such as advertisers, analytics, and measurement providers. For example, we may share device-related data (such as unique identifier, type of device, IP address, Cookies and other information associated with your browsing and app usage) and individual preferences and characteristics (such as insights and inferences related to shopping patterns and behaviors). We also use analytics and measurement companies to analyze and measure our advertising activities.
- Session Replay Recording: We may use session replay recording software, in order to better understand our users’ needs and to optimize the Services and experience.
- Our Affiliated Clinicians and Pharmacy: When you use our Services that connect you with a clinician, we will share your personal information with our affiliated clinicians, other providers and/or pharmacy, in order for them to provide you care or coordinate your treatment. More about the treatment of this information is within the Notice of Privacy Practices of those organizations.
- Third Party Services: We may provide options within the Services where you can receive additional services from a third party. If you choose to receive services from such third parties, then your personal information will be treated in accordance with those third parties’ privacy policies, and we are not responsible for their practices.
- Information You Share Through Our Services: Our Services may enable you to share your personal information with others, including healthcare providers, friends, and contacts via social media, via our app or otherwise. Please use caution when sharing your personal information with others. The information you share will be shared according to your instructions and actions, and we have no control over what happens with your information once you share it with others.
We may also use and disclose your personal information as necessary or appropriate, in particular when we have a legal obligation to do so:
- Applicable Law. We may share personal information to comply with applicable law and regulations, which may include laws outside your country of residence.
- Transactions, Liquidation. We may share personal information with third parties in connection with a transaction, such as a merger, sale of company assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business, or in the event of a bankruptcy or related or similar proceedings. As part of such transactions, we may share certain of your personal information with lenders, auditors, and third-party advisors, including attorneys and consultants; in each case, these parties will be required to agree to confidentiality and non-disclosure terms relating to such personal information before being provided with access.
- Public and Government Authorities, Law Enforcement. Where permitted or required by applicable data protection laws, we may disclose your personal information pursuant to a legal request, or in compliance with applicable laws, if we have good faith belief that the law requires us to do so, with or without notice to you.
- Protecting Rights and Safety. Where permitted or required by law, we may share your personal information with others if we believe in good faith that it will help protect the rights, property, or personal safety of us, any of our users, or any member of the general public, with or without notice to you.
- Aggregate and De-Identified Information. We may share and/or use aggregated or de-identified information about users with third parties for marketing, advertising, our business purposes, research, or any other purposes.
(5) Your choices regarding personal information:
Your choices regarding our use and disclosure of your personal information:
- Notifications. We may send you push or SMS notifications and similar forms of communication from us, which you can control within the Services. If you choose to use our chat-based virtual visit, which is hosted by our service provider, you will receive notifications to your mobile device when your physician responds.
- Marketing-related emails from us. If you no longer want to receive marketing related emails from us on a going-forward basis, you may opt out by contacting us via the Contact Us information above or opting out using the link in the bottom of the email. Opting out may prevent you from receiving notification including notices regarding updates, improvements, or offers. Please note that if you opt out of receiving marketing related emails from us, we may still send you important administrative messages about the Services, from which you cannot opt out.
(6) Information About Online Advertising
We use third-party advertising networks, data analytics providers, operating systems and platforms, and, social networks to serve advertisements regarding goods and services that may be of interest to you.
These companies place or recognize a unique cookie on your browser (including through the use of pixel tags). They also use these technologies, along with information they collect about your online and offline use, to recognize you across the devices you use, such as a mobile phone and laptop. If you would like more information about this practice and to learn how to opt out from participating companies on your device and browsers on a particular device, please visit http://optout.aboutads.info/#/ and http://optout.networkadvertising.org/#/. You may download the AppChoices app at www.aboutads.info/appchoices to opt out from participating companies in mobile apps.
(7) Third-party Services, including Payment Service
In addition, we are not responsible for the information collection, use, disclosure, or security policies or practices of other organizations, such as any other app developer, app provider, social media platform provider, operating system provider, wireless service provider, or device manufacturer, including with respect to any personal information you disclose to other organizations through or in connection with our App or Website.
We will keep your personal information for as long as your user account is active, in order to allow you to have access to your information and to provide you with our services.
We may continue to retain your personal information even after you deactivate your user account or stop using the Services, as reasonably necessary to comply with our legal obligations, to resolve disputes regarding our users, enforce our agreements or protect our legitimate interests, consistent with applicable law.
We seek to use reasonable organizational, technical, and administrative measures to protect personal information within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contact Us” section above.
Information for California Residents
Notice of Collection
Pursuant to the California Consumer Privacy Act of 2018 (“CCPA”), we are providing the following additional details regarding the categories of personal information that we collect, use, and disclose about California residents.
This notice does not address or apply to information or practices that are not subject to the CCPA, such as publicly available information; deidentified or aggregated information; certain health information governed by HIPAA and other state and federal laws; activities covered by the Fair Credit Reporting Act, and job applicant and employment information.
Categories of personal information
The following chart includes: (1) the categories of personal information, as listed in the CCPA, that we have collected within the preceding 12 months; and (2) the categories of third parties to which we disclosed personal information for our business purposes within the preceding 12 months.
|Categories of personal information||Disclosed to Which Categories of Third Parties for Business Purposes|
|Identifiers, such as name, contact information, unique personal identifiers, and IP address that can reasonably be linked or associated with a particular consumer or household online identifiers.||Affiliated clinicians, pharmacy, and pharmacy providers; advisors and agents; regulators, government entities, and law enforcement; affiliates and subsidiaries; advertising networks; data analytics providers; social networks; internet service providers, operating systems, and platforms; and others as permitted by law.|
|Government Issued Identifiers, such as Social Security number, driver’s license number and other government issued identifiers||Affiliated clinicians, pharmacy, and pharmacy providers; advisors and agents; regulators, government entities, and law enforcement; affiliates and subsidiaries; and others as permitted by law.|
|personal information as defined in the California customer records law, such as name, contact information, signature; financial account number; insurance policy number; medical, insurance, financial, education and employment information; physical characteristics or description.||Affiliated clinicians, pharmacy, and pharmacy providers; advisors and agents; regulators, government entities, and law enforcement; affiliates and subsidiaries; and others as permitted by law.|
|Commercial Information, such as transaction information and purchase history, including purchases considered.||Affiliated clinicians, pharmacy, and pharmacy providers; advisors and agents; regulators, government entities, and law enforcement; affiliates and subsidiaries; advertising networks; data analytics providers; social networks; internet service providers, operating systems, and platforms; and others as permitted by law.|
|Internet or network activity information, such as browsing history, search history and interactions with our online properties or ads. Session replay software may be used to record and replay your interaction.||Affiliated clinicians, pharmacy, and pharmacy providers; advisors and agents; regulators, government entities, and law enforcement; affiliates and subsidiaries; advertising networks; data analytics providers; social networks; internet service providers; operating systems and platforms; and others as permitted by law.|
|Geolocation Data, such as non-precise or approximate location derived from IP address.||Affiliated clinicians, pharmacy, and pharmacy providers; advisors and agents; regulators, government entities, and law enforcement; affiliates and subsidiaries; internet service providers; operating systems and platforms; and others as permitted by law.|
|Audio, electronic, visual, thermal, olfactory, or similar information includes information collected via call recordings if you are interacting with us in a customer service capacity or if you call us on a recorded line, recorded meetings, events and webinars, videos, photograph and images, and CCTV or video footage to secure our offices and premises.||Affiliated clinicians, pharmacy, and pharmacy providers; advisors and agents; regulators, government entities, and law enforcement; affiliates and subsidiaries; internet service providers, operating systems and platforms; and others as permitted by law.|
|Inferences including inferences drawn from any of the information identified above to create a profile reflecting a consumer’s preferences, characteristics, behavior, or attitudes.||Affiliated clinicians, pharmacy, and pharmacy providers; affiliates and subsidiaries; advertising networks; data analytics providers; social networks; internet service providers; operating systems and platforms; and others as permitted by law|
|Sensitive personal information including, in limited circumstances, Social Security number, driver’s license number, state identification card number, passport number, a consumer’s racial or ethnic origin, and personal information collected and analyzed concerning a consumer’s health, sex life or sexual orientation.||Affiliated clinicians, pharmacy, and pharmacy providers; advisors and agents; regulators, government entities, and law enforcement; affiliates and subsidiaries; and others as permitted by law|
|Protected Class Information, such as characteristics of protected classifications under California or federal law, such as sex, age, gender, race, medical conditions, sexual orientation, gender identity and expression, and marital status.||Affiliated clinicians, pharmacy, and pharmacy providers; advisors and agents; regulators, government entities, and law enforcement; affiliates and subsidiaries; and others as permitted by law|
Categories of personal information Sold or Shared. Although we do not monetize your personal information (e.g., we do not sell customer lists to other entities for money), we may disclose the following categories of personal information: non-governmental identifiers; commercial information; internet or other electric network activity information and inferences to the following categories of third parties: affiliated clinicians, pharmacy, and pharmacy providers; joint partners; advertising networks; internal service providers; data analytics providers; social networks; and operating systems and platforms; for purposes of marketing and advertising; analytics, measurement and improvement; and customization and personalization, which could be deemed to be a sale or sharing of personal information under the CCPA. You may opt-out of this sale or sharing as described below. We will not use or disclose sensitive personal information for purposes other than those specified in Section 7027(m). We treat the sensitive personal information, as defined by CCPA, that we collect as protected health information under HIPAA. Please see our Notice of Privacy Practices for more information. We do not knowingly sell the personal information of minors under 16 years of age.
Categories of Sources of personal information
As described in the “Categories of personal information” section above, we collect the categories of personal information from the following sources: you; affiliated clinicians, pharmacy, and pharmacy providers; advertising networks; data analytics providers; social networks; internet service providers; operating systems and platforms; advisors and agents; regulators, government entities, and law enforcement; affiliates and subsidiaries; and others as permitted by law.
Specific Business or Commercial Purpose for the Collection of personal informationAs described in the “How We Use the personal information We Collect” section above, we may use this personal information to operate, manage, and maintain our business, to provide our products and Services, to fulfill your requests, and to accomplish our business purposes and objectives, including, for example, to: develop, improve, repair, and maintain our products and Services; personalize, advertise, and market our products and Services; conduct research, analytics, and data analysis; create aggregated and/or deidentified data; maintain our facilities and infrastructure; undertake quality and safety assurance measures; conduct risk and security control and monitoring; detect and prevent fraud; perform identity verification; perform accounting, audit, and other internal functions, such as internal investigations; comply with the law, legal process, and internal policies; maintain records; and exercise and defend legal claims.
We will keep your personal information for as long as your user account is active, in order to allow you to have access to your information and to provide you with our services. We may also continue to retain your personal information even after you deactivate your user account or stop using the Services, as reasonably necessary to comply with our legal obligations, for research purposes and to train our AI models, to resolve disputes regarding our users, enforce our agreements or protect our legitimate interests, consistent with applicable law.
If you are a California resident, you have the following rights under the CCPA, subject to certain conditions and exceptions:
Right to Know/Access. You have the right to know what personal information we have collected about you, including:
- The categories of personal information;
- The categories of sources from which we collected such personal information;
- The business or commercial purpose for collecting, selling, or sharing personal information;
- The categories of third parties to whom we disclosed personal information; and
- The specific pieces of personal information we have collected about you.
Right to Delete. You have the right to delete personal information we collected from you, subject to certain exceptions.
Right to Correct Inaccurate personal information. You have the right to correct inaccurate personal information that we maintain about you.
Right to Opt-out of Selling or Sharing personal information. You have the right to opt-out of the sale or sharing of your personal information by us. To exercise this right, please click the “Do Not Sell or Share My Information” link. We also honor your right to opt out of sales and sharing as signaled by a universal opt out signal or Global Privacy Control (“GPC”). To enable GPC, you can visit the Global Privacy Control page at https://globalprivacycontrol.org. If you download a supported browser or extension and exercise your privacy rights with GPC, we will turn off third-party advertising cookies on our Website once our Website detects a GPC signal. If you visit our Website from a different device or from a different browser on the same device, you will need to opt-out, or use an opt-out preference signal, for that browser and/or device.
Right to be Free from Discriminatory Treatment or Retaliation. You have the right to be free from unlawful discriminatory treatment or retaliation for exercising your rights under the CCPA.
How to Exercise Your Privacy Rights and What to Expect
To make a request to exercise any of the rights listed above, please contact us by email at [email protected] or write to us at Privacy Office, 125 W. 25th Street, 7th Floor, NY, NY 10001. We will verify and respond to your request consistent with applicable law, taking into account the type and sensitivity of the personal information subject to the request. Note the following:
- We may require you to log into the Services to verify your identity. Depending on the nature of your request, we may request additional personal information from you, such as your K ID number, in order to verify your identity and protect against fraudulent requests.
- If you maintain a password-protected account with us, we may verify your identity through our existing authentication practices for your account and require you to re-authenticate yourself before disclosing or deleting your personal information.
- If you make a Request to Delete, we may ask you to confirm your request before we delete your personal information.
If you want to make request as an authorized agent on behalf of a California resident, you may use the submission methods noted above. As part of our verification process, we may request that you provide, as applicable, proof concerning your status as an authorized agent. If you are an authorized agent, we may also require the resident to:
- Verify the resident’s own identity directly with us; or
- Directly confirm with us that the resident provided you permission to make the request.
No Financial Incentives
Under the CCPA, the purpose of the Notice of Financial Incentive is to explain the material terms of a financial incentive or price or service difference the business is offering so that the consumer may make an informed decision
about whether to participate. We do not offer any financial incentives or price or service difference at this time.
Notice to Virginia Residents
If you are a Virginia consumer and would like to exercise your rights pursuant to the Virginia Consumer Data Protection Act (“VCDPA”), please email us at [email protected] to submit a request.
Virginia consumers have the following rights, all subject to the meanings and exceptions set forth in the VCDPA:
- Right to Access: To confirm whether we are processing your personal data and request to access such personal data.
- Right to Correct: To correct inaccurate personal data we hold about you.
- Right to Delete: To delete the personal data provided by you or obtained about you.
- Right to Obtain: To obtain a copy of the personal data previously provided by you to us and, to the extent feasible, in a readily usable format to allow data portability.
- Right to Opt-Out of Targeted Advertising: To opt-out out of the processing of your Personal Data for the purposes of targeted advertising.
We engage in online advertising practices (and certain analytics or similar activities) that may be considered targeted advertising” under the VCDPA. To disable sharing through cookies set by third parties that may be considered targeted advertising under the VCDPA using an industry solution as described above, please visit http://optout.aboutads.info/#/ and http://optout.networkadvertising.org/#/. In addition, you may choose to download the AppChoices app at www.aboutads.info/appchoices to opt out from participating companies in mobile apps.
VCDPA Appeals. Pursuant to the VCDPA, if, for any reason, you would like to appeal our decision relating to your request, you have the right to submit an appeal and can do so by emailing us at [email protected] to submit a request. Please include your full name, the basis for your appeal, and any additional information you would like us to consider.
This notice for Virginia residents was last updated on June 06, 2023.