At Buoy Health, Inc. (“We,” “us,” or “Buoy”), we are committed to helping you take the guesswork out of healthcare. To do that, we need to collect, use, and share some of your information. This Privacy Notice is meant to help you understand how Buoy does that and how to exercise the choices and rights you have in your information.
Please read this Privacy Notice carefully. We respect your privacy and we want you to understand how we manage the information you provide to us and the measures we take to protect it.
- The Information You Share with Us
- The Information We Collect from Third Parties
- How We Protect the Information We Collect
- How We Use Your Information
- How We Share the Information We Collect
- Your Rights Regarding Your Information
- Children under Age 13
- Non-Personal Information
- Job Applicants
- Links to Third Party Content and Websites
- Changes to This Privacy Notice
- Contact Us
This Privacy Notice applies to all Buoy users (whether registered or not), to all Buoy platforms and services, including our websites, product features, and other services (collectively, the “Buoy Services” or “Services”), and to our practices for collecting, using, and sharing the Personal Information you provide to us in using the Buoy Services. In this Privacy Notice, the term “you” refers to the consumer using the Buoy Services.
This Privacy Notice also applies to all information you may provide to Buoy as part of a job application to join our crew. See the “Job Applicants” section of this Privacy Notice for more information.
In some cases, Buoy may qualify as a “Business Associate” (as defined by 45 C.F.R. 160.103) under the Health Insurance Portability and Accountability Act of 1996 as amended (“HIPAA”). In these cases, the data that we collect from a “Covered Entity” (as defined by 45 C.F.R. 160.103) is also subject to specific terms and conditions under a Business Associate Agreement, as required by HIPAA.
3. INFORMATION WE COLLECT FROM THIRD PARTIES
Third parties may provide us with information needed to provide you with the Buoy Services. This information is listed below.
Location Information. When you use the Buoy Services, we may use a third party to collect location information about you by sharing your IP address with that third party. “Location Information” may include your location at the time you access the Buoy Services.
On Behalf of Someone Else. If you use our Services on behalf of someone else, such as a friend or family member, we may collect information about you and that someone else, including the name, age, and gender of you and that someone else.
Referral Programs. Friends, family, and co-workers may encourage each other to use the Buoy Services. If someone refers you to Buoy, we will collect information about you from that referral, including your name and contact information.
Other Users and Sources. Other users or public or third-party sources such as law enforcement may provide us with information about you, such as part of an investigation into an incident or to provide you support.
Enterprise Programs. If you use our Services through your employer, health plan, health care provider, or another entity or platform that participates in one of Buoy’s enterprise programs (“Enterprise Program”), we may collect information about you from those parties, including your name and contact information. The information we collect from you may be subject to additional terms and conditions set forth between Buoy and that entity or platform (the “Supplemental Terms”), and any Supplemental Terms are hereby incorporated by reference as they may apply. Buoy may make the Supplemental Terms available to you as part of the Enterprise Program. For more information about the Supplemental Terms that may govern your use of our Services through an Enterprise Program, please contact the entity that sponsors your access to the Buoy Services.
4. HOW WE PROTECT THE INFORMATION WE COLLECT
Buoy strives to use reasonable physical, technical, and administrative safeguards (such as firewalls, encryption, identity management, and intrusion prevention and detection) to protect the information you share with us, but no data transmission over the Internet or data storage system is guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your Buoy account might have been compromised), please contact us immediately in accordance with the “Contact Us” section in this Privacy Notice.
We retain your Personal Information for as long as necessary to provide you with the Buoy Services. This means that we keep your Personal Information for as long as you maintain an Account or until we process a request by you to delete your Personal Information (see the “Deleting Your Account” section below), whichever is sooner. In those cases where you have not created an Account, we keep your Personal Information for as long as necessary to provide you with the Buoy Services. We may retain Non-Personal Information for as long as we choose to do so.
We retain transactional information, such as contracts related to our Enterprise Programs, payments, and user support emails, for at least six years to ensure that we can perform legitimate business functions, such as accounting for tax obligations or audits for security purposes.
5. HOW WE USE YOUR INFORMATION
We use your Personal Information to:
- Provide the Buoy Services;
- Maintain the safety and security of the Buoy Services and its users;
- Provide customer support;
- Improve the Buoy Services; and
- Respond to legal proceedings and obligations.
We may also de-identify and/or aggregate your Personal Information such that it no longer constitutes Personal Information. See the “Non-Personal Information” section of this Privacy Notice for more information.
Providing the Buoy Services. We use your Personal Information to provide a unique experience to you with our Services. To do this, we use your Personal Information to:
- Verify your identity and maintain your account, settings, and preferences;
- Connect you to more relevant Services;
- Communicate with you about the Buoy Services and your experience;
- Collect feedback regarding your experience; and
- Facilitate additional services and programs with third parties, to the extent permitted by law and this Privacy Notice.
Maintaining the Safety and Security of the Buoy Services and its Users. Providing you the Buoy Services safely and securely is important to us. To do this, we use your Personal Information to:
- Authenticate users;
- Investigate and resolve incidents;
- Respond to user support requests;
- Find and prevent fraud; and
- Block and remove unsafe or fraudulent users from the Buoy Services.
Providing Customer Support. We want to provide you with the best experience possible, including support and information when you need it. To do this, we use your Personal Information to:
- Provide you support or respond to you;
- Personalize and provide content, experiences, and communications to inform you about our Services; and
- Investigate, and assist you in resolving questions or issues you have regarding the Buoy Services.
Improving the Buoy Services. We are always working to improve your experience and provide you with new and helpful features. To do this, we use your Personal Information to:
- Perform research, testing, and analysis;
- Develop new products, features, partnerships, and services; Prevent, find, and resolve software or hardware bugs and issues; and
- Monitor and improve our operations and processes, including security practices, algorithms, and other models.
Responding to Legal Proceedings and Obligations. In some cases, laws, government entities, or other regulatory bodies impose demands and obligations on us with respect to the services we seek to provide you. In these cases, we may use your Personal Information to respond to those demands or obligations.
7. YOUR RIGHTS REGARDING YOUR INFORMATION
Buoy enables you to access, control, and delete your Personal Information. This section explains the ways you may exercise these rights.
A. All Users in the United States
The information below applies to all users of the Buoy Services in the United States:
Email Subscriptions. You can always unsubscribe from our commercial or promotional emails by clicking the “unsubscribe” button in those messages. We will still send you transactional and relational emails about your use of the Buoy Services.
Text Messages. The Buoy Services may include sending you text messages with regard to your health and symptoms. You can opt out of receiving text messages from Buoy by texting the word STOP to us at any time from the mobile device receiving the text messages. To re-enable text messages you can text the word UNSTOP to us in response to an unsubscribe confirmation text message.
Account Information. You can review and edit certain account information you have chosen to add to your profile by logging in to your Account and navigating to your account settings.
Location Information. You can prevent your device from sharing location information through your device’s system settings. By doing this, you may impact our ability to provide you our full range of features and services.
Cookies. You can modify your cookie settings in your browser. If you delete or choose not to accept our cookies, you may miss out on certain features of the Buoy Services. You can read more information about cookies in our Cookies Policy.
Enterprise Programs. If you use our Services through an Enterprise Program, access, control, or deletion of your Personal Information may be subject to Supplemental Terms, including the discretion of the entity that sponsors your access to the Buoy Services. In some cases, Buoy may not be able to respond to your access, control, or deletion request. For more information, please contact the entity that sponsors your access to the Buoy Services.
Deleting Your Account. If you would like to delete your Buoy account, please visit the deactivation instructions in Buoy’s Help Center, which will instruct you how to do this. In some cases, we will be unable to delete your account, such as if there is an issue with your account related to trust, safety, or fraud. When we delete your account, we may retain certain information for legitimate business purposes or to comply with legal or regulatory obligations. For example, we may be obligated to retain your information as part of an open legal claim. When we retain such information, we do so in ways designed to prevent its use for other purposes.
B. California Residents
The California Consumer Privacy Act and the California Online Privacy Practices Act provide some California residents with rights in addition to the rights above. These additional rights for California residents are listed below. To exercise any of these rights, please follow the instructions listed in this section.
Right to Know. You have the right to know and see what Personal Information we have collected about you over the past 12 months, including:
- The categories of Personal Information we have collected about you;
- The categories of sources from which the Personal Information is collected;
- The business or commercial purpose for collecting your Personal Information;
- The categories of third parties with whom we have shared your Personal Information; and
- The specific pieces of Personal Information we have collected about you.
Right to Delete. You have the right to request that we delete the Personal Information we have collected from you (and direct our service providers to do the same). There are a number of exceptions, however, that include, but are not limited to, when the information is necessary for us or a third party to do any of the following:
- Complete your transaction;
- Provide you with the Services;
- Perform a contract between us and you;
- Detect security incidents, protect against malicious, deceptive, fraudulent or illegal activity, and prosecute those responsible for such activities;
- Fix our system in the case of a bug;
- Protect the free speech rights, including such rights belonging to you or other users, or exercise another right provided by law;
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et seq.);
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interests that adheres to all other applicable ethics and privacy laws;
- Comply with a legal obligation; or
- Make other internal and lawful uses of the information that are compatible with the context in which you provided it.
Other Rights. You can request certain information about our disclosure of Personal Information to third parties for their own direct marketing purposes during the preceding calendar year. This request is free and may be made once per year. However, as noted above, Buoy does not disclose your Personal Information to third parties other than for the purposes listed in this Privacy Notice. You also have the right not to be discriminated against for exercising any of the rights listed above.
Exercising these Rights. To request access to or deletion of your Personal Information, or to exercise any other data rights under California law, please contact us in accordance with the “Contact Us” section in this Privacy Notice. Please include your full name, email address, along with why you are emailing us, so that we can verify and process your request in an efficient manner.
Response Time. We aim to respond to a consumer request for access or deletion within 45 days of receiving a verifiable request. If we require more time, we will inform you of the reason and extension period in writing.
Do Not Track. Your web browser may offer you a “Do Not Track” option, which allows you to signal to website operators and web applications and services that you do not want them to track your online activities. The Buoy Services do not support Do Not Track requests at this time.
8. CHILDREN UNDER AGE 13
Our Services are not directed to children, and we do not knowingly collect Personal Information from children under age 13. If we find out that a child under age 13 has given us Personal Information without parental consent, we will take steps to delete that information. Where deletion is not possible, we will take steps to de-identify that information. If you believe that a child under age 13 has given us Personal Information, please contact us in accordance with the “Contact Us” section in this Privacy Notice.
9. NON-PERSONAL INFORMATION
We may de-identify and/or aggregate your Personal Information such that it no longer may be associated with you or identify you individually (this de-identified and/or aggregated information, “Non-Personal Information”). We may use this Non-Personal Information for our purposes, including but not limited to service improvements, product development and analytics, machine learning, predictive analytics, business operations, and auditing purposes. We also may share this Non-Personal Information with third parties. For example, we may share the total number of times people engaged with the Buoy Services in the month of December or the most common symptoms that are experienced by users who reside in a particular city.
10. JOB APPLICANTS
Are you interested in joining the Buoy crew? If so, visit our Careers page for our current job openings.
When you apply for a job at Buoy, we will ask you to provide us with certain information about yourself so we can evaluate your qualifications for the job (“Application Information”) or other purposes, as described below. In this section, a “Candidate” means any individual who applies for a job at Buoy, and “Application” means any of the materials a Candidate submits to us related to a job opening. Candidates choose how much Application Information to provide Buoy. All Application Information provided is on a voluntary basis.
Types of Application Information. We may collect any of the Application Information below. Candidates may provide us with additional information that we have not specifically requested (such as information about hobbies or other interests).
- Contact details, such as the Candidate’s name, address, email address, and other contact information provided on a resume or CV;
- Background information, such as work history and education history; and
- Previous work materials, such as a writing sample.
We may collect additional information from the Candidate depending on the job, such as the Candidate’s response to a prompt or other materials used to evaluate skills relevant to the job. Later in the hiring process we will collect additional information from the Candidate, so that we may contact references or perform a background check.
From time to time, we may obtain information about a Candidate from public sources or third parties. For example, we may review information about a Candidate obtained from social media sites, such as LinkedIn.
How We Use Application Information. We use Application Information for the following purposes:
- Recruitment, evaluation, and hiring for the job that the Candidate has applied for or other opportunities at Buoy (unless the Candidate has told us they do not want to be considered for other opportunities);
- Communications with the Candidate about their application status;
- Application analysis, such as a background check or reference check;
- General HR administration and management, in case you become a Buoy employee;
- Verification, such as a background check or reference check. Buoy uses a third-party service provider for all background checks; and
- Compliance with corporate governance and legal requirements.
Buoy does not use any automated decision making systems in connection with the Applications that we receive.
How Long We Retain Application Information. Buoy retains all Application Information in our system indefinitely, unless the Candidate tells us not to or applicable law prevents us from doing so.
How We Share Application Information. We may share Application Information with third-party service providers that help us collect, store, and manage Application Information as part of our recruitment process or that help us to conduct background checks. In addition, we may share Application Information as necessary to comply with our legal obligations (such as responding to a lawful government request), to establish, exercise or defend or legal rights, or where we have otherwise obtained your consent. We will always seek to ensure that any third parties who handle your Application Information will do so in a manner consistent with this Privacy Notice and in accordance with applicable law.
In addition to this section, the “Jurisdiction,” “Changes to this Privacy Notice,” and “Contact Us” sections of this Privacy Notice apply to Candidates.
Buoy is controlled and offered by us from the United States; accordingly, this Privacy Notice, and our collection, use and disclosure of your Personal Information, is governed by U.S. law, and not by the laws of any country, territory or jurisdiction other than the United States. We do not represent or warrant that the Buoy Services or any functionality or feature thereof is appropriate or available for use in any particular jurisdiction. If you choose to access or use the Buoy Services, you do so on your own initiative and at your own risk, and you are responsible for complying with all applicable laws, rules and regulations.
13. CHANGES TO THIS PRIVACY NOTICE
We may change this Privacy Notice from time to time. When changes are made, we will make the new Privacy Notice available on the Buoy website and update the date upon which the related terms and conditions are effective (the “Effective Date”). Any time we make material changes to the Privacy Notice, we will provide you with notice via email (if you have provided your email address to us). If you do not agree to the changes after receiving notice of such changes, you should stop using our Services. Otherwise, your continued usage of the Services will mean you accept those changes, to the extent permitted by law. Please regularly check the Buoy website to review the then-current Privacy Notice.
14. CONTACT US
If you have any questions about this Privacy Notice or have requests pertaining to your information, please contact Buoy by email at email@example.com.
Please note that email communications are not always secure. Please do not include health information or other sensitive information in your email to us.