Skip to main content
Privacy Policy

This Privacy Policy (“Privacy Policy”) explains Pluto Health, its affiliates, and contracted health providers ("Pluto", “we,” “us,” “our”) privacy practices for the activities described below. This Privacy Policy carefully to learn how we collect, use, share and process personal information. Below you can learn about your rights and choices regarding information we collect from or about you. Contact information for more information is included below.

General Terms: By using our website, our applications that run on mobile devices or tablets, or any online or mobile site or application that we own or control (collectively, our “Sites”), and/or by agreeing to this Privacy Policy, e.g. in the context of purchasing or utilizing any of our products or services, you understand and acknowledge that we will collect, process, use and share personal information as described in this Privacy Policy and consent to the practices described in this Privacy Policy.

1. PERSONAL INFORMATION WE COLLECT

"In conducting every aspect of our business, we may collect personal information to help obtain your health data. The information we collect will vary depending on your interaction with us. You are not required to provide any information you are not comfortable sharing. Such information may include, without limitation: your name, addresses, email addresses, telephone numbers, date of birth, age, insurance information, gender, protected health information, and other types of personal information that you choose to provide to us or that we may obtain about you. We collect personal information, as well as other information, in multiple ways. You are provided options to fill out information that you are comfortable sharing with our team when using our platform.

We will not share your information to any outside third parties that you are not aware of, are part of your care team as described below, or required by HIPAA. You will have control of who sees your data. You may delete your profile at any time and we will not keep copies of your data on our servers.

Information You Provide to Us: We collect information you provide to us. This may include, for example, when you request information or materials from us, visit or use our Sites, purchase our products or services, create an account in our application, register for an account on the customer portal, communicate with our customer service or sales teams, respond to a survey, or respond to our advertisements.

Information We Collect from Other Sources: We may collect information about you from a variety of third parties. For example, we may obtain information about you from: covered entities such as health plans, health insurance companies, health care providers and healthcare clearinghouses; organizations, universities and private clinics conducting research studies or clinical trials; companies that search for, provide, and/or aggregate information from public records, such as LexisNexis Risk Solutions and Accurint; identity verification providers, such as Vouched, state and federal government agencies, such as the IRS and Medicare/Medicaid; credit bureaus and credit reporting agencies, such as Equifax; your existing health, medical, provider, or insurance accounts when you grant permission to access your accounts or information; social media networks; and publicly-available sources and data suppliers from which we obtain data to validate or supplement the information we hold.

Information We Collect Automatically: When you use or visit our Sites, we collect some information automatically. For example, when you visit our website, we may collect device, usage and log information such as your computer’s operating system, Internet Protocol (IP) address, access times, browser type and language, the search engine you used to locate the website, and the website you visited before or after our site. In addition, we gather certain navigational information about where you go on our website to help us determine which areas of the website are most frequently visited and helps us to tailor the sites to the needs and interests of our online visitors. If you use our mobile applications or use our Services on a mobile device or tablet, we may also collect your device type, mobile phone number, operating system type, wireless carrier, and device IDs, on our mobile applications.

Like most companies, we use technologies such as web beacons, pixels, tags, and JavaScript, alone or in conjunction with cookies, to gather this information. When you visit our website, we, or an authorized third party, place or recognize a unique cookie on your browser (including through use of pixel tags) that collects information, including personal information, about your online activities over time and across different sites. We also use web beacons and pixels in our emails to collect information about how you interact with our emails. For example, we may place a pixel in marketing emails that notify us when you click on a link in the email. If you want to remove or cookies and other collection technology, you may be able to update your browser settings (consult your browser’s “help” menu to learn how to remove or block cookies and similar technology). You can find instructions on how to manage collection technology on different types of web browsers at www.allaboutcookies.org.

We may also create information about you based on the information we collect from or about you. For example, we or our identity verification service provider may create biometric information about you if you provide pictures of yourself and provide your consent. We may also create other inferences based on the information you provide or that we collect, such as inferences about your age or location as part of our identity verification process.

2. HOW WE USE PERSONAL INFORMATION

We use your personal information to help us assist you.

We may use your personal information to: Complete contracts as well as any disclosures or other documents required by law; Provide, develop, maintain, and improve our products and Services (e.g. evaluate the performance of our staff, assess the quality of our products and Services, and help us improve our website and processes);Process any applications, forms, requests, inquiries, or other information submitted to us; Send marketing communications, promotional offers, and periodic customer satisfaction, market research or quality assurance surveys; Communicate with you; Administer and process payments to you or from you; Create and update your customer account, including aggregating your health and medical records and treatment information; Allow creation, maintenance, customization, enrollment, registration, and securing of accounts on your behalf; Administer and support participation in sweepstakes, special offers, special pricing, discounts, and promotions; Personalize our products, websites, and Services, including content, ads and offerings; Perform research and analytical activities (e.g. identifying trends and the effectiveness of marketing campaigns); Solicit your participation in a clinical trial or research study; Conduct audits, security and fraud monitoring and prevention; Protect our legitimate business interests and legal rights; and Assist us with legal claims, compliance, regulatory and investigative purposes as necessary (including in connection with law enforcement investigations, legal process, or litigation).

We may also use personal information we have collected or generated about you to verify your identity. For some users, this may involve the creation and use of biometric information. For example, if you submit pictures of yourself and your government-issued ID, our identity verification service provider may create and compare the biometrics on those images to verify that you are who you say you are. Any biometric information created is used only to verify your identity and prevent fraud. We do not receive any biometric information from our service provider, and biometric information is stored no longer than three years.

We may also use personal information we have collected and aggregated or anonymized personal information for any purpose permitted by law. For example, we may use this information to understand more about our users, such as by analyzing aggregated information to calculate the percentage of our users who have a particular telephone area code. This includes demographic data, inferred commercial interests, and other information we may collect from you or from third parties.

3. HOW WE SHARE PERSONAL INFORMATION

We have strict data sharing policies. We share data with these things happenning:

1) we have patient permission AND

2) patient's know who they are sharing the data with OR

3) as required by HIPAA, allowed by HIPAA with care teams, or allowed by the HIPAA Privacy Rule

No unknown third parties. Period. We may share your personal information with the third parties when you request that we do so or when it is necessary that we to do so as described below.

Service Providers. We may share your personal information with third parties who work on behalf of, or with, us such as vendors, processors, suppliers, agents, attorneys, management companies, staffing companies, and representatives (collectively, "Service Providers”). Service Providers assist us with a variety of functions including, but not limited to, sending communications, assisting with analytics, conducting research or surveys, sending regular mail and e-mail, maintaining databases, verifying your identity, providing software applications, or processing credit card or debit card payments.

Covered Entities and Health Providers (collectively, “clinicians” or "providers"). We may share your personal information with clinical teams. Clinical teams or providers are people or parties that work to advance your care. You may indicate that you would like your data shared with healthcare providers, health plans, and healthcare clearinghouses that must comply with the HIPAA Privacy Rule. For example, we may share your personal information with your physician if you direct us to do so.

Affiliated Covered Entity and Organized Health Care Arrangement. We may participate as part of an Affiliated Covered Entity (ACE) or organized health care arrangement (OHCA). An ACE is a collective designation under HIPAA for a group of legally separate health providers that may work together. These entities may choose to function together for compliance with HIPAA regulations. These entities and arrangements, collectively, are referred to in this policy as “care teams" or “care team”. This designation allows for the seamless sharing of your protected health information (PHI) for the purposes of treatment, payment, and healthcare operations. This allows us to provide coordinated care and comprehensive services to our patients across care teams. For more information see our Notice of Privacy Practices.

With Your Consent or At Your Direction. We may share your personal information with third parties whenever you consent to or direct such sharing.

Clinical Trial Sponsors and Investigators. If you opt-in or participate in a clinical trial or research study, we may share your personal information with the sponsor of the clinical trial or research study and the investigators involved in that trial or study or in related trials or studies. As allowable by HIPAA, with your permission or direction we may share your personal information for research options that may advance your care or treatment options.

Government Agencies. We may share your personal information with government agencies, law enforcement, or authorized third parties in response to a request relating to a civil or criminal investigation or other alleged illegal activity. We may also share your personal information with government agencies such as the Department of Defense and the Secretary of the U.S. Department of Health and Human Services.

Disclosures Under Special Circumstances. We may disclose your personal information to third parties under special circumstances: (i) where we have a good faith belief that such disclosure is necessary to meet any applicable law, regulation, legal process or other legal obligation; (ii) when we believe disclosure is necessary to protect or prevent harm, illegal activity, or financial loss; (iii) to detect, investigate and help prevent security, fraud or technical issues; (iv) to research entities for use in health-related analytics and insights; (v) to assist in managing or responding to public emergencies such as a disease outbreak or pandemic (vi) to enforce our Terms of Use, and (vii) to cooperate with law enforcement, government, quasi-governmental and public agency requests or reporting requirement.

Corporate Transactions. We may transfer your personal information in the event we: (i) sell or transfer, or are considering selling or transferring, all or a portion of our business or assets; or (ii) are considering or engaging in any reorganization, conversion, merger, sale, joint venture, assignment, transfer or disposition of all or any portion of our ownership interest, business or operations.

4. USE AND DISCLOSURE OF PROTECTED HEALTH INFORMATION

We share a commitment with Covered Entities to protect the privacy and confidentiality of Protected Health Information (“PHI”) that we obtain subject to the terms of a Business Associate Agreement. A Business Associate Agreement is a formal written contract between The Pluto Health and a Covered Entity that requires us to comply with specific requirements related to PHI. We may use PHI for our management, administration, data aggregation and legal obligations to the extent such use of PHI is permitted or required by the Business Associate Agreement and not prohibited by law. We may use or disclose PHI on behalf of, or to provide services to, Covered Entities for purposes of fulfilling our service obligations to Covered Entities, if such use or disclosure of PHI is permitted or required by the Business Associate Agreement and would not violate the Privacy Rule. In the event that PHI must be disclosed to a subcontractor or agent, we will ensure that the subcontractor or agent agrees to abide by the same restrictions and conditions that apply to us under the Business Associate Agreement with respect to PHI, including the implementation of reasonable and appropriate safeguards. We may also use PHI to report violations of law to appropriate federal and state authorities.

5. PERSONAL INFORMATION OF CHILDREN

We do not knowingly collect person information of individuals under the age of 13 (a “child” or “children”) through our website or through the use of cookies. We collect and/or store a child’s personal information only after receipt of consent by a parent or legal guardian. We do not require children to disclose more information than is reasonably necessary to use our application and services. We disclose the personal information of children only when directed to do so by their parent or legal guardian. Parents and legal guardians have the right to review their child’s personal information, direct us to delete it, and refuse to allow any further collection or use of the child’s information. To exercise those rights, please contact us at hello@pluto.health. If you are a parent or guardian and believe we may have inadvertently collected personal information from your child without your permission, please notify us immediately by sending an email to hello@pluto.health.

6. “DO NOT TRACK” DISCLOSURE

We do not collect or respond to Do Not Track signals and our websites do not function differently based on any Do Not Track preferences that may be received. For more information on Do Not Track signals, please visit https://allaboutdnt.com/.

7. ANALYTICS SERVICES

We may use analytics services provided by third-party partners, which use cookies and other collection technology to collect and store information about the use of the Sites and the use of other websites, apps and online resources. For information on opting-out, please visit http://optout.aboutads.info, and http://optout.networkadvertising.org. For information on opting-out in mobile applications, please visit https://www.networkadvertising.org/mobile-choice.

8. LINKING TO OTHER SITES

Our website may contain links to other sites that we do not own or operate. We do not control, recommend or endorse and are not responsible for these sites or their content, products, services or privacy policies or practices. These other sites may send their own cookies to your device, they may independently collect information about you or from you, and they may or may not have their own published privacy policies.

9. PROTECTION OF PERSONAL INFORMATION

We store your information using reasonable physical, technical and administrative safeguards. Please be aware that the Sites and data storage are run on software, hardware and networks, any component of which may, from time to time, require maintenance or experience problems or breaches of security beyond our control. In addition, no transmission of data over the internet is guaranteed to be completely secure. It may be possible for third parties not under our control to intercept or access transmissions or private communications unlawfully. We cannot ensure or warrant the security of any information you transmit to us over the internet.

10.DATA RETENTION

We retain your personal information for as long as necessary to provide our services and fulfill the transactions you have requested, or for other essential purposes such as complying with our legal obligations, maintaining business and financial records, resolving disputes, maintaining security, detecting and preventing fraud and abuse, and enforcing our agreements. If you access the Sites or utilize our services on behalf of an organization, we retain your organizational contact details after the termination of your organization’s transaction to continue to communicate with you.

11.MARKETING COMMUNICATIONS

If you no longer want to receive marketing-related emails from us on a going-forward basis, you may opt out by contacting us by email at hello@pluto.health or by following the instructions in any such email you receive from us. We will try to comply with your request as soon as reasonably practicable. If you opt out of receiving marketing emails from us, we may still send you important administrative messages, from which you cannot opt out.

12.LOCATION OF PROCESSING

Subject to applicable law, we will transfer personal information collected in connection with the use of our Sites or services to the United States for processing. By providing personal information to us or using the Sites, you acknowledge and consent to the transfer and processing of such information in the United States.

13.CHANGES TO THIS PRIVACY POLICY

The Privacy Policy may be revised from time to time. The “Last Updated” legend at the bottom of this page indicates when this Privacy Policy was last revised. Any changes will become effective when we post the revised Privacy Policy on any of our websites. Your use of the Services following these changes means that you accept the revised Privacy Policy.

14.CONTACT US

In certain circumstances, you may be able to review and request changes to your personal information.

If you would like to make changes or have any questions or concerns about this Privacy Policy or our privacy practices, please contact us at hello@pluto.health.