Last Updated: Sep 28, 2019

KangarooHealth, Inc. (hereinafter, " KangarooHealth ") is committed to respecting the privacy rights of users of the Website and KangarooHealth secure cloud-based remote patient monitoring applications, as well as care automation applications (the "Applications"). KangarooHealth remote patient monitoring applications and clinical informatics platform and related services (collectively, the "Services") was developed by doctors and scientists, for improving patient care experience and outcomes while boosting care efficiency and responsiveness of doctors. We understand the importance of keeping your personal information private and provide a secure communication environment between patients and doctors. Personal information identifies you as an individual, such as your name, postal address, email address, date of birth and telephone number ("Personal Information"). This Privacy Policy describes KangarooHealth's practices in connection with information that we collect through your use of the Services and through the website from which you access the Services (the "Site"). By activating and using the Services and/or the Site, you agree to the terms and conditions of this Privacy Policy. Protected Health Information (PHI) is a part of the Personal Information that we collect. Protected Health Information that is provided to us or that we otherwise collect is subject to the additional terms and conditions in the "Protected Health Information" section below, the terms and conditions of which section will prevail and control if they are inconsistent with or contradictory to the remaining terms and conditions of this Privacy Policy.

PERSONAL INFORMATION

‍Personal Information We Collect from Providers

‍If you are a doctor or other healthcare or medical provider ("Provider"), or an individual or a third party who is authorized by a Provider to access and use the Services ("Designee"), we collect Personal Information about you when the Provider subscribes to the Services as well as when you register to use the Services. The Personal Information about Providers and Designees that we collect includes, without limitation, the Provider's and Designee's name, specialty, email address, phone number, and business postal address. We may also collect Protected Health Information about Providers or their Designees to provide a personalized experience when using KangarooHealth applications and services.

‍Personal Information We Collect from Patients and Authorized Caregivers

‍If you are a patient of a Provider who has subscribed to the Services ("Patient"), we collect Personal Information about you when you register to use the Services and through your or your Authorized Caregiver’s use of the Services, including when you, your Authorized Caregiver and your Provider communicate with each other. If you are an individual authorized by a Patient to use the Services to communicate with such Patient's Provider ("Authorized Caregiver"), we collect Personal Information about you, including, without limitation, your name, email address, phone number and your relationship to the Patient. When communicating with the Provider in using the Services, the Patient, Authorized Caregivers, Provider and its Designees may disclose Personal Information about the Patient, which may include Protected Health Information. We do not collect Protected Health Information about Authorized Caregivers.

‍How We Use Personal Information

‍We may use Personal Information, as follows:
‍
● to enable you to access and use the Services, and if you are a Patient, to access your KangarooHealth Record which contains all communications among you, your Authorized Caregiver, your Provider and its Designees.
● to respond to your inquiries.
● to send you important information regarding the Services, changes to our terms, conditions, and policies and/or other administrative information.
● for our business purposes, such as data analysis, audits, developing new products, and enhancing and improving our Site and the Services.
● as we believe to be necessary or appropriate: (a) under applicable law, including laws outside your state or country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your state or country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

‍How We Disclose Personal Information

‍We may disclose Personal Information, including Protected Health Information (defined below) as follows:
● if you are a Patient, to your Provider, its Designees and Authorized Caregivers, without further authorization for purposes of treatment, payment or operations; for other uses or disclosures permitted by law; or for purposes related to such uses or disclosures.
● if you are an Authorized Caregiver, to the Patient and his/her Provider and that Provider’s Designees.
● to our third-party service providers who provide services such as website hosting, data analysis, payment processing, order fulfillment, infrastructure provision, IT services, customer service, email delivery services, credit card processing, backup, auditing services and other similar services.
● to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings). KangarooHealth reserves the right to transfer all Personal Information in its possession to a successor organization in the event of a merger, acquisition, or bankruptcy or other sale of all or a portion of KangarooHealth’s assets. Other than to the extent ordered by a bankruptcy or other court, the use and disclosure of all transferred Personal Information will be subject to this Privacy Policy, or to a new privacy policy if You are given notice of that new privacy policy and an opportunity to alternatively opt-out of it. Personal Information submitted or collected after a transfer, however, may be subject to a new privacy policy adopted by KangarooHealth’s successor organization.
● as we believe to be necessary or appropriate: (a) under applicable law, including laws outside your state or country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your state or country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

PROTECTED HEALTH INFORMATION

‍What is Protected Health Information?
‍"Protected Health Information" or PHI includes information, whether oral or recorded in any form or medium, that we receive from a Patient, his/her Authorized Caregiver or a doctor (or other health care providers) or that we create on behalf of a doctor (or other health care provider), (i) that relates to the past, present or future physical or mental condition of the Patient; the provision of health care to the Patient; or the past, present or future payment for the provision of health care to the Patient; and (ii) that identifies the Patient or with respect to which there is a reasonable basis to believe the information can be used to identify the Patient. “Protected Health Information” has the same meaning generally in this Privacy Policy as defined as the term “Protected Health Information” in 45 C.F.R. § 160.103.

HOW WE USE AND/OR DISCLOSE PROTECTED HEALTH INFORMATION

We may use and/or disclose Protected Health Information in the same manner as Personal Information, described above, except our use and disclosure of Protected Health Information is further limited as provided by the administrative simplification provision of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), the Health Information Technology for Economic and Clinical Health Act of 2009 ("HITECH") and the Omnibus regulations promulgating Standards for Privacy of Individually Identifiable Health Information and Security Standards for the Protection of Electronic Protected Health Information promulgated thereto. Specifically, as described above, all uses or disclosures of PHI shall require Patient authorization or a valid authorization on the patient's behalf, except: (1) uses or disclosures by or to the Patient; (2) uses or disclosures for treatment, payment or healthcare operations; (3) as part of any valid use or disclosure; or (4) in compliance with and pursuant to Applicable Law. KangarooHealth may disclose PHI for most other purposes only pursuant to Patient’s valid authorization, as follows: (1) for most uses and disclosures of psychotherapy notes; (2) for use or disclosure of PHI for marketing purposes; (3) for disclosures that constitute a sale of PHI; or (4) for other uses or disclosures that are not exempt from the authorization requirement. We will enter into business associate agreements with the Patient’s Providers who are "Covered Entities" when we are a "Business Associate," as those terms are defined by HIPAA. We will use and disclose Protected Health Information only for those uses and disclosures permitted by HIPAA and under the applicable business associate agreement. We may use or disclose Protected Health Information to provide Services to the Patient or the Provider. We may also use Protected Health Information for our proper management and administration or to carry out our legal responsibilities.

NON-PERSONAL INFORMATION

‍Non-Personal Information We Collect

‍"Non-Personal Information" is any information that does not reveal your specific identity, such as:

● Browser information
● Traffic data
● Information collected through cookies, pixel tags and other technologies
● Mobile device data
● Ad Serving and Usage Analytics
● Demographic information and any other information provided by you
● Aggregated information

We and our third-party service providers may collect Non-Personal Information in a variety of ways, including:

● Through your browser: Certain information is collected by most browsers, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system version and Internet browser type and version.
● Through traffic data: KangarooHealth automatically gathers information of the sort that browsers automatically make available, including: (i) IP addresses; (ii) domain servers; (iii) types of computers accessing the Website; and (iv) types of Web browsers accessing the Website (collectively "Traffic Data"). Traffic Data is anonymous information that does not personally identify You.
● Using cookies: Cookies allow a web server to transfer data to a computer for recordkeeping and other purposes. We use cookies and other technologies to, among other things, better serve you with more tailored information and facilitate your ongoing access to and use of the Services. We use two types of cookies, "session" cookies and "persistent" cookies. A session cookie is temporary and expires after you end a session and close your web browser. We use session cookies to help customize your experience as you use the Services and maintain your signed-on status as you navigate through the features of the Services. Persistent cookies remain on your hard drive after you have exited from our Services, until you erase them, or they expire. IF YOU DO NOT WISH TO HAVE COOKIES PLACED ON YOUR COMPUTER, YOU SHOULD SET YOUR BROWSERS TO REFUSE COOKIES BEFORE ACCESSING THE WEBSITE, WITH THE UNDERSTANDING THAT CERTAIN OF THE SERVICES AND CERTAIN FEATURES OF THE WEBSITE MAY NOT FUNCTION PROPERLY WITHOUT THE AID OF COOKIES. If you do not want information collected using cookies, there is a simple procedure in most browsers that allows you to decline the use of cookies. To learn more about cookies, please visit http://www.allaboutcookies.org/.
● Using pixel tags, web beacons, clear GIFs or other similar technologies: These may be used in connection with some Site pages and HTML-formatted email messages to, among other things, track the actions of Site users and email recipients, and compile statistics about Site usage and response rates.
● Mobile device data: When users download, install and use the Applications on their mobile phone or other wireless telecommunications device, KangarooHealth automatically gathers information, including without limitation, carrier providers, a unique device identifier, geo-location information (if allowed by the user), the types of mobile devices accessing the Application, and the types of operating systems accessing the Applications (collectively, "Mobile Device Data"). A unique device identifier is a string of alphanumeric characters (similar to a serial number) used to uniquely identify and distinguish each mobile phone or other wireless communications device. Location services can be enabled or disabled at any time, through the mobile device settings. KangarooHealth uses Mobile Device Data to understand usage patterns and to improve the Applications.
● Ad Serving and Usage Analytics: KangarooHealth may elect to use third-parties for advertising and usage analytics for the Website and Applications. These third-parties may place Cookies on Your machine, use Web Beacons, gather Personal Information (as defined below), Traffic Data and Mobile Device Data, and log data to collect Traffic and activity data in order to deliver relevant metrics, content, and advertising. We do not share Your non-public Personal Information with these parties, but we may share anonymized or aggregated information with them to improve the relevancy of the ads You see at third-parties’ websites/applications. The collection of this information by third-parties is subject to such third-parties’ privacy policies. For additional information, see the section concerning Third-Party Websites/Applications, below. With regards to advertising on the Website, to learn more about behavioral advertising practices or to opt-out of this type of advertising, visit http://www.networkadvertising.org/choices, http://www.aboutads.info/choices, and http://opt.jumptap.com/optout/opt? jt.
● From you: Information such as your location, as well as other information, such as your preferred means of receiving messages through the Services (e.g., emails or text messages), or your activity level, or your weight, is collected when you voluntarily provide this information. Unless combined with Personal Information, this information does not personally identify you or any other user of the Service.
● By aggregating information: Aggregated Personal Information does not personally identify you or any other user of the Service (for example, we may use Personal Information to calculate the percentage of our users who have chosen to receive messages by text messaging).

How We Disclose and Use Non-Personal Information
‍
Because Non-Personal Information does not personally identify you, we may use and disclose Non- Personal Information for any purpose whatsoever. In some instances, we may combine Non-Personal Information with Personal Information (such as combining your name with your geographical location). If we combine any Non-Personal Information with Personal Information, the combined information will be treated by us as Personal Information as long as it is combined.

IP ADDRESSES

Your "IP Address" is a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP). An IP Address is identified and logged automatically in our server log files whenever a user uses the Services, along with the time of the visit and the page(s) that were visited. Collecting IP Addresses is standard practice on the Internet and is done automatically by many web sites. We use IP Addresses for purposes such as calculating usage levels, helping diagnose server problems, and administering the Services. We may also use and disclose IP Addresses for all the purposes for which we use and disclose Personal Information. Please note that we treat IP Addresses, server log files and related information as Non-Personal Information, except where we are required to do otherwise under applicable law.

THIRD-PARTY SITES

This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties. The inclusion of a link within the Services does not imply endorsement of the linked site by us or by our affiliates.SECURITYWe use reasonable organizational, technical and administrative measures to protect Personal Information under our control, consistent with the Omnibus regulations promulgating Standards for Privacy of Individually Identifiable Health Information and Security Standards for the Protection of Electronic Protected Health Information. Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us in accordance with the “Contacting Us” section below. Likewise, KangarooHealth will notify affected Providers and Patients of any breach of unsecured PHI within twenty-four (24) hours of notice and confirmation thereof.

ACCESSING AND CHANGING YOUR INFORMATION

‍How you can access or change your Personal Information
‍If you would like to review, correct, update, delete or otherwise limit our use of your Personal Information that has been previously provided to us, you may contact us in accordance with the "Contacting Us" section below.In your request, please make clear what information you would like to have changed, whether you would like to have your Personal Information deleted from our database or otherwise let us know what limitations you would like to put on our use of your Personal Information. We will try to comply with your request as soon as reasonably practicable. Please note that in order to comply with certain requests to limit use of your Personal Information we may need to terminate your account with us and your ability to access and use the Services, and you agree that we will not be liable to you for such termination or for any refunds of prepaid fees paid by you. Although we will use reasonable efforts to do so, you understand that it may not be technologically possible to remove from our systems every record of your Personal Information. The need to back up our systems to protect information from inadvertent loss means a copy of your Personal Information may exist in a non-erasable form that will be difficult or impossible for us to locate or remove.

RETENTION PERIOD

‍We will retain your Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Policy and our Terms of Service unless a longer retention period is required or allowed by law.

USE OF SITE BY MINORS

The Services are not permitted for use by individuals under the age of eighteen (18) unless they have provided the written consent of their parents or legal guardians, and we request that these individuals do not provide Personal Information to us.

UPDATES TO THIS PRIVACY POLICY
‍
We may change this Privacy Policy. Please review the “LAST UPDATED” legend at the top of this page to see when this Privacy Policy was last revised. Any changes to this Privacy Policy will become effective when we post the revised Privacy Policy on the Site, make it available through the Services, or otherwise notify you at the email address provided by you at the time you registered for the Services, whichever occurs earlier. Any change to this Privacy Policy will be effective for all information that we maintain, even information in existence before the change. Your use of the Site following these changes means that you accept the revised Privacy Policy.

CONTACTING US
‍
‍If you have any questions about this Privacy Policy, please contact us by email at privacy@kangaroohealth.com, or please write to: KangarooHealth, Inc. 2627 Hanover Street, Palo Alto, CA. 94304. Please note that email communications are not always secure; so please do not include sensitive information in your emails to us.