Meto Privacy Policy

Last Updated: October 2nd, 2024

Meto Health, Inc. ("we", "us", "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our websites, mobile applications, and related services (collectively, the "Services"). By using our Services, you agree to the terms of this Privacy Policy.

This Privacy Policy applies to all users, including patients and clinicians, and aligns with applicable laws such as the Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR), and relevant state regulations.

1. Information We Collect

We collect different types of personal information through a variety of interactions, depending on your use of our Services. Information may be provided directly by you, collected automatically during your use, or obtained from third-party sources.

a. Personal Identifiers

  • Details: This includes information that directly identifies you, such as your full name, email address, phone number, home or business address, date of birth, user name, and login credentials.
  • Purpose: These identifiers are essential for creating and managing your account, verifying your identity, enabling communication, and maintaining secure access to the Services.

b. Sensitive Health Information

  • Details: We collect sensitive health information such as medical history, treatment plans, diagnoses, prescriptions, and clinical notes, all protected under HIPAA regulations. This may also include results from laboratory tests, and clinical evaluations.
  • Purpose: This information is crucial for providing healthcare services, allowing clinicians to manage and deliver personalized treatment, track health outcomes, and securely store medical records.

c. Financial Information

  • Details: Information related to payments and billing, including credit or debit card details, bank account numbers, insurance information, and billing history, is collected to facilitate financial transactions.
  • Purpose: Financial data is used to process payments, submit claims to health insurers, verify insurance eligibility, and issue invoices or refunds. This data is stored and processed securely in compliance with financial regulations.

d. Professional Information (Clinicians)

  • Details: For clinicians using the platform, we collect professional information such as licensure status, educational background, certifications, professional affiliations, and work history. We also collect practice information such as areas of specialization, practice location, and insurance networks.
  • Purpose: This information is used to verify clinician credentials, enable patients to find and connect with clinicians, and ensure compliance with relevant healthcare regulations.

e. Device and Internet Activity

  • Details: We automatically collect data such as IP address, device identifiers, browser type, operating system, time spent on pages, clickstream data, and interactions with our Services. This may include session logs and geolocation data derived from your device.
  • Purpose: This information helps us optimize your experience on our platform, monitor system performance, ensure security, and prevent unauthorized access. It also supports data analytics to improve service delivery and user satisfaction.

f. Geolocation Data

  • Details: Geolocation data, such as IP-based location information or GPS data from your mobile device, is collected when you use location-based features or access our Services from different locations.
  • Purpose: Geolocation data enables us to provide location-specific services, and ensure compliance with location-based legal requirements.

g. Communications

  • Details: We collect information from communications between you and our team, including emails, phone calls, live chat, or secure messaging systems used within our platform. This may also include support tickets and other inquiries.
  • Purpose: Communication data is used to provide customer support, resolve disputes, facilitate care between clinicians and patients, and maintain a record of interactions for continuity of care.

h. Audio/Visual Information

  • Details: We may collect audio and video data during telehealth consultations or when you interact with certain features of our Services that involve recording or media uploads, subject to consent. This includes telehealth session recordings and profile photos. Additionally, calls between patients and clinicians may be recorded for the purpose of providing transcription services and improving the quality of care.
  • Purpose: Audio and visual data are collected to facilitate virtual consultations, ensure the accuracy and quality of care, and maintain a record of telemedicine interactions. Recorded consultations may be transcribed for clinicians to assist with treatment planning, medical record documentation, or for quality assurance purposes. All recordings and transcripts are securely stored in compliance with HIPAA and other applicable privacy regulations to protect this sensitive information.

i. Survey and Feedback Information

  • Details: We collect information you provide in response to surveys, feedback forms, and other forms of input, including voluntary information about your experience with our Services, product reviews, and satisfaction levels.
  • Purpose: This data is used to assess and improve the quality of our Services, to develop new features, and to understand user needs and preferences better.

2. How We Use Your Information

The information we collect serves a range of purposes to support the functionality of our Services and provide you with a personalized experience. Below are detailed descriptions of how your information is used:

a. Providing Services

We use your personal and health information to create and manage your account, facilitate clinician-patient interactions, schedule appointments, manage prescriptions, and provide access to your medical records. This data is essential for maintaining accurate and up-to-date information for effective care delivery.

b. Payment Processing

We use financial information to process transactions for healthcare services provided via the platform. Financial data is stored securely and only accessed for legitimate business purposes in compliance with financial and healthcare regulations.

c. Service Improvement and Development

We analyze user data, including interactions with the platform, to improve existing features and develop new tools and services. Aggregated and anonymized data may also be used for research and development purposes. This allows us to continuously enhance the platform’s functionality, ensuring it meets the evolving needs of clinicians and patients.

d. Customer Support and Communications

Your communication data is used to respond to your inquiries, provide support, resolve technical issues, and handle account management. Communication records are maintained to ensure effective support and to improve the customer experience.

e. Compliance with Legal and Regulatory Obligations

We may use your personal information to comply with applicable legal requirements, including responding to law enforcement requests, fulfilling obligations under healthcare regulations like HIPAA, and adhering to record retention requirements. This ensures that your information is handled lawfully and that all regulatory standards are met.

f. Security and Fraud Prevention

We monitor user activities to protect the security of your account and personal information. This includes detecting and preventing unauthorized access, identifying potential fraud, and ensuring compliance with our security protocols. Data security measures are regularly updated to address emerging threats and vulnerabilities.

g. Marketing and Promotional Communications

Where legally permitted and with your consent, we may use your contact information to send marketing communications, newsletters, and information about new features, services, or events. You have the right to opt-out of marketing communications at any time without affecting your access to core services.

3. Sharing of Information

We are committed to protecting your privacy and will only share your information under specific, limited circumstances:

a. Service Providers and Contractors

We may share your personal information with third-party service providers who assist in the delivery of our Services. These providers include, but are not limited to, payment processors, cloud storage providers, analytics services, and customer support platforms. Each third party is contractually obligated to protect your information in line with our policies and applicable laws.

b. Healthcare Providers

We share necessary health and personal information with clinicians to ensure proper care, process claims, and facilitate treatment. This sharing is conducted in compliance with HIPAA and other relevant healthcare regulations to protect your privacy and maintain the confidentiality of your health records.

c. Legal Disclosures

We may disclose your personal information when required by law, such as in response to a subpoena, court order, or regulatory request. Additionally, we may disclose information if we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, or situations involving potential threats to the safety of any person.

d. Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred to the acquiring entity as part of the transaction. We will notify you of any such changes in ownership or control and ensure that your privacy rights are upheld.

e. With Your Consent

We may share your information with third parties when you provide explicit consent. This may include sharing medical records with other healthcare providers or releasing information to third-party applications that you authorize. Consent-based sharing is always under your control, and you can withdraw consent at any time.

4. Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including complying with legal, regulatory, accounting, or reporting requirements. Retention periods may vary based on the type of data and the applicable legal obligations.

a. Health Records

Medical records are retained in accordance with HIPAA regulations and applicable healthcare laws, ensuring that your health information is available for continuity of care and in compliance with medical record retention standards.

b. Financial Records

We retain financial records as required by tax and accounting regulations. Payment history and transaction records are kept for auditing purposes and to comply with legal requirements regarding financial reporting.

c. Anonymized or Aggregated Data

In some cases, personal information may be anonymized or aggregated for research or analytical purposes. Once anonymized, the information no longer identifies you and may be used indefinitely for legitimate business purposes without further notice to you.

5. Data Security

We are committed to ensuring the security of your personal information. We implement a range of security measures to protect your data from unauthorized access, disclosure, or alteration. These measures include:

  • Encryption: Data is encrypted both at rest and in transit to protect it from unauthorized access.
  • Access Controls: We use role-based access controls to limit access to sensitive information to only those employees and service providers who need it to perform their duties.
  • Firewalls and Intrusion Detection: Our network is protected by firewalls and intrusion detection systems to monitor and prevent unauthorized access attempts.
  • Regular Security Audits: We conduct regular security assessments and audits to identify and address potential vulnerabilities in our systems.

6. Your Rights

You have certain rights regarding your personal information, which vary depending on your jurisdiction and the applicable laws. These rights may include:

a. Right to Access

You may request access to the personal information we hold about you, including obtaining copies of your health records, transaction history, or other personal data.

b. Right to Correction

You have the right to request that we correct any inaccuracies or update incomplete information in your personal records.

c. Right to Deletion

You may request the deletion of your personal information, subject to legal requirements and our legitimate business needs to retain certain data.

d. Right to Restrict Processing

You have the right to request that we restrict the processing of your personal information in certain circumstances, such as when you contest the accuracy of the data or object to its processing for specific purposes.

e. Right to Opt-Out of Marketing

You may opt-out of receiving marketing communications at any time by following the instructions provided in the communication or by contacting us directly.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our Services, perform analytics, and offer personalized content. Cookies are small text files stored on your device that allow us to recognize you when you return to our site or app.

a. Types of Cookies Used:

  • Essential Cookies: These are necessary for the operation of our website and enable you to use features such as secure log-ins and account management.
  • Performance and Analytics Cookies: These cookies collect information about how visitors use our Services, including which pages are visited most often and any error messages received. This information helps us improve the functionality of our Services.
  • Targeting or Advertising Cookies: We may use cookies to deliver personalized advertisements or content based on your browsing history and interactions with our Services.

b. Managing Cookies:

You have the option to accept, decline, or manage cookies through your browser settings. However, disabling cookies may affect the functionality of certain features on our Services. You may also control certain cookie-based advertising by using opt-out tools provided by industry associations like the Network Advertising Initiative (NAI) or the Digital Advertising Alliance (DAA).

8. Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18 without verifiable parental consent. If we learn that we have collected personal information from a child under 18 without parental consent, we will take steps to delete the information as soon as possible. If you believe we may have collected such information, please contact us immediately.

9. Your Privacy Rights

Depending on your location, you may have certain rights under local privacy laws. Below is a summary of your rights:

a. Access to Personal Information:

You may request a copy of the personal information we hold about you. This includes details on how your information is being used, who it has been shared with, and how long we intend to keep it.

b. Right to Rectification:

You have the right to request corrections to inaccurate or incomplete personal information. We will correct any inaccuracies promptly after receiving your request.

c. Right to Deletion:

You may request the deletion of your personal information. We will honor such requests unless retaining the information is necessary for complying with legal obligations, resolving disputes, or enforcing our agreements.

d. Right to Restrict Processing:

In certain cases, you may request that we limit how we use your personal information. This could include limiting the use of your data for marketing purposes or suspending the use of data if you contest its accuracy.

e. Right to Object to Processing:

You may object to the processing of your personal information for direct marketing purposes or in situations where we are processing your data based on our legitimate interests.

f. Right to Data Portability:

Where technically feasible, we will provide your personal information to you or a third party of your choosing in a commonly used, machine-readable format.

g. Right to Withdraw Consent:

If we are processing your personal information based on your consent, you have the right to withdraw your consent at any time. This withdrawal will not affect the lawfulness of processing conducted before your consent was withdrawn.

h. Non-Discrimination:

You have the right not to be discriminated against for exercising any of the rights described above.

To exercise any of these rights, please contact us at hello@meto.co. We may need to verify your identity before processing your request.

10. Third-Party Websites and Services

Our Services may contain links to third-party websites or services. This Privacy Policy does not apply to third-party websites, services, or applications that you may access through our Services. We are not responsible for the privacy practices of these third-party websites and encourage you to read their privacy policies before providing any personal information.

11. Advertising and Analytics

We work with third-party analytics and advertising companies that collect information about your use of our Services through cookies, web beacons, and other tracking technologies. These companies may use your information to serve you targeted ads on other websites or apps, based on your interactions with our Services.

a. Google Analytics:

We use Google Analytics to understand how users interact with our Services, to track traffic patterns, and to improve the user experience. Google Analytics may collect information such as your IP address, browser type, and pages visited.

b. Advertising:

We may engage in interest-based advertising, using data collected through tracking technologies to show ads based on your interests and behaviors. You may opt-out of targeted advertising by adjusting your browser or device settings, or by using industry-standard opt-out mechanisms, such as the Network Advertising Initiative (NAI) or Digital Advertising Alliance (DAA).

12. Additional California and Other State Notice and Privacy Rights

Certain states, including California, Colorado, Connecticut, Montana, Nevada, Oregon, Texas, Utah, and Virginia, provide their residents with specific rights regarding the collection, use, and disclosure of personal information. This section supplements the information in the main body of our Privacy Policy and provides additional details for residents of these states.

a. California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) Rights

If you are a California resident, the CCPA and CPRA provide you with specific rights regarding your personal information. These rights include:

  • Right to Know: You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. This includes the categories of personal information we collected, the sources of that information, the purpose for collecting it, and the third parties with whom we shared it.
  • Right to Delete: You have the right to request that we delete any of your personal information that we have collected from you, subject to certain exceptions (e.g., information necessary for security, legal, or operational purposes).
  • Right to Correct: You have the right to request that we correct any inaccurate personal information we maintain about you.
  • Right to Opt-Out of the Sale or Sharing of Personal Information: We do not sell your personal information for monetary compensation. However, under the CCPA and CPRA, "sharing" for cross-context behavioral advertising may be considered a form of sale. You have the right to opt-out of such sharing. To exercise this right, you may submit a Do Not Sell or Share My Personal Information request.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your rights under the CCPA or CPRA. This means we will not deny you services, charge you different prices, or provide a different level of service if you exercise your rights.

b. Information We Collect and Disclose

In the past 12 months, we may have collected the following categories of personal information from California residents:

  • Identifiers (e.g., name, email, IP address)
  • Personal Information Categories Listed in the California Customer Records Statute (e.g., address, phone number)
  • Protected Classifications under California or Federal Law (e.g., gender, race)
  • Commercial Information (e.g., transaction history)
  • Internet or Other Electronic Network Activity Information (e.g., browsing history, interaction with websites)
  • Geolocation Data
  • Professional or Employment Information
  • Sensitive Personal Information (e.g., health data, account login credentials)

This information is collected for purposes outlined in this Privacy Policy, such as providing our Services, improving the user experience, and complying with legal requirements.

c. Submitting Requests for CCPA and CPRA Rights

To exercise any of the above rights, you or your authorized agent may submit a verifiable consumer request by contacting us at hello@meto.co.

Please note that you may only make a verifiable consumer request for access or data portability twice within a 12-month period. The request must:

  • Provide sufficient information for us to verify you are the person about whom we collected personal information (or an authorized agent).
  • Include sufficient detail for us to properly understand and respond to the request.

We may need to request additional information from you to verify your identity and process your request. We will only use personal information provided in connection with a consumer rights request to verify your identity or authority to make the request.

d. Opt-Out Preference Signals

California residents may also use an opt-out preference signal, such as the Global Privacy Control (GPC), to exercise their right to opt out of the sale or sharing of their personal information. Our website will honor these signals in accordance with California regulations. Please ensure your browser settings are configured to send such signals.

e. Colorado, Connecticut, Utah, and Virginia Privacy Rights

Residents of Colorado, Connecticut, Utah, and Virginia have rights under their respective state privacy laws. These rights may include:

  • Right to Access: You have the right to request access to your personal data that we collect, use, and share.
  • Right to Correction: You have the right to request that we correct any inaccuracies in your personal data.
  • Right to Deletion: You may request the deletion of your personal data in certain circumstances.
  • Right to Opt-Out of Targeted Advertising: You can opt-out of the processing of your personal data for targeted advertising.

To exercise any of these rights, please contact us via hello@meto.co. We will respond to your request in accordance with applicable laws.

f. Nevada Privacy Rights

Nevada law permits consumers to request that a business not sell their personal information. Although we do not sell personal information for monetary gain, Nevada residents may still submit a request to opt-out of any potential future sales under Nevada law by contacting us at hello@meto.co.

g. How to Exercise Your Rights

To submit a request related to your privacy rights under applicable state laws, you can email us at  hello@meto.co.

We will respond to your request within the legally required timeframe and may ask for additional information to verify your identity before processing the request.

h. Appealing a Denied Request (for Virginia Residents)

If we deny your privacy rights request, Virginia residents have the right to appeal our decision. To appeal, please contact us at hello@meto.co. If your appeal is denied, you may contact the Virginia Attorney General to submit a complaint.

 

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer. When we make significant changes to the policy, we will notify you by revising the "Last Updated" date at the top of this document. We may also provide you with additional notice (e.g., via email or through the Services). We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

14. Contact Us

If you have any questions, concerns, or requests related to this Privacy Policy or your personal information, please contact us at hello@meto.co