Last update: September 2022
This notice describes how Personal Data (defined below) and/or medical information about you may be used and disclosed and how you can obtain access to this information. Please review it carefully.
We at Long Health LLC ("we", "us", the "Company", or "Long Health") value your privacy and are committed to keeping your personal data confidential. We use your data solely in the context of providing the Long Health web-based platform (the "Platform"), including all relevant content and functionality associated with the Platform and services such as patient consent management, access to a national provider directory, a consolidated medical history, and open communication channels (collectively, the "Services"), for use by patients (each, a "Patient User") and their caregivers (each, a "Caregiver User") to conveniently access and manage medical history and records maintained by multiple healthcare providers. Collectively, Patient Users and Caregiver Users are referred to as "Users."
Privacy Policy Applicability
This Platform Privacy Policy applies to personal data that Long Health collects from Users of the Long Health Platform and the Services ("Personal Data"). The term "Personal Data" includes any information that can be used on its own or with other information in combination to identify or contact one of our users. Some of the Personal Data we collect and transmit may be considered "health data" (i.e., data related to your physical or mental health), "protected health information" or "PHI" (i.e., information that relates to your past, present, or future physical or mental health or condition(s); the provision of health care to you; or the past, present, or future payment for the provision of health care to you), and/or medical records as defined by state law.
We believe that privacy and transparency about the use of your Personal Data are of utmost importance. Therefore, our privacy practices are intended to comply with the Health Insurance Portability and Accountability Act ("HIPAA") and relevant state law related to the use and disclosure of medical records, where applicable. Additionally, in this Platform Privacy Policy, we provide you detailed information about our collection, use, maintenance, and disclosure of your Personal Data. The Platform Privacy Policy explains what kind of information we collect, when and how we might use your Personal Data, how we protect Personal Data, and your rights regarding your Personal Data.
For additional information related to how we use and disclose your Personal Data, health data, PHI, and/or medical records data, please contact our Privacy Officer at rohitrpatil@longhealth.ai.
Note regarding third-party sites: Our Services may contain links to other sites that are not operated by Long Health. If you click a third-party link, you will be directed to that third party's site. We strongly advise you to review the privacy policy(ies) of every site you visit. Long Health has no control over and assumes no responsibility for the content, privacy policies, or practices of any third-party sites or services. This Platform Privacy Policy does not apply to your use of or access to any third-party sites or services.
Agreement to Platform Privacy Policy Terms
By accessing and/or using the Services and Platform, you are acknowledging that you have read and agree to the terms of this Platform Privacy Policy. If you do not agree, you must immediately cease using the Services and Platform.
Platform Privacy Policy Updates
Please note that we occasionally update this Platform Privacy Policy, and it is your responsibility to stay up to date with any amended versions. Any revisions to the Platform Privacy Policy will be posted on the User login page(s) of the Platform. Any changes to this Platform Privacy Policy will be effective immediately upon providing notice via the User login page(s) and will apply to all Personal Data that we maintain, use, and disclose. If you continue to use the Services and Platform following such notice, you are agreeing to those changes.
Account Deletion
If at any point you no longer agree to the use and disclosure of Personal Data, as described in this Platform Privacy Policy, you can delete your user account on the Platform ("User Account") by sending a deletion request to support@longhealth.io with the following information:
Questions or Concerns
If you have any questions or concerns after reading this Platform Privacy Policy, please do not hesitate to contact us at support@longhealth.io. We appreciate your feedback.
What Personal Data Does Long Health Collect from Patient Users?
We collect five types of information from our Patient Users: (i) demographic data; (ii) healthcare provider data; (iii) medical data; (iv) support data; and (v) technology data. Each category of data is explained in depth below.
Demographic Data: Long Health collects demographic data from Patient Users, which may include, but not be limited to, your name, gender, date of birth, and e-mail address. The collection of this demographic data is primarily used to create your User Account, which you can use to securely receive the Services.
Healthcare Provider Data: Long Health collects information about your healthcare providers, with may include, but not be limited to, your healthcare provider’s name and/or the name of the medical practice where your healthcare provider provides services. We use this information to request your Medical Data (as defined below) and to provide you with the Services.
Medical Data: With your consent and at your direction, we will request and collect information regarding your health conditions and medical history. We collect this information to provide you with the Services.
Support Data: If you contact us for support or to lodge a complaint, we may collect technical or other information from you through log files and other technologies, some of which may qualify as Personal Data (e.g., IP address). Such information will be used for the purposes of troubleshooting, customer support, software updates, and improvement of the Platform and related Services in accordance with this Platform Privacy Policy.
Technology Data: We use common information-gathering tools, such as log files, cookies, web beacons, and similar technologies to automatically collect information, which may contain Personal Data from your computer or mobile device as you navigate our Platform or interact with emails or other communications we have sent you. The information we collect may include your IP address (or proxy server), device identification numbers, location, browser type, Internet service provider and/or mobile carrier, the pages and files you viewed, your searches, your operating system and system configuration information, and date/time stamps associated with your usage. This information is used to analyze overall trends, help us provide and improve our Services, and ensure the proper functioning and security of the Platform and Services.
What Personal Data Does Long Health Collect from Caregiver Users?
We collect three types of information from our Caregiver Users: (i) demographic data; (ii) support data; and (iii) technology data. Each category of data is explained in depth below.
Demographic Data: Long Health collects demographic data from Caregiver Users, which may include, but not be limited to, your name and e-mail address. The collection of this demographic data is primarily used to create your User Account, which you can use to securely receive the Services.
Support Data: If you contact us for support or to lodge a complaint, we may collect technical or other information from you through log files and other technologies, some of which may qualify as Personal Data (e.g., IP address). Such information will be used for the purposes of troubleshooting, customer support, software updates, and improvement of the Platform and related Services in accordance with this Platform Privacy Policy.
Technology Data: We use common information-gathering tools, such as log files, cookies, web beacons, and similar technologies to automatically collect information, which may contain Personal Data from your computer or mobile device as you navigate our Platform or interact with emails or other communications we have sent you. The information we collect may include your IP address (or proxy server), device identification numbers, location, browser type, Internet service provider and/or mobile carrier, the pages and files you viewed, your searches, your operating system and system configuration information, and date/time stamps associated with your usage. This information is used to analyze overall trends, help us provide and improve our Services, and ensure the proper functioning and security of the Platform and Services.
How Will Long Health Use Your Personal Data?
Long Health processes your Personal Data based on legitimate business interests, the fulfillment of our Services to you, compliance with our legal obligations, and/or your consent. We only use or disclose your Personal Data when it is legally mandated or where it is necessary to fulfill those purposes described in this Platform Privacy Policy. Where required by law, we will ask for your prior consent before disclosing your Personal Data to a third party.
More specifically, Long Health processes your Personal Data for the following legitimate business purposes:
Does Long Health Use Personal Data for Analytics?
Long Health uses third-party service providers to monitor and analyze the use of the Platform as part of our Services. The analytics services we use may include, but are not limited to: [insert third-party analytics service providers].
Where Is Personal Data Processed?
The Personal Data we collect through the Platform will be stored on secure servers in the United States. Personal Data may be transmitted to third parties, which parties may store or maintain the data on their secure servers. These third parties are not permitted to transfer your Personal Data outside of the United States.
With Whom Does Long Health Share Personal Data?
We may share your personal information with the following categories of individuals/entities:
How Long Does Long Health Retain Personal Data?
Long Health retains your Personal Data only as long as necessary and as required for our business operations, the provision of Services, archival purposes, and/or to satisfy legal requirements. The exact period of retention will depend on: (i) the amount, nature, and sensitivity of the Personal Data; (ii) the personal risk of harm for unauthorized use or disclosure; (iii) the purposes for which we process your Personal Data, including whether those purposes can be achieved through other means; and (iv) business operations and legal requirements. In general, Long Health strives to retain your data for no longer than 1 year after your User Account is closed (the “Retention Period”); however, the above factors may extend or decrease this Retention Period.
At the end of the applicable Retention Period, we will remove your Personal Data from our databases and will require that our Business Partners remove any identifiable Personal Data from their databases. If there is any data that we are unable to delete entirely from our systems for technical reasons, we will put in place appropriate measures to prevent any further processing of such data. Please note that once we disclose your Personal Data to third parties, we may not be able to access that Personal Data and we cannot force the deletion or modification of such information by third parties.
Long Health and its Business Partners reserve the right to continue using de-identified data indefinitely, even after Personal Data has been removed from Long Health’s databases. We may continue to disclose de-identified data to third parties in a manner that does not reveal personal information, as described in this Platform Privacy Policy. Our continued use of de-identified data will comport with applicable law.
What Happens to Personal Data Submitted by Minors?
Long Health does not knowingly collect Personal Data from individuals under the age of 18. Additionally, our Services are not directed to individuals under the age of 18. We request that these individuals not provide Personal Data to us. If we learn that Personal Data from users under the age of 18 has been collected, we will deactivate the User Account associated with that data and take reasonable measures to promptly delete such data from our records. If you are aware of a user under the age of 18 accessing the Services or Platform, please contact us at support@longhealth.io.
If you are a resident of California under the age of 18 and have registered for a User Account with us, you may ask us to remove content or information that you have posted to our Platform.
What Rights Do Users Have Concerning Their Personal Data?
As a user of Long Health's Services and Platform, you have certain rights relating to your Personal Data. These rights are subject to local data protection and privacy laws, and may include the right to:
Where the processing of your Personal Data by Long Health is based on consent, you have the right to withdraw that consent at any time. If you would like to withdraw your consent or exercise any of the above rights, please contact us at support@longhealth.io.
How Can Users Update, Correct, or Delete Personal Data or Their User Account?
You have the right to request restrictions on uses and disclosures of your Personal Data. While we are not required to agree to all restriction requests, we will attempt to accommodate reasonable requests when appropriate.
You may change your email address and other contact information by accessing your Long Health User Account. If you need to make changes or corrections to other information, you may contact us at support@longhealth.io. In order to comply with certain requests to limit use of your Personal Data, we may need to terminate your ability to access and/or use some or all of the Services. By requesting to limit use of your personal data or delete personal DATA, you acknowledge and agree that LONG HEALTH will not be liable to you for any corresponding limitation in the scope of Services or termination of Services as necessary to comply with your request.
You have the right to request deletion of any Personal Data from your User Account or the Long Health Platform. To request deletion of your Personal Data, please email us at [insert email address] and include a description of the Personal Data you would like removed. We will respond to all requests for data deletion as soon as reasonably possible.
Should you decide to delete your User Account entirely, you may do so by emailing support@longhealth.io. By terminating your User Account, you agree that you will not be able to access any information previously contained in your User Account. However, upon request, Long Health will provide all Medical Data, including health records, to you in a digital format. You may submit a request to retrieve your Medical Data by emailing support@longhealth.io. You further understand that it may not be technologically possible to remove all of your Personal Data from our systems. While we will use reasonable efforts to remove your Personal Data, the need to back up our systems to protect information from inadvertent loss means a copy of your Personal Data may exist in a non-erasable form that will be difficult or impossible for us to locate or remove.
Is Personal Data Secure?
Long Health understands the importance of data confidentiality and security. We use a combination of reasonable physical, technical, and administrative security controls to: (i) maintain the security and integrity of your Personal Data; (ii) protect against any threats or hazards to the security or integrity of your Personal Data; and (iii) protect against unauthorized access to or use of such information in our possession or control that could result in substantial harm to you.
While Long Health uses reasonable security controls, we cannot guarantee or warrant that such techniques will prevent unauthorized access to your personal DATA. LONG HEALTH IS UNABLE TO GUARANTEE THE SECURITY OR INTEGRITY OF PERSONAL DATA TRANSMITTED OVER THE INTERNET, AND THERE IS NO GUARANTEE THAT YOUR PERSONAL DATA WILL NOT BE ACCESSED, DISCLOSED, ALTERED, OR DESTROYED BY BREACH OF ANY OF OUR PHYSICAL, TECHNICAL, OR ADMINISTRATIVE SAFEGUARDS. ACCORDINGLY, WE DO NOT AND CANNOT ENSURE OR WARRANT THE SECURITY OR INTEGRITY OF ANY PERSONAL DATA YOU TRANSMIT TO US. You assume the risk that unauthorized entry or use, hardware or software failure, and other factors may compromise the security of your personal DATA at any time.
What Safeguards Does Long Health Have in Place to Secure Personal Data?
Long Health stores Personal Data on secured servers and uses a combination of technical, administrative, and physical safeguards to protect your personal information. Such safeguards include, but are not limited to, authentication, encryption, backups, and access controls.
How Can Users Protect Their Personal Data?
You are solely responsible for preventing unauthorized access to your devices and your User Account by protecting your account credentials and limiting access to your devices. Long Health has no access to or control over your device’s security settings, and it is your responsibility to implement any device-level security features and protections you feel are appropriate (e.g., password protection, encryption, remote wipe capability). We recommend that you take all appropriate steps to secure any device that you use to access our Services and Platform.
Please note that Long Health will never send you an email requesting confidential information, such as account numbers, usernames, passwords, or Social Security Numbers. If you receive a suspicious email from Long Health, please notify us at support@longhealth.io.
Further, if you know of or suspect any unauthorized use or disclosure of your User Account information or any other security concern, please notify Long Health immediately.
What If Long Health Experiences a Data or Security Breach?
Long Health takes the security of your Personal Data seriously. In the event of a data or security breach, Long Health will take the following actions: (i) promptly investigate the security incident, validate the root cause, and, where applicable, remediate any vulnerabilities within Long Health’s control which may have given rise to the security incident; (ii) comply with laws and regulations directly applicable to Long Health in connection with such security incident; (iii) as applicable, cooperate with any affected Long Health user or client in accordance with the terms of Long Health’s contract with such user or client; and (iv) document and record actions taken by Long Health in connection with the security incident and conduct a post-incident review of the circumstances related to the incident and actions/recommendations taken to prevent similar security incidents in the future. Long Health will notify you of any data or security breaches as required by and in accordance with applicable law.
Can Users Opt Out of Receiving Communications from Long Health?
We may send communications, including emails, to you regarding your User Account and the Services or Platform. You can choose to filter any User Account, Services, and Platform emails using your email settings, but we do not provide an option for you to opt out of these communications.
If you consent to receive marketing or other communications not related to your User Account or the Services/Platform, we will provide you with the option to opt out of such marketing communications within the applicable message.
What Is Long Health’s Cookie Policy?
Cookies are small files that a web server sends to your computer or device when you visit a web application that uses cookies to keep track of your activity on that site. Cookies also exist within applications when a browser is needed to view or display certain content within the application. Cookies hold a small amount of data specific to a web application, which can later be used to help remember information you entered in the application (like your email or username), preferences selected, and movement within the application. We use cookies and other technologies to, among other things, better serve you with more tailored information, and to facilitate efficient and secure access to the Services.
Our cookies do not, by themselves, contain Personal Data. Further, we do not combine the general information collected through cookies with any other Personal Data to identify you. However, we do use cookies to identify that your web browser has accessed aspects of the Services and may associate that information with your User Account (if one exists).
Presently, Long Health uses the following cookies: [insert cookies, if any]. In addition, Long Health may also collect information using pixel tags, web beacons, clear GIFs, or other similar technologies. This information may be used in connection with website pages and HTML formatted email messages to, among other things, track the actions of users and email recipients and compile statistics about usage and response rates.
How Can Users Opt Out of Cookies?
If you prefer, you can usually choose to set your browser to remove cookies and reject cookies. If you enable a do not track signal or otherwise configure your browsers to prevent us from collecting cookies, you will need to reenter your login information each time you visit the login page. You may also be unable to take advantage of some of the Services.
Do Not Track Disclosure
Some web browsers may transmit do not track (“DNT”) signals to websites with which the user communicates. To date, there is no industry standard for DNT and users cannot know how a given company responds to a DNT signal they receive from browsers. Long Health is committed to remaining apprised of DNT standards. However, Long Health does not support DNT browser settings and does not currently participate in any DNT frameworks that would allow Long Health to respond to signals or other mechanisms regarding the collection of your personal information.
If you are a California resident, the California Consumer Privacy Act (“CCPA”) may apply to you. Please see the CCPA Attachment for an explanation of your rights.
Under California Civil Code sections 1798.83-1798.84, California residents are entitled to ask for and obtain from us an annual list identifying the categories of personal customer information which we shared, if any, with our affiliates and/or third parties in the preceding calendar year for marketing purposes. This list will be provided free of charge. Contact information for such affiliates and/or third parties must be included. If you are a California resident and would like a copy of this notice, please submit a written request to the following address: