Credo Privacy Policy
Last Updated: March 1, 2022
This Privacy Policy describes the privacy practices of Credo Health Solutions, Inc. (“Credo,” “we,” “us,” or “our”) and how we handle personal information that we collect through our website, app, and any other sites or services that link to this Privacy Policy (collectively, the “Service” or “Services”).
Credo’s medical provider partners will provide you a separate HIPAA privacy notice that will govern their collection, use and disclosure of your information. This Privacy Policy is not a substitute for any notice that those medical providers are required to provide to their users.
Personal Information We Collect
Information you provide to us:
- Contact and account information, such as your first and last name, date of birth, gender, email and mailing addresses, phone number, username and password.
- Biographic and demographic information, such as date of birth, age, and gender.
- Health insurance information, such as carrier and insurance plan information.
- Feedback or correspondence, such as information you provide when you contact us with questions, feedback, product reviews, or otherwise correspond with us online.
- Usage information, such as information about how you use the Services and interact with us, including information you provide when you use any interactive features of the Services.
- Marketing information, such as your preferences for receiving communications about our activities, events, and publications, and details about how you engage with our communications.
- Other information that we may collect which is not specifically listed here, but which we will use in accordance with this Privacy Policy or as otherwise disclosed at the time of collection.
Information we obtain from third parties:
- Medical information. With your authorization and after you have created an account with us, we will access your insurance information to collect medical information about you from various healthcare providers from which you have received services. This may include information regarding health conditions, diagnoses, testing information, treatments, medical history, medications, and lab results.
- Social media information. We may maintain pages on social media platforms and other third-party platforms. When you visit or interact with our pages on those platforms, the platform provider’s privacy policy will apply to your interactions and their collection, use and processing of your personal information. You or the platforms may provide us with information through the platform, and we will treat such information in accordance with this Privacy Policy.
- Other Sources. We may obtain your personal information from other third parties, such as marketing partners, publicly-available sources and data providers.
Automatic data collection. We and our service providers may automatically log information about you, your computer or mobile device, and your interaction over time with our Services, our communications and other online services, such as:
- Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., WiFi, LTE, 4G), and general location information such as city, state or geographic area.
- Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, browsing history, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access, and whether you have opened our marketing emails or clicked links within them.
We use the following tools for automatic data collection:
- Cookies, which are text files that websites store on a visitor‘s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, and helping us understand user activity and patterns.
- Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.
- Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.
How we use your personal information
To operate our Services:
- Maintain, secure and improve our Services
- Provide the Services, including collecting and/or making available your health insurance and medical information available to you and your healthcare providers
- Provide information about our Services
- Communicate with you about our Services, including by sending you announcements, updates, security alerts, and support and administrative messages, including to keep your account and linked medical record accounts up to date
- Understand your needs and interests, and personalize your experience with our Services and our communications
- Respond to your requests, questions and feedback
For research and development. To analyze and improve the Services and to develop new products and Services, including by studying use of our Services.
Marketing and advertising. We may collect and use your personal information for marketing purposes, including:
- Direct marketing. We may from time-to-time send you direct marketing communications via email and text message as permitted by law, including, but not limited to, and notifying you of special promotions and offers. You may opt out of our marketing communications as described in the “Opt out of marketing communications” section below.
To comply with law. As we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.
For compliance, fraud prevention, and safety. To: (a) protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); (b) enforce the terms and conditions that govern our Services; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
To create anonymous data. To create anonymous data from your personal information and other individuals whose personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve our Services, conduct research, and promote our business.
How we share your personal information
Medical providers. With your authorization, we will share your personal information, including your insurance information and medical information, with our medical provider partners.
Affiliates. We may share your personal information with our corporate parent, subsidiaries, and affiliates, for purposes consistent with this Privacy Policy.
Service providers. We may share your personal information with third party companies and individuals that provide services on our behalf or help us operate our Services (such as customer support, hosting, analytics, email delivery, marketing, and database management services).
Professional advisors. We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.
For compliance, fraud prevention and safety. We may share your personal information for the compliance, fraud prevention and safety purposes described above.
Business transfers. We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution. In such a case, we will make reasonable efforts to require the recipient to honor this Privacy Policy.
Your choices
In this section, we describe the rights and choices available to all users.
Access or update your information. If you have registered for an account with us, you may review and update certain information in your account profile by logging into your account.
Opt out of marketing communications. You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email or by contacting us at info@credohealth.com. You may opt out of marketing-related text messages by responding “STOP” to such messages. You may continue to receive service-related and other non-marketing emails and text messages.
Online tracking opt-out. There are a number of ways to opt out of having your online activity and device data collected through our Services, which we have summarized below:
- Blocking cookies in your browser. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org.
- Using privacy plug-ins or browsers. You can block our Services from setting cookies by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, DuckDuckGo, Ghostery or uBlock Origin, and configuring them to block third party cookies/trackers.
Note that because these opt-out mechanisms are specific to the device or browser on which they are exercised, you will need to opt out on every browser and device that you use.
Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
Other sites, mobile applications and services
Our Services may contain links to other websites, mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or online services that are not associated with us. We do not control third party websites, mobile applications or online services, and we are not responsible for their actions. Other websites and services follow different rules regarding the collection, use and sharing of your personal information. We encourage you to read the privacy policies of the other websites and mobile applications and online services you use.
Security practices
We use reasonable organizational, technical and administrative measures designed to protect against unauthorized access, misuse, loss, disclosure, alteration and destruction of personal information we maintain. Unfortunately, data transmission over the Internet cannot be guaranteed as completely secure. Therefore, while we strive to protect your personal information, we cannot guarantee the security of personal information.
Children
Our Services are not intended for use by children under 13 years of age. If we learn that we have collected personal information through the Services from a child under 13 without the consent of the child’s parent or guardian as required by law, we will delete it.
International users
By using our Services, you understand and acknowledge that your personal information will be transferred from your location to our facilities and servers in the United States.
Use of PHI/ePHI
Workforce members will ensure that only the minimum amount of PHI is requested, used, or disclosed to accomplish the specific purpose of a request, use, or disclosure
Changes to this Privacy Policy
We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on our Services. We may also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via e-mail (if you have an account where we have your contact information) or another manner through our Services.
Any modifications to this Privacy Policy will be effective upon our posting the policy and/or upon implementation of the new changes on our Services (or as otherwise indicated at the time of posting).
How to contact us
Please direct any questions or comments about this Policy or privacy practices to info@credohealth.com. You may also write to us via postal mail at:
Credo Health Solutions, Inc.
205 Detroit St.
WeWork c/o Credo Health Solutions, Inc.
Denver, CO 80206