Privacy Policy

Effective Date: September 12, 2024

Tava Health, Inc. (“Tava,” “us” or “we”) takes your privacy very seriously. We created this Privacy Policy to provide you with important information about the privacy practices applicable to the Tava Health Application (the “Application”) and our website at www.tavahealth.com (collectively, the “Services”). This Privacy Policy describes how we collect, protect, use, disclose, and store the information collected through the Services.

The types of Personal Information (defined below) that we collect about you depends on your relationship with us, such as if you are a website visitor or mental health professional that provides or is seeking to provide services utilizing our Services.

We may collect, use, and disclose Protected Health Information (“PHI”) that is subject to the Health Insurance Portability and Accountability Act (“HIPAA”). For example, we may process PHI when we act as a business associate to an independent group of affiliated clinical healthcare providers (“Tava Providers”).  For more information about how we use and disclose PHI, please visit the Tava Providers’ HIPAA Notice of Privacy Practices. As described in this Privacy Policy, “Personal Information” does not include such PHI.

BY ACCESSING, OR USING THE SERVICES, AND/OR BY, REGISTERING WITH US, OR PROVIDING INFORMATION TO US IN CONNECTION WITH THE APPLICATION, YOU ACCEPT THE PRACTICES AND POLICIES OUTLINED IN THIS PRIVACY POLICY, AND YOU HEREBY CONSENT THAT WE WILL COLLECT, USE, AND DISCLOSE YOUR INFORMATION AS SET FORTH IN THIS PRIVACY POLICY. IF YOU ARE REGISTERING AN ACCOUNT OR USING THE SERVICES ON BEHALF OF AN INDIVIDUAL OR ENTITY OTHER THAN YOURSELF, YOU REPRESENT THAT YOU ARE AUTHORIZED BY SUCH INDIVIDUAL OR ENTITY TO ACCEPT THIS PRIVACY POLICY ON SUCH INDIVIDUAL’S OR ENTITY’S BEHALF.

Your use of the Services is also subject to our Terms and Conditions, which are available here.

COLLECTION, USE, AND DISCLOSURE OF INFORMATION

Personal Information We May Collect

In order for you to use the Services, we may require you to provide us with information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household (“Personal Information”).

We may collect Personal Information from you that includes, but is not limited to: (1) your name and your contact data (such as your business or personal e-mail address, phone number, billing and physical addresses, and your Application login and password); (2) demographic data (including your gender, your date of birth, your zip code, and other protected classifications that you chose to disclose to us, such as race and ethnicity, marital status, sexual orientation, veteran or military status, disability, and medical status); (3) payment information (such as your financial account information); (4) qualifications and credentialing information (including your board certifications, employment history, and educational background) (5) government-issued identifiers (such as Social Security and driver’s license number); (6) your approximate geolocation; (7) IP address and device identifier; (8) information about how you interact with the Services, including the pages you visit, content you view, and other Services activity; (9) information about your product and service preferences and interests; and (10) information that you may provide directly to us, for example, if you fill out our online forms or send us an e-mail or letter.

If you submit any Personal Information relating to other people in connection with the Services, such as emergency contacts, you represent that you have the authority to do so and that you are permitting us to use the information for the purpose of contacting those individuals in the case of an emergency.
We retain Personal Information for as long as reasonably necessary in light of the purpose(s) for which it was collected and consistent with applicable law. The criteria used to determine our retention periods include:  (1) if we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or provide services through our Services); (2) whether there is a legal obligation to which we are subject (for example, we are required to keep records of your transactions for a certain period of time); or (3) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations or litigation).  

We may collect, process, or create data that is not Personal Information, such as aggregated data or deidentified data, and use and disclose it for any lawful purpose. Where we receive deidentified data, we will not attempt to reidentify such data unless legally permitted.

How We May Collect Personal Information

When you use our Services, we and our third-party vendors may collect certain information about you and your device automatically through the use of cookies, web beacons, and similar technologies. A “cookie” is a small data file sent from a website and stored on your device to identify your device in the future and allow for an enhanced personalized user experience. A “session cookie” disappears after you close your web browser, or may expire after a fixed period of time. A “persistent cookie” remains after you close your web browser and may be accessed every time you use our Services. We may use both session and persistent cookies. A “web beacon” or “pixel” is a tiny and sometimes invisible image or embedded code, placed on a web page or email that can report your visit or use to a third party. We may use these tools to monitor the activity of users for the purpose of web analytics, advertising optimization, or page tagging. Please note that our Services do not currently recognize “Do Not Track” signals. However, our Services may recognize certain opt-out preference signals, such as the Global Privacy Control, which we will process as opt out of targeted advertising and/or “do not sell or share” requests in accordance with applicable law. You may set such a signal through your browser or browser extension. You may also consult your web browser to modify your cookie settings. By using the Services, you consent to our use of cookies and similar technologies.

We may also receive Personal Information about you from other sources, including through third-party services like advertising or marketing networks, data analytics providers, social media networks, information aggregators and other services that we use to verify professional credentials, former employers or other references that you provide to us, and other third-party vendors and organizations. We may combine our first-party data, such as your email address or name, with third-party data from other sources and use this to contact you (for example, through direct mail). We collect some of this information when you choose to interact with third parties in connection with our Services. For example, you may “like” us, follow us, or share some of our content on social media platforms, in which case we receive the information you have chosen to make public on your social media account. We may also offer certain features that utilize third-party integrations. For example, if use your Facebook or Google account to login to the Services, we receive details like your email address, name, and identifiers associated with that third-party account as well as other information that you’ve made publicly available through that account. We may also access information about your calendar availability, as well as the data necessary to permit rescheduling or cancellation, to provide a scheduling feature for our Services. We limit our use and disclosure of this calendar information to our internal business and compliance purposes described below, and do not use it to support any online targeted advertising activity. You should review and, if necessary, adjust your privacy settings with these third parties before accessing or using them in connection with our Services.

How We May Use Personal Information

We and our third-party service providers may use Personal Information in order to:

  • respond to your inquiries and fulfill your requests, such as to arrange for a telephone conference or assess your application to join the Tava Health community;
  • verify your credentials, background, and other licensing information about you within the context of your application to join the Tava Health community;
  • maintain the safety, security, and integrity of our Services and our information and business systems and assets;
  • promote the Services through our business partners;
  • send you administrative information, including information regarding the Services, and changes to our terms, conditions, and policies;
  • analyze Services usage levels, diagnose server problems, and administer and improve the Services, including developing new features, functionalities, products, or services;
  • send you advertising and marketing communications that we believe may be of interest to you and determining the effectiveness of our promotional campaigns;
  • personalize and enhance your experience with the Services;
  • create diagnostic or therapeutic models intended for use by the Tava Health community, including Tava Providers;
  • further our business purposes, such as quality assessment, data analysis, audits, identifying usage trends to share with the Tava Health community (including Tava Providers), and developing tools and training to assist in the performance and delivery of health care services;
  • act as we believe to be necessary or appropriate: (a) under applicable law; (b) to comply with legal process; (c) to respond to requests from public or government authorities; (d) to enforce our contracts and other legal rights; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety, or property, or that of our affiliates, you, or others; (g) at our discretion under emergency circumstances, to notify emergency services and other appropriate parties if we believe your health or safety is endangered; or (h) to assess or pursue available remedies or limit the damages that we may sustain;
  • for any other purpose disclosed by us when you provide the information; and
  • for any purpose with your consent.

How Personal Information May Be Disclosed

Your Personal Information may be disclosed to:

  • our third-party service providers that provide services such as hosting of the Services, data analysis, IT services and infrastructure, customer service, e-mail delivery, legal services, auditing and other similar services;
  • our affiliates and the Tava Providers, for the purposes of providing Services and for marketing purposes relating to their products and services;
  • third parties and advertising networks, to permit them to send marketing communications and online targeted advertising to you regarding our Services, including sharing your device’s approximate geolocation, combined with information about what advertisements you viewed and other information we collect;
  • a third party in the context of any reorganization, merger, sale, joint venture, assignment, transfer, liquidation, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceeding); and
  • a third party as we believe to be necessary or appropriate: (a) under applicable law; (b) to comply with legal process; (c) to respond to requests from public or government authorities; (d) to enforce our contracts and other legal rights; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, or that of our affiliates, you or others; (g) at our discretion under emergency circumstances, to notify emergency services and other appropriate parties if we believe your health or safety is endangered; or (h) to assess or pursue available remedies or limit the damages that we may sustain.

CONSENT TO COMMUNICATIONS

By using the Services and providing your contact information, such as your name, phone number, and email address, you consent to receiving email and text messages to tell you about the Services, such as important information about your requested service(s) and reminders to log back in to complete surveys and forms that you left incomplete. We may share your information with partner organizations whose products or services are important for the objectives of our Services. You may opt-out from receiving email communications at any time by clicking the “unsubscribe” button at the bottom of our emails or by emailing hello@tavahealth.com. You may opt out from receiving text message communications at any time by replying to the text message with “STOP”. At that time, we will send a final text message confirming receipt of your opt-out notification.

THIRD PARTIES
This Privacy Policy does not address, and we are not responsible for, the privacy, information, or other practices of any third parties, including the manufacturer of your mobile device, and any other third-party mobile application or website to which the Services may link. We encourage you to review the privacy policies of each website and application you visit and use.

SECURITY
We seek to use reasonable physical, technical, and administrative measures to protect Personal Information under our control. Unfortunately, no mode of data transmission over the internet or data storage system is 100% secure, and therefore we cannot guarantee against all potential security breaches. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us in accordance with the “Contacting Us” section below.

INTERNATIONAL USERS
We intend to provide our Services in the United States. Accordingly, this Policy, and our collection, use, and disclosure of your Personal Information is governed by U.S. law. We do not represent or warrant that the Services, or any functionality or feature thereof, is appropriate or available for use in any particular jurisdiction. If you choose to access or use the Services from outside the United States, you do so on your own initiative and at your own risk, and are responsible for complying with all local laws, rules, and regulations. By using the Services and submitting any Personal Information from outside the United States, you acknowledge that the Services are subject to U.S. law and consent to the transfer of your Personal Information to the United States, which may provide a different level of data security than in your country of residence.

CHILDREN’S INFORMATION
We do not knowingly request Personal Information from anyone under the age of 18 without appropriate parental consent. Our Services are not targeted to or intended for use by individuals under the age of 13.


YOUR PRIVACY RIGHTS

You may have rights (“Data Subject Rights”) with respect to the Personal Information that we collect or process about you, however, these rights differ depending on your place of residency, including California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Montana, Nebraska, Nevada, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia. Please note that we reserve the right to honor your Data Subject Rights to the extent required by applicable law.

  • Right to Confirm Processing, Access, and/or Obtain a Copy: If you ask us, we will confirm whether we are processing your Personal Information. Additionally, upon request, we will provide you with a copy of all Personal Information you are lawfully entitled to receive, potentially including specific pieces of information, along with certain other details.
  • Right to Amend: If you believe your Personal Information is inaccurate or incomplete, you may request that we correct it.
  • Right to Delete: You may request that we delete your Personal Information that we maintain about you.
  • Right to Opt Out of Certain Processing Activities: You may ask us to restrict or stop the processing of your Personal Information, such as if we process Personal Information that is considered “sensitive” under applicable U.S. state laws or engage in certain automated decision-making activities.
  • Right to Opt Out of Targeted Advertising: Targeted advertising is the practice of serving you tailored advertisements based your Personal Information gathered over time and across other businesses, websites, applications, or services. Some states may refer to this practice as “sharing.” You have the right to opt out of this practice.
  • Right to Opt Out of Sales: Some states may consider targeted advertising a “sale” of Personal Information. You may request that we not “sell” your Personal Information.
  • Right to Non-Discrimination: We will not discriminate against you for exercising Data Subject Rights, but we may charge a reasonable fee as permitted by law in fulfilling these rights, such as if you request multiple copies of your Personal Information.
  • Right to Appeal: If we deny your request to exercise a Data Subject Right, you may have the right to appeal the decision with us. If you would like to appeal a prior decision, please be sure to include information about your prior request so that we may locate our earlier determination.

If you or your authorized agents would like to exercise a Data Subject Right, you may do so by following the instructions in “Contacting Us” below. Please note that you may also login to your account to access and correct your account information at any time.

In order to process your request to exercise a Data Subject Right, we will ask you to verify your identity by confirming your name, e-mail address, phone number, or other identifiable information that we have in our records if applicable.
 
Additional Disclosures for California Residents
If you reside in California, please read this section for additional disclosures about how we collect, use, and disclose information about you under the California Consumer Privacy Act (or “CCPA”) (California Civil Code Section 1798.100 et seq.).

  • Categories of Personal Information Collected: In the previous 12 months, we have collected the Personal Information listed in the section “Personal Information We May Collect” above. This information falls into the following categories under the CCPA: identifiers; categories of Personal Information described in Cal. Civ. Code 1798.80(e); commercial information; geolocation information; audio, electronic, or visual information; internet or electronic network activity information; inferences drawn from the above categories. Additionally, we collect the following “sensitive” Personal Information: account credentials; government-issued identifiers (e.g., Social Security and driver’s license numbers); racial or ethnic origin and citizenship;  contents of messages that you send on and through our Services, including communications with our customer service providers.
  • Sensitive Personal Information Uses or Disclosures: We do not use or disclose “sensitive” Personal Information for purposes other than those specified by the CCPA.
  • Business or Commercial Purpose for Collecting and Selling Information: We collect Personal Information for the business and commercial purposes described in “Personal Information We May Collect” and “How We May Use Personal Information” above.
  • Categories of Sources of Personal Information: We collect Personal Information from and about you as described in “How We May Collect Personal Information” above.
  • Categories of Third Parties with Whom We Disclose Information: We may disclose your Personal Information with third parties as described in “How Personal Information May Be Disclosed” above.
  • Categories of Personal Information Disclosed: In the preceding 12 months, we have disclosed the categories of Personal Information listed in “Personal Information We May Collect” for the reasons described in “How We May Use Personal Information” and “How Personal Information May Be Disclosed” above.
  • Sale or Share of Personal Information: Because we engage in the practice of cross context behavioral advertising, also known as online targeted advertising, we may “sell” and/or “share” your Personal Information as those terms are defined by the CCPA. In the preceding 12 months, we may have “sold” or “shared” identifiers, commercial information, and internet or electronic network activity information with data analytics, advertising networks, and/or social media networks. We do not have actual knowledge that we “sell” or “share” the Personal Information of individuals under the age of 16.

California’s Shine the Light Law
Under California’s Shine the Light Law, California residents may request information from us regarding how we may share personal data with third parties for their direct marketing purposes by contacting us as explained in “Contacting Us” section below. California residents may also receive the following information in relation to this request: (i) the categories of personal information we disclosed to third parties for their direct marketing purposes during the preceding calendar year; (ii) the names and addresses of the third parties that received the information; and (iii) if the nature of the third party’s business cannot be determined from their name, examples of the products or services marketed.

UPDATES TO THIS PRIVACY POLICY
We may update this Privacy Policy at any time. Any changes to this Privacy Policy will become effective when we make the revised Privacy Policy available through the Services. We will update the “Effective Date” date at the top of this Privacy Policy if we make any such changes to this Privacy Policy. Your use of the Application or the submission of any information in connection with the Services following any change means that you accept the revised Privacy Policy. We encourage you to periodically review this Privacy Policy to stay informed about how we collect, use, and disclose Personal Information.

CONTACTING US
If you have any questions or comments about this Privacy Policy, please contact us by e-mail at hello@tavahealth.com or by writing us at P.O. Box 581406, Salt Lake City, UT 84158 or calling us at +1 866 985 8268. Please note that e-mail communications are not always secure; so please do not include health information, credit card information, or other sensitive information in your e-mail messages to us.