iKinnect Privacy Policy

Last Updated: June 28, 2023

The privacy of your personal information is important to us. This Privacy Policy describes what information is collected by Jaspr Health, how it is gathered, how it is used, to whom it is disclosed, and how it is secured, updated and deactivated.

What Information Does Jaspr Health Collect?

Jaspr Health collects personal information (such as contact information and date of birth), Protected Health Information (such as data about health status, thoughts and behaviors pertaining to suicide, and provision of healthcare), and non-personally identifiable information (i.e., information that is about an individual but are not traced back to any individual and is not used on its own to identify an individual, such as information about your browser or device).

We obtain information from a variety of sources, including:

When you provide it to us by, for example, typing it in when you create an account on our Services or uploading a document or other file to our services.
From third parties, such as, but not limited to, when you authorize us to retrieve and import information from another user or third party on your behalf, such as a healthcare provider.

Jaspr Health does not knowingly collect any information from anyone under 13 years of age.

Who Can Access Information?

Jaspr Health restricts access to information using appropriate technical and organizational safeguards based on the nature of the information. Information input by patients and reports compiled by Jaspr Health using this information may be viewed by patients, the healthcare organization providing treatment, providers at the healthcare organization, and Jaspr Health, as permitted by applicable law. Jaspr Health information and reports may be added to the patient’s electronic health record, becoming part of the record shared by healthcare and other organizations as part of the patient’s treatment.

Information input by providers and other healthcare organization representatives may be viewed by subject patients and other healthcare organization representatives, depending on their administrative permissions, and access to patient electronic health records within those organizations. Jaspr Health does not control and is not responsible for the administrative permissions of healthcare organizations.

Protected health information collected by Jaspr Health is used and disclosed only as is permitted by the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act. Only persons explicitly authorized by patients to have access to their healthcare information will be provided access.

We do not sell or rent your personal information to third parties. We may disclose your information to third parties as described previously. We may disclose personal information to our service providers and vendors in order to provide the services you have requested from us, such as use of our software applications if you authenticate through a third-party service. These third parties are obligated to protect your personal information in strict accordance with our policies, HIPAA, and HITECH.

We may at times be required to disclose personal information you provide us as required by a legal obligation, such as in response to a court order or applicable statute. In the event of a reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings), we may have a legitimate interest in disclosing or transferring your information to a third party — such as an acquiring entity and its advisers.

Why Do We Gather Your Personal Information?

We use personal information for the following purposes:

Personal and healthcare information inputted by patients is gathered by healthcare providers and healthcare organizations for purposes of allowing a healthcare provider to plan and deliver care to patients
Information inputted by healthcare providers and healthcare organizations regarding patients, which may include healthcare information and personal information, is gathered for purposes of health care delivery

Administrative announcements about features, functionality, terms, or other aspects of our Services
Research purposes—anonymized data (stripped of all personally identifying information) is aggregated with the anonymous data of other users into a data repository for data analysis and clinical research to better understand behavioral and other health problems and improve health care, and to develop and improve our Services; anonymous data may be shared with other third party recipients for the purposes of research (depending on our agreement with the third party, Jaspr Health may or may not charge for this information)
Product development purposes and improvement activities, such as estimating our audience size and usage patterns
In order to provide you with our Services
To provide, support, personalize, and develop our websites, products, and/or services;

To create, maintain, customize, and secure your account with us;
To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses;
To help maintain the safety, security, and integrity of our Website, products and services, databases and other technology assets, and business;
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations; and
To fulfill any other purpose for which you provide personal information

Any other use that you consent to in advance
Any other purpose described in this Policy or the Terms of Service

How Is Information Viewed, Updated, and Deactivated?

Upon written request by the account holder, an account will be deactivated and archived. We retain archived information for a period of five (5) years (or longer if required by applicable law or regulation) as necessary to comply with legal obligations, resolve disputes, enforce our agreements and other authorized uses under this Policy. Unless otherwise required by law, Jaspr Health shall be under no obligation to retain any of your account information and may delete the same immediately following deactivation of your account.

HIPAA grants patients certain rights to access and correct certain health information their healthcare providers retain about them. Patients should submit requests to access or correct their health information directly to their healthcare providers. Certain personal information can also be corrected within our Services. If you believe that we have inaccurate personal information, and are unable to correct it through the Services, please contact us at: privacy@jasprhealth.com

Please note that de-identified health information is stored indefinitely in our anonymized data repository.

How We Protect Your Personal Information

Jaspr Health takes administrative, technical, and physical measures to safeguard your personal information against loss, theft, and misuse, as well as unauthorized access, disclosure, and destruction.

Changes to this Policy

Revisions of our Privacy Policy will be posted on this webpage, within the app(s), and/or sent to you via email to the last email address you provided to us (if any). By your continued use of Jaspr Health Services following the new effective date will constitute your acceptance of such changes or modifications.

As is standard practice on many webpages, Jaspr Health uses “cookies” and other technologies to help us understand how our users interact with our website. Cookies contain information that is transferred to your computer’s hard-drive. These cookies are used to store information, such as the time that the current visit to our webpage occurred, whether you have visited our webpage before, and what third party page, if any, referred you to our webpage.

If you prefer not to enable cookies, you can disable them in your browser. Please note that certain features of our webpage and application may not be available once cookies are disabled. As is true of most webpages, we gather certain information automatically and store it in log files. This information includes Internet Protocol (IP) addresses, browser type, Internet Service Provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information as described above in this Privacy Policy.

Children's Privacy

Jaspr Health is committed to protecting the privacy of children and abiding by the provisions of the Children’s Online Privacy Protection Act (COPPA). Our website and services are not designed or intended to attract children under the age of 13. In the event that Jaspr Health is notified or becomes aware that the site or services have been used by a child under the age of 13 to store information of that child without parental consent, Jaspr Health shall be and is authorized to delete, in its entirety, any of the information stored by that child. Jaspr Health also reserves the right to revoke any license to use the site and service which is being used or has been used by a child under the age of 13.

State Privacy Disclosures

State consumer privacy laws may provide their residents with additional rights regarding our use of their personal information.

Colorado, Connecticut, Virginia, and Utah each provide their state residents with rights to:

Confirm whether we process their personal information

Access and delete certain personal information
Data portability
Opt-out of personal data processing for targeted advertising and sales

Colorado, Connecticut, and Virginia also provide their state residents with rights to:

Correct inaccuracies in their personal information, taking into account the information's nature processing purpose
Opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects

To exercise any of these rights please use the appropriate feature in the Services, and if you are unable to resolve the exercise of such right through the Services, please email us at: privacy@jasprhealth.com. To appeal a decision regarding a consumer rights request please email us at privacy@jasprhealth.com.

Data Privacy for California Residents

This section applies solely to visitors and users of our Services who reside in the State of California. We have adopted this notice to comply with the California Consumer Privacy Act of 2018 (the “CCPA”) as modified by the California Privacy Rights Act (the “CPRA”), and the California Online Privacy Protection Act (“CalOPPA”), and any terms defined in the CCPA, CPRA, or CalOPPA have the same meaning when used in this notice.

For the purposes of this section “California Data Subject” shall mean: (1) an individual who is in the State of California for other than a temporary or transitory purpose, and (2) an individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose.

Information We Collect

Jaspr Health collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California Data Subject or device (“personal information”). In particular, Jaspr Health has collected the following categories of personal information from California Data Subjects within the last twelve (12) months:

Identifiers (i.e. real name, alias, postal address, unique personal identifier, online identifier, internet protocol (IP) address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers)
- Yes, we collect this data
Characteristics of protected classifications under California or federal law (i.e. race, gender, ethnicity, disability status)
- No, we do not collect this data
Commercial information (i.e. records of personal property, products, or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies)
- No, we do not collect this data
Biometric information (i.e. fingerprint, facial pattern, voice, typing cadence)
- No, we do not collect this data
Internet or other electronic network activity information (i.e. information regarding usage of a site, software, or app)
- Yes, we collect this data
Geolocation data (i.e. physical location)
- Yes, we collect this data
Audio, electronic, visual, thermal, olfactory, or similar information (i.e. recordings of a California Data Subject)
- No, we do not collect this data
Professional or employment-related information (i.e. place of work, current occupation, duration of occupation, position/title)
- No, we do not collect this data
Education information (i.e. information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act, or FERPA)
- No, we do not collect this data
Inferences drawn from any of the information identified above (i.e. information used to create a profile about the California Data Subject reflecting their preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes)
- Yes, we collect this data

Sources of Personal Information

Jaspr Health obtains the personal information listed above from the following sources:

Directly from you (i.e. from forms you complete or orders for products and services you purchase)
- Yes, we receive from this source
Indirectly from you (i.e. from observing your actions on the Service)
- Yes, we receive from this source
Third Parties (i.e. we are provided information by our third party vendors such as: Technology Partners, Healthcare Providers)
- Yes, we receive from this source

Use of Personal Information

We may use or disclose the personal information we collect for one or more of the purposes listed in Why Do We Gather Your Personal Information, above, and as described to you when collecting your personal information or as otherwise set forth in the CCPA.

Jaspr Health will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Jaspr Health does not sell your personal information, however we share personal information with our third party service providers and vendors solely in order to provide you the Service(s).

Your Rights and Choices

This section describes your CCPA rights and explains how to exercise those rights.

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and verify your request, we will disclose to you:

The categories of personal information we collected about you;

The categories of sources for the personal information we collected about you;
Our business or commercial purpose for collecting or selling that personal information;
The categories of third parties with whom we share that personal information;
The specific pieces of personal information we collected about you (also called a data portability request);
If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:

sales, identifying the personal information categories that each category of recipient purchased; and
disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and verify your request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service providers to:

Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
Debug products to identify and repair errors that impair existing intended functionality;

Exercise free speech, ensure the right of another California Data Subject to exercise their free speech rights, or exercise another right provided for by law;
Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.);
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;
Enable solely internal uses that are reasonably aligned with California Data Subject expectations based on your relationship with us;
Comply with a legal obligation; and

Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

To exercise the rights described above, please submit a verifiable California Data Subject request to us by sending us an email at privacy@jasprhealth.com or calling us toll free at (800) 275-1343.

Only you or a person registered with the California Secretary of State, that you authorize to act on your behalf, may make a verifiable California Data Subject request related to your personal information. You may also make a verifiable California Data Subject request on behalf of your minor child.

You may only make a verifiable California Data Subject request for access or data portability twice within a twelve (12) month period. The verifiable California Data Subject request must:

Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and
Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable California Data Subject request does not require you to create an account with us. We will only use personal information provided in a verifiable California Data Subject request to verify the requestor’s identity or authority to make the request.

We aspire to respond to a verifiable California Data Subject request within forty five (45) days of receipt of the request. If we require more time (up to ninety (90) days) we will inform you of the reason(s) why an extension is needed and how long we anticipate the period to be. Any disclosure we provide will only cover the twelve (12) month period preceding the receipt of your request. If applicable, the response may provide the reasons why we cannot comply with your request. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable California Data Subject request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. We reserve the right to refuse to respond to verifiable California Data Subject requests that are excessive, repetitive, or manifestly unfounded.

Right of Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. We will not take any of the following actions against you in response to an exercise of your rights:

Deny you goods or services.
Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
Provide you a different level or quality of goods or services.
Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

California Do-Not-Track Disclosures

Our webpage does not track users over time and across third party websites and therefore does not respond to Do Not Track signals. We do not allow third parties to place any trackers or cookies that allow them to track users across websites.

You may contact us at:

Jaspr Health

3222 64th Avenue SW

Seattle, WA 98116

Email address: privacy@jasprhealth.com