Stride Privacy
Welcome to the website located at www.stridehealth.com (the “Site”). This Policy explains how Stride Health Inc. (which we refer to here as “we,” “us,” “Stride,” and variations of the same) collects, uses, shares and secures personal information of our users (“you,” or “user”) as used in this policy.
This policy was last updated and is effective as of September 14, 2015. If you want lighter reading about our privacy practices, you can look here. This document provides detailed discussions about our operations as they related to the privacy and security of your personal information.
What specific information we collect from you and how we use, share and secure it varies depending on how you choose to use the Site and other Stride services, such as the Stride Tax app (collectively, “Services”). We offer benefits to Site visitors that fit into each of the following three categories:
Our Users
Just Looking. You might visit the Site to view the plans we recommend based on your health needs, and you don't have to permanently save anything on our servers to do it. In this Policy, we call this group of users “Lookers.”
Still Thinking. If you want to save your health insurance recommendation for later use or simply pause until your next visit, we give you the option to save your progress. If you do, we store your health profile at your direction so you can search and apply for coverage more easily later. In this Policy, we call this group of users “Savers.”
Ready to Roll. If you choose to purchase a policy we recommend directly through the Site OR create a Stride account through any of the Services, we collect, use, and permanently store more information than we would for users who don’t make a purchase. In this Policy, we call this group of users “Buyers.”
Our Cookies
The non-edible cookies we use are relevant for all three groups of our users. A “cookie” is a small piece of software code that a website saves on users’ devices. This piece of code retains certain information about the user’s Site visit that the Site consults upon the user’s next visit. They are many types of browser cookies that do many magical and terrifying things, but ours are pretty simple: they only live for 30 days, so they’re “session” cookies. After 30 days, they will expire and won’t tell our Site anything more. So, if you’re only a Looker and you come back after 60 days, we won’t know that you’d visited us before.
We do use your IP Address (or, on mobile, GPS data and other similar location services) to make a prediction about your geographic location, which we prepopulate into our Site to give you recommendations, and this location (as well as any updates you make to that location) will be stored on our Temp Server (see below) as a part of the packet of information we keep about users who are active Lookers. We don’t associate your cookie with your IP Address on our Temp Server, and we will only ever save your IP Address independently of any personally-identifiable information you provide, on separate server space, as part of the log files we use to debug and improve our products. We don’t tie it back to your session cookie.
Otherwise, our session cookie is used to retain the content of fields in our interface you’ve updated to tell us about your needs so that our systems can return the best detailed recommendations to you about your options for insurance plans and pricing.
Information We Collect and How We Use It
While you’re a Looker, information about your use of the website is associated with your session cookie – not personal information like your name, email, or address. We use a periodically-cleared caching server (the “Temp Server”) to return plan pricing and recommendations based on your data inputs. While the Temp Server may collect and store a log of how Lookers have used the Site, that log is tied to the session cookie on your computer (at least, until your session cookie expires), not to your persistent IP address. We use the log to debug and improve our Site functionality. We use the cookie and the data it contains to continue presenting relevant and updated plan recommendations to you. So, while you’ve entered health information as a Looker, we don’t associate that health information with any identifiable user until that user chooses to create an account.
Once you choose to become a Saver, we’ll present you with our registration process. Registering creates an account for you on our long-term transactional server (the “Static Server”). There, we’ll store any information you entered during registration in association with your account ID, such as your name, email, the contacts with whom you’ve chosen to share your progress, and your progress information from your session cookie. We will also update your session cookie with this information — but that session cookie still expires after 30 days. If you come back after 30 days and want to pickup where you left off, you’ll have to log in again because our systems won’t have a cookie to consult to return you to where you’d progressed before.
If you become a Buyer, we need more details about you and your health to effect your purchase. First, we’ll need credit card information so you can pay for your plan. In some cases we’ll also need your Social Security Number (for example, to verify the amount of a federal subsidy you receive) as a component of your application for insurance coverage. We’ll store your SSN in association with your Account ID to serve ongoing requests from your carrier; in addition, we’ll store your application documents, which do contain personal information, on a specific, segregated server space. We do this in case your carrier has a problem processing it, but after 90 days we remove the full application from our database. Your application documents and SSN are stored in association with your Account ID as well and consulted to process your transactions, as described further in our Sharing section below. If you have created an account through other Stride Services but have not purchased a health plan from, we treat your information as described for “Buyers” in this policy. You are also treated as a “Buyer” as defined in this policy if and when you choose to connect your financial accounts with your Stride accounts.
Your Access
As a Looker, you access and update the information our mechanisms store about you by simply using the Site.
Our Storage
Above we mentioned two of our servers relevant to your experience: our Temp Server and our Static Server. We own and control both of these servers as of the date of this policy, but in the future we may also use a cloud-based third party provider with high security and privacy standards. The Temp Server holds user information that is not required for the continuing operation of our business, so we can clear our irrelevant records regularly to protect your privacy. We may use other servers to store log information about Site usage and user interactions associated with an IP Address. Other computer servers are involved in the operation of our business, but they don’t hold information that could identify you as an individual without reference to other information. We do that on purpose — this way, we hope that anyone who manages to access our fortified systems still can’t access Personal Health Information or other personally identifiable information about our users.
Our Security
Depending on which of our servers you use, our security methods vary. For example, we use SSL/TSL encryption on our transmissions between our Temp Server and your session cookie. However, once you have created an account, we use a more sophisticated method of preventing unauthorized access that sends a custom code alongside your login credential to make them harder to fake.
When information is stored on our servers, including our Static Server, it is stored in encrypted format. We do — and will continue to — periodically update our encryption methods to equal or exceed the best security options and standards for companies in our industry. In addition, we regularly review our server architecture to make sure sensitive personal and health information is secure.
Unfortunately, however, the Internet is full of security risks, and no web transmission is guaranteed to be 100% secure. Ultimately, you send any information about yourself or your health through a network connection at your own risk, as we cannot assure you that we — or any web company — will never experience any kind of data breach. For this reason, we have designed our systems and our product to function so that if any breach does occur despite our encryption efforts, the amount and sensitivity of any user data which is compromised will be minimal — for example by the use of segregated servers and data sets from which identifying characteristics have been wiped.
How and When We Share Your Information
We only share personally-identifiable information (including Health Information, as defined by HIPAA) with third parties in connection with processing your insurance purchase transactions or where you have specifically asked that we do so. This may include sending details specifically described in this Policy to an insurance carrier as a part of your insurance application and approval process. It may also include consultation with entities that evaluate government healthcare vouchers or credits. Finally, it will include third party payment processing and related services.
We will not sell personally-identifiable information to third parties. Our marketplace reports, user analyses, internal analytics, and other business insights will only be disclosed to the public where user information has been converted to an anonymized, aggregated form. In that form, which we do not believe can be used to identify you as an individual, we may consult third parties or use data sets internally to improve our business, market our products, or optimize our technology.
There are a few reasons we might share user personal information that would be true of most businesses in our market space. They are:
Affiliates
We may share your information with any parent or subsidiaries, or other companies or entities which control, are controlled by or under common control with us, in which case we will require such parties to honor this Privacy Policy with respect to such shared information.
Third Party Service Providers
We may provide your information to third party companies to perform services on our behalf, including, for example, e-mail delivery, hosting services, data backups, analytics, and customer service. We may use independent contractors to provide services on our behalf and they may have technical access your information in the course of providing those services. We require such third party service providers to agree contractually to maintain the confidentiality of the information disclosed to them and to not use your information for any purpose other than to provide services to us.
We use Plaid to gather your data from financial institutions. By using our Services, you grant Stride and Plaid the right, power, and authority to act on your behalf to access and transmit your personal and financial information from the relevant financial institution. You agree to your personal and financial information being transferred, stored, and processed by Plaid in accordance with the Plaid Privacy Policy.
Safety, Security and Compliance with Law
We may disclose any information, including personal information, we deem necessary to comply with any applicable law, regulation, legal process or governmental request, to enforce our rights or to protect the safety and security of our Site or other users.
Business Transactions
In the event we undergo a business transition, such as a major investment transaction, merger, acquisition by another company, or sale of all or a portion of our assets, we may transfer your information to the actual or intended investor or successor organization in such transaction, or permit its examination under confidentiality restrictions by our counterparty. If material changes to our privacy practices will occur as a result of the business transition (as determined in our reasonable discretion), we will make a reasonable attempt to notify you by sending you an email alerting you to the business transition.
Do Not Track Mechanisms
Because of the nature of our Site and our recent launch, we do not have the capacity to track or recognize “do not track” functionality on the Site at this time. However, we also do not deliver advertising directly on the Site. While some third party may seek to reveal or reference the contents of the session cookie our Site placed on your machine, we don’t place cookies with the intention of revealing your individual identity to third parties.
Other Third Parties and Your California Privacy Rights
As of September 14, 2015, we do not share users’ personal information (such as your email) with third parties for direct marketing. We are therefore not subject to the requirements of California Civil Code 1798.83, though we are happy to answer your questions at support@stridehealth.com.
In the future we may offer an application programming interface (i.e., an “API”) that allows third parties to build tools that are interoperative with our Site and services. You may have the opportunity to authorize such third parties to access your account. You may also have the opportunity to use third party accounts (like Facebook) to quickly populate your registration dialogs. As with other third party platforms and links you can integrate using third party APIs, we have no control over third party sites or their data handling practices. Those sites’ own privacy policies govern their use of your data. We encourage you to review any such policies before authorizing any connection to us.
Our Policies Regarding Children
This Site is not intended for use by anyone under 18 years of age, period, and use by minors is expressly prohibited by our Terms of Use.
Parents and legal guardians (including those of minors under 13) may choose to enter information about their children to explore or obtain a family health plan. Upon any such entry, you consent to the processing and transmission of your children’s personal information as disclosed in this policy, in our context-specific disclosures around the site, and in our Terms of Use.
Updating Your Personal Information
You may contact us to request that we make changes to your account information or delete your account entirely at privacy@stridehealth.com. If you contact us to request that we delete your account we will do so as soon as is practical. Information stored on our Temp Server will be periodically deleted as described above even without an email request from you.
However, certain information we gathered during your use of the Site, which is not in a form that could identify you as an individual or natural person, will remain on our servers because it helps us continue to improve our products and is relevant to optimizing systems for other users. For example, we may still use the fact that you and 1,000 other users failed to register at a particular point in the process to teach us how to make the future user experience better, even after you delete your account.
Please note that to the extent you have chosen to integrate any third party account, we will collect information directly from that account; as a result, to update or modify such information, you must do so through the applicable third party account. Changes made within our Site are not necessarily pushed to third party services, and we have no ability to have information held by such third parties deleted if you choose to delete your Stride account. You also may have to update your contact, billing and personal information directly with your insurance carrier.
We may send you emails with updates about our product from time to time or messages from our partners, which will contain a link so you can unsubscribe if you no longer wish to receive them.
Contact Us
Stride Health, Inc.Attn: Privacy568 Brannan St San Francisco, CA 94107