Stride Health, Inc.
Website and Mobile App Privacy Policy
Effective date: 10/19/2018
Welcome to this website or mobile application, a service of Stride Health, Inc. (“we” “us” or “our”). This Privacy Policy (“Privacy Policy”) explains how we collect and use data when you use this website or mobile application, or any other website, mobile application or interactive features that link to this Privacy Policy.
The Websites and Services Covered by this Privacy Policy
This Privacy Policy describes the information we collect about you, how we use that information, and how we protect your privacy when you use a website, mobile application or other interactive feature (each, a “Service, and collectively, “Services”) that links to this Privacy Policy, including, but not limited to:
Stride Health or Stride-branded websites, including www.stridehealth.com
Stride Health or Stride-branded mobile applications, including Stride Drive and Stride Tax
Interactive email or text messaging features, when you provide your email address or cell phone number to us, or consent to our use of your email address or cell phone number, in a website or mobile application that links to this Privacy Policy.
In addition, our Healthcare.gov Privacy Supplement describes specific privacy practices that we use when Stride helps you to get health coverage through the Health Insurance Marketplace.
We are not responsible for the privacy practices of any third party service providers (such as health plans, health insurance marketplaces, internet service providers or cloud service providers) or other third parties operating websites or applications to which our Services link. The inclusion of a link in any Services does not imply that we endorse, or otherwise monitor the privacy practices of that linked third party website or application.
The Categories of Data We Collect When You Use Our Services
We may collect two basic types of information: Personal Information and Non-Personally Identifiable Information.
By “Personal Information,” we mean data that is unique to an individual, such as a name, address, social security number, e-mail address, telephone number, and certain personal device information, as described below. Personal Information may also include information known as Protected Health Information (or PHI) which is defined by and managed in accordance with the Health Insurance Portability and Accountability Act of 1996, as amended (including its implementing regulations, “HIPAA”).
By “Non-Personally-Identifiable Information,” we mean information that does not identify you personally, but can provide us with usage data, either individually or in the aggregate. Non-Personally Identifiable Information may include demographic information, anonymized or aggregated information, certain information collected automatically through your device such as web browser information, server log files, cookie technology, pixel tags or beacons, and other technologies, and other data that we collect but does not identify you personally.
How We Collect Information
What specific information we collect from you -- and how we use, share and secure it -- varies with how you choose to use our Services.
Just Looking. If you visit our Services without creating a Stride account, we collect some Non-Identifiable Personal Information from you so we can help you find a health, dental or vision plan that works for you, based on where you live, the number of people in your household, your health care providers or your medical needs. When we collect this information, we associate it with a session cookie – not personal information like your name, email, or address. We call this group of visitors “Lookers”. We use a periodically-cleared caching server (the “Temp Server”) to return plan pricing and recommendations based on your data inputs. While the Temp Server may collect and store a log of how you have used our Services, that log is tied to the session cookie on your device (at least, until your session cookie expires), not to your persistent IP address. We use the cookie and the data it contains to continue presenting relevant and updated plan recommendations to you for up to 30 days. In other words, if you don’t return to our Service from the same device for 31 days, you would have to re-enter your information again. So, while you’ve entered health information, we won’t associate it with you until you choose to create an account with us.
Still Thinking. If you want to save our recommendations for later use, or maybe pause until your next visit, you can save your progress by creating a Stride account. If you do this, we store your health profile so you can search and apply for coverage more easily later. We call this group of visitors “Savers”. Registering for a Stride account means that we associate information that we collect from you or about you on our long-term transactional server (the “Static Server”), including Personal Information and Non-Identifiable Personal Information. We also associate a session cookie with your health profile, but because a session cookie expires after 30 days, you’ll have to log into your account before returning to where you’d progressed before.
Ready to Roll. If you use our Services to buy coverage from a plan that we’ve recommended, or to connect any of your financial accounts with your Stride account, we collect, use, and permanently store more information than we would for our other visitors. We call this group of users “Buyers”. Once you become a Buyer, we continue to collect Personal Information and Non-Identifiable Personal Information, but impose more controls to protect the privacy and security of your Personal Information. We also get your approval before exchanging Personal Information about you (in either direction) with third parties, like insurance carriers, Health Insurance Marketplaces or operators of third party services that link your accounts with them to your Stride account.
How We Use Tracking Technologies to Collect Usage Data
When you visit or interact with our Services, we collect data from you through a number of different automated technologies (“Tracking Technologies”), including:
Browser and device information. We may automatically collect certain web browser information. Web browsers collect and store information about the type of device and operating system you are using to access our Services, as well as your device’s media access control (“MAC”) address for facilitating network communications. Accessing this information helps us to establish a secure and consistent connection to you and to customize experience and content when you use our Services.
"Cookie" technology. A "cookie" is an element of data that we can send to your web browser when you link to our Services. It is not a computer program and has no ability to read data residing on your computer or instruct it to perform any step or function. By assigning a unique data element to each visitor, we can recognize repeat users, track your usage patterns and better serve you when you return to our Services later. The cookie can also track your usage patterns as you visit other websites across the internet. Your browser may offer you a “Do Not Track” option, which allows you to prevent us from tracking your online activities over time and/or across different websites. Our Services do not support Do Not Track requests at this time, which means that we collect information about your online activity both while you are using a Service and after you leave the Service. However, as we describe below under “How We Share and Disclose Information with Others”, we do not share or disclose this information as Personal Information with any third parties.
Client-side page tagging. This technology uses code on each web page to write certain information about the page and the visitor to a log when a page is rendered to you by our Applications. "Tagging" does result in a JavaScript program running in your browser, but it is limited to providing information about the page that you are requesting and the configuration of your browser. It will not read any of your data files, nor execute any additional programs. It does not extract any Personal Information about you. You can prevent tagging by disabling JavaScript in your browser, but that may prevent you from using all of our Services’ functions.
Tracking pixels or beacons. Tracking pixels (sometimes referred to as "web beacons") are tiny graphics with a unique identifier that perform a similar function to cookies, except that we include them on our websites and mobile applications to help us collect data about user activity. By contrast, cookies are stored on a user's computer hard drive. Web beacons are embedded invisibly on our web pages and are about the size of the period at the end of this sentence.
IP Address. When you subscribe to an Internet Service Provider (ISP), your computing device is assigned an IP Address. We may track and store this address to help us manage security, monitor usage volume and patterns, and to customize experience and content when you use our Services.
Device ID. Each mobile or web-accessible device has a unique alpha-numeric device identifier. By tracking and storing the Device ID for your device, our Services are able to recognize repeat users (or households), track usage patterns and better serve you when you return at a later time. It also helps us manage security, and monitor usage volume and patterns.
We treat data collected through Tracking Technologies as Non-Identifiable Personal Information if you are a Looker, Saver or Buyer, except when it is used with Personal Information that has been associated with your Stride account, in which case we treat it as Personal Information.
How We Use the Data We Collect
We use Personal Information and Non-Personally-Identifiable Information so that we can:
Verify your identity and authenticate access to your account
Provide you with the Services
Personalize the Services
Provide you with customer service and technical support
Evaluate and improve our Services
Notify you of new Service features or new Services that we provide
Notify you of other health services or plan benefits that your health care providers or health plan may provide
Bill and collect payment for any applicable fees or charges
Take action that helps us to maintain the security of our Services, the privacy of your Personal Information, obey laws and help prevent fraud and abuse
Update any hardware, software or other tools that we provide in conjunction with the Services
Take actions to enforce our agreements and policies
How We Share and Disclose Information With Others
Our policies for sharing and disclosing your Personal Information with others depends on whether you are a Looker, Saver or Buyer.
Third Party Service Providers. We consider all data we collect from Lookers, Savers and Buyers to be confidential. We use third party service providers to assist us in delivering our Services to you, including internet service hosting, technical integration, marketing, analytics, customer service, and fraud protection providers. We share data with these third parties, to the extent necessary for them to provide these services. These companies are acting on our behalf and are required, by contract with us, to keep our data confidential and are only authorized to use it for specific purposes.
Health Plans and Health Insurance Marketplaces. Our Services give Buyers the option of exchanging Personal Information with insurance carriers and Health Insurance Marketplaces. Our Privacy Supplement describes our privacy practices as part of our partnership with Healthcare.gov. You should read the privacy policies of these organizations to understand how they use your Personal Information. We do not endorse these organizations, and have no control over how they manage your Personal Information after we share or disclose it with them.
With Your Authorized Representatives. We deliver our Services to you and not to intermediaries that may offer assistance to you in managing your financial matters. While you may choose to share your Stride account credentials with someone, we have no way of verifying whether or not that person is really you, or whether they are authorized to access your Personal Information. You should only grant access to your Stride account with individuals you trust.
Legal Authorities. We may be required by law or legal process to disclose Personal Information to our lawyers, to third parties in connection with litigation, or to law enforcement personnel. We will disclose your Personal Information in compliance with applicable laws. We may provide this information without your consent and without notice to you when we are required to do so in order to comply with a valid legal process such as a subpoena, court order, or search warrant.
Affiliates. We may share Your Personal Information with any parent or subsidiaries, or other companies or entities which control, are controlled by or under common control with us. If we do so, they will be required, by contract with us, to keep this information confidential and only for purposes that are permitted in this Privacy Policy.
Business Transfers. If we enter into a merger, acquisition, or the sale of all or part of our assets, your Personal Information will likely be part of the assets transferred. We will notify you if this happens if we have a way to contact you and we are required to provide you with notice.
Cross-Device Linking and Advertising. We have third-party service providers that use different Tracking Technologies to predict or determine a likely association or relationship between two or more devices such as smartphones, tablets, desktop computers, etc. We may use analytics from these service providers to help us serve online content, including advertisements, about the Service across the internet on websites and social media platform. We do not permit any third parties to serve advertisements in our Services. We do not disclose Personal Information of Buyers to these third party service providers.
Tracking Technologies Used By Third Parties. Bear in mind, third parties, including Facebook, may use cookies, web beacons, and other technologies to collect information about you when you visit our website or mobile applications, including your IP address, web browser, pages viewed, time spent on pages, links clicked, and conversion information. We are not responsible for third party tracking technologies, and we encourage you to check the privacy policies of these third parties to learn more about their privacy practices.
California Privacy Act Notice. UNDER CALIFORNIA CIVIL CODE SECTIONS 1798.83-1798.83, CALIFORNIA RESIDENTS ARE ENTITLED TO ASK US, ONCE PER YEAR, FOR A NOTICE IDENTIFYING THE CATEGORIES OF INFORMATION WHICH WE SHARE WITH OUR AFFILIATES AND/OR THIRD PARTIES FOR MARKETING PURPOSES, AND PROVIDING CONTACT INFORMATION FOR THESE AFFILIATES AND/OR THIRD PARTIES. REQUESTS WILL APPLY TO INFORMATION PROVIDED DURING THE PREVIOUS CALENDAR YEAR (FOR EXAMPLE, IF YOUR REQUEST INFORMATION IN 2018, YOU WILL RECEIVE INFORMATION REGARDING 2017).
IF YOU ARE A CALIFORNIA RESIDENT AND WOULD LIKE A COPY OF THIS NOTICE, PLEASE SUBMIT A WRITTEN REQUEST TO: SUPPORT@STRIDEHEALTH.COM SUBJECT HEADING: “CALIFORNIA CIVIL CODE COPY OF NOTICE REQUEST) OR STRIDE HEALTH, INC, 501 2nd STREET, SAN FRANCISCO, CA 94107 (ATTN: PRIVACY).
What You Can Do With Your Information
If you are a Consumer, you may update your Personal Information (or correct it if it is incorrect) through your account or by contacting us at support@stridehealth.com or by calling us at (415) 930-9110. If you'd like us to help you remove your account or any of your Personal Information that we have previously collected through a Service, please contact us at support@stridehealth.com or by calling us at (415) 930-9110. In some cases, we may not be able to remove your Personal Information, in which case we will let you know if we are unable to do so, and why.
Retention of Your Personal Information
We will retain Personal Information for as long as your account is active or as needed to provide you with Services, or as otherwise necessary to help us improve our products and services, comply with our legal and contractual obligations, resolve disputes, and enforce our agreements with you.
Security
We have implemented technical, administrative and physical security measures based on generally accepted industry standards that are designed to protect your information from unauthorized access, disclosure, use and modification. We regularly review our security practices to consider appropriate new technology and methods. However, no method of transmission over the Internet or method of electronic storage is entirely secure. We enter into agreements with our third-party service providers that require them to adhere to privacy and security standards that are no less stringent than our own for the services that we delegate to them.
Children
We do not knowingly collect personal data from anyone under the age of 13 through our Services website, and our Services are not directed to children under the age of 13. Children should always get permission from a parent or legal guardian before sending any information about themselves (such as their names, email addresses, and telephone numbers) to us.
Users Outside of the United States
The Services that link to this Privacy Policy are for users located in the United States. If you use any of our Services from outside of the United States, then by providing us any of your data, you understand and consent to the collection, use, processing, sharing, and disclosure of your personal data as described in this Privacy Policy. You also consent to the transfer of your personal data to the United States for this collection, use, processing, and disclosure. The European Commission has determined that the United States does not provide an adequate level of protection to personal data and it may not offer the same level of data protection as the country in which you reside, whether that country is in the European Economic Area or elsewhere outside of the United States.
Email and Text Messages
Email and SMS text messaging are interactive communications technologies that we may use to deliver our Services. Because of how these technologies operate, email and text messages that we send you or you send us are not encrypted. This means that when they are sent over a network, someone else might be able to read, delete or alter them without your permission or knowledge. While interception or alteration of these messages is illegal, it is possible. In addition, we have no control over the electronic networks that are used to transmit email or text messages. There are some locations on our Services where we provide for a more secure environment in which to exchange information with you. If instead you choose to send or request information over unencrypted email or SMS text message, you agree that you understand and accept this risk.
Changes to this Privacy Policy
We reserve the right to change this Privacy Policy. When we change it, we will make a copy of it available to you by posting it on www.stridehealth.com and including a link to it in this Privacy Policy. If we make material changes to this Privacy Policy, we will make you aware of them where we post the updated policy and may also notify you by other reasonable methods that we select. If we make material changes to this Privacy Policy that will result in a new use, disclosure, or permission of access to your personal data that we previously collected and stored, we will obtain any consent that may be required by law. You understand and agree that if you use this website after the effective date of the updated Privacy Policy, we consider your use as acceptance of it.
This Privacy Policy replaces the Privacy Policy and Detailed Privacy Disclosures, dated September 14, 2015