Privacy Policy
Effective Date: April 19th, 2023
About the RiskAverse Privacy Policy
RiskAverse Inc. and its affiliates, successors and assigns (“We” or the “Company”) respects your privacy and is committed to protecting it through our compliance with this policy. This Privacy Policy describes the types of information we may collect from you or that you may provide when you visit the RiskAverse website (the “RiskAverse Site” or the “Site”) and our practices for collecting, using, maintaining, protecting, and disclosing that information. The terms “you,” “your,” “User,” and “Users” refer to any visitor to or user of the Site. We hope that reading our Privacy Policy helps you understand how we manage information about you and the measures we take to protect it.
How We Collect and Use Your Information
All of RiskAverse’s provided services on behalf of a health plan, healthcare provider, medical group, or another service partner will be covered by regulations that are under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Our services will fully comply with respective portions of the HIPAA regulations and the Business Associate Agreement executed separately with the customer.
We will not disclose any PHI (personal protected health information like your name or birth date or address) except to the respective partner of whom you are a member or patient. This will follow a separate agreement that is agreed upon by both of our parties.
For data security, we employ a layered defense strategy to protect our systems, networks, and the information that they store, process, or transmit. We currently use Heroku to host our platform, and we make use of their shield service to achieve HIPAA, ISO 27001, 27017, 27018 and SOC 1, 2, 3 compliance. In a shield space, our entire website is running on a server with an encrypted filesystem and all data is encrypted in transit and at rest in our database.
Health Information
When our services are not provided on behalf of a health plan, healthcare provider, medical group, or another service partner, RiskAverse’s publicly, accessible website, https://riskaversehealth.com, excluding any subdomain site, does not collect any information that personally identifies you unless you knowingly and willingly provide it by utilizing our services. At all times, we follow similar data protection protocols that are stated above to protect your information at all times.
Non-Personal Information
In order to improve the usefulness of the RiskAverse Site, our servers automatically collect information about your interactions on the Site, including, without limitation, pages visited on our site, any hyperlinks clicked to external sites, browser type, device type, and the date and time of any demo request. We may use such information to better understand how Users use our services, to analyze trends, prevent fraud, and gather broad demographic information.
User Communication
When you send email or other communications to RiskAverse, we may retain those communications in order to process your inquiries, respond to your requests and improve our services. We may use your email address to communicate with you about our services.
How We Handle Privacy and Security Internally
RiskAverse seeks to use reasonable physical, technical and administrative measures to protect Personal Information and health information under our control. Unfortunately, no data transmission over the internet or data storage system is guaranteed to be 100% secure. We have implemented appropriate technical and managerial procedures to maintain information that is accurate, current, and complete. We reserve the right to disclose information contained within our access logs concerning any user as we reasonably feel is necessary to protect our systems or business. We also reserve the right to report any suspected illegal activity to law enforcement for investigation or prosecution.
Sharing Your Information
We only share Personal Information with other companies or individuals outside of RiskAverse in the following limited circumstances:
Superseding all other use cases listed below, we may share your information with our partnered, medical enterprise to whom you belong. This includes, but is not limited to payers, providers, and hospitals. This is structured in an agreement set between RiskAverse and the respective enterprise.
We have your consent. We require opt-in consent for the sharing of any sensitive Personal Information.
We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable Terms and Conditions of Use, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against harm to the rights, property or safety of the Company, its users or the public as required or permitted by law.
If the Company becomes involved in a merger, acquisition, or any form of sale of some or all of its assets, the Company shall have the right to transfer your information in connection with that transaction. We will provide notice on the Site in the event of such a transfer.
If the Company becomes involved in a merger, acquisition, or any form of sale of some or all of its assets, the Company shall have the right to transfer your information in connection with that transaction. We will provide notice on the Site in the event of such a transfer.
You can ask for a list (accounting) of the times we’ve shared your health information for six years prior to the date you ask, who we shared it with, and why.
Third Parties
The personal information the company collects from you is stored in one or more databases hosted by third parties located in the United States. These third parties do not use or have access to your personal information for any purpose other than cloud storage and retrieval. On occasion, the Company engages third parties to send information to you, including information about our products, services, and events.
A list of our third party sub processors can be found here: Iterable, AWS, Heroku
We do not otherwise reveal your personal data to non-Company persons or businesses for their independent use unless: (1) you request or authorize it; (2) the information is provided to comply with the law (for example, compelled by law enforcement to comply with a search warrant, subpoena, or court order), enforce an agreement we have with you, or to protect our rights, property or safety, or the rights, property or safety of our employees or others; (3) the information is provided to our agents, vendors or service providers who perform functions on our behalf; (4) to address emergencies or acts of God; or (5) to address disputes, claims, or to persons demonstrating legal authority to act on your behalf. We may also gather aggregated data about our services and website visitors and disclose the results of such aggregated (but not personally identifiable) information to our partners, service providers, advertisers, and/or other third parties for marketing or promotional purposes.
The Company website connects with third party services such as Facebook, LinkedIn, Twitter and others. If you choose to share information from the company website through these services, you should review the privacy policy of that service. If you are a member of a third party service, the aforementioned connections may allow that service to connect your visit to our site to your personal data.
Use of Application by Minors
We are committed to protecting the privacy of children. We do not offer the RiskAverse Site to anyone under the age of majority in their jurisdiction of residence and do not knowingly collect personal information from children under 13. No one under age 13 may provide any information to or on the Site. If you are under 13, do not use or provide any personal information on or through the Site, register on the Site, or provide any information about yourself to us, including your name, email address or any user name you may use.
If you are the parent or guardian of a child whom you believe has disclosed personal information to us, please contact us at support@riskaversehealth.com so that we may delete and remove such child’s information from our systems. In addition, in the event that a minor under the age of 18 in California uses the Site, the minor may request that RiskAverse remove content or information posted by the minor on the Site by sending an email to support@riskaversehealth.com.
Jurisdiction
RiskAverse is controlled by us from the United States; accordingly, this Policy, and our collection, use and disclosure of your Personal Information and health information, is governed by U.S. law, and not by the laws of any country, territory or jurisdiction other than the United States. We do not represent or warrant that the RiskAverse Site or any functionality or feature thereof is appropriate or available for use in any particular jurisdiction. Those who choose to access or use the RiskAverse Site do so on their own initiative and at their own risk, and are responsible for complying with all local laws, rules and regulations. By using the RiskAverse Site and submitting any Personal Information or health information, users from outside the United States acknowledge that RiskAverse is subject to U.S. law and consent to the transfer of Personal Information and health information to the United States, which may provide a different level of data security than in their country of residence, and waive any claims that may arise under their own national laws.
Cookies
If you have questions regarding our use of Cookies, please visit our Cookie Policy page at https://riskaversehealth.com/cookies.
Changes to this Policy
Please note that this Privacy Policy may change from time to time. We will post any Privacy Policy changes on this page and, if the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of Privacy Policy changes). In all cases, use of information we collect is subject to the Privacy Policy in effect at the time such information is collected.
You should review this Privacy Policy each time you newly engage with our Site. You will be deemed to have accepted the terms of this Privacy Policy, as updated, if you continue to use the Site after you receive notice of such updated Privacy Policy. We reserve the right to discontinue the Site or any part thereof at any time.
Contact Us
If you have any questions about this Privacy Policy or have requests pertaining to your data, please contact us by e-mail at support@riskaversehealth.com.
Please note that e-mail communications are not always secure. Please do not include health information, credit card information or other sensitive information in your e-mail messages to us.