PRIVACY POLICY

Effective date: February 7, 2025

Introduction

Welcome to Lara Health, Inc. The privacy of our users, clients and website visitors is important to us.

Our Privacy Policy explains how we collect, use, safeguard and disclose information that results from your use of our Services (as defined below), and applies to all Personal Information (as defined below) processed by us in connection with, or as part of providing our Services or engaging in written or electronic communications with you. 

We use your data to provide and improve the Services. By using the Services, you agree to the collection and use of information in accordance with this policy. If you disagree with any part of this Policy, you must not use or access our Services.

Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Terms and Conditions. Our Terms and Conditions (“Terms”) govern all use of our Services and together with the Privacy Policy constitutes your agreement with us (“agreement”).

Definitions

SERVICES refer to the suite of offerings provided by Lara Health, Inc., which includes:

  • Interaction through the website (https://lara.health); 
  • Interaction through mobile and web-based applications; 
  • Communications via telephone calls or digital audio or video calls (initiated by users or the Company), SMS, email, or push notifications; 
  • Any other tools facilitating connections between users and staff of medical practices or between users and company representatives acting on behalf of medical practices.

These Services collectively support the delivery, management, and coordination of healthcare services, including but not limited to secure data exchanges, communication, and operational facilitation. 

USERS are individuals who interact with Lara Health Services to receive healthcare-related support, including patients and other end-users of medical practice services facilitated through Lara Health’s tools. These users are the primary focus of this Privacy Policy.

OPERATOR USERS are representatives or staff of medical practices (our customers) who use Lara Health tools to deliver, manage, or coordinate healthcare services. They are governed by separate agreements, including Terms of Service and Service Contracts, tailored to operational use.

DATA CONTROLLER. A Data Controller is the entity that determines the purposes and means of processing personal data. In this context, the medical practices that partner with Lara Health act as Data Controllers, as they decide how and why patient data is collected and used within their practice. This excludes Lara Health’s own service and business data, for which Lara Health is Data Controller.

DATA PROCESSORS (OR SERVICE PROVIDERS) A Data Processor is the entity that processes Personal Information on behalf of a Data Controller. Lara Health acts as a Data Processor when handling Personal Information on behalf of its partner medical practices, strictly in accordance with their instructions and applicable data protection regulations.

DATA SUBJECT is any living individual who is the subject of Personal Information. Users, as defined above, are Data Subjects.

MINOR is any individual under the age of 18.

Process Information on Behalf of Our Customers

Our customers may choose to use our Services to process certain data of their own, which may contain information from or about you. Such personal information that is processed by us on behalf of our customers, and our privacy practices will be governed by the contracts that we have in place with our customers, not this Privacy Policy.

If you have any questions or concerns about how such information is handled or would like to exercise your rights, you should contact the person or entity (i.e., the data controller) who has contracted with us to use the Service to process this information. Our customers control the information in these cases and determine the security settings within the account, its access controls and credentials. We will provide assistance to our customers to help them address any concerns you may have, strictly in accordance with the terms of our contract with them and applicable data protection laws.

Information Collection and Use

Lara Health collects information about you, including information that directly or indirectly identifies you as a User. 

Lara Health, Inc. uses the collected data for various purposes, for example:

  1. to provide and maintain our Services;
  2. to notify you about changes to our Services;
  3. to allow you to participate in interactive features of our Services when you choose to do so;
  4. to provide customer support;
  5. to conduct internal analysis and gather insights to improve the security, functionality, and usability of our Services;
  6. to monitor the usage of our Services;
  7. to detect, prevent and address technical issues;
  8. to fulfill any other purpose for which you provide it;
  9. to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;
  10. to provide you with notices about your account and/or subscription, including expiration and renewal notices, email-instructions, etc.;
  11. to provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information;
  12. in any other way we may describe when you provide the information;
  13. for any other purpose with your consent.

Personal information

The sources from which we collect this personal information fall into three categories: information you provide, information we collect automatically, and information we collect from other sources, like your healthcare provider. For example, based on how you interact with Lara Health and the Services, we may collect information when you track, complete, or upload biometric data using the Services, and then store, process and manage on behalf of your healthcare provider. We may use the information we collect and receive about you to customize your experience and provide analysis and recommendations about you to your healthcare provider(s).

This includes account information such as your name, email address, phone number(s) date of birth, gender, weight, username and password that we collect to help secure and provide you with access to our Services. Additionally, Lara Health may collect or infer health information, such as heart rate. This information may include, but is not limited to:

  1. Identifiers, such as your real name, user ID, Internet Protocol (IP) address, email address, phone number, and other similar identifiers;
  2. Physical characteristics such as height or weight, as indicated by you or your healthcare provider;
  3. Gender and age, as identified by your healthcare provider;
  4. Biometric information, such as your blood pressure data;
  5. Medical information, such as information on any medical condition, or any health care or preventative care that might be relevant to you;
  6. Internet or other electronic network activity information, such as session logs;
  7. Recordings of conversations you have while using the Services. These may be in audio or video format, transcribed, summarized, tokenized, compressed, analyzed, and stored;
  8. Inferences drawn from any of the above information to create a profile reflecting your health status, characteristics, behavior, or that might be of support to your healthcare provider.

Certain health information may be inferred from sources such as heart rate or other measurements, including blood pressure, blood glucose, weight, or other indicators. Where health information can be used to uniquely identify you, it is considered personal information, and sensitive personal information under certain laws. When you use the Services, you give your consent to the processing of that health information by Lara Health. You can withdraw your consent to Lara Health processing your health information at any time.

We collect information from your browser, computer, or mobile device, which provides us with technical information when you access or use the Services. This technical information includes device and network information, cookies, log files and analytics information. 

The Services use log files. The information stored in those files includes IP addresses, browser type, internet services provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks. IP addresses may be linked to session IDs, user IDs and device identifiers. We use this technical information we collect and receive to protect our users and maintain the security and integrity of our Services. Lara Health uses automated tools to assist us in protecting and safeguarding you and other users and to keep the Services secure, for example to detect misuse and bad actors. Lara Health reserves the right to review accounts and user actions on the Services to ensure compliance with our Terms.

We may use your Personal Information to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link.

Some information might be required from you to create and access our Services and some information might be submitted by your care provider using Lara Health platform in order to provide services to you.

You can withdraw at any time your consent to collect, process, or disclose health data , including stopping your use of Service, removing our access to a third-party provider, deleting your data or requesting us to delete your account.

We use the information we collect and receive, including feedback you provide, to conduct research, and to analyze, develop, troubleshoot, increase functionality, and otherwise improve the Services. To do this, Lara Health may use third-party analytics providers to gain insights into how our Services are used, using aggregated data, and to help us improve the Services. We may also use the information we collect and receive to market and promote the Services, including using email and push notifications, in accordance with your preferences. We may also contact you on behalf of your healthcare provider, or when investigating alleged violations of our terms, or to send proactive customer support messages.

Information aggregation and de-identification

Lara Health may deidentify and aggregate the personal information you and others make available in connection with the Services (“Aggregated Information”) and use if for population health analysis or share it with third parties. Lara Health may use, license, or share this Aggregated Information with third parties for research, business or other purposes.

De-identified and Aggregated Information Use: We may use de-identified and/or aggregated information that can no longer be reasonably linked to you or your device(s) from the information we collect. De-identified and/or aggregated information is not subject to this Privacy Policy, and we may use and disclose such information in a number of ways, including research, internal analysis, analytics, and any other legally permissible purposes, including tokenization, analysis or processing through any quantitative methods for quality and training purposes, and operational improvements;

Lara Health does not use or disclose sensitive Personal Information for purposes other than the Permitted Sensitive Personal Information Purposes, as defined under California law.

Please note, according to U.S. State Privacy Laws, personal information does not generally include:

  • Publicly available information from government records.
  • De-identified or aggregated consumer information.

Artificial intelligence

Regarding our products or features using machine learning or artificial intelligence, including large language models, or AI agents (together, "AI Features"), Artificial intelligence and machine learning models can improve over time to better address specific use cases.  We do not use your Personal Information to train, refine, or improve any machine learning, artificial intelligence, or large language models used in our AI Features. Personal Information is strictly processed as required for providing Services, and any AI-related improvements are based solely on de-identified or aggregated data that cannot be linked back to you. We may use the information we collect from your use of AI Features, or any feedback you provide us with, to enhance the quality, reliability, and/or accuracy of our AI Features.

Information sharing

We may share your information with third parties who provide services to Lara Health such as supporting, improving, promoting and securing the Services, processing payments, or fulfilling orders. These service providers only have access to the information necessary to perform these limited functions on our behalf and are required to protect and secure your information. We may also engage service providers to collect information about your use of the Services over time on our behalf, to promote the Services or display information that may be relevant to your interests on the Services or other websites or services.

We enable you to share your information and content with third party partners, apps, plugins, or websites that integrate with the Services, as well as with third parties who work with Lara Health to offer a service, or an integrated feature. Information collected by these third parties, including your healthcare provider(s) is subject to their terms and policies and may not provide you with the same privacy framework available on Lara Health. Lara Health is not responsible for the terms or policies of third parties, including those of your healthcare provider(s).

You can choose to exchange your health and wellness data with third party partners. This data exchange might be facilitated via our API system or via Apple HealthKit API:

  • We only exchange your health and wellness data with your express consent
  • Your data, whether originating from the use of Lara Health for Patients app, our other services, from third party partners, or from Apple Health, is not used for marketing and advertising purposes. We never share your data with advertising platforms, data brokers or information resellers, and all our third-party partners are subject to requirements preventing them from using and/or sharing your data for marketing and advertising purposes
  • If you choose to share your Lara Health data with third-party services, the information you provide to the third-party services is governed by the third-party’s Terms and Conditions and Privacy Policy
  • If you choose to share your Lara Health data with Apple Health, the information you provide to Apple Health is governed by the Apple Terms and Conditions and Privacy Policy

We may share your information with our subsidiaries, who are required to handle your personal information in accordance with their own Privacy Policies.

If Lara Health becomes involved in a business combination, securities offering, bankruptcy, reorganization, dissolution or other similar transaction, we may share or transfer your information in connection with such transaction.

We may preserve and share your information with third parties, including law enforcement, public or governmental agencies, or private litigants, within or outside your country of residence, if we determine that such disclosure is compelled by or reasonably necessary to comply with the law, including to respond to court orders, warrants, subpoenas, or other legal or regulatory process, or otherwise permitted by law. We may also retain, preserve or disclose your information if we determine that this is reasonably necessary or appropriate to: (1) prevent any person from death or serious bodily injury; (2) to address issues of national security or other issues of public importance; (3) to prevent or detect violations of our services or fraud or abuse of Lara Health or its users; (4) or to protect our operations or our property or other legal rights, including by disclosure to our legal counsel and other consultants and third parties in connection with actual or potential litigation.

Tracking Cookies Data

We use cookies and similar tracking technologies to track the activity on our Services and we hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies are also used such as beacons, tags and scripts to collect and track information and to improve and analyze our Service.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service. Examples of Cookies we use:

(a) Session Cookies: We use Session Cookies to operate our Service.

(b) Preference Cookies: We use Preference Cookies to remember your preferences and various settings.

(c) Security Cookies: We use Security Cookies for security purposes.

(d) Advertising Cookies: Advertising Cookies are used to serve you with advertisements that may be relevant to you and your interests.

Retention of Data

We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), to pursue legitimate business interests, conduct audits, resolve disputes, and enforce our legal agreements and policies.

We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.

Transfer of Data

Your information, including Personal Data, may be transferred to – and maintained on – computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

If you are located outside United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to United States and process it there.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

Lara Health, Inc. will take all the steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

Disclosure of Data

We may disclose personal information that we collect, or you provide:

  1. Disclosure for Law Enforcement.
  2. Under certain circumstances, we may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities.
  3. Business Transaction.
  4. If we or our subsidiaries are involved in a merger, acquisition or asset sale, your Personal Data may be transferred.
  5. Other cases. We may disclose your information also:
  1. to our subsidiaries and affiliates;
  2. to contractors, service providers, and other third parties we use to support our business;
  3. to fulfill the purpose for which you provide it;
  4. for the purpose of including your company’s logo on our website;
  5. for any other purpose disclosed by us when you provide the information;
  6. with your consent or instructions in any other cases;
  7. if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of the Company, our customers, or others
  8. if your personal data was de-identified or aggregated.

Service providers

We may employ third party companies and individuals to facilitate our Services (“Service providers”), provide Services on our behalf, perform Service-related services or assist us in analyzing how our Services is used.

These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

This Privacy Policy does not apply to applications, products, software or services operated by third party service providers.

Analytics

We may use third-party Service providers to monitor and analyze the use of our Service.

Google Analytics

Google Analytics is a web analytics services offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: https://policies.google.com/privacy?hl=en

We also encourage you to review the Google's policy for safeguarding your data: https://support.google.com/analytics/answer/6004245.

Behavioral Remarketing

Lara Health, Inc. uses remarketing services to advertise on third party websites to you after you visited our Service. We and our third-party vendors use cookies to inform, optimize and serve ads based on your past visits to our Service.

Google Ads (AdWords)

Google Ads (AdWords) remarketing services is provided by Google Inc.

You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page: http://www.google.com/settings/ads

Google also recommends installing the Google Analytics Opt-out Browser Add-on – https://tools.google.com/dlpage/gaoptout – for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.

For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: https://policies.google.com/privacy?hl=en

Bing Ads Remarketing

Bing Ads remarketing services is provided by Microsoft Inc.

You can opt-out of Bing Ads interest-based ads by following their instructions: https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads

You can learn more about the privacy practices and policies of Microsoft by visiting their Privacy Policy page: https://privacy.microsoft.com/en-us/PrivacyStatement

Twitter

Twitter remarketing services is provided by Twitter Inc.

You can opt-out from Twitter's interest-based ads by following their instructions: https://support.twitter.com/articles/20170405

You can learn more about the privacy practices and policies of Twitter by visiting their Privacy Policy page: https://twitter.com/privacy

Facebook

Facebook remarketing services is provided by Facebook Inc.

You can learn more about interest-based advertising from Facebook by visiting this page: https://www.facebook.com/help/164968693837950

To opt-out from Facebook's interest-based ads, follow these instructions from Facebook: https://www.facebook.com/help/568137493302217

Facebook adheres to the Self-Regulatory Principles for Online Behavioral Advertising established by the Digital Advertising Alliance. You can also opt-out from Facebook and other participating companies through the Digital Advertising Alliance in the USA http://www.aboutads.info/choices/, the Digital Advertising Alliance of Canada in Canada http://youradchoices.ca/ or the European Interactive Digital Advertising Alliance in Europe http://www.youronlinechoices.eu/, or opt-out using your mobile device settings.

For more information on the privacy practices of Facebook, please visit Facebook's Data Policy: https://www.facebook.com/privacy/explanation

Pinterest

Pinterest remarketing services is provided by Pinterest Inc.

You can opt-out from Pinterest's interest-based ads by enabling the “Do Not Track” functionality of your web browser or by following Pinterest instructions: http://help.pinterest.com/en/articles/personalization-and-data

You can learn more about the privacy practices and policies of Pinterest by visiting their Privacy Policy page: https://about.pinterest.com/en/privacy-policy

Payments

We may provide paid products and/or services within Service. In that case, we use third-party services for payment processing (e.g. payment processors).

We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

The payment processors we work with are:

Stripe:

Their Privacy Policy can be viewed at: https://stripe.com/us/privacy

Links to Other Sites

Our Services may contain links to other sites that are not operated by us. If you click a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Children's Privacy

Our Services are not intended for use by Minors. We use the date of birth we receive from healthcare providers to help confirm that a user is old enough to use the Services, which are not available to Minors.

We do not knowingly collect personally identifiable information from Minors. If you become aware that a Minor has provided us with Personal Data, please contact us.

Provisions for residents of certain U.S. states

Residents of certain U.S. states, such as California, Colorado, Connecticut, Oregon, Texas, Utah, or Virginia, and Montana as of October 1, 2024, may have additional rights under your corresponding state laws (“collectively, U.S. State Privacy Laws”). Only you or someone legally authorized to act on your behalf may make a request related to your personal information. 

In addition to the description of those rights, below we provide a general description of additional rights and disclosures about your personal information that may be available to you under these U.S. State Privacy Laws.

Access and Portability

Under U.S. State Privacy Laws, you have the right to make a free request regarding your right to know about the personal information we collect, use, and share two times in any 12-month period. Provided we can validate your request, we will make the disclosure no later than 45 days of receiving your request, unless we request an extension. In the event that we reasonably need a 45-day extension, we will notify you of the extension within the initial 45-day period.

Right to non-discrimination

You have the right not to receive discriminatory treatment for the exercise of your privacy rights under State Privacy Laws. We will not discriminate against you for exercising any of your U.S. State Privacy Law rights.

We do not sell your personal information for monetary value. However, under certain privacy laws, some non-monetary sharing of personal information with third parties – for example to provide you with targeted advertising for Lara Health on other platforms – may be considered a “sale” or “share” of personal information. To the extent such laws may consider this a sale or share of personal information, Lara Health does not “sell” or “share” your personal information for analytics or to serve you with targeted advertising on other platforms unless you accept non-essential cookies using our cookie banner.

Your Data Protection Rights under the California Privacy Protection Act (CalOPPA)

CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require a person or company in the United States (and conceivable the world) that operates websites collecting personally identifiable information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals with whom it is being shared, and to comply with this policy. – See more at: https://consumercal.org/about-cfc/cfc-education-foundation/california-online-privacy-protection-act-caloppa-3/

According to CalOPPA we agree to the following:

(a) users can visit our site anonymously;

(b) our Privacy Policy link includes the word “Privacy”, and can easily be found on the page specified above on the home page of our website;

(c) users will be notified of any privacy policy changes on our Privacy Policy Page;

(d) users are able to change their personal information by emailing us at legal@lara.health.

Our Policy on “Do Not Track” Signals:

We honor Do Not Track signals and do not track, plant cookies, or use advertising when a Do Not Track browser mechanism is in place. Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.

You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.

Your Data Protection Rights under the California Consumer Privacy Act (CCPA)

If you are a California resident, you are entitled to learn what data we collect about you, ask to delete your data and not to sell (share) it. To exercise your data protection rights, you can make certain requests and ask us:

(a) What personal information we have about you. If you make this request, we will return to you:

(i) The categories of personal information we have collected about you.

(ii) The categories of sources from which we collect your personal information.

(iii) The business or commercial purpose for collecting or selling your personal information.

(iv) The categories of third parties with whom we share personal information.

(v) The specific pieces of personal information we have collected about you.

(vi) A list of categories of personal information that we have sold, along with the category of any other company we sold it to. If we have not sold your personal information, we will inform you of that fact.

(vii) A list of categories of personal information that we have disclosed for a business purpose, along with the category of any other company we shared it with.

Please note, you are entitled to ask us to provide you with this information up to two times in a rolling twelve-month period. When you make this request, the information provided may be limited to the personal information we collected about you in the previous 12 months.

(b) To delete your personal information. If you make this request, we will delete the personal information we hold about you as of the date of your request from our records and direct any service providers to do the same. In some cases, deletion may be accomplished through de-identification of the information. If you choose to delete your personal information, you may not be able to use certain functions that require your personal information to operate.

(c) To stop selling your personal information. We do not sell your personal information for monetary consideration. However, under some circumstances, a transfer of personal information to a third party, or within our family of companies, without monetary consideration may be considered a “sale” under California law.

If you submit a request to stop selling your personal information, we will stop making such transfers. If you are a California resident, to opt-out of the sale of your personal information, send your request via e-mail to legal@lara.health.

Please note, if you ask us to delete or stop selling your data, it may impact your experience with us, and you may not be able to participate in certain programs or membership services which require the usage of your personal information to function. But in no circumstances, we will discriminate against you for exercising your rights.

To exercise your California data protection rights described above, please send your request(s) by email: legal@lara.health

Your data protection rights, described above, are covered by the CCPA, short for the California Consumer Privacy Act. To find out more, visit the official California Legislative Information website. 

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update “effective date” at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, please contact us by email: legal@lara.health