Limbix Health, Inc. Privacy Policy

THIS PRIVACY POLICY DESCRIBES HOW INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED. IT ALSO DESCRIBES HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.  PLEASE DO NOT USE THIS APP OR RELATED SERVICES IF YOU DO NOT ACCEPT THE TERMS OF THIS PRIVACY POLICY.

Index to this Privacy Policy:
1. Introduction
2. The Personal Information We Collect.
3. How We Collect Personal Information.
4. Our Purposes for Collecting Personal Information.
5. How We Use, Share and Protect Personal Information.  
6. Use of Data for Research and Regulatory Submissions.
7. Links to Other Sites; Third-Party Apps; Transactions with Third Parties.  
8. Children Under 13 Years of Age.
9. Your California Privacy Rights; California Do Not Track Disclosures.
10. Accessing Your Information; How Users Can Access Their Personal Information and How Users May Request Changes to their Personal Data. 
11. Contact Us About Complaints, Questions, or Notices Relating to this Privacy Policy. 
12. How We Will Inform Users Changes to this Privacy Policy.

1. Introduction.
Limbix Health, Inc. (“Limbix”, “we” or “us”) provides digital prescription therapies designed to improve health outcomes. This mobile application (this “App”) is a digital therapeutic intended to provide a neurobehavioral intervention in patients 13 to 22 years of age as an adjunct treatment for symptoms of depression.

The App is a non-prescription medical device that is distributed pursuant to the U.S. Food and Drug Administration’s (“FDA”) Enforcement Policy for Digital Health Devices for Treating Psychiatric Disorders During the Coronavirus Disease 2019 (COVID-19) Public Health Emergency. The App includes data collection, storage, analysis and reporting tools, functions, and related services. Collectively, these will be referred to in this Privacy Policy as the “Service.” We may also operate a website for Clinicians and Clinical Partners (the “Website” or “Site”) through which Clinicians and Clinical Partners view Patient information and monitor Patient use of this App and the Service.  

By using this App and/or by providing Personal Data (defined below) to Limbix, you accept and hereby expressly consent to our collection, use, retention, and disclosure of your Personal Data in accordance with the terms of this Privacy Policy. Requested Personally Identifiable Information (defined below) will be identified as required or optional. If you choose not to provide required information, you will not be able to access the Service. By downloading or using our App, you are agreeing to permit Limbix to process collected data in accordance with this Privacy Policy, which applies to all users. 

Limbix is required to maintain the privacy of protected health information, to provide patients with notice of its legal duties and privacy practices with respect to protected health information, and to notify affected individuals following a breach of unsecured protected health information.

We last modified this Privacy Policy on Sep 22, 2021.

2. The Personal Information We Collect.
This Privacy Policy covers how Limbix collects, receives, uses, retains, and discloses Personally Identifiable Information (“PII”) and Protected Health Information (“PHI”) on this App. PII includes information about you that is personally identifying, such as your name, email address, geographic location and phone number, and that which is not otherwise publicly available. PHI includes information relating to your health, for example, name, email address, date of birth, results from PHQ-8 questionnaire (a tool used to assess depression symptoms and severity), and other data. PII and PHI may include other types of information depending on the legal definition that applies in your physical location. Only the legal definitions of PII and PHI that apply in your location will apply to you under this Privacy Policy.  PII and PHI are referred to collectively in this Privacy Policy as “Personal Data”.
 
When you use this App or the Service, we collect information relating to your browser or device type, the time and date you use the Service, operating system, identification of Site or App page views, use of particular Service features, geographic location and other statistical information relating to your use of this App or the Service. This information is referred to in this Privacy Policy as “Analytics.” We use Analytics to develop, improve, extend and test the Service (and underlying technology platforms). We may also disclose and distribute Analytics to Clinical and Pharmacy Partners for their use. When registering on this App, we collect your full name, date of birth, email address and password.

3. How We Collect Personal Information.
This App is available only to Patients who have consulted with a licensed healthcare provider and for whom the healthcare provider has determined that use of the App is appropriate.  Users must also provide their consent to Limbix, as described below.

Clinical Partners are hospitals, clinics, practices or other medical groups or health care systems that have contracted with Limbix to permit use of the Service by their respective Clinicians and Patients; “Clinicians” are licensed healthcare providers practitioners, who provide health care or related services to Patients; “Pharmacy Partners” are pharmacies that have contracted with Limbix to facilitate the use of the Service by Clinicians and Patients; and “Patients are individual patients of the Clinical Partner or Clinician who receive medical treatments, or individuals who are properly authorized representatives of any such patient.

Patients must be registered on this App and have an active account in order to use the Service. We may receive Personal Data about Patients from a Clinician, Clinical or Pharmacy Partner, as applicable, in order to establish an account and for you to be able to register for and use the Service and identify you as an authorized Patient. Limbix may collect Personal Data when Patients are registered through the Site and confirmed within this App. 

A Clinician may access, change, or modify your information, according to the privacy policy of that Clinical Partner. If you wish to access, amend, or modify your information in any way, please contact us at info@limbix.com.

We will retain Personal Data for as long as necessary to provide our services, but in no case later than six (6) years following termination of Services or withdrawal of your consent, unless otherwise required to be retained longer to comply with applicable legal or regulatory requirements, including but not limited to FDA requirements. We will retain and use Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. 

4. Our Purposes for Collecting Personal Information.
Clinicians, Clinical and Pharmacy Partners may provide your Personal Data to Limbix in order to register you as a user of the Service.  As you use this App and the Service, the information you provide through this App and Service may be viewed by your Clinician and Clinical Partner on the Site to enable your health care team to provide therapy and treatment.

5. How We Use, Share and Protect Personal Information.  
We may combine this information with the Personal Data about you that we receive from the applicable Clinician, Clinical or Pharmacy Partner to create your user profile and provide you with the Service.
Limbix uses Personal Data and information you provide to us through this App and the Service: 
To provide the Service and treatment.  For example, Limbix may use or disclose your protected health information for the purpose of allowing Limbix or the Clinician, Clinical and Pharmacy partners to provide treatment and/or contact you about reminders and treatment effectiveness and alternatives;
To communicate with you. For example, to reset password or reminders;
To communicate with your Clinicians, Pharmacy, and Clinical Partners as applicable to review the functionality and effectiveness of treatment;
For payment, as applicable.  We may use/disclose your information for the purpose of allowing us as well as our partners to secure payment for services provided to you;
For health care operations. We may compile information and Analytics about you, your use of this App and other treatments, and share those with our Partners; To create user profiles; 
To create de-identified analytical information about the effectiveness of the Services and for use in scientific analysis, research and regulatory submissions (see Section 6 below), and/or improvement of our products and services;
To help us evaluate, improve, and troubleshoot our products and services;
To monitor and analyze usage and trends regarding our products and services;
To reply to your request for information or comments; and To monitor users’ safety while using this App or Service.

Only Limbix employees, Clinicians, and Clinical and Pharmacy partners who need to know your Personal Data for the purposes described above will have access to your Personal Data, and Limbix will ensure that all such individuals are subject to stringent obligations to keep your data confidential and to use it only for the purposes described above. We will not otherwise share and we will not publicize any of your Personal Data without your express written permission.  A separate authorization would be required for any use and disclosures of Personal Data not described in this Privacy Policy and Notice. 

Certain health and medical information about you may be protected under Health Insurance Portability and Accountability Act (“HIPAA”) Privacy Rules or other applicable laws.  This information may be provided by you online or offline, or may be collected by us from other methods such as through a health care provider. We protect covered health and medical information as required by HIPAA and applicable state law. Similarly, we may use covered health and medical information as permitted by HIPAA and applicable state law.

Limbix uses secure socket layer (SSL), firewalls, and end-to-end encryption to protect your Personal Data from unauthorized access, disclosure, alteration, or destruction. All Personal Data is transmitted, stored, and processed in a secure environment in accordance with HIPAA and related guidance. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its security. 

Some of your Personal Data may be shared with your health care team, including Clinicians, and Clinical and Pharmacy Partners, which they will access and view through the Site. We will disclose your Personal Data and non-personal data to third party vendors who help us operate this App, Site, and Service. These third parties are contractually obligated to maintain the confidentiality of your Personal Data consistent with the terms of this Privacy Policy and to comply with applicable data protection laws. 

We will disclose your information as required in response to valid legal process, for example, in response to a court order, a subpoena or other legal request for information, and/or to comply with applicable legal and regulatory reporting requirements. We also may disclose your information in response to a law enforcement agency’s request or other request for information from the U.S. or other government entities, or where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or to verify or enforce compliance with the policies governing our products and/or services and with applicable laws, or as otherwise required or permitted by law or consistent with legal requirements. In addition, we may, upon notice to you and/or your Clinical Partner, transfer your information to an entity or individual that acquires, buys, or merges with Limbix. 

We share anonymized, de-identified Analytics with Clinicians, and Clinical and Pharmacy Partners for their internal use and with third parties to market and promote Limbix and the Service. 

6. Use of Data for Research and Regulatory Submissions
We may use your Personal Data, Analytics, and evaluation results in our research and regulatory submissions. Wherever possible, this information will be deidentified. We may engage in research with third parties like universities, hospitals, health systems, government institutions, or private companies to develop new technology, validate our App or Service, or improve existing technologies or processes. We may use our research results, which include your data, in submissions to the U.S. Food and Drug Administration (FDA) in order to seek FDA clearance or approval of our App or Service. We may also author publications using your deidentified data either on our own or in collaboration with academic or commercial third parties. You can opt out of use of your data for these research and regulatory submission purposes by contacting info@limbix.com indicating that you do not consent to these uses during the App sign-up process. If you choose to opt out after initially consenting, you may contact Limbix at info@limbix.com. However, if you have consented in the past and later opt out, we cannot retract your deidentified information and/or results from research already performed. 

7. Links to Other Sites; Third Party Apps; Transactions with Third Parties.  
This App and Site may contain links to other sites that are not owned or controlled by Limbix. Please be aware that we are not responsible for the privacy practices of these other sites. We encourage you to review the privacy policies and statements of other sites to understand their information practices. Our Privacy Policy applies only to information collected by our App, Site and Services. 

You may be able to obtain an App, access the Service and/or communicate with the Service from, and you may be able to link or communicate from the Service to, applications, devices, distribution platforms and websites owned and operated by Clinical or Pharmacy Partners and/or by Apple, Google or other third party distribution platform operators. These other applications, devices, platforms and websites belong to third parties and are not operated or controlled by Limbix. Our Privacy Policy does not apply to any information collected, received, used, processed, transferred or disclosed by such third parties. Additional or different terms and conditions (including without limitation, privacy and security practices) apply when you access and use third party applications, devices, platforms and websites, which are not the responsibility of Limbix. 

Limbix is not responsible for and will not be a party to any transactions between you and a third party provider of products, information or services. Limbix does not monitor such transactions or ensure the confidentiality of your Personal Data, including credit card information, for any third party transaction. Any separate charges or obligations you incur in your dealings with these third parties linked to Limbix’s App, Site or Service are solely your responsibility. 

8. Children Under 13 years of Age.
Our Service is intended for individuals who are 13 years old or older. If you believe someone who is under age 13 has used the Service and entered personal information, please contact us using one of the options provided below.
 
9. Your California Privacy Rights; California Do Not Track Disclosures.
If you are a California resident, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your Personal Information by Limbix or its subsidiaries to a third party for the third party’s direct marketing purposes. Because we do not make such disclosures, we are exempt from these reporting requirements. 
Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities, over time and across different websites. We do not honor “Do Not Track” signals. 

10. Accessing Your Information; How Users Can Access Their Personal Information and How Users May Request Changes to their Personal Data. 
Your Clinician may access, review, change or update your Personal Data through the Site. If you want to make changes to your Personal Data you should contact info@limbix.com. You may reset your password through this App by following the password reset instructions.
 
11. Contact Us About Complaints, Questions, or Notices Relating to this Privacy Policy.  
Under HIPAA, you have certain rights with respect to protected health information, including:
request restrictions on certain uses and disclosures of protected health information; however, Limbix is not required to agree with the requested restriction and due to technical and administrative limitations, Limbix reserves the right to terminate Services;
receive confidential communications of protected health information;
inspect and copy protected health information;
amend protected health information;
receive an accounting of disclosures of protected health information;
obtain a paper copy of the notice upon request.

It is always your choice whether or not to provide us with such information. You may withdraw your consent to further use of your Personal Data by emailing a request to us at the address below. We will respond to your request in accordance with the law that applies to you. Your Personal Data which we processed prior to your request may not be deleted from our Site or Service system records but will be blocked from further processing without your permission. A request to withdraw consent may not apply to information collected by tracking technologies or used internally to recognize you and/or facilitate your visits to the App, or information we may keep to comply with legal requirements. Any such requests that relate to Protected Health Information or similarly protected health information will be addressed consistent with the requirements of HIPAA Privacy Rules or other applicable laws. 
    
Limbix commits to resolving complaints about your privacy and our collection or use of your Personal Data. If you believe your privacy rights have been violated or you disagree with any action Limbix has taken with regard to your Personal Data, you may file a complaint with Limbix by emailing us at info@limbix.com. If you feel Limbix has violated your health information privacy rights, you may also file a complaint under HIPAA with the U.S. Department of Health and Human Services, Office of Civil Rights (OCR). Limbix will not take any action against you for making a complaint. 

If you would like more information about your privacy rights or this Privacy Policy, or if you have related questions or suggestions, please email us at info@limbix.com. You may also contact us at: Limbix Health, Inc. Attn: Security Official 548 Market St. PMB 91609San Francisco, CA 94104 USA

12. How We Will Inform Users Changes to this Privacy Policy.
Limbix is required to abide by the terms of this Privacy Policy currently in effect. However, this Privacy Policy may change from time to time. If we make changes to this privacy policy, we will notify you at the email address we have on file. Please also check back periodically to check the most recent modification date to ensure that you are aware of any changes in our processing of your Personal Data. Your continued use of this App or Service after any changes signifies your express, explicit, voluntary, and unambiguous consent to any such changes. If you do not agree to such changes, you must notify us that you are withdrawing your consent and immediately stop using this App and Service.