Koda Health Privacy Policy

Last Updated: February 6, 2024

Koda Health, Inc. (“Koda Health,” “we,” “our” or “us”) respects your privacy and is committed to protecting it through our compliance with this privacy policy. This privacy policy explains our policies and procedures regarding the collection, use, disclosure, and security of certain information that we receive, with a focus on information that would be considered “protected health information,” including information by which you may be personally identified. It is our sincere hope that by explaining our practices for handling information, we will develop a trusting and long-lasting relationship with you.

Koda Health provides a SaaS-based platform for advance care planning (“ACP”) (as modified from time to time, the “Koda Health Platform”) for patients and others (“Patients” or “you”) to learn about their medical care preferences in connection with end-of-life care and to document these preferences (as modified from time to time, the “ACP Services”).

Please note that by accessing and/or using the ACP Services or the Koda Health Platform or visiting or using https://www.kodahealthcare.com or https://koda.health (the “Site”) and the various other related services, features, functions, software, applications and websites with the associated Site (together with the Koda Health Platform, the ACP Services and the Site, collectively, the “Koda Health Services”), you are accepting the practices described in this privacy policy. This privacy policy is incorporated by reference into the Terms of Service that govern your access and use of the ACP Services, the Koda Health Platform, the Site and the other Koda Health Services (the “Terms”).

This policy describes the types of information we may collect from you or that you may provide when you access or use the ACP Services, the Koda Health Platform, the Site, the other Koda Health Services or any of the other features, functions, services, and products, including our partners’ services and products, and our practices for collecting, using, maintaining, protecting and disclosing that information. This policy applies to information we collect or may collect:

In accessing and using the Site.
In registering and creating an account to access and use the ACP Services and the Koda Health Platform.
In accessing and using the ACP Services or the Koda Health Platform.
When you create an advance directive.
In e-mail, text and other electronic messages sent through or use of the Site and the other Koda Health Services.
When you send any content through the Site or any of the other Koda Health Services.
Through services provided to us or to you by third-party companies, agents or contractors, including our partners.
Information you provide during a phone call with our support team.

It does not apply to information collected by:

Us offline or through any other means, including on any other website operated by Koda Health or any third party; or
Any third party, including through any link that may be accessible from or on the Site or any of the other Koda Health Services.

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your only choice is not to access or use the ACP Services, the Koda Health Platform, the Site or any of the other Koda Health Services. By accessing or using the ACP Services, the Koda Health Platform or any of the other Koda Health Services, you agree to this privacy policy. This policy may change from time to time as described in the provision of this privacy policy entitled Changes to Our Privacy Policy.

Minors under the Age of 18

None of either the ACP Services, the Koda Health Platform or any of the other Koda Health Services are intended for minors under 18 years of age. No one under age 13 may provide any information on or through the Site or the other Koda Health Services. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on or through any of the Koda Health Services or any of its features or register on the Site, use any of the interactive or public comment features of any of the Koda Health Services or provide any information about yourself to us, including your name, address, telephone number, e-mail address or any screen name, username you may use or any pictures of you. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe that we might have any information from or about a child under 13, please contact us at care@kodahealthcare.com.

Information We Collect About You and How We Collect It

We collect or may collect several types of information from and about Patients that access and use the ACP Services, the Koda Health Platform or any of the other Koda Health Services, including:

Information by which you may be personally identified, including personal information such as name, a user name, birthdate, e-mail address, address, and phone number;
Medical information;
Analytics information;
Information that is about you but individually does not identify you, such as the date and time of visit;
Device, internet and mobile information such as the hardware model, operating system version, unique device identifiers, browser type, language, wireless network, and mobile network information;
Geo-location information;
When you report a problem or concern with the ACP Services, the Koda Health Platform, the Site or any of the other Koda Health Services;
Records and copies of your correspondence (including e-mail addresses), if you contact us; and/or
Details of transactions you carry out through the Site and any of the other Koda Health Services.

We collect this information:

Directly from you when you provide it to us.
Automatically as you navigate through or use the Site or any of the Koda Health Services.
From third parties, such as our customers, business partners and other third parties that provide us or you with certain services.

Certain situations may also involve you calling us or our calling you. Please be aware that we may monitor, and in some cases, record such calls for staff training or quality assurance purposes.

Data Minimization

We take every reasonable step to limit the volume of your personal information that we process to what is reasonably necessary.

We do not Engage in Automated Decision-making without Human Intervention

We do not use automated decision-making without human intervention, including profiling, in a way that produces legal effects concerning you or otherwise significantly affects you.

Consequences of not providing Personal information

If you do not provide certain personal information identified in this policy, we may not be able to provide you access or use of the ACP Services or the Koda Health Platform or the support that we otherwise could if you do provide this personal information.

Use of Cookies and Other Tracking Technologies.

We use cookies and similar tracking technologies to track the activity on our Service and we hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies are also used such as beacons, tags and scripts to collect and track information and to improve and analyze our Service.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use:

(a) Session Cookies: We use Session Cookies to operate our Service.

(b) Preference Cookies: We use Preference Cookies to remember your preferences and various settings.

(d) Advertising Cookies: Advertising Cookies are used to serve you with advertisements that may be relevant to you and your interests.

Do Not Track Policy

Your web browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities over time and across different websites. We do not honor any web browser “Do Not Track” signals or other mechanisms that provide you with the ability to exercise choice regarding the collection of personally identifiable information about your online activities over time and across third-party websites or online services. At present, no universally accepted standards exist on how companies should respond to do-not-track signals. In the event a final universally accepted standard is established, we will assess and provide an appropriate response to these signals.

Third-party Responsibilities and Services.

We may use or partner with other third-party companies, agents or contractors for various purposes in connection with our business and operations (“Service Providers”), including, your healthcare provider, the chat feature for the Site, the platform for our knowledge base, the marketing and growth of our business and the performance of services on our behalf, such as gathering and analyzing information and the provision of services to you. In the course of performing these responsibilities and providing such services, these other companies may have access to your information. We may also share information, including your information, with these Services Providers in order to enable them to perform these responsibilities and to provide these services. These Services Providers may have adopted their own privacy policies, which are not subject to control by Koda Health. You should always review the policies of these Service Providers to make sure that you are comfortable with the ways in which they collect, use, maintain, protect and disclose your information. We do not list our current Service Providers because they change from time to time. If you would like the names of any of Service Providers, please email us at care@kodahealthcare.com.

The Service Providers may also transmit cookies to your computer or device when you click on ads that appear on or through the Service.

As a convenience to you, we may or may in the future also provide links to other third-parties from within our Service. If you click on one of these links, you will be redirected to that third-party’s site (via affiliate cookies) and such third party may also transmit cookies to you. We do not have any control over that or how they collect, use, maintain, protect and disclose your information. Please be aware that cookies placed by third parties may continue to track your activities online even after you are no longer using any of the Koda Health Services, and those third parties may not honor “Do Not Track” requests you have set using your web browser.

Koda Health does not disclose any personally identifiable information to third-party organizations for marketing or affiliate marketing purposes. Additionally, we do not share opt-in consent with any third-party organizations.

Google Analytics

We may now or in the future use a tool called “Google Analytics” to collect information about use of the Site. Google Analytics collects information such as how often users visit the Site, what pages they visit when they do so, and what other sites they used prior to coming to the Site. We use the information we get from Google Analytics to improve the ACP Services, the Koda Health Platform, the Site, the other Koda Health Services and their related features, functionality and performance. Google Analytics collects only the IP address assigned to you on the date you visit this Site, rather than your name or other identifying information. We do not combine the information collected through the use of Google Analytics with personally identifiable information. Although Google Analytics plants a permanent cookie on your web browser to identify you as a unique user the next time you visit the Site, the cookie cannot be used by anyone but Google. Google’s ability to use and share information collected by Google Analytics about your visits to this Site is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. You can prevent Google Analytics from recognizing you on return visits to the Site by disabling cookies on your browser.

You can set preferences for how Google advertises to you using the Google Ad Preferences page, and if you want to, you can opt out of interest-based advertising entirely by cookie settings or permanently using a browser plugin.

DoubleClick: We may use Google Analytics and Google Adwords remarketing codes to log when users view specific pages or take specific actions on a website. This allows us to provide targeted advertising in the future. If you do not wish to receive this type of advertising from us in the future you can opt out using the DoubleClick opt-out page or the Network Advertising Initiative opt-out page.

Google has additional information available about its Remarketing Privacy Guidelines, Policies, and Restrictions on its website.

Mixpanel

We may now or in the future use a tool called “Mixpanel” to collect information about use of the Site. Mixpanel is provided by Mixpanel Inc. Mixpanel collects information such as how often users visit the Site, what pages they visit when they do so, and what other sites they used prior to coming to the Site. We use the information we get from Mixpanel to improve the ACP Services, the Koda Health Platform, the Site, the other Koda Health Services and their related features, functionality and performance.

You can prevent Mixpanel from using your information for analytics purposes by opting-out. To opt-out of Mixpanel service, please visit this page: https://mixpanel.com/optout/

For more information on what type of information Mixpanel collects, please visit the Terms of Use page of Mixpanel.

Fullstory

We use FullStory Services on our website. This section applies to Personal Information we may process in the usual course of business via the website through FullStory.

Usage Details about your interaction with our website (such as the pages visited, links clicked, non-sensitive text entered, mouse movements, referring URL;
Device Information including the IP address and other details of a device that you use to connect with our Services (such as operating system, browser type, mobile network information, and the device’s telephone number);
Location information we use publicly available sources to approximate your geographic region and Internet Service Provider based on your IP address;
Any other information you choose to include when you communicate with us via email, mail, or other channels;
Survey information in response to questions we may send you through the Services, including for feedback and research purposes

How We Use Your Information

We will only use information that we collect about you or that you provide to us, including any personal information for purposes described in this privacy policy and when applicable law allows us to do so. We will generally use your information on the following legal grounds:

Where the use of your information is necessary to provide the ACP Services, the Koda Health Platform or any of the other Koda Health Services;
Where the use is necessary for the purposes of our legitimate interests (or those of a third party);
Where we need to comply with a legal or regulatory obligation; or
Where you have given your consent (which can be withdrawn at any time).

We use information that we collect about you or that you provide to us, including any personal information:

To provide you the ACP Services and the Koda Health Platform.
To provide you the Site and the other Koda Health Services and the content that is on it.
To provide technical and other support to you.
To send you news or information about us or the ACP Services or the Koda Health Platform that may be of interest to you (if you have not opted-out).
To enable Service Providers to perform certain responsibilities and provide certain services in connection with the ACP Services, the Koda Health Platform and the other Koda Health Services and our business and operations.
To fulfill any other purpose for which you provide it.
To provide you with notices about the ACP Services and the Koda Health Platform.
To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
To notify you about changes to any of the ACP Services, the Koda Health Platform, the Site and the other Koda Health Services.
To enhance the safety and security of all of the Koda Health Services.
To verify your identity and prevent fraud or other unauthorized or illegal activity.
In any other way we may describe when you provide the information.
For any other purpose with your consent.

Some of the information that we collect automatically may be statistical data and does not include personal information, but we may maintain it or associate it with personal information we collect in other ways or receive from third parties or you provide to us. It helps us to improve the Site and the other Koda Health Services, and to deliver a better and more personalized service, including enabling us to:

Estimate our audience size and better understand usage patterns.
Recognize you when you return to the Site.

Storage and Transfer of Your Information

We may store any data or other information that we collect (personal or otherwise) ourselves or in databases and servers owned and maintained by us, our affiliates, agents or Service Providers. If you access or use the Site or any of the other Koda Health Services outside of the United States, information that we collect about you may be transferred to servers inside the United States and maintained indefinitely, which may involve the transfer of information out of countries located in the European Economic Area and other parts of the world unless otherwise prohibited by applicable law or agreed by Koda Health and you. By allowing Koda Health to collect information about you, you consent to such transfer and processing of such information without restriction. We may also store some information locally on your computer or other devices. For example, we may store information as local cache so that you can open the Site and view content faster.

Although users from all over the world may access the Site, keep in mind that no matter where you live or where you happen to use our services, you consent to us processing and transferring information in and to the United States whose data-protection and privacy laws may offer fewer protections than those in your home country.

Disclosure of Your Information

We will never sell your personal information.

We may disclose personal information that we collect or you provide as described in this privacy policy:

To our subsidiaries and affiliates.
To Service Providers, contractors and other third parties we use to support the ACP Services, the Koda Health Platform and the other Koda Health Services, and our business but only to the extent necessary for them to provide this support.
To certain designated family members to share your medical care preferences with your consent.
To certain designated healthcare providers to share your medical care preferences and documents.
To a potential or actual buyer, assignee or other successor (including its related advisors and agents) in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of Koda Health’ assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal information held by Koda Health about users of the Site and the other Koda Health services is among the assets that may be or are actually transferred.
To fulfill the purpose for which you provide it.
For any other purpose disclosed by us when you provide the information.
With your consent.

We may also disclose your data information:

To comply with any court order, law or legal process, including to respond to any government or regulatory request.
To enforce or apply the Terms and other agreements, including for billing and collection purposes.
If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Koda Health, our customers or others.

Notwithstanding any of the foregoing, we will comply with all applicable state and federal laws and regulations including the privacy and confidentiality of patient records including but not limited to (i) The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”); (ii) the Privacy and Security Standards (45 C.F.R. Parts 160 and 164) and the Standards for Electronic Transactions (45 C.F.R Parts 160 and 162) (collectively, the “Standards”) promulgated or as to be promulgated by the Secretary of Health and Human Services on and after the applicable effective dates specified in the Standards; and (iii) The Health Information Technology Economic and Clinical Health Act of 2009 (the “HITECH Act”). We will not disclose to any third party, except where required or permitted by law and the applicable business associate agreement, any of your medical records or other patient information, and in such case, disclosures will be made in accordance with applicable policies of the parties, the applicable business associate agreement and the Standards. All medical information and data concerning specific Patients including but not limited to the identification of the Patients, derived from the access and use of the ACP Services and the Koda Health Platform shall be treated and maintained in a confidential manner.

Anonymized or Aggregated Information.

We may share information that is anonymized or in an aggregated form that does not include any personal information about you and we may use and share any such information for any purpose without restriction so long as it does not violate the terms of this privacy policy or any applicable law. We may use, disclose or sell that anonymized or aggregated information without restriction so long as we do not disclose any of your personal information or violate the terms of this privacy policy or any applicable law.

Choices About How We Use and Disclose Your Personal information

We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your personal information:

Tracking Technologies and Advertising. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe’s website. If you disable or refuse cookies, please note that all or some parts of the Koda Health Services, may then be inaccessible or not function properly.
Promotional Offers from Koda Health. If you do not wish to have your e-mail address/contact information used by Koda Health to market or otherwise promote our own or third parties’ products or services, you can opt-out through the unsubscribe mechanism at the bottom of the applicable email. This opt out does not apply to information provided to Koda Health as a result of a service or product purchase, warranty registration, product service experience or other transactions.

We do not control third parties’ collection or use of your information to serve interest-based advertising. You may be able to opt out of receiving personalized advertisements from companies who are members of the Network Advertising Initiative or who subscribe to the Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioral Advertising. For more information about this practice and to understand your options, please visit: http://www.aboutads.info and http://www.networkadvertising.org/choices/. You may also use TRUSTe’s Preference Manager at http://preferences-mgr.truste.com.

Accessing and Correcting Your Personal information

You may change, correct or delete any personal information that you have provided to us through your account (if you have one) or by emailing us at care@kodahealthcare.com.

Your California Privacy Rights

California Civil Code Section § 1798.83 permits users of the Site that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an e-mail to care@kodahealthcare.com or write to us at: Koda Health, Inc., PO Box 66218, Houston, TX 77266.

How Long We Store Your Personal information

We will only retain your personal information, in a form which permits us to identify you, for as long as necessary to fulfill the purposes we collected it for. We will retain and use your personal information as necessary to satisfy any legal, accounting or reporting requirements, to resolve disputes or to enforce our agreements and rights. Subject to the foreging, we will delete your personal information upon your request. To dispose of personal information, we may anonymize it, delete it or take other appropriate steps. Data may persist in copies made for backup and business continuity purposes for additional time.

Information Security

We understand that the security of your personal information is important. We provide reasonable administrative, technical, and physical security controls to protect your personal information. However, despite our efforts, no security controls are 100% effective. Koda Health cannot ensure or warrant the security of your personal information. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Site or the other Koda Health Services.

The safety and security of your data also depends on you. Where you have chosen (or we have given you) a password for access to and use of your account, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Changes to Our Privacy Policy

If we make material changes to how we treat our users’ personal information that are materially less protective than provided in this policy, we will use reasonable efforts to notify you by e-mail to the e-mail address specified in your account and/or through a notice on the home pages of the Site and to attempt to get your consent to the changes. The date the privacy policy was last updated is identified above. You are responsible for ensuring that we have an up-to-date active and deliverable e-mail address for you, and for periodically visiting the Site and this privacy policy to check for any changes. Like our Terms, of which this privacy policy is a part, your continued your use, and/or continued use after our efforts to contact you, of the ACP Services, the Koda Health Platform, the Site or any of the other Koda Health Services, means that you agree to be bound by such changes.

Survival

The policies indicated in this privacy policy will remain effective, even if the Terms and the other agreements between us are terminated and you are no longer using the Site or any of the other Koda Health Services.

Contact Information

To ask questions or comment about this privacy policy and our privacy practices or need to reach us for any other reason, you may contact us by e-mail at care@kodahealthcare.com or by mail at Koda Health, Inc., PO Box 66218, Houston, TX 77266.