Gali Health, Inc. (“us”, “we”, or “our”) operates the galihealth.com website (the “Site”) and the Gali App (together with our Site, our “Online Platforms”) that allows (i) access to and download of certain information we provide through the Online Platforms and (ii) the ability of users of our Online Platforms use the services provided therein and or to contact us electronically (collectively, the “Services”). This document sets out of privacy and security policy (the “Policy”) and, among other things, informs you of our policies regarding the collection, use and disclosure of Personal Information (as defined below) when you access any of our Online Platforms (whether directly or indirectly) or in any manner use our Services.
By visiting any of our Online Platforms, by using our Services, or by in any manner communicating with us via any of our Online Platforms or our Services, you accept our practices described in this Policy, and you consent to our collection, use and disclosure of your information, including personally identifiable information, as described in this Policy. If you do not wish to agree to the practices and uses described in this Policy, please do not access any of our Online Platforms or use our Services.
Overview of this Policy
The following information in this Policy is designed to help you better understand what information we gather from you and through your access of the Online Platforms or use of our Services, how we use and disclose this information, who we might share this information with, and to describe generally what security steps we take. By accessing any of our Online Platforms, downloading any information made available via any of our Online Platforms (e.g., guidelines, reports, etc.), and/or by using our Services in any manner, you are accepting the practices described in this Policy and expressly consent to our collection, use and disclosure of all information transmitted or otherwise received by us (including all Personal Information) in the manner described in this Policy.
Except as expressly stated herein, this Policy does not apply to any third party applications or technologies that integrate with our Services (e.g., social media websites, etc.), or any other third party products, services, or businesses, or to third party websites that you access via links or otherwise while using the Online Platforms or our Services (“Third Party Services”). This Policy does not apply to data collected from, or provided by you to, Third Party Services, and instead such data is subject to the practices of the provider(s) of the applicable Third Party Services. You should review the privacy policies of such Third Party Services (and any other applicable terms and conditions) to determine how your data will be used before sharing any of your data with them.
Information We Collect
While using our Services, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. You may also elect to send us information at your discretion about yourself or others.
Personally identifiable information may include, but is not limited to, your email address, name, phone number, postal address, IP address, employer, job title, personal health records, personal information transmitted from your wearable devices, and any other information that can in any manner identify you individually (“Personal Information”). For example, before being able to access health reports, you will be required to provide information regarding your health history, and electronically provide your name, email address and phone number.
Your information, including your Personal Information, and any other information you input via use of our Services may be collected by us through your direct interactions with our Online Platforms, use of our Services via text messaging, email or written correspondence, telephone calls, synching any wearable devices, sharing any data from your phone, messaging through our Services or web based forms or from third party providers.
We may also collect other information from you related to your use of the Online Platforms or our Services and your interactions with our Online Platforms or our Services (while this information may not typically contain Personal Information, we are not responsible for the content of such information). This information includes any such information that you affirmatively provide to us, and may include the following:
Like most websites and web-based technology services, our servers may automatically collect data when you access or use our Services and record it in log files. Such may include your Internet Protocol (IP) address, Internet service provider (ISP), geographic location, browser type and settings, information about browser plugins, language preference, default email application, referring/exit websites, operating system, date and time stamp, cookie data, and certain user activities.
We may collect technical data, such as information about devices accessing our Services, including the type of device, device settings, operating system, application software, peripherals, and unique device identifiers, phone number, country, location, and any other data you choose to provide. We do not intentionally relate this to any individual user of our Services.
Please be aware that our Online Platforms and our Services do not support Do Not Track (“DNT”). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.
Use of Data We Collect
We may use your Personal Information to contact you with marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send.
Compliance With Laws.
We will disclose your Personal Information where required to do so by law or subpoena or if we believe that such action is necessary to comply with the law and the reasonable requests of law enforcement or to protect the security or integrity of our Services.
Improving our Services.
We may use your information to test features, manage landing pages, heat mapping, traffic optimization, data analysis and research, including profiling and the use of machine learning and other techniques over your data and in some cases using third party providers to do this.
Providing our Services.
As mentioned above, much of our Service is specific to providing a communication platform between members. When members share information with each other or otherwise publicly display/post information through our Online Platforms, that information, by definition, is available to anybody accessing our Services and is part of the Services we provide.
Use of Third Parties and Third Party Services
For your convenience, below please find links where you can find such information related to Loggly, Twilio, Mailchimp, Amazon Web Services and Mixpanel:
– Twilio is provided by Twilio Inc. For more information on what type of information Twilio collects, please visit the Terms of Service page of Twilio: https://www.twilio.com/legal/tos
The security of your Personal Information is important to us, and we strive to implement and maintain reasonable, commercially acceptable security procedures and practices appropriate to the nature of the information we store, in order to protect it from unauthorized access, destruction, use, modification, or disclosure. Substantially all information we receive from you or via your use of our Services are copied, stored and managed through computer servers owned or controlled by us. While we attempt to employ security techniques commensurate with industry norms to protect your Personal Information and all other information we may host from unauthorized access by users inside and outside the organization, you should be aware that “perfect security” does not exist on the internet or any other method of electronic transmission or storage; third parties may unlawfully or improperly intercept or access transmissions, personal information, or private communications. As such, we cannot make any assurances or guarantee in any manner that a security breach will not occur that may expose your personally identifiable information to others.
For example, our servers are not located at our principal place of business but rather are managed and located at a third-party Infrastructure-as-a-Service provider (an “IAAS”). We have taken commercially reasonable steps to choose a professional IAAS provider but we cannot guarantee the performance of the IAAS provider, its security measures, or the actions or inactions it takes in the future. By using our Services, you understand and agree that we have no liability for the actions, behaviors or failings of our IAAS provider.
We endeavor to only require the collection of as much Personal Information as required to provide you access to our Services, ensure our ability to send you the communications described above, and meet our legal obligations. In addition, we will use commercially reasonable efforts to attempt to store Personal Information in a secure location. We do not represent that any Personal Information provided to us will be encrypted in any manner.
We are not a HIPAA covered entity and our Online Platforms and Services are not HIPAA compliant.
United States Use Only; International Transfer
Our Services are intended solely for use within the United States. You agree not to access our Services or provide any Personal Information to us if you are outside the United States. If you are located outside the United States and still provide information to us, please note that we transfer the information, including Personal Information, to the United States and process it in the United States. If we discover that you are located outside the United States, we will attempt to immediately delete all the information you have provided to us and you agree to hold us harmless for your violation of this section. Your consent to this Policy followed by your submission of such information represents your agreement to abide by the restrictions contained herein.
If we are involved in a merger, acquisition or asset sale, your Personal Information may be transferred as a business asset. In such cases, we will attempt in good faith to provide notice before your Personal Information is transferred and/or becomes subject to a different Policy.
Links To Other Websites
Our Services and our Online Platforms may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third-party’s Online Platforms. We strongly advise you to review the Policy of every Online Platforms you visit. We have no control over, and assume no responsibility for the content, privacy policies or practices of any third-party websites or services.
Only persons age 18 or older have permission to access our Services. Our Services are meant for working professionals only and, therefore, are not meant to be used or accessed in any manner by anyone under the age of 13 (“Children”). We do not knowingly collect personally identifiable information from Children. If you are a parent or guardian and you learn that your Children have provided us with Personal Information, please contact us. If we become aware that we have collected Personal Information from children under age 13 without verification of parental consent, we take steps to remove that information from our servers.
Changes To This Policy
This Policy is effective as of the date listed at the top of this Policy and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on this page.
We reserve the right to update or change our Policy at any time and you should check this Policy periodically. Your continued use of our Services after we post any modifications to the Policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Policy.
If we make any material changes to this Policy, we will notify you either through the email address you have provided us, or by placing a prominent notice on our webOnline Platforms.
Opt Out Policy and Your California Privacy Rights
Users can prevent future disclosures for direct marketing purposes of his or her Personal Information, at no charge, by exercising his or her “opt out” rights by using the “opt out” procedures described below:
Send an email to: firstname.lastname@example.org, or
Send mail to the following postal address:
Gali Health, Inc.
77 Geary Street, Suite 670
San Francisco, CA, 94108
Additionally, upon receipt of any electronic communication from us to you, to unsubscribe from future communications, you can click on the link that says words substantially to the effect of “If you do not wish to receive these emails in the future, You can click here to unsubscribe.”
Because we provide our California users with the ability to exercise his or her “opt out” rights as described above, pursuant to Section 1798.83(c)(2) of the California Civil Code, we are in compliance with the California “Shine the Light” law and are not obligated to provide California users with the names and addresses of all the third parties that received personal information from the Company for the third parties’ direct marketing purposes during the preceding calendar year.
You may contact us at:
Gali Health, Inc.
Attn: Gali Support
77 Geary Street, Suite 670
San Francisco, CA, 94108