Privacy Policy

Last updated: November 16, 2019

Gali Health, Inc. (“us”, “we”, or “our”) operates the galihealth.com website (the “Site”) and the Gali App (together with our Site, our “Online Platforms”) that allows (i) access to and download of certain information we provide through the Online Platforms and (ii) the ability of users of our Online Platforms use the services provided therein and or to contact us electronically (collectively, the “Services”). This document sets out of privacy and security policy (the “Policy”) and, among other things, informs you of our policies regarding the collection, use and disclosure of Personal Information (as defined below) when you access any of our Online Platforms (whether directly or indirectly) or in any manner use our Services.

By visiting any of our Online Platforms, by using our Services, or by in any manner communicating with us via any of our Online Platforms or our Services, you accept our practices described in this Policy, and you consent to our collection, use and disclosure of your information, including personally identifiable information, as described in this Policy.  If you do not wish to agree to the practices and uses described in this Policy, please do not access any of our Online Platforms or use our Services.

Overview of this Policy

The following information in this Policy is designed to help you better understand what information we gather from you and through your access of the Online Platforms or use of our Services, how we use and disclose this information, who we might share this information with, and to describe generally what security steps we take. By accessing any of our Online Platforms, downloading any information made available via any of our Online Platforms (e.g., guidelines, reports, etc.), and/or by using our Services in any manner, you are accepting the practices described in this Policy and expressly consent to our collection, use and disclosure of all information transmitted or otherwise received by us (including all Personal Information) in the manner described in this Policy.

Except as expressly stated herein, this Policy does not apply to any third party applications or technologies that integrate with our Services (e.g., social media websites, etc.), or any other third party products, services, or businesses, or to third party websites that you access via links or otherwise while using the Online Platforms or our Services (“Third Party Services”).  This Policy does not apply to data collected by, or provided by you to, Third Party Services, and instead such data is subject to the practices of the provider(s) of the applicable Third Party Services.  You should review the privacy policies of such Third Party Services (and any other applicable terms and conditions) to determine how your data will be used before sharing any of your data with them.

This Policy is incorporated into and subject to the terms of our Terms of Use posted on our Site (collectively, the “Terms of Use”).

Information We Collect

While using our Services, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. You may also elect to send us information at your discretion about yourself or others.

Personally identifiable information means any refers to any information about an identifiable individual and any information that is linked to an identifiable individual and may include, but is not limited to, your email address, name, phone number, postal address, IP address, employer, job title, personal health records, personal information transmitted from your wearable devices, and any other information that can in any manner identify you individually (“Personal Information”).  For example, before being able to access health reports, you will be required to provide information regarding your health history, and electronically provide your name, email address and phone number.  

Your information, including your Personal Information, and any other information you input via use of our Services may be collected by us through your direct interactions with our Online Platforms, use of our Services via text messaging, email or written correspondence, telephone calls, synching any wearable devices, sharing any data from your phone, messaging through our Services or web based forms or from third party providers.

 
We may also collect other information from you related to your use of the Online Platforms or our Services and your interactions with our Online Platforms or our Services (while this information may not typically contain Personal Information, we are not responsible for the content of such information).  This information includes any such information that you affirmatively provide to us, and may include the following:

Log Data.

Like most websites and web-based technology services, our servers may automatically collect data when you access or use our Services and record it in log files.  Such may include your Internet Protocol (IP) address, Internet service provider (ISP), geographic location, browser type and settings, information about browser plugins, language preference, default email application, referring/exit websites, operating system, date and time stamp, cookie data, and certain user activities. We use this information to keep track of how visitors use our Online Platforms to improve and market our Services.

Technical Data.

We may collect technical data, such as information about devices accessing our Services, including the type of device, device settings, operating system, application software, peripherals, and unique device identifiers, phone number, country, location, and any other data you choose to provide. We do not intentionally relate this to any individual user of our Services. We use this technical data to improve services provided to our users and ensure we provide adequate support on different devices and operating systems.

Cookies.

Cookies are files with a small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web Online Platforms and transferred to your device. We use cookies to collect information in order to improve our services for you. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. The Help feature on most browsers provide information on how to accept cookies, disable cookies or to notify you when receiving a new cookie. If you do not accept cookies, you may not be able to use some features of our Services and we recommend that you leave them turned on.

Please be aware that our Online Platforms and our Services do not support Do Not Track (“DNT”). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.

Use of Data We Collect

The information we collect is used, generally, to provide our Services, identify and communicate with you (including sending you marketing messages), respond to your requests/inquiries, improve our services, and ensure compliance with applicable laws, inclusive of all intellectual property laws.  We also use Personal Information, to the extent necessary, to enforce the Terms of Use, monitor adherence to the Terms of Use, to attempt to prevent and/or detect fraud, to allow third parties to carry out technical, logistical or other functions on our behalf as long as those third parties have agreed to use the level of privacy protections commensurate with industry norms, and to help prevent and investigate security issues and abuse.  Moreover, much of our Services are designed to allow users to share information amongst each other.  That information, by definition, is made public through our Online Platforms.  When you submit data to us, examples of our use of your information include the following:

Communications.

We may use your Personal Information to contact you with marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send.

Compliance With Laws.

We will disclose your Personal Information where required to do so by law or subpoena or if we believe that such action is necessary to comply with the law and the reasonable requests of law enforcement or to protect the security or integrity of our Services.

Analytics.

In connection with our use of cookies described above, we may also partner with third party providers, as described below, to allow tracking technologies and remarketing services related to our Services through the use of first party cookies and third-party cookies, to, among other things, analyze and track users’ use of our Services, and to better understand online activity.  By accessing our Services, you consent to the collection and use of your information by these third-party vendors.  You are encouraged to review such vendors’ privacy policies and contact them directly for responses to your questions.  While we do not transfer Personal Information to these third-party vendors, if you do not want any information to be collected and used by tracking technologies, you can install and/or update your settings control such use.

Security Purposes.

Using information collected to help prevent and investigate security issues and abuse and to ensure compliance with this Policy and the Terms of Use.

Improving our Services.

We may use your information to test features, manage landing pages, heat mapping, traffic optimization, data analysis and research, including profiling and the use of machine learning and other techniques over your data and in some cases using third party providers to do this.

Providing our Services.

As mentioned above, much of our Service is specific to providing a communication platform between members.  When members share information with each other or otherwise publicly display/post information through our Online Platforms, that information, by definition, is available to anybody accessing our Services and is part of the Services we provide.

Use of Third Parties and Third Party Services

We may employ third-party companies and individuals to facilitate our Services and manage our Online Platforms and to provide our Services on our behalf. These third parties have access to certain Personal Information only as reasonably required to perform specific tasks on our behalf and are obligated not to disclose or use your information for any other purpose.  Moreover, we may use third-party services, such as, any by way of example only, Loggly, Twilio, Mailchimp, Amazon Web Services, or Mixpanel, that collect, monitor and analyze this type of information in order to attempt to increase our Services’ functionality, monitor the effectiveness of our Services, improve our Services, and/or aid us in communicating with our users effectively.  These third-parties may use cookies, pixels and similar technologies to help us analyze how our users are using our Services and they have their own terms of service and privacy policies addressing how they use such information.  By using our Services, you consent to our use of third-party companies (whether or not such companies are enumerated herein) and agree to each of their terms of service and privacy policies addressing how they use information they may access related to our Services.

For your convenience, below please find links where you can find such information related to Loggly, Twilio, Mailchimp, Amazon Web Services and Mixpanel:

–   Loggly is provided by SolarWinds Worldwide, LLC.  For more information on what type of information Loggly collects, please visit the Terms of Use page of Loggly: https://www.solarwinds.com/legal/terms

–   Twilio is provided by Twilio Inc.  For more information on what type of information Twilio collects, please visit the Terms of Service page of Twilio: https://www.twilio.com/legal/tos

–   Mailchimp is provided by The Rocket Science Group, LLC.  For more information on what type of information Mailchimp collects and how they use it, please visit the Standard Terms of Use page of Mailchimp: https://mailchimp.com/legal/terms/

–   For more information on what type of information Amazon Web Services collects and how they use such information, please visit their privacy policy at the following page: https://aws.amazon.com/privacy/, and their service terms at the following page: https://aws.amazon.com/service-terms/

–   Mixpanel is provided by Mixpanel Inc.  You can prevent Mixpanel from using your information for analytics purposes by opting-out. To opt-out of Mixpanel service, please visit this page: https://mixpanel.com/optout/  For more information on what type of information Mixpanel collects, please visit the Terms of Use page of Mixpanel: https://mixpanel.com/terms/

–   Gali Health mobile application accesses YouTube API Services. By using the Gali Health iOS app you are agreeing to be bound by the Google Privacy Policy (http://www.google.com/policies/privacy) and YouTube Terms of Service (https://www.youtube.com/t/terms). YouTube API Services data related to users is neither stored by Gali Health nor shared with either internal or external parties.  

Security

The security of your Personal Information is important to us, and we strive to implement and maintain reasonable, commercially acceptable security procedures and practices appropriate to the nature of the information we store, in order to protect it from unauthorized access, destruction, use, modification, or disclosure. Substantially all information we receive from you or via your use of our Services are copied, stored and managed through computer servers owned or controlled by us.  While we attempt to employ security techniques commensurate with industry norms to protect your Personal Information and all other information we may host from unauthorized access by users inside and outside the organization, you should be aware that “perfect security” does not exist on the internet or any other method of electronic transmission or storage; third parties may unlawfully or improperly intercept or access transmissions, personal information, or private communications. As such, we cannot make any assurances or guarantee in any manner that a security breach will not occur that may expose your personally identifiable information to others.

For example, our servers are not located at our principal place of business but rather are managed and located at a third-party Infrastructure-as-a-Service provider (an “IAAS”).  We have taken commercially reasonable steps to choose a professional IAAS provider but we cannot guarantee the performance of the IAAS provider, its security measures, or the actions or inactions it takes in the future.  By using our Services, you understand and agree that we have no liability for the actions, behaviors or failings of our IAAS provider.

We endeavor to only require the collection of as much Personal Information as required to provide you access to our Services, ensure our ability to send you the communications described above, and meet our legal obligations.  In addition, we will use commercially reasonable efforts to attempt to store Personal Information in a secure location.  We do not represent that any Personal Information provided to us will be encrypted in any manner.

We are not a HIPAA covered entity and our Online Platforms and Services are not HIPAA compliant.

United States Use Only; International Transfer

Our Services are intended solely for use within the United States and Canada.  You agree not to access our Services or provide any Personal Information to us if you are outside the United States or Canada. If you are located outside the United States or Canada and still provide information to us, please note that we transfer the information, including Personal Information, to the United States and process it in the United States and/or Canada.  If we discover that you are located outside the United States, we will attempt to immediately delete all the information you have provided to us and you agree to hold us harmless for your violation of this section.   Your consent to this Policy followed by your submission of such information represents your agreement to abide by the restrictions contained herein.

Business Transaction

If we are involved in a merger, acquisition or asset sale, your Personal Information may be transferred as a business asset. In such cases, we will attempt in good faith to provide notice before your Personal Information is transferred and/or becomes subject to a different Policy.

Links To Other Websites

Our Services and our Online Platforms may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third-party’s Online Platforms. We strongly advise you to review the Policy of every Online Platforms you visit.  We have no control over, and assume no responsibility for the content, privacy policies or practices of any third-party websites or services.

Children’s Privacy

Only persons age 18 or older have permission to access our Services. Our Services are meant for working professionals only and, therefore, are not meant to be used or accessed in any manner by anyone under the age of 13 (“Children”).  We do not knowingly collect personally identifiable information from Children. If you are a parent or guardian and you learn that your Children have provided us with Personal Information, please contact us. If we become aware that we have collected Personal Information from children under age 13 without verification of parental consent, we take steps to remove that information from our servers.

Enforcement

We will actively monitor its relevant privacy and security practices to verify adherence to this Privacy Policy. Any agents, contractors, service providers, or other third parties subject to this Policy that we determine to be in violation of this Policy or applicable data protection laws will be subject to disciplinary action up to and including termination of applicable services. Please contact us immediately at privacy@galihealth.com if you believe there has been a material violation of this Privacy Policy.

Changes To This Policy

This Policy is effective as of the date listed at the top of this Policy and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on this page.

We reserve the right to update or change our Policy at any time and you should check this Policy periodically. Your continued use of our Services after we post any modifications to the Policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Policy.

If we make any material changes to this Policy, we will notify you either through the email address you have provided us, or by placing a prominent notice on our webOnline Platforms.

Opt Out Policy and Your California Privacy Rights

Users can prevent future disclosures for direct marketing purposes of his or her Personal Information, at no charge, by exercising his or her “opt out” rights by using the “opt out” procedures described below:

Send an email to: privacy@galihealth.com, or
Send mail to the following postal address:

Gali Health, Inc.
Attn: privacy@galihealth.com
77 Geary Street, Suite 670
San Francisco, CA, 94108
Telephone: 415-579-1670

Additionally, upon receipt of any electronic communication from us to you, to unsubscribe from future communications, you can click on the link that says words substantially to the effect of “If you do not wish to receive these emails in the future, You can click here to unsubscribe.”

Because we provide our California users with the ability to exercise his or her “opt out” rights as described above, pursuant to Section 1798.83(c)(2) of the California Civil Code, we are in compliance with the California “Shine the Light” law and are not obligated to provide California users with the names and addresses of all the third parties that received personal information from the Company for the third parties’ direct marketing purposes during the preceding calendar year.

Canadian Privacy Rights

Canadian residents have a right to request access or correction of Personal Information held by us. We will endeavor to process any requests for access or corrcection to Personal Information within a reasonable period of time. Where possible, we will provide you with access to that Personal Information either by providing you with copies of the information requested, allowing you to inspect the information requested, or providing you with a summary of the information held. If we need to deny your request for access we will let you know why and inform you how you may lodge a complaint regarding this decision.
 
We will otherwise try to ensure that all Personal Information we collect, use or disclose about you is accurate, complete, up-to-date and relevant to the service being provided.

Please forward your request for access or correction to our Privacy Officer in writing at the relevant address or email address below.

Contact Us

Please do not hesitate to contact us with any questions, complaints, or requests with respect to your Personal Information, this Privacy Policy, and/or our privacy practices.

You may contact us at:
Email:
privacy@galihealth.com

Mail:
Gali Health, Inc.
Attn: Gali Support
77 Geary Street, Suite 670
San Francisco, CA, 94108