Protecting your privacy on our platform
What this policy covers
We may also provide different or additional privacy notices in connection with certain activities, programs, and offerings, including additional “just-in-time” notices that may supplement or clarify our privacy practices or provide you with additional choices regarding your personal information.
Personal information does not include publicly available information from government records, de-identified or aggregated consumer information, or information excluded from applicable laws, such as health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). If you are a patient using our Platform, the information you provide to us through the Platform may be considered protected health information (PHI) and will be protected by Kareo as required by federal and state laws. Our processing of PHI on behalf of our healthcare provider customers is governed by our agreements with our customers, including our Business Associate Agreement as required by HIPAA. If you are a patient, your healthcare provider may also have its own privacy practices and policies that govern how your provider collects, uses, and shares your information.
This Policy does not cover the privacy practices of third parties. Our Site may include links to websites and/or applications operated and maintained by third parties. We have no control over the privacy practices of websites or applications that we do not own and cannot guarantee that such third parties will adhere to the same privacy practices as us. We strongly encourage you to review the privacy policies of those third parties.
Information We Collect
The types of personal information we obtain about you depends on how you interact with us and our services. When we use the term “personal information,” it means information that identifies, relates to, describes, or can be associated with you. We may collect the following categories and specific types of personal information when you use our Platform:
When you create an account on our Platform, we collect basic identifying information from you, including your full name, business address, email address, phone number, account name, signature, or other similar identifiers. You may also provide personal information about other individuals, such as their name, email address and phone number. For example, if you choose to use our referral service to tell a colleague about our Site, we will ask for your colleague’s name and email address to send a one-time email inviting your colleague to visit the Site. It is your responsibility to get permission from anyone whose personal information you provide to us. We will only use that personal information for the purpose of completing your request.
Depending on how you interact with us and what products or services you use on the Platform, we may collect information related to government-issued identifiers, including your driver’s license number, or other similar government identifier for identification verification purposes. If you are a provider using our Platform, we will also collect your NPI or other credentials.
When you create an account, we will ask you to enter your credit card or ACH information.
When you sign up for our services or request product information, we collect information related to the products or services you purchased or requested information about.
When you create an account on our Platform, we collect information related to your business, including your specialty, title, business address, and contact information.
When you sign up for the Platform, we may collect information related to your gender, race, and ethnicity, some of which may include characteristics of protected classifications under state or federal law.
When you communicate with us, we collect information you provide to us, including emails, survey responses, comments, product reviews, testimonials, and other content.
Internet or Other Network Activity
Kareo may automatically receive and record information on our server logs from your browser, including your internet protocol (IP) address, your browsing or search history, and information related to your interactions with our Platform, emails, or advertisements.
Device Information and Other Unique Identifiers
We collect data about your device and how you and your device interact with our Platform, which may include your IP address, device identifiers, cookies, beacons, pixel tags, browser type, regional and language settings.
Usage and Performance Data
We collect data related to the use of our Platform. This may include your interactions with our Platform, error reports, and other data about the performance of our Platform. This data helps us to diagnose problems with our Site and to improve various features and solutions for your future use.
We may collect information, such as your IP address, that permits us to determine your general location (e.g., your city or state).
We may record your voice or likeness, such as when you attend a live, online product demonstration or training session, or when we record customer service calls for quality assurance.
We may also draw inferences from any of the information identified above.
How We Collect Information
Directly from You
We collect personal information you provide to us, such as when you create an account, contact us, respond to a survey, or sign up to receive emails, text messages, and/or postal mailings.
Using Cookies and Other Tracking Technologies
When you use certain portions of our Platform, open or click on emails we send you, or interact with our advertisements, we or third parties we work with automatically collect certain information using technologies such as cookies, web beacons, clear GIF, pixels, internet tags, web server logs, and other data collection tools. For more information, please see the Cookies and Other Tracking Technologies section below.
From Third Parties and Referral Partners
We obtain information from third parties that we have partnered with and other third parties we choose to collaborate or work with. For example, if you are referred to us by one of our billing company partners with whom you have a business relationship, we receive Basic Identifiers and Commercial Information from the billing company partner to contact you about the Platform.
From Social Media Platforms
If you interact with us on social media or use features, such as plugins, widgets, single sign-on, or other tools made available by social media platforms or networks (including Facebook, Twitter, Google, and LinkedIn) in connection with our Platform, we collect information that you, or the social media platform, share with us. For more information about the privacy practices of those social media platforms, please review the privacy policies and settings of the social media platforms and networks that you use.
From Other Sources
We may also obtain information about you from other sources, such as data analytics providers, marketing or advertising service providers, fraud prevention service providers, vendors that provide services on our behalf, or publicly available sources. We also create information based on our analysis of the information we have collected from you.
Cookies and Other Tracking Technologies
Kareo uses software technology called clear gifs or Web beacons to help us better manage content on our Platform by informing us what content is effective. These technologies are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of Web users. In contrast to cookies, which are stored on a user’s computer hard drive, clear gifs are embedded invisibly on Web pages and are about the size of the period at the end of this sentence. In some cases, we tie information gathered by clear gifs to our customers’ personal information; an example would be tracking emails that have been opened by recipients which allows us to measure the effectiveness of our communications and marketing campaigns.
Third Party Tracking
We use Local Storage, such as HTML5, to store content information and preferences. Third parties with whom we partner to provide certain features on our website or to display advertising based upon your Web browsing activity also use HTML5 to collect and store information. Various browsers may offer their own management tools for removing HTML5.
How We Use Your Information
We use the information we collect for the following purposes:
- Providing Services. For example, if you request a product demo and sign up for our services, we use the information you provided in your demo request to service and maintain your account, provide customer support, and communicate with you about our services.
- Business Operations. For our operational purposes and the operational purposes of our service providers and integration partners. This may include short-term, transient use, such as customizing content that we or our service providers display on the Site.
- Core Functionality and Improvement. We may use information we collect to provide core functionality on and to improve our Site, including for Site analytics.
- Security, Safety, and Dispute Resolution. We use collected information to protect the security and safety of our Site, including to detect bugs, report errors, and to detect, protect against, and prosecute security incidents and fraudulent or illegal activity.
- Communicating With You. We use your personal information to communicate with you and provide customer service and support. For example, we will send service-related announcements on rare occasions when it is necessary to do so, including if our Platform will be temporarily suspended for maintenance. We may also share updates about our products and services or provide relevant offers from third-party partners.
- Marketing and Promotional Purposes. We use personal information for marketing and promotional purposes, such as to send marketing, advertising, and promotional communications by email, text message or postal mail (such as promotions, new product launches, and referrals); and to show you advertisements for products and/or services tailored to your interests on social media and other websites.
- Referrals. If you choose to use our referral service to tell a colleague about our Site, we will ask for your colleague’s name and business email address. We ask that you only provide this information after first obtaining your colleague’s consent. We will automatically send your colleague a one-time email inviting him or her to visit the Site. Kareo stores this information for the sole purpose of sending this one-time email. Your colleague may contact us at firstname.lastname@example.org to request that we remove this information from our database.
- Analytics and Personalization. We use personal information to conduct research and analytics, including to improve our Platform, Services and product offerings; to understand how you interact with our Platform, advertisements, and communications with you to determine which of our products or services are the most popular, and to improve our Platform and marketing campaigns; to personalize your experience, to save you time when you use our Platform or visit our Site, and to customize the marketing and advertising that we show you; to understand how you use our Platform; to provide services, to better understand our customers’ needs, and to provide personalized recommendations about our products and services.
- Employment Decisions. We use Job Applicant Information to make decisions about recruitment and in anticipation of a contract of employment. Providing this information is required for employment.
- Legal Obligations. We may provide access to your information, including personally identifiable information, when legally required to do so, including to comply with a court order, to cooperate with police investigations, or in connection with other legal proceedings.
- Disclosed and Other Purposes. We may also use information for other purposes disclosed to you at the time we collect such information. For example, we obtain specific consent from customers prior to posting customer testimonials, comments and reviews on our Site which may contain personal information.
How We Share Your Information
- Corporate Affiliates. We may share personal information with our corporate affiliates, including our parent company, sister companies and subsidiaries. Such corporate affiliates process personal information on our behalf as our service provider, where necessary to provide a product or service that you have requested, or in other circumstances with your consent or as permitted or required by law.
- Legal Disclosures. Kareo may be required to disclose personally identifiable information or PHI under special circumstances, such as to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Service and related policies, or as otherwise required by law.
- Service Providers. We use service providers to perform services to support our core business functions and internal operations, including providing customer service to you via chatbot; sending postal mail, e-mails, and text messages; analyzing data; investigating fraudulent activity; conducting customer surveys. We may share personal information with such service providers as necessary for the third party to provide that service.
- Business Partners. With your consent, we do share your name and email with certain partners we may work with. If you would not like your information shared with these partners, notify us via email@example.com.
- Public Forums. Some portions of our Platform provide the opportunity to post content in a public forum. If you decide to submit information in these public forums, that information will be publicly available.
In the last twelve months, we may have collected the following categories of personal information from or about you and may have disclosed or shared that information with certain categories of third parties for the purposes outlined below.
|Categories of personal information collected||Purposes for the collection or disclosure or personal information||Third parties with whom personal information may have been disclosed|
|Internet or Other Network Activity; Device Information and Other Unique Identifiers; Geolocation Data||
|Usage and Performance Data||
Additionally, if you are a healthcare provider or employee at a medical practice or billing company, we may have collected the following categories of personal information from or about you in the last twelve months and may have sold that information to certain categories of third parties for the purposes outlined below.
|Categories of personal information collected||Purposes for the collection and sharing or sale of personal information||Third parties with whom personal information may have been shared or sold|
|Internet or Other Network Activity||
|Device Information and Other Unique Identifiers||
Where We Store and Process Your Personal Information
Kareo, Inc. is based in the United States and uses service providers and have corporate affiliates that may be located outside of the United States.
If you submit personal information to us, your personal information may be processed in a foreign country, where privacy laws may be less stringent than the laws in the United States. By submitting your personal information to us, you agree to the transfer, storage, and processing of your personal information in a country other than your country of residence.
How We Protect Your Information
The security of your personal information is important to us. Personal information is maintained on our servers and those of our service providers, and may be accessible by authorized employees, representatives, and agents as necessary for the purposes described in this Policy.
While we follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we use reasonable and appropriate physical, electronic, and organizational safeguards to protect your personal information in our possession, we cannot guarantee its absolute security in all circumstances.
Depending on your country or state of residence, you may be able to exercise the rights described below.
Accessing, Updating, Correcting, and Deleting Your Information
You may have the right to request access to and receive details about or a copy of the personal information we maintain or have processed about you, to update and correct inaccurate information, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law. This section describes how to exercise those rights and our process for handling those requests, including our means of verifying your identity. If you would like further information regarding your legal rights under applicable law or would like to exercise any of them, please contact us here. While our contact form is the best way to reach us, you may also email us at firstname.lastname@example.org or call us at 844-422-7336.
- Access to Your Personal Information and Data Portability. You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive your request and confirm your identity, we will disclose to you:
- The categories of personal information we collected about you and the sources from which we collected it.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
- The specific pieces of personal information we collected about you (also called a data portability request).
- Updates and Corrections to Your Personal Information. You can update your account by logging into your account, contacting our support team, or calling us at 1-844-422-7336. To update your personal information related to your employment at Kareo, please email us at email@example.com.
- Deletion of Your Personal Information. You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive your request and confirm your identity, we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Limiting the Use of Sensitive Personal Information
California residents have the right to limit the use of sensitive personal information. Kareo only collects sensitive personal information, such as your social security number, financial account information, and as otherwise defined by applicable law, when you provide it to us, such as in the job application process. We only use such sensitive personal information for the use disclosed at the time you provide it to us. Kareo does not use sensitive personal information for inferring characteristics about you.
Opting Out of Cookies and Sale/Sharing Using Online Tracking Technologies
Our use of online tracking technologies may be considered a sale or sharing under applicable law. As a visitor to our Site, you can opt out of being tracked by these third parties by clicking the “Do Not Sell My Personal Information” link at the bottom of our Site and selecting your preferences. Depending on your state of residence, you may also opt out by broadcasting an Opt-Out Preference Signal, such as the Global Privacy Control (GPC) (on the browsers and/or browser extensions that support such a signal). To download and use a browser supporting the GPC browser signal, click here: https://globalprivacycontrol.org/orgs. If you choose to use the GPC signal, you will need to turn it on for each supported browser or browser extension you use.
Exercising Your Rights
You can submit a request to access, update, correct, or delete your personal information, or withdraw consent, by submitting a request through our contact form or by calling 1-844-422-7336.
You may only submit a request to know twice within a 12-month period. Your request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include your first and last name and email address.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
For security purposes, we may request additional information from you to verify your identity to enable us to process some requests. In such cases, we may contact you by email to verify your request. Depending on your request, we will ask for information such as your name and the email address associated with your Kareo account.
If you are a resident of California, Colorado, or Connecticut, you may designate an authorized agent to submit a request on your behalf to exercise your privacy rights described herein. To authorize an agent to do so, you must: (1) provide to such agent your signed permission to submit such request; and (2) verify your own identity directly with us. We may deny a request from an authorized agent if the agent does not provide adequate proof that they have been authorized by you to act on your behalf.
Responding to Requests
Upon receipt of your request, we will respond within the time frame permitted by the applicable law.
If you are a Colorado, Connecticut, or Virginia resident, you may appeal our decision to your request regarding your personal information. To do so, please contact us in any of the ways listed in the "Your Rights" section. We respond to all appeal requests as soon as we reasonably can, and no later than legally required.
To stop receiving promotional emails, you can click on the “unsubscribe” link at the bottom of any promotional email you receive from us. If you are a patient, please contact your healthcare provider to update your communication preferences.
To opt-out of receiving text messages from us, you can reply “STOP” to any text message you receive from us. If you are a patient, please contact your healthcare provider to update your communication preferences.
In-App Push Notifications
To stop receiving in-app push notifications from our mobile application, you can change your application settings on your mobile device.
Your Rights with Respect to Health and Medical Information We Collect or Process
If you are a patient of a healthcare provider who uses our Platform, we may collect or process information about you at the direction of your healthcare provider. If your healthcare provider is a Covered Entity under HIPAA, your rights with respect to your PHI are governed by HIPAA as well as our Business Associate Agreement with your healthcare provider. If you would no longer like to be contacted by that healthcare provider via our Platform, please contact your healthcare provider directly. If you would like to access or delete personal information, or to correct or update inaccurate personal information, please contact your healthcare provider directly to do so.
We will retain personal information we process on behalf of our customers for as long as needed to provide services to our customers. Kareo will retain this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Data Aggregation Services & De-identified Data
To the extent we receive PHI from our customers that are Covered Entities under HIPAA, we may use such information to provide data aggregation services (as that term is defined by HIPAA) and to create de-identified data in accordance with 45 CFR 164.514(a)-(c) retaining all ownership claims relating to the de-identified data Kareo creates from PHI. Kareo may use, during and after this agreement, all aggregate non-identifiable information and de-identified data for purposes of enhancing the Service, technical support and other business purposes, all in compliance with the HIPAA Privacy Standards, including without limitation the limited data set and de-identification of information regulations.
Our Platform is not intended for or directed to children under the age of 18. We do not knowingly collect personal information directly from children under the age of 18 without parental consent. Children under 18 are not permitted to use the Platform and we do not knowingly allow individuals under the age of 18 to create accounts that allow access to our Platform. If we become aware that a child under the age of 18 has provided us with personal information, we will delete the information from our records.
Without limiting the above, the Platform does allow individuals over the age of 18 years—such as you, parents and guardians—to provide, share, and store personal information about others, including minors and children. Any user providing, storing, or submitting information on behalf of a child assumes full responsibility over the submission, use and transmission of such information.
We do not knowingly “sell,” as that term is defined under the California Consumer Privacy Act, the personal information of minors under 16 years old who are California residents.
California Privacy Rights
California's "Shine the Light" law (Civil Code Section § 1798.83) permits users of our Site that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. If you would like more information, please submit a written request to us at: Kareo, Inc., Attn: Legal, 1111 Bayside Drive, Corona Del Mar, CA 92625.
We may update this policy at any time for any reason. We encourage you to periodically review this page for the latest information on our privacy practices. We will provide additional notice to you if we make any changes that materially affect your privacy rights.
If you have questions or suggestions you can contact us at:
1111 Bayside Drive
Corona Del Mar, CA 92625
Phone: (866) 93-TEBRA (83272)
This policy was last updated on May 5, 2023.
For terms effective prior to May 5, 2023, click here.
For the Terms of Service governing Kareo Managed Billing Customers, click here.
View printer friendly PDF.