Last Revised: 6/26/2020
Effective: 6/26/2020

Introduction
NeuroFlow (“NeuroFlow,” “we,” “us,” or “our”) respects your privacy and is committed to protecting it through our compliance with this policy.

This NeuroFlow Privacy Policy for Capital BlueCross Members (“Privacy Policy”) describes the types of information we may collect from Capital BlueCross members (“you”) when you log into the website located at “www.neuroflowlive.com” (the “Website”) or use our mobile application “NeuroFlow” on the Apple iTunes App Store or Google Play Store (the “App”), and our practices for collecting, using, maintaining, protecting, and disclosing that information. 

This Privacy Policy applies to information we collect from Capital BlueCross members:

• Through our Website and App.
• Through email, text, and other electronic means facilitating communication between you and us through our Website and App.

NeuroFlow is committed to protecting the privacy of the users of our Website and App. We will use and disclose your personal information as stated in this Privacy Policy.

Information We Collect About You, How We Collect It, and How It is Controlled.

We collect several types of information from and about Capital BlueCross members that use our Website and App, including information:

• by which you may be personally identified, such as name, mailing address, e-mail address, telephone number, age,  (“Personal Information”); and
• about your internet connection, the equipment you use to access our Website and App and usage details (“Technical Information”).

The information you provide to us may include:

• information that you provide by filling in forms on our Website and App. This includes information provided at the time of registering to use our Website and App, including unique identifiers such as user name, account number, and password, or information provided while subscribing to our service, or health-related material you provide to us. We may also ask you for information when you report a problem with our Website and App.
• records and copies of your correspondence including email addresses if you contact us. This can include comments or questions sent to us using email or secure messaging forms to be shared with our staff who are most able to address your concerns.
• details of your use of our Website and App including duration of use, date of use, and result of use. 
• information that you provide to third-party health monitoring applications, such as Google Fit and Apple HealthKit, only if you authorize such third-party applications to share such information with us.

We collect this information:

• directly from you when you voluntarily provide it to us.
• automatically as you navigate through the site. Information collected automatically may include usage details and IP addresses.

This information can be controlled in the following way:

• Only you and NeuroFlow can have access to edit, modify, or update your Personal Information.
• NeuroFlow can view your Personal Information.

Information We Collect Through Automatic Data Collection Technologies.

As you navigate through and interact with our Website and App, we may use automatic data collection technologies to collect Technical Information that may include information about your equipment, browsing action, and patterns, including:

• Details of your visits to our Website and App, including the resources that you access and use on the Website and App.
• Information about your internet connection, including your IP address.
• Information about and from third party websites that you visit either directly before or directly after visiting our Website and App.

The technologies we use for this automatic data collection may include:

• Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website.
• Flash Cookies. Certain features of our Website may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Website. Flash cookies are not managed by the same browser settings as are used for browser cookies.
• Web Beacons. Pages of our the Website may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).

The Technical Information we collect automatically does not include Personal Information, but we may associate the Technical Information with Personal Information we collect in other ways to improve our Website and App and to deliver a better and more personalized service, including by enabling us to:

• Estimate our audience size and usage patterns.
• Store information about your preferences, allowing us to customize our Website according to your individual interests.
• Monitor access to our services and safeguard certain information by limiting access only to authorized users.

How We Use Your Information

We use information that we collect about Capital BlueCross members: 

• To understand and meet your needs and preferences to provide you with our products and services. For example, to:
  • present our Website and App and their content to you.
  • provide you with information that you request from us.
  • send you text messages or email communications.
  • manage or respond to your inquiries and concerns.
  • administer your account.
• To communicate with you about new and enhance existing products. For example, to:
  • make available or send to you upgrades or updates or notices of upgrades or updates of products.
  • improve our Website and Apps, and marketing efforts.
  • conduct internal quality improvement or business analysis.
• To manage and develop our business operations and comply with our legal requirements. For example, to:
  • detect, monitor, investigate, mitigate, or attempt to prevent fraud and technical or security issues or to protect our property.
  • conduct internal testing and data analytics.
  • internally improve our algorithms.
  • allow for business continuity and disaster recovery operations.
  • provide emergency assistance in situations that may threaten the life or physical safety of you or others.
  • respond to court orders, warrants or other lawful requests or legal processes.
  • enforce and protect our legal rights.
• In any other way we may describe when you provide the information or for any other purpose with your consent.

How We Secure and Store Your Information.

We have security measures in place that are intended to help protect against the loss, misuse, unauthorized access or alteration of information under our control.  These measures include:

• Encryption of data using the Secure Socket Layer (SSL) system.
• Use of a secured messaging service when we send your personal information electronically to the Website and App.
• Use of Amazon Web Services (AWS) located in the U.S. for data storage and security.
• Use of a physical firewall of data in hand and cyber firewall through AWS.

Your information may be collected, used, processed, transferred, and retained in the United States, which may be outside the region in which you are situated and may have different privacy or data protection legislation, and may therefore be subject to the laws of the United States. If you are a resident of the European Economic Area or a country which restricts data transfers outside of that jurisdiction or region without your consent, by using our Website and App, you consent to your information being transferred outside of the European Economic Area or your country for processing or storage by or on behalf of us.

The HIPAA Privacy Rule provides additional guidelines for the use and disclosure of electronic personal health information (“ePHI”).  The covered entity in partnership with NeuroFlow is responsible for allowing patients the necessary rights and access to their ePHI. As a “business associate” as defined under HIPAA, NeuroFlow strives to comply with the HIPAA Privacy Rule by training employees on the proper handling of secure information and protecting and authenticating ePHI in our encrypted server. 

How We Interact with Third Parties

Some of our services may interact directly with third party service providers. When you use a service with these third party service providers, we will not receive or store any information you provide to them nor will we provide any information to them without your consent. 

• Secure messaging. Third parties may route secure messages from you to NeuroFlow through our Website or App. Your IP address, operating system, and browser type may be collected by the secure messaging from third party software providers, along with the information corresponding to your provider.
• Storing ePHI records. NeuroFlow may transmit these records to a HIPAA-compliant third party server to store and secure your information.

Your interactions with these third party service providers are outside of the purview of NeuroFlow. If you submit personal information to any of those sites, your information is governed by their privacy statements. We encourage you to carefully read the privacy statement of any website you visit.

NeuroFlow will share the information you provide to us with Capital BlueCross for plan administration purposes. Capital BlueCross may use this information to refer you for their care management programs or to refer you to their behavioral health vendor for further assistance. While Capital BlueCross may share the number of individuals using the NeuroFlow app with your employer-sponsored group health plan, no individually-identifiable information about you will be shared with your employer-sponsored group health plan.

Children Under the Age of 18

Our Website is not intended for children under 18 years of age. No one under age 18 may provide any information to or on the Website. We do not knowingly collect personal information from children under 18. If you are under 18, do not use or provide any information on this Website or on or through any of its features on the Website, make any purchases through the Website, or provide any information about yourself to us, including your name, address, telephone number, email address. If we learn we have collected or received personal information from a child under 18, we will delete this information. If you believe we might have any information from or about a child under 18, please contact us at info@neuroflow.com.

Data Retention
We will retain your full information for as long as your account is active or as needed to provide you services. Further, we will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We reserve the right to retain any data that is not personally identifying, despite your account being inactive or closed. Any PHI will be destroyed if NeuroFlow is no longer contracted with Capital BlueCross unless it is not feasible to do so.

Data Use upon Business Transfers

If NeuroFlow, or substantially all of its assets, is acquired, or in the unlikely event that NeuroFlow goes out of business or enters bankruptcy, user information may be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of NeuroFlow may continue to use your information as set forth in this Privacy Policy.

Accessing and Correcting Your Information

You can review your personal information by logging into our Website or App and visiting your account profile page.

You may also contact us at the information in the “Questions, Complains, and Contacts” section below to request access to or correct any information that you have provided to us. We will respond to all access requests within 30 days. However, we may not accommodate a request to change information if we believe the change could violate any law or legal requirement or cause the information to be incorrect.

California Privacy Rights

California Civil Code Section § 1798.83 permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to info@neuroflow.com.

Privacy Policy Changes

Please read this policy carefully to understand our policies and practices regarding how we collect, keep and treat your information:

• By accessing or using this Website, you are agreeing to the terms of this Privacy Policy.
• If we make material changes to our Privacy Policy, we will post notice of the changes prior to the changes becoming effective. Any revised Privacy Policy will apply both to information we already have about you at the time of the change, and any information created or received after the change takes effect.
• This Privacy Policy was last revised as of the date set forth at the top of the document.

We encourage you to periodically reread this Privacy Policy, to see if there have been any changes to our policies that may affect you. Your continued use of the Website and App after we make changes to the Privacy Policy is deemed to be acceptance of those changes, so please check periodically for updates.

Questions, Complaints, and Contacts

If you have any questions about this Privacy Policy, our policies and practices concerning the Website or the App, your rights under this statement, and your dealings with the NeuroFlow Website or the App, you can contact NeuroFlow by sending a message to the NeuroFlow Web Manager at info@neuroflow.com.