Effective Date: July 1, 2024
Call (888) 275-5357 to request a translation to another language
When you access services provided by Brightline, Inc. (“Brightline”), you trust us with your Personal Information (defined below). This Privacy Policy (“Policy”) describes how we collect, use, disclose and protect your Personal Information. It applies to our website and web page content, products, preventative and wellness services, and administrative support services via www.hellobrightline.com (the “Website”), our applications (the “App”), or other delivery methods, all of which are referred to collectively as the “Services”.
This policy applies to non-HIPAA information processed in the course of your interactions with Brightline Services. This Policy does not apply to information subject to the Health Insurance Portability and Accountability Act (“HIPAA”). Brightline provides services as a business associate to its managed entities, including Brightline Medical Associates, P.A., Brightline Medical Associates of California, Inc., Brightline Medical Associates, of New Jersey, P.A., or Brightline Medical Associates of Kansas, P.A. (collectively, “BMA”). Within the context of these services to BMA, we may process your Protected Health Information (“PHI”), which is subject to HIPAA. For more information about the collection, use, and disclosure of your PHI, please visit BMA’s Notice of HIPAA Privacy Practices (“NOPP”).
Unless we define a term in this Policy, all capitalized terms used in this Policy have the meaning provided in the Informed Consent for Telehealth Services / Member Services Agreement, which you can view via your account profile. Please make sure that you have carefully read and understand the Terms of Service Agreement before you use our Services. By using our Services, you accept the Terms of Service Agreements and accept our privacy practices described in this Policy. If you do not feel comfortable with any part of this Policy or our Membership Terms, you must not use or access our Services. Accepting these Terms does not establish a patient/provider relationship with Brightline.
This Privacy Policy is provided in a layered format. We provided summaries for each section, but we encourage you to read each section in detail.
We may collect your personal information through our Services, or when you otherwise share your information with us. Our collection may require your input or can be automatically collected while you engage with us.
We primarily use your personal information for our Products and Websites to function and to deliver you the Services. We also may use your personal information for other purposes like communicating to you about your interest in our Services, processing payments, complying with legal obligations, or to develop new features or improvements.
We may share your personal information with certain third-party service providers to help make our Services function. We may also share personal information as directed by you, to provide you with opportunities we think may interest you, or as legally required, such as to comply with a court order.
The security of your personal information is of utmost importance to us. We retain your personal information for as long as necessary, and we maintain appropriate safeguards to protect it.
We want you to have choice in how your personal information is used. We provide you rights to request actions regarding your personal information including deletion, no matter where you reside. Further rights may be provided for your specific jurisdiction, which are outlined in Section 13.
We want you to have the availability to update your communication preferences in ways that work best for you.
Our family-centric platform is generally intended for caregivers or guardians to facilitate children’s access to care from the ages of 0-18 years old.
When you visit our Websites, we may collect certain information from you automatically through cookies and other tracking technologies. You can decide what cookies are deployed using the cookies settings on our Websites.
We may change this Privacy Policy to reflect new services, changes in our data practices, or to comply with relevant laws.
You may contact us for comments, questions, or to exercise your privacy rights in various ways including emailing [email protected].
Please note, that our Services are operated in the United States where your personal information will be primarily processed and stored.
We may modify this Policy from time to time as state and federal laws change, and as we add new features to our Services. We will provide you with notice before material changes are made effective.
For questions about our privacy practices, please contact us at: [email protected].
Please see our Consumer Health Data Privacy Policy for additional information related to rights you may have under the applicable privacy laws of your jurisdiction. We provide the supplemental information in our Consumer Health Data Privacy Policy in our efforts to comply with those additional privacy laws and inform you about your rights.
We collect Personal Information when you use our Services, such as creating an account with us. “Personal Information” is any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly with a particular individual, including, but not limited to, a first and last name, email address, a home, postal or other physical address, and phone number.
We have accounts on social media platforms through which we may post information or conduct promotional activities. We may collect and use your social media identification number in accordance with this policy if you choose to access the Products via a social media account. We have no control over, and disclaim all responsibility and liability for the use of your personal data by these third party social media services.
The other types of Personal Information that we may collect about you are:
Information You Provide to Us
We collect information you give us when you answer screening questions at the beginning of your use of the Brightline mobile application or Brightline websites, when you register with us for an account, when you use our Services, when you participate in surveys or promotional activities, or when you otherwise choose to submit or otherwise provide any information to us, regardless of account status. When you use our Services, such as creating or logging into your account, speaking with a Brightline representative or contractor or affiliated clinician, we may collect your name, address, phone number, title, birth date, gender, credit card information, together with other demographic and health-related information. We may also ask you about income or other financial information to determine if you qualify for a reduction in fees where applicable. From time-to-time, we may also ask you to volunteer to participate in user experience research, promotional activities, or usability studies. When a user participates, we request certain Personal Information such as name and email address. Depending on the nature of the research, survey, or contest, we use this information to follow-up with the participants, improve our Services, or, if applicable, to notify contest winners and award prizes.
Communications from You
When you engage with our website, we may collect and store certain information about you and the activity you engaged in, for example: your name and contact information; information that you voluntarily provide to us; the nature of your communication; the purpose of the interaction, and the action we took in response to your inquiry or request.
Information Related to Your Use of the Web Pages
We may automatically collect information about your use of the Web Pages (we refer to this information as "Usage Data"), including information about your mobile devices or computer. For example, Device information, such as your hardware model, IP address (the Internet address of your computer), unique device identifiers, and other information such as your browser type and operating system. We also process Website usage information about visitor traffic patterns and usage. This includes the pages or features of our website or mobile application that you browse and how much time you spend there. We use information about your preferences to improve the usability and functionality of the website.
Information From Your Mobile Devices
We may collect certain information about your mobile devices when you use our Services, such as a unique identifier, user settings and the operating system of your device, as well as information about your use of our Services on your mobile device.
Location Information
When you use our online Services, we may collect and store information about your general location via your IP address. We may also access your mobile device’s GPS coordinates or course location but only if you have previously agreed that we can collect this information by allowing the sharing of your location information. If you do not want us to have your location information, you agree to disable the location sharing feature on your device or browser.
Information from Our Clients and Partners
We may receive your Personal Information from our business clients, business associates, vendors, and partners in connection with one or more business purposes, including making our Services available to you.
We will only use your Personal Information as described in this Policy and our Terms of Service. This Policy does not apply to information subject to the Health Insurance Portability and Accountability Act (“HIPAA”). Brightline provides services as a business associate to its managed entities, including Brightline Medical Associates, P.A., Brightline Medical Associates of California, Inc., Brightline Medical Associates, of New Jersey, P.A., or Brightline Medical Associates of Kansas, P.A. (collectively, “BMA”). Within the context of these services to Brightline Medical, we may process your Protected Health Information (“PHI”), which is subject to HIPAA. For more information about the collection, use, and disclosure of your PHI, please visit BMA’s Notice of HIPAA Privacy Practices (“NOPP”).
To Provide Our Services to You
We will use your Personal Information to provide information and Services at your request. We may use general location information about your country, state, or province to improve and personalize our Services, such as providing location-relevant information.
For the Operations and Administration of Our Business
We will use your Personal Information for the purposes of furthering our business, including creating, operating, delivering, maintaining, and improving our content, products, and Services. We monitor how our users use our website including time spent, pages visited, and content viewed. Aggregated forms of this data are used for research and development purposes to offer new features, functionalities, products and services.
For Business Analytics Purposes
We analyze, and may engage third parties to analyze, your Personal Information and Usage Data to determine the usefulness of our website, mobile app, and other elements of the Services. Any third parties who analyze your Personal Information and Usage Data on our behalf are contractually obligated to protect your information as disclosed in this Policy. Analytics help us determine how effective our navigational structure is in helping users reach the information they seek, completing the task they wish to complete, etc., and to tailor features and functionalities to our users’ needs and preferences.
Promotional Marketing
Client and Partner Approved Marketing
When we work with partners like health plans or employers to offer the Brightline services as part of your insurance or employee benefits, we may send co-branded or promotional content in collaboration with these partners. You may opt out of these types of communication via the unsubscribe link included in all promotional emails, or by emailing [email protected]. We also recommend you take additional steps to withdraw your consent with your health plan or employer.
Other Marketing Communications
Marketing lets us grow our user base and update you about new products and services. We process your contact information or information about your interactions on our Services to: send you marketing communications and keep you updated about our products and services; provide you with informational content; and deliver personalized marketing to you as applicable. This includes communications about product information, appointment reminders, links to surveys, parenting tips, newsletters, and other educational and promotional content. Nothing you do on the Brightline app or web platform will be used by us to target any advertisements towards you as an individual consumer anywhere else on the internet, also referred to as interest-based targeted advertising.
We may provide personalized promotional messaging to you based on your selected preferences. To learn more, refer to Your Settings and Preferences in this policy.
To unsubscribe from these promotional messages, you can click the unsubscribe link included in all promotional emails. Please note that we will continue to send you certain administrative communications regarding the Services that you will not be able to opt out of, such as periodic communications regarding updates to our Terms of Services, this Policy, and renewals, among others.
To Provide Customer Support or Respond to You
We collect information that you provide to us when you contact us, such as with questions, concerns, feedback, disputes or issues, or privacy requests, so we can address your needs and support your use and enjoyment of the Services.
For Account and Network Security Purposes
We care about keeping you secure and safe while using our Services. Keeping you safe requires us to process your Personal Information, including your device information, log-in and activity data, and other relevant information to proactively manage privacy and security risks. We use this information to combat spam, malware, malicious activities or security risks; improve and enforce our security measures; and to monitor and verify your identity so that unauthorized users do not gain access to your information.
To Maintain Legal and Regulatory Compliance
Our Services are subject to certain laws and regulations which require us to process your Personal Information. For example, we process your Personal Information to comply with privacy laws, employment laws, or as necessary to manage risk as required under applicable law.
To Enforce Compliance with Our Terms and Agreements
When you access or use our Services, you are bound to this Policy. To ensure compliance, we process your Personal Information to monitor, investigate, prevent and mitigate any alleged or actual prohibited, illicit or illegal activities on our Services. We also process your Personal Information to investigate, prevent or mitigate violations of your terms and agreements.
Artificial Intelligence
We may utilize certain artificial intelligence (AI) tools from third-party service providers to help us optimize our Services and to perform internal analytics for new and existing products and to conduct research and development. We do not and will not permit these third parties to use your Personal Information to improve or train their AI models.
Your Personal Information is not shared with third parties without your permission, except as described below. We do not sell any of your personal information to third parties.
Information Shared with Our Employees and Service Providers
Your information may be made available or provided to third-party service providers, employees, or contractors, who are contractually obligated to protect your information as disclosed in this Policy and/or our Business Associate Agreements or other documentation you agree to.
These employees and third-party services providers have access to your Personal Information only at our instruction and are expressly obligated not to disclose or use your Personal Information for any other purpose.
Information Shared with Our Business Clients
Subject to the Notice of Privacy Practices, we may share your Personal Information with our business clients for Services provision and business operations purposes. We are a service provider to our business clients who purchase our Services for their employees and dependents. We may share your Personal Information with our business clients for the purposes of performing services to these clients in accordance with our contractual obligations, including to make our Services available to you and your dependents.
Information Disclosed in Connection with Business Transactions
If we are acquired by a third party as a result of a transaction such as a merger, acquisition or asset sale, or if our assets are acquired by a third party in the event we go out of business or enter bankruptcy, some or all of our assets, including your Personal Information, may be disclosed or transferred to a third-party acquirer in connection with the transaction. Other than to the extent ordered by a bankruptcy or other court, the use and disclosure of all transferred user information will be subject to applicable laws.
Information Disclosed for Our Protection and the Protection of Others
We cooperate with government and law enforcement officials to enforce and comply with the law. We may disclose information about you to government or law enforcement officials as we, in our sole discretion, believe necessary or appropriate: (i) to enforce our Membership Terms, (ii) to respond to claims and legal process (including subpoenas); (iii) to protect the property, rights and safety of a third party, our users, or the public in general; (iv) to protect our property, rights and safety; (v) to stop any activity that we consider fraudulent, illegal, unethical or legally actionable; and (vi) as required by applicable local, state or federal laws.
We protect the security of the information you provide to us with reasonable and appropriate physical, electronic, and administrative safeguards. For certain features of our Services we use industry-standard SSL-encryption to enhance the security of data transmissions. Your account information is password-protected for your privacy and security. While we strive to protect your information, we cannot guarantee the security of the Internet, and cannot ensure the security of the information that is transmitted through the Internet. Please recognize that protecting your Personal Information is also your responsibility. We urge you to take every precaution to protect your information when you are on the Internet, or when you communicate with us and with others through the Internet. Change your passwords often, use a combination of letters and numbers, and make sure you use a secure browser. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account might have been compromised), or if you suspect someone else is using your account, please let us know immediately by contacting us as indicated in the “Contact Us” section. If your credit information, username, or password is lost, stolen, or used without permission, please promptly notify us and we will assist you in updating your account details. We will retain Personal Information for the period necessary to fulfill the purposes outlined in this Privacy policy unless a longer retention period is required or permitted by law. Any clinical records will be securely maintained for the greater of: (i) the minimum number of years such records are required to be maintained under state and federal law or (ii) 7 years. Public forums, including but not limited to social media and app stores such as Apple and Google Play allow individuals to post comments, reviews, ratings and other information that may be displayed and viewed by others. We recommend that you do not post any information that you do not want to make available to other users or the public generally. You assume all responsibility for any loss of privacy or other harm resulting from information you post publicly. To provide feedback in a non-public manner that allows for sharing of personal information, please write [email protected].
We believe that you should have control of your personal information. To understand our practices related to your health data privacy rights, refer to our Consumer Health Data Privacy Rights policy. To that end we provide the following rights to make requests regarding your personal information. You may make these requests by contacting [email protected] or in some cases using features within the Brightline website or app.
Access. You have the right to know what personal information we collect about you and how we use it. This Privacy Policy serves to inform you about that collection and use. If we have personal information about you, you may also request a copy of that information.
Correction. You have the right to request the correction of your inaccurate personal information.
Portability. You may request an export of your personal information in a structured and machine readable format such as a .csv or .pdf. Where feasible, we can send that export to a third party you identify.
Deletion. You have the right to request, under certain circumstances, the deletion of your personal information that we collect.
Restriction. You have the right to request that Brightline restrict the use of your personal information in certain circumstances. Please note that in some cases we may not be able to place a restriction due to the use being necessary for functionality or delivery of the Services.
No retaliation or discrimination. You have the right not to receive discriminatory or retaliatory treatment for making a request.
Upon receiving your request, we may ask for additional information from you in order to verify the request or confirm how you would like to proceed. We endeavor to respond to a verifiable request without undue delay. If we require an extended amount of time, we will inform you using the email associated with your account or the email you used to make the request.
We do not charge a fee to process your verifiable request unless it is excessive, repetitive, or clearly unfounded. If we determine that your request requires a fee, we will tell you why and provide you with a cost estimate before completing your request.
Your rights are not absolute, and exceptions may apply. These exceptions can arise from different factors including our legal obligations, the rights of others, your or another’s safety, and our ability to bring or defend against legal claims. Additionally, we will not fulfill your request if you do not provide sufficient information to verify your identity or to verify that a third party making the request is authorized to act as your representative.
You can reduce the information collected from your device by changing your browser settings to notify you when a cookie is being set or updated, or to block cookies altogether. To learn more how Brightline uses your information, please refer to the Cookies and Other Technologies section of this policy.
Some browsers also allow you to control local stored objects through your browser settings. More information about how to do this may be found at www.allaboutcookies.org/manage-cookies or in the “Help” section of your browser. If you choose to block cookies, your use of the Service may be impacted. If you would like more information about your choices, please visit: the Digital Advertising Alliance’s website, https://www.aboutads.info/, or the Network Advertising Initiative’s website, http://networkadvertising.org/consumer/opt_out.asp.
At Brightline, we are committed to protecting and respecting children’s privacy. Other sections of this Policy contain details about the information we collect, which applies to information we collect about children. The information we collect will be used for the purposes described. Our family-centric platform is generally intended for caregivers or guardians to facilitate children’s access to care from the ages of 0-18 years old. This Section explains our online information collection, disclosure, and parental consent practices with respect to information collected from children under the age of 13 (“child” or “children”) in accordance with the U.S. Children’s Online Privacy Protection Act (“COPPA”). For more information about COPPA and general tips about protecting children’s online privacy, please go to https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule.
No personal information about a child will be made available to the public or sold. We may share information with our service providers if necessary for them to perform business, professional, or technology services for us, always in accordance with all applicable laws including HIPAA.
If you are a member 13 to 17 years old, you may enroll in the Services with verifiable parent or guardian consent.
A parent or guardian can create a Brightline account on behalf of a dependent child and attest that they have legal authority to do so. During the registration process, the parent or guardian can provide certain information about the child, including name, birth date, address, and login credentials.
Children under the age of 18 are not eligible at this time to directly self-register for the Services without the authorization of a guardian
Please note certain state patient privacy laws may permit a child to directly obtain certain types of health care services independent of their parent or guardian.
We have content in our Products that are geared toward a variety of audiences, such as families, caregivers, children, and teens. Content geared towards minors is only meant for you to share with your child under your supervision, and does not require or allow your child to create an account.
If you prefer for your child not to directly interact with Brightline online, please do not provide account credentials to your child. If you are a parent or guardian and you are aware that a child under age 13 has provided us with their personal information without parental consent, please contact us at [email protected] and we will take steps to remove that personal information from our servers. Consent: During account registration for a child, parents or guardians are asked to review our informed consent agreements, which include Parental Consent as defined by COPPA. If a parent or guardian chooses not to consent to the collection and use of their child’s information, they may not create an online account for the child. At any time, a parent and guardian may revoke their consent. Once consent is revoked, a child may not use any Services online, unless a new consent is signed. In addition to your right to revoke your consent for the collection of your child’s personal information, you may request to review the personal information we have collected from your child. Please submit your request or any questions to us at [email protected].
Our website uses cookies to understand your preferences and user journey in order to make our site work. This information helps us analyze usage of our web page to improve our services. We do not use cookies for cross-context tracking or sharing information with third parties.
A "cookie" is a small data file that certain websites write to your computer or smart device when you visit the website. A cookie can't read data off your hard disk or read cookie files created by other websites. We use session cookies that are deleted when you leave our website and close your browser, and persistent cookies that can remain even after you leave. A cookie file can contain information such as a user ID that the website uses to track the pages you've visited. The cookies that are configured by our website do not contain directly identifying information, such as your name or sensitive information such as your credit card number.
We use the following types of cookies on our Services:
Definition: These cookies are essential because they enable you to use our Services. For example, strictly necessary cookies allow you to access secure areas on our Services. Without these cookies, Services cannot be provided. This category of cookies is essential for our Services to work and they cannot be disabled. Functional cookies remember your choices so we can provide you with enhanced features and personalized content. For example, these cookies can be used to remember your name and location or some elements of your login credentials. We do not use functional cookies to target you with online marketing. While some of these cookies can be disabled, this may result in less functionality during your use of our Services.
Examples:
Cloudflare prevents bots and supports A/B testing for site performance and functionality.
Segment helps us fulfill essential reporting requirements for our clients about how their members engage with our website and utilize the Services. Segment helps us understand if you have visited our website before using an anonymous ID.
These cookies do not gather information about you for marketing purposes.
Ahoy helps us understand site performance and user journeys through our product. Data collected by Ahoy is not shared with third parties.
Brightline aggregates de-identified and anonymized information about audiences from third party partnerships that help us understand how different audiences interact with our Services and indicate interest in our offerings. This data sharing occurs through instances such as affiliate links, engagement with online advertisements, and other such interactions. These partners process your Personal Information on our behalf pursuant to our instructions and obligations consistent with this Policy and our business associate agreements. Your interactions with third party partners may inform marketing you receive in other contexts based on your engagement with similar services, web pages, and content.
Our Website and Services analyze the following types of information from the user: type of web browser, time of visit, pages visited, time spent on each page of the website, and which web page or online advertisement the user arrived from. The data collected is used to optimize the website experience. We also use this data for our own business purposes, to analyze volume of users, website performance and issues, and the user journey.
Web Beacons are a technology that is part of our website that allow us to measure what pages and features users engage with. Web beacons allow Brightline to monitor the volume of web visitors and the effectiveness and performance of our product and Services.
Depending on your permissions, we may receive your Personal Information from your internet service and mobile device providers. Users of mobile devices who do not want to receive interest-based advertising may limit such activity by turning on “Limit Ad Tracking” or equivalent setting in your mobile device settings.
We work with third party platforms who provide us with analytics and advertising services. This helps us understand how our advertisements perform with aggregate audiences.
We may display links to other sites or resources that are owned or operated by third parties. We are not responsible for the content, privacy or security practices of any third parties. To protect your information, we encourage you to learn about the privacy policies of those third parties.
We offer our Services only to individuals located in the United States, and we do not advertise our Services outside the United States. If you are located outside the United States and choose to provide your Personal Information to us, please note that your Personal Information is stored in the United States. Those who choose to access and use the Services from outside the United States do so on their own initiative, at their own risk, with this understanding.
We may modify this Policy from time to time as state and federal laws change, and as we add new features to our Services. The date of change will be shown next to “Effective Date” at the top of this page. We encourage you to read this Policy periodically to ensure you have up-to-date knowledge of our privacy practices. Whenever material changes to this Policy are made, we will provide you with notice before the modifications are effective by sending a message to the email address associated with your account, or by posting a notice to your user account. By continuing to access or use the Services after changes to this Policy become effective, you agree to be bound by the revised Policy. If any changes are unacceptable to you, you should stop using the Services.
For questions about our privacy practices, please contact us at: [email protected].
If you are in the United States and receive clinical services via our Services, see our HIPAA Notice of Privacy Practices for how Brightline and our Providers specifically use and disclose Protected Health Information (“PHI”).
Jurisdiction-Specific Disclosures
Please see our Consumer Health Data Privacy Policy for additional information related to rights you may have under the applicable privacy laws of your jurisdiction. We provide the supplemental information in our Consumer Health Data Privacy Policy in our efforts to comply with those additional privacy laws and inform you about your rights. If you do not see your jurisdiction please do not interpret that to mean that we do not respect your privacy; we encourage you to still contact us with your questions or concerns.