Introduction

DrWell Inc. and its affiliated entities (hereinafter referred to as “DrWell,” “we,” or “us”) are the proprietors and operators of the website (the “Website”) located at www.drwell.com and may have previously, currently, or in the future own and/or operate a DrWell mobile application (collectively referred to as the “Platform”). Your utilization of and access to the Platform, any component thereof, or anything associated therewith, including its content (“Content”), any products or services provided via the Platform or otherwise by DrWell, and any affiliated website, software or application owned or operated by DrWell (collectively, including the Platform and the Content, referred to as the “Service”) are governed by this Privacy Policy unless explicitly stated otherwise. Capitalized terms not otherwise defined herein shall have the meaning ascribed to them in the DrWell Terms and Conditions (“Terms and Conditions”).

We are dedicated to safeguarding the privacy of Service users. This Privacy Policy (“Privacy Policy”) has been formulated to elucidate how DrWell collects, utilizes, and discloses information in the course of providing you with the Service.

By establishing, registering, or authenticating an account through the Service, or otherwise accessing or utilizing the Service, you are deemed to have acknowledged the most recent iteration of this Privacy Policy. We shall amend this Privacy Policy as necessary to reflect material modifications in the Service or our usage of personal information, and as mandated by applicable legislation. In the event of any alterations to our Privacy Policy, we shall publish the revised Privacy Policy and update the “Last updated” date at the beginning of the Privacy Policy. Should we implement material changes to this Privacy Policy, we shall provide notice or obtain consent regarding such changes as may be required by law.

If you are utilizing the Service on behalf of an individual other than yourself, you warrant that you are duly authorized by such individual to act on their behalf and that said individual acknowledges the practices and policies delineated in this Privacy Policy.

For any inquiries or concerns regarding this Privacy Policy, please contact us at:

DrWell/KP Innovations, LLC.
2100 Webster St, #429
San Francisco, California 94115

Age Restrictions on Service Usage

The Service is primarily intended for individuals who have attained the age of majority, which is typically eighteen (18) years or older, depending on applicable state legislation in the user’s jurisdiction. Individuals between thirteen (13) and the age of majority may utilize the Service solely for the purpose of obtaining medical consultation for acne treatment using topical skincare products (where available), provided that parental or legal guardian consent is obtained in accordance with the stipulations outlined in our Terms and Conditions and the Service protocols. The Service is neither designed nor intended to appeal to, nor is it directed at, children under thirteen (13) years of age. In the event that we become aware of having collected personal information via the Platform from an individual under thirteen (13) years of age, we shall employ reasonable efforts to cease further utilization of such personal information and to remove it from our retrievable databases.

Moreover, if you are under sixteen (16) years of age, you (or your parent or legal guardian if you are under 13) may submit a request at any time for the removal of content or information pertaining to you that is published on the Platform. Any such request (“Minor Information Removal Request”) should be submitted through one of the following channels:

Via postal mail: DrWell, Attn: Privacy Officer, 2100 Webster St, #429, San Francisco, California 94115, with the subject line “Minor Information Removal Request.” To ensure confirmation of mailing, delivery, and tracking, please utilize U.S. Certified Mail, Return Receipt Requested. Via electronic mail: [email protected], with the subject line “Minor Information Removal Request” For each Minor Information Removal Request, please clearly indicate “Minor Information Removal Request” in the subject line of the email or letter, and provide the following information in the body of the request:

1. The nature and specifics of your request
2. A clear identification of the content or information to be removed
3. The precise location of the content or information on the Platform (e.g., by providing the URL)
4. A statement confirming that the request pertains to “Minor Information Removal”
5. Your full name, mailing address (including city, state, and zip code), email address, and preferred method of response (mail or email)

 

DrWell will not process any Minor Information Removal Requests received via telephone or facsimile. DrWell bears no responsibility for non-compliance with any Minor Information Removal Request that is incomplete, incorrectly labeled, or improperly submitted.

Please be advised that DrWell is not obligated to erase, eliminate, or facilitate the erasure or elimination of such content or information under certain circumstances. These circumstances may include, but are not limited to: instances where international, federal, state, or local laws, rules, or regulations mandate that DrWell retain the content or information; situations where DrWell maintains the content or information on behalf of your Healthcare Providers (as defined in our Terms and Conditions) as part of your electronic medical record; cases where the content or information is stored or posted on the Site by a third party other than you (including any content or information that you posted which was subsequently stored, republished, or reposted by the third party); instances where DrWell has anonymized the content or information, rendering individual identification impossible; situations where you have not adhered to the aforementioned instructions for requesting content or information removal; and cases where you have received compensation or other consideration for providing the content or information.

The aforementioned description outlines DrWell’s voluntary practices concerning the collection of personal information through the Service from certain minors. It should not be construed as an admission that DrWell is subject to the Children’s Online Privacy Protection Act, the Federal Trade Commission’s Children’s Online Privacy Protection Rule(s), or any similar international, federal, state, or local laws, rules, or regulations.

Confidential Data

By establishing an account with DrWell, you initiate a direct consumer relationship that facilitates your access to and utilization of the Platform’s various functionalities and the Service as a user. This relationship necessitates the provision of certain information to DrWell, including but not limited to your name, email address, shipping address, phone number, and specific transactional data. We do not categorize this information as “confidential health information” or “medical data.”

Nevertheless, your use of certain Service components may involve the disclosure of health or medical information that could be subject to protection under applicable statutes. It should be noted that DrWell does not fall under the classification of a “covered entity” as defined by the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, and its associated regulations and amendments (collectively referred to as “HIPAA”). The Laboratories, Pharmacies, or Medical Groups (as defined in our Terms and Conditions) may or may not be classified as “covered entities” or “business associates” under HIPAA, while DrWell may, in certain instances, function as a “business associate” of a Pharmacy or Medical Group. It is crucial to understand that HIPAA does not automatically apply to an entity or individual merely due to the involvement of health information, and HIPAA may not govern your interactions or communications with DrWell, the Medical Groups, the Providers, the Laboratories, or the Pharmacies. However, in instances where DrWell is deemed a “business associate,” and exclusively in this capacity, DrWell may be subject to specific HIPAA provisions concerning “protected health information,” as defined by HIPAA, which you provide to DrWell, the Medical Group, or the Providers (hereafter referred to as “PHI”). Furthermore, any medical or health information you provide that is subject to specific protections under applicable state laws (collectively with PHI, referred to as “Confidential Data”), will be utilized and disclosed only in accordance with such applicable laws. However, any information not classified as Confidential Data under applicable laws may be used or disclosed as permitted by this Privacy Policy. Confidential Data excludes information that has been de-identified in compliance with applicable laws. The Medical Groups and Providers have implemented a Notice of Privacy Practices outlining their use and disclosure of Confidential Data. By accessing or using any aspect of the Service, you acknowledge receipt of the Notice of Privacy Practices from your Medical Group and Provider(s).

By accessing or utilizing any part of the Service, you acknowledge that any information submitted to DrWell that is not intended and used solely for the provision of diagnosis and treatment by the Medical Group and Providers, laboratory services by the Laboratories, or prescription fulfillment by the Pharmacies, is not considered Confidential Data. Such information will be subject only to our Privacy Policy and any applicable state laws governing the privacy and security of such information. For clarity, information provided to DrWell for account registration and setup on the Platform, including name, date of birth, username, email address, shipping address, and phone number, is not classified as Confidential Data.

Acquisition of Personal Data

The nature and extent of personal data we acquire is contingent upon your interactions with us, the services you utilize, and the preferences you express.

We procure information about you through various channels and methodologies when you engage with our services, including data you furnish directly, information gathered automatically, data from third-party sources, and information we deduce or generate from existing data.

Information provided voluntarily. We collect personal data that you willingly supply. This may encompass:

Identification and contact particulars, such as your appellation, electronic mail address, telephonic contact number, and billing and physical locations. Demographic particulars, including your gender identity, date of nativity, and postal code. Social media integrations, such as information from third-party websites, networks, platforms, servers, and/or applications (e.g., Facebook, Twitter, Instagram). Financial transaction data, including credit card numerals, financial account information, and other payment-related particulars. Content and files, such as photographic images, video recordings, documents, and other files you transmit to the Service. This includes electronic mail messages and other communications you direct to us. Sensitive personal data: Government-issued identification. We may collect government-issued identifiers such as driver’s license, passport number, and social security numbers. Account access credentials. We collect information such as a username or account number in conjunction with a password, security or access code, or other authentication credentials that permit access to an account. Sensitive demographic information. We collect data pertaining to racial or ethnic origin. Communication content. We collect the substance of communications you conduct via the Service. Biometric data. We or our service providers may employ biometric information to authenticate your identity prior to your utilization of the Service. Health-related information. We collect and analyze data concerning your health. This may include information relating to your browsing activity on our site and your use of our application, the acquisitions you make via our platform, interests you express or we infer based on your interactions with us, and other engagements between you and the Service. Sexuality. We may collect and analyze information pertaining to your sexual life or sexual orientation. Information collected automatically. Upon your utilization of our services, we automatically collect certain information. For instance:

Identifiers and device information. When you visit our websites, our web servers automatically log your Internet Protocol (IP) address and information about your device, including device identifiers (such as MAC address); device type; and your device’s operating system, browser, and other software including type, version, language, settings, and configuration. As further elucidated in the “Cookies, Mobile IDs, and Similar Technologies” section below, our websites and online services store and retrieve cookie identifiers, mobile IDs, and other data. 

Geolocation data. Contingent upon your device and application settings, we collect geolocation data when you utilize our applications or online services. Usage data. We automatically log your activity on our websites, applications, and connected products, including the URL of the website from which you accessed our sites, pages viewed, duration of page visits, access times, and other details about your use of and actions on our website. In some instances, such usage data may constitute sensitive personal information if it relates to your browsing activity on health-related pages on the Service. For example, we may log the fact that you visited a page that relates to a specific product or treatment available through our site. For further information, refer to the “Cookies, Mobile IDs, and Similar Technologies” section. Information we generate or derive. We infer new information from other data we collect, including using automated means to generate information about your likely preferences or other characteristics (“inferences”). For example, we infer your general geographic location (such as city, state, and country) based on your IP address.

Information obtained from third-party sources. We also procure the types of information described above from third parties. These third-party sources include, but are not limited to:

Third-party partners. Third-party applications and services, including social networks you elect to connect with or interact with through our services. 

Co-branding/marketing partners. Entities with which we offer co-branded services or engage in joint marketing activities. 

Service providers. Third parties that collect or provide data in connection with work they perform on our behalf, for example, companies that determine your device’s location based on its IP address. 

Publicly available sources. Public sources of information such as open government databases.

When requested to provide personal information, you may decline. You may also employ web browser or operating system controls to prevent certain types of automatic data collection. However, if you choose not to provide or allow information that is necessary for certain services or features, those services or features may be unavailable or limited in functionality.

DrWell provides management services to the medical providers and certain pharmacies you may access through the Service. Consequently, we may store additional health information on their behalf, including your medical record, communications with providers, medical history, and prescription information.

Data Collection Technologies

DrWell employs various data collection technologies, including but not limited to cookies, web beacons, mobile analytics identifiers, and advertising IDs, to facilitate the operation of our digital platforms and online services. These technologies also assist in the acquisition of data, encompassing usage metrics, unique identifiers, and device-specific information.

Elucidation of Data Collection Technologies

Cookies are diminutive data files deployed by a website and stored within your browser’s local storage on your device. These files can be subsequently accessed when your browser establishes a connection with a web server within the same domain that initially deployed the cookie. The content of a cookie typically comprises an alphanumeric string that may serve as a unique device identifier and may incorporate additional data elements. This mechanism enables the web server to recognize your browser across multiple sessions, each time it establishes a connection with that particular web server.

Web beacons, also referred to as single-pixel or clear GIFs, are imperceptible digital markers embedded within websites or electronic communications. Upon your browser rendering a webpage or email containing a web beacon, it automatically initiates a connection with the web server hosting the image (often operated by a third-party entity). This process facilitates the logging of device-specific information by the web server and allows for the deployment and retrieval of its own cookies. Similarly, third-party content integrated into our websites (such as embedded multimedia, plugins, or advertisements) prompts your browser to connect with the third-party web server hosting said content. We also incorporate web beacons into our electronic communications and newsletters to ascertain whether recipients have accessed and engaged with the content.

Mobile analytics and advertising identifiers are unique codes generated by mobile device operating systems (iOS and Android) that can be accessed and utilized by applications in a manner analogous to websites’ use of cookies. Our mobile applications incorporate software that enables both DrWell and our third-party analytics and advertising partners to access and leverage these mobile identifiers.

Utilization of Cookies and Analogous Technologies by DrWell and its Affiliates

DrWell, in conjunction with our analytics and advertising partners, employs these technological methods on our web platforms, mobile applications, and online services to gather personal data (encompassing but not limited to browsing patterns, interaction metrics, unique identifiers, and device specifications) during your engagement with our services. This data collection extends to personal information regarding your online activities across time and across various digital platforms. The acquired data serves multiple purposes, including but not limited to: preserving user preferences, facilitating authentication processes, evaluating the performance of our digital assets, monitoring user engagement, developing inferences, delivering and optimizing interest-based advertising, mitigating fraudulent activities, and fulfilling other legitimate business objectives. DrWell and/or its partners may also disseminate the collected or inferred data to third parties for these enumerated purposes. For a comprehensive overview of the third-party analytics and advertising entities that collect personal information through our services, please refer to the “Disclosure of Personal Information” segment of this Privacy Policy.

Available User Controls

A spectrum of cookie-related controls is accessible through web browsers, mobile operating systems, and other platforms. For a detailed exposition of these options, please consult the “Choice and Control of Personal Information” section below.

Utilization of Personal Data

We utilize the personal data we collect for purposes outlined in this Privacy Policy or as otherwise communicated to you, subject to the constraints addressed in the “Protected Information” section above. For instance, we employ personal data for the following objectives:

Objective of Utilization	Categories of Personal Data
Service Provision and Maintenance: To deliver and maintain the Service, including troubleshooting, facilitating navigation, confirming location, enhancing, and personalizing these services.	Contact details, demographic information, financial data, content and files, biometric data, identifiers and device information, geolocation data, usage statistics, inferences. Sensitive data: government identification, account access credentials, sensitive demographic information, communication contents, biometric identifiers, health information, data concerning sexual life or orientation.
Operational Functions: To conduct our business operations, such as invoicing, payment processing, accounting, account administration, internal operations enhancement, system security, fraud detection, identity verification, and compliance with legal obligations. Additionally, to safeguard or enforce DrWell’s rights and assets.	Contact details, demographic information, financial data, content and files, biometric data, identifiers and device information, geolocation data, usage statistics, inferences. Sensitive data: government identification, account access credentials, sensitive demographic information, communication contents, biometric identifiers, health information, data concerning sexual life or orientation.
Service Enhancement, Development, and Research: To develop, test, or improve the Service and its content, features, and/or offerings. Additionally, to conceptualize or create new products or services. Lastly, to analyze user behavior and traffic patterns within the Service.	Contact details, demographic information, financial data, content and files, biometric data, identifiers and device information, geolocation data, usage statistics, inferences. Sensitive data: government identification, account access credentials, sensitive demographic information, communication contents, biometric identifiers, health information, data concerning sexual life or orientation.
Experience Customization: To comprehend you and your preferences to enhance your experience and satisfaction with our services.	Contact details, demographic information, financial data, content and files, biometric data, identifiers and device information, geolocation data, usage statistics, inferences. Sensitive data: government identification, account access credentials, sensitive demographic information, communication contents, biometric identifiers, health information, data concerning sexual life or orientation.
User Support: To provide customer assistance, fulfill your requests, and address your inquiries. Additionally, to place and monitor orders for products or services on your behalf.	Contact details, demographic information, financial data, content and files, biometric data, identifiers and device information, geolocation data, usage statistics, inferences. Sensitive data: government identification, account access credentials, sensitive demographic information, communication contents, biometric identifiers, health information, data concerning sexual life or orientation.
Correspondence: To transmit information about DrWell, the Labs, the Pharmacies, the Medical Groups, the Providers, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages. Additionally, to communicate with you via various means, including on behalf of your Provider(s), to facilitate telehealth Service.	Contact details, demographic information, financial data, content and files, biometric data, identifiers and device information, geolocation data, usage statistics, inferences. Sensitive data: government identification, account access credentials, sensitive demographic information, communication contents, biometric identifiers, health information, data concerning sexual life or orientation.
Promotional Activities: To inform you about new services, offers, promotions, rewards, contests, upcoming events, and other information about our services and those of our selected partners.	Contact details, demographic information, financial data, content and files, biometric data, identifiers and device information, geolocation data, usage statistics, sensor data, inferences. Sensitive data: health information, data concerning sexual life or orientation.
Advertising Initiatives: To promote and market DrWell, the Service, and the products and/or services offered via the Service.	Contact details, demographic information, identifiers and device information, geolocation data, usage statistics, inferences. Sensitive data: health information, data concerning sexual life or orientation.

We aggregate data from various sources for these purposes to provide you with a more cohesive, consistent, and tailored experience.

Furthermore, we may employ information about your browsing and other activities on the Service to promote and market DrWell, the Service, and the products and/or services offered via the Service, as well as to evaluate our advertising and marketing initiatives. Depending on your engagement with the Service, this may encompass information related to your visits to health-related pages on the Service. In certain jurisdictions, we may be obligated to obtain your consent prior to utilizing information that constitutes sensitive personal data. While we may use information about your browsing activity on health-related pages, we do not employ Protected Information for advertising or marketing purposes.

We may de-identify your information and use, generate, and commercialize such de-identified information for any business or other purpose not prohibited by applicable law. In instances where our use or sharing of data does not necessitate the ability to identify individuals from the data, we may de-identify that data as a measure to protect privacy and security. Where the process is designed to permanently de-identify the data, we will maintain and utilize the data solely in a de-identified form and will not attempt to re-identify it (except for the limited purpose of testing or evaluating the efficacy of the de-identification process or as otherwise permitted by law).

Dissemination of Personal Data

DrWell may disseminate personal data with your explicit consent or as deemed necessary to fulfill your transactions or deliver services you have requested or authorized. Subject to the constraints outlined in the “Protected Health” section above, we may disclose any category of personal data described herein to the types of third parties enumerated below, in connection with the provision of the Service or as otherwise permitted or mandated by law. Such dissemination may include, but is not limited to:

Contracted Entities. We may furnish personal data to vendors or agents operating on our behalf for purposes delineated in this Privacy Policy. For instance, entities engaged to provide customer service support or assist in safeguarding our systems and services may require access to personal data to execute these functions.

Marketing and Advertising Collaborators. We may convey personal data to marketing and advertising partners. This may include the transfer of identifying information to an advertising collaborator to facilitate personalized advertising or to enable the delivery of advertisements to individuals with similar interests. Such transfers may encompass sensitive personal data, including health-related information or data pertaining to your sexual activities, insofar as it does not constitute Protected Information. For example, if you access a webpage regarding hair loss or erectile dysfunction treatments, we may relay that information to an advertising partner who will subsequently deliver targeted advertisements to you on various websites based on your browsing activity.

Financial Institutions and Payment Processors. When you provide payment information, such as for a purchase, we will disclose payment and transactional data to banks and other relevant entities as necessary for payment processing, fraud prevention, credit risk mitigation, analytics, or other related financial services. For further details regarding such disclosures, please refer to the “Transactions” section below.

Affiliated Entities. We facilitate access to personal data across our subsidiaries, affiliates, and related companies, for instance, where we utilize shared data systems or where access is necessary to provide our services and operate our business.

Healthcare Providers and Facilities. We facilitate information exchange between you and the Medical Groups, Pharmacies, Providers, and Laboratories, as applicable, to enable them to render services to you via the Service and to collect payment on their behalf.

Corporate Restructuring. We may disclose personal data as part of a corporate transaction or proceeding such as a merger, financing, acquisition, bankruptcy, dissolution, or a transfer, divestiture, or sale of all or a portion of our business assets.

Legal and Law Enforcement Entities. We will access, disclose, and preserve personal data when we believe that doing so is necessary to comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies.

Security, Safety, and Rights Protection. We will disclose personal data if we believe it is necessary to:

Safeguard our customers and others, for example, to prevent spam or fraudulent activities, or to help prevent loss of life or serious injury to any individual;

Maintain and ensure the security of our services, including preventing or halting attacks on our computer systems or networks; or

Protect the rights or property of ourselves or others, including enforcing our agreements, terms, and policies.

Third-party analytics and advertising companies also collect personal data through our website and applications, including identifiers and device information (such as cookie IDs, device IDs, and IP addresses), geolocation data, usage data, and inferences based on and associated with that data, as described in the “Cookies” section of this Privacy Policy. These third-party vendors may aggregate this data across multiple sites to enhance analytics for their own purposes and those of others. For example, we utilize Google Analytics on our website to gain insights into user interactions; you can learn about Google’s data collection and usage practices at www.google.com/policies/privacy/partners.

Other third-party analytics and advertising providers we employ on our websites include, but are not limited to:

Company/Service	Purpose(s)	Privacy Notices	Manage Settings
Google	Advertising, analytics	Google Ads Privacy Notice	Manage Google Ads Settings
X (Twitter) Advertising	Advertising	X Privacy Policy	Manage X Settings
Facebook Audiences	Advertising	Facebook Privacy Policy	Manage Facebook Settings
Google Analytics	Analytics	Google Analytics Privacy Policy	Manage Google Analytics Settings

NOTICE: We may engage in the sale of your sensitive personal data. “Sale” in this context is defined in accordance with certain state privacy laws.

Some data disclosures to these third parties may be classified as a “sale” or “sharing” of personal information as defined under the laws of California and other U.S. states. Please consult the “Choice and Control” and “California Privacy Rights” sections below for additional details.

Please be advised that some of our services incorporate integrations, references, or links to services provided by third parties whose privacy practices may differ from ours. If you furnish personal information to any of these third parties, or authorize us to share personal information with them, that information is governed by their respective privacy statements.

Lastly, we may disclose de-identified information in compliance with applicable law.

Management and Oversight of Personal Data

We offer various mechanisms for you to exercise control over the personal data we maintain about you, including options regarding how we utilize such information. In certain jurisdictions, these control mechanisms may be enforceable as legal rights under applicable legislation.

Data Access, Portability, Rectification, and Erasure. Should you wish to access, duplicate, transfer, amend, or remove personal data that we hold about you, please navigate to privacy.drwell.com/policies. In the event that you encounter difficulties accessing, duplicating, amending, or removing specific personal data through these means, you may submit a request using the contact information provided at the conclusion of this Privacy Policy.

Data Commercialization. Certain privacy regulations employ a broad definition of “sale” that may encompass some of the disclosures outlined in the “Disclosure of Personal Information” section above. To withdraw consent from such data “commercialization,” you may utilize the Global Privacy Control setting, visit privacy.drwell.com/policies, or select “Your Privacy Choices” at the bottom of our webpage.

Personalized Advertising. If you desire to opt out of the utilization of your personal data for personalized advertising purposes, you may do so at privacy.drwell.com/policies.

Furthermore, certain browser and platform controls may be at your disposal to opt out of or otherwise manage personalized advertising as described below. You may employ the opt-out mechanisms provided by organizations in which our advertising partners may participate, accessible at:

NAI (http://optout.networkadvertising.org)
DAA (http://optout.aboutads.info/)
You may also utilize other cookie or mobile ID controls as described below.

These preferences are device and browser-specific. If you access our services from multiple devices or browsers, you will need to implement these actions on each system to ensure your preferences apply to the data collected when using those systems.

Communication Preferences. You have the option to determine whether to receive promotional communications from us via email or SMS. Should you receive promotional email or SMS messages from us and wish to discontinue them, you may follow the instructions provided in that message or contact us as outlined in the “Contacting Us” section below. These preferences do not apply to certain informational communications, including surveys and mandatory service notifications.

Web Browser and Platform Settings

Cookie Management. Web browsers typically accept cookies by default. Should you prefer otherwise, you may adjust your browser settings to manage cookie preferences. Be advised that opting to delete or reject cookies may impact certain functionalities of our website. Furthermore, deleting cookies may result in the erasure of settings and preferences controlled by those cookies, including advertising preferences, which may need to be reconfigured.

Global Privacy Control (GPC). Certain browsers and browser extensions support the “Global Privacy Control” or comparable mechanisms that transmit signals to visited websites indicating your desire to opt-out of specific data processing activities, such as data sales and/or targeted advertising, as outlined by applicable legislation. Upon detection of such signals, we shall make reasonable efforts to honor your preferences as indicated by a GPC setting or similar control recognized by regulation or widely acknowledged as a valid opt-out preference signal.

Do Not Track (DNT). Some browsers incorporate a “Do Not Track” setting that transmits a signal to visited websites expressing your wish not to be tracked. However, unlike the aforementioned GPC, there is no standardized interpretation of the DNT signal. Consequently, our websites do not respond to browser DNT signals. As an alternative, you may utilize other tools to control data collection and usage, including the GPC, cookie management, and advertising controls described herein.

Mobile Advertising Identifier Controls. iOS and Android operating systems provide options to restrict tracking and/or reset advertising identifiers.

Email Web Beacon Management. Most email clients offer settings to prevent automatic image downloads, including web beacons, which inhibits automatic connections to web servers hosting those images.

Notwithstanding the automated controls described above, should you submit a request to exercise your rights or implement these choices, we reserve the right to decline such requests in certain instances, to the extent permitted by applicable law. For instance, we may deny requests where granting them would contravene legal requirements, potentially infringe upon the privacy or rights of another individual, disclose proprietary information, or interfere with legal or business obligations necessitating data retention or usage. Moreover, we may decline requests in cases where we are unable to authenticate you as the data subject, or where the request is deemed unreasonable or excessive, or as otherwise permitted by applicable law. Should you receive a response indicating that we have declined your request, wholly or partially, you may appeal this decision by submitting your appeal via the contact method specified at the conclusion of this Privacy Policy.

It is important to note that this Privacy Policy pertains exclusively to your “personal information,” which is distinct from “medical information” or “protected health information.” To comprehend our information practices and your rights concerning such information, please refer to the Medical Groups Notice of Privacy Practices.

Data Retention Policy

We retain personal information for durations necessary to deliver services and fulfill requested transactions, comply with legal obligations, resolve disputes, enforce our agreements, and for other legitimate and lawful business purposes. Given that these requirements can vary across different data types and service contexts, actual retention periods may differ significantly. Factors influencing retention include user expectations or consent, information sensitivity, availability of automated user controls for data deletion, and our legal or contractual obligations.

Financial Operations

In the course of conducting any financial operation through the Service (e.g., the acquisition or disposition of any goods or services via the Service), you may be required to provide certain pertinent information, including but not limited to your credit card details, expiration date, billing address, shipping address, telephone number, and/or electronic mail address. By furnishing such information, you grant DrWell, free of charge, the irrevocable, unrestricted, universal, and perpetual right to disseminate such information to third parties (e.g., financial transaction processors, purchasers on the Service, vendors on the Service) for the purpose of expediting the operation.

All monetary exchanges involving credit cards, debit cards, or other forms of payment on or via the Service are executed through an online financial processing application(s) accessible via the Service. This online financial processing application(s) is provided by DrWell’s third-party online payment processing vendor, Finix (“Finix”) (hereinafter referred to as “Payment Vendor”). Supplementary information about DrWell’s Payment Vendor, its privacy policies, and information security measures (collectively, the “Payment Vendor Policies”) should be available on the Finix website or by directly contacting Finix. Reference to the Payment Vendor Policies is made solely for informational purposes and is not in any way incorporated into or made a part of this Privacy Policy. DrWell’s relationship with the Payment Vendor, if any, is purely contractual in nature, as the Payment Vendor is nothing more than a third-party vendor to DrWell, and is not subject to DrWell’s direction or control; thus, their relationship should not be construed as one of fiduciaries, franchisors-franchisees, agents-principals, employers-employees, partners, joint venturers, or the like.

Jurisdictional Considerations

The Service is exclusively available for use within specific states of the United States as outlined in our Terms and Conditions. Consequently, this Privacy Policy, and our collection, utilization, and disclosure of information pertaining to you, is governed by U.S. law.

California Residents’ Privacy Rights

If you are a resident of California and the processing of personal information about you is subject to the California Consumer Privacy Act (CCPA), you are entitled to certain rights regarding that information.

Collection Notice. Prior to or at the time of collection, you have the right to receive notice of our practices, including the categories of personal and sensitive personal information to be collected, the purposes for which such information is collected or used, whether such information is sold or shared, and the duration for which such information is retained. These details can be found in this Privacy Policy by referring to the above links.

Right to Information. You have the right to request that we disclose the personal information we have collected about you. You also have the right to request additional information about our collection, use, disclosure, or sale of such personal information. Note that much of this information is provided in this Privacy Policy. You may submit a “request to know” by visiting www.drwell.com/privacy or emailing us at [email protected].

Rights to Request Correction or Deletion. You also have the right to request that we rectify inaccurate personal information and that we delete personal information under certain circumstances, subject to a number of exceptions. To make a request for correction or deletion, visit www.drwell.com/privacy or email us at [email protected].

Right to Opt-Out / “Do Not Sell or Share My Personal Information”. You have the right to opt-out from future “sales” or “sharing” of personal information as those terms are defined by the CCPA.

Please note that the CCPA provides broad definitions for “sell,” “share,” and “personal information,” and some of our data sharing practices described in this Privacy Policy may fall under these definitions. Specifically, we permit advertising and analytics providers to collect identifiers (IP addresses, cookie IDs, and mobile IDs), activity data (browsing, clicks, app usage, non-product identifying transaction data), device data, and geolocation data through our sites and apps when you use our online services, but we do not “sell” or “share” any other types of personal information. If you wish to prevent us or our partners from “selling” or “sharing” personal information related to your visits to our sites for advertising purposes, you can submit your request by visiting our Privacy Center or using a Global Privacy Control. Opting out using these methods will prevent us from sharing or making available such personal information in ways considered a “sale” or “sharing” under the CCPA. However, we will continue to make some personal information available to our partners (acting as our service providers) to assist us in performing advertising-related functions. Furthermore, using these opt-out choices will not prevent the use of previously “sold” or “shared” personal information or halt all interest-based advertising.

We do not knowingly sell or share the personal information of individuals under 16 years of age.

Limitation on Utilization and Dissemination of Sensitive Personal Data. You are entitled to restrict our utilization of sensitive personal data to purposes exclusively related to the provision of requested goods or services, or as otherwise sanctioned by applicable statutes.

To exercise your right to opt out of such supplementary uses, please navigate to the “Privacy Preferences” link located at the footer of our website, or employ the Global Privacy Control mechanism as delineated in the “User Autonomy and Preferences” section of this Privacy Policy.

You may appoint, via written instrument or durable power of attorney, an authorized representative to submit requests on your behalf to exercise your rights under the CCPA. Prior to processing such a request from a representative, we shall require the representative to furnish evidence of your authorization, and we may necessitate direct verification of your identity.

Furthermore, to facilitate the provision, rectification, or erasure of specific personal data elements, we must authenticate your identity to the degree of certainty mandated by law. We shall verify your request by requiring its submission from the email address affiliated with your account or by soliciting information requisite for account verification.

Moreover, you are entitled to freedom from discrimination for exercising these rights as delineated in the CCPA.

Additionally, pursuant to California Civil Code section 1798.83, colloquially referred to as the “Shine the Light” law, California residents who have disclosed personal information to a commercial entity with which they have established a business relationship for personal, familial, or household purposes (“California Consumers”) may inquire about whether the entity has disclosed personal information to any third parties for their direct marketing objectives.

Please be advised that we do not disclose personal information to any third parties for their direct marketing purposes as defined by this statute. California Consumers may request further information regarding our compliance with this law by directing inquiries to [email protected]. Please note that commercial entities are obligated to respond to one request per California Consumer annually and may not be compelled to address inquiries submitted through channels other than the designated email address.

Miscellaneous Provisions

DrWell employs commercially reasonable physical, technical, and administrative safeguards to protect information from unauthorized access, utilization, disclosure, alteration, and destruction. However, it is incumbent upon you to maintain the confidentiality of your account credentials and all account-related information. You bear sole responsibility for any and all activities conducted through your account. To enhance the security of your personal information, we strongly recommend the use of a robust password that is unique to this Service and not shared with any other platforms or individuals. In the event you suspect a breach in your account security, we urge you to contact us immediately as per the “Communication Protocols” section outlined below.

In utilizing the Service, you maintain the discretion to withhold certain information from us, though this may restrict your access to specific features or preclude your use of the Service entirely. You may also elect to opt out of receiving certain communications (e.g., newsletters, promotional materials) by submitting your preference via email. Please be advised that even if you opt out, we reserve the right to send Service-related communications. At present, we do not respond to web browser “do not track” signals or analogous mechanisms that provide methods to opt out of information collection across networks of websites and online services in which we participate. Should this policy change in the future, we will delineate the process within this Privacy Policy. DrWell reserves the right to supplement, amend, or otherwise modify this Privacy Policy at any time. Such alterations will be posted on this or a similar page of the Service and shall be deemed effective as of the “Last Updated” date. However, DrWell will notify you and/or require your acceptance of the updated Privacy Policy if the modifications implement material changes from DrWell’s then-current Privacy Policy. It is your obligation to thoroughly review this Privacy Policy upon each visit, access, or use of the Service.

Communication Protocols

For any inquiries regarding this Privacy Policy, please contact us via email at [email protected] or by postal mail at:

DrWell Health, Inc.

2100 Webster St, #429

San Francisco, California 94115

Attn: Privacy Officer

Mobile Information and Text Messaging

DrWell recognizes the importance of protecting your mobile information and respecting your communication preferences. As such, we adhere to the following principles:

1. No Sharing for Marketing Purposes: No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. We respect your privacy and will not use your mobile data for such activities without your explicit consent.
2. Text Messaging Opt-In Data: All the above categories exclude text messaging originator opt-in data and consent. This information is treated with the utmost confidentiality and will not be shared with any third parties under any circumstances.
3. Consent Management: Your consent for text messaging is managed separately from other data processing activities. You have the right to opt-in or opt-out of text messaging services at any time without affecting your use of other DrWell services.
4. Data Security: We employ industry-standard security measures to protect your mobile information and text messaging data from unauthorized access, alteration, or disclosure.
5. Transparency: DrWell is committed to transparency in our data practices. If there are any changes to how we handle mobile information or text messaging data, we will update this policy and notify you accordingly.
   
   

By using DrWell’s services, you acknowledge and agree to these practices regarding your mobile information and text messaging data.

Payment Processing

DrWell utilizes Finix as its payment processor. When you provide payment information, you are providing it directly to Finix, and Finix’s use of your personal information is governed by its privacy policy. DrWell does not store your payment information, other than your zip code and country, which we require for billing and to comply with tax and other government regulations.