At Sika Health, we value your privacy. This Privacy Policy (“Privacy Policy”) describes how Sika Health, Inc. (“Sika,” “we,” or “our”) collects, uses, processes, and discloses personal information and personal health information (collectively, “Your Information”) when you use  the Services or communicate with us directly by email, text, or phone. Any capitalized terms used but not defined in this Privacy Policy have the definitions given to them in our Terms of Service.

The term “Your Information” includes any information that can be used on its own or with other information in combination to identify or contact a natural person. Some of Your Information that we collect and transmit may be considered “health data” (i.e., data related to your physical or mental health), “protected health information” or “PHI” (i.e., information that relates to your past, present, or future physical or mental health or condition(s); the provision of health care to you; or the past, present, or future payment for the provision of health care to you), and/or medical records as defined by state law. Although PHI is transmitted through the Sika platform in connection with the LMN Services, Sika is not a provider of healthcare services. Sika is a technology platform that enables, facilitates, and supports the acquisition of health-related products and services by users from third-party merchants.

We may update or modify this Privacy Policy from time to time. If we make material changes, we will revise the “Last Updated” date above, and we may also choose to send you a notification of these changes.   We encourage you to review this Privacy Policy frequently to stay informed about our privacy practices and how you can exercise your options related to those practices. Your continued use of the Services will constitute your understanding and acknowledgement of this Privacy Policy. If you do not agree with this Privacy Policy or any subsequent updates, you must stop using the Services.

1. Information Sika Collects

We may collect the following types of information about you when you use the Services:

Information You Provide to Us

We collect information that you provide to us directly when you use the Services, for example when you pay with Sika, or contact us directly with questions or feedback.  This information may include

• Identifiers, such as your name, email address, telephone number, billing address, gender, sex, birthdate, or a copy of your photo ID;
• Purchase information, such as purchase date, time, or amount; 
• Self-reported health information, such as your medical history and symptoms; and
• User Generated Content, such as personal information you include in comments or survey responses.

Note that if you pay with Sika, we use an integration with a PCI-DSS compliant payment processor to collect and process your payment, which payment processor is subject to change. If Sika uses a third-party payment processor, you will supply personal details and card information directly to the payment processor through a secure interface operated by that processor and Sika will not collect or store such details, which will be secured and kept confidential by the third-party processor under contract with us. However, your billing details, such as your payment card number provided to the payment processor, are handled and secured exclusively by the payment processor. The payment processor returns a token to Sika indicating your payment. Sika is not responsible for the payment processor’s data collection or storage.

We may automatically collect information about you when you access the Services.  This information may include the following:

Information You Provide to Us

• Device information, such as device model, operating system language and version, unique device or personal identifiers, mobile network information, IP address, or browser type; or
• Activity information, such as when you accessed the Services, which pages you viewed, and which sites you visited before and after accessing the Services.

We collect and store some of the information described in this subsection by using cookies and other similar technologies like pixels, tags, and web beacons (collectively, “Cookies”).  Cookies are small strings of information that a website you visit transfers to your browser.  Cookies can be used to track your internet activity, remember your preferences, or improve or localize your user experience.  Some cookies are necessary to operate a website, while others are not. You can decide if and how your device will accept cookies by configuring your browser settings.  If you choose to reject cookies, you may not be able to use certain features of the Services. You can find more information on cookies from the Federal Trade Commission. 

Information We Collect from Third Parties
We may collect information about you from third parties, for example by allowing third parties to place their own Cookies on the Services that help us with measuring site traffic and analytics. The information collected and stored by these third parties is subject to their own privacy policies and practices. 

2. How We Use Your Information

We may use the information we collect about you to serve the following purposes:

• to provide the Services to you;
• to manage our relationship with you, including responding to your inquiries, providing you with notices, and requesting your feedback;
• to administer promotions and events;
• to market the Services to you;
• to analyze your use of our Services;
• to improve and enhance our Services;
• to detect and protect against security incidents or fraudulent or unlawful activity;
• to comply with legal and regulatory requirements; 
• to execute any other purpose as described to you at the time such information is collected; or
• for other purposes at your direction or with your consent.

We may aggregate and/or anonymize personal information so that it can no longer be reasonably linked to a specific individual.  We may do this to generate data sets to help us develop, analyze, and improve our Services.

3. How We Disclose Your Information

We may disclose your information to third parties as follows:

• Service Providers. We use certain third parties to help us operate our business, including cloud service providers, customer support augmentation, data analytics providers, marketing and communications partners, and security vendors. Whenever we share data with third-party service providers, we require that they use your information only for the purposes we’ve authorized, and we require these service providers to protect your personal data to at least the same standards that we do. We currently work with Stripe as a payment processor (you can review Stripe’s privacy practices here) and Beluga Health as an LMN Service Provider (you can view Beluga’s privacy practices here). We may replace or engage additional payment processors and/or LMN Service Providers at our discretion.
• Professional Advisors. We may share your information with our professional advisors, such as auditors, accountants, or lawyers.
• Authorities, Law Enforcement, and the Public Interest. We may share your information to protect the legal rights, safety, or security of Sika and our community, such as to enforce our Terms of Service or to prevent fraudulent or unlawful activity.  We will not release any individual-level personal information to law enforcement or a government authority unless we believe in good faith that such disclosure is required by law. 
• Affiliates. We may share your information with our current and future affiliate companies.
• Business Transfers. We may share your information with third parties in connection with an actual or prospective change to the control or financial status of Sika, such as a merger, sale of our assets, financing, acquisition, or bankruptcy.

We may also share your information with other third parties at your direction or with your consent. We do not voluntarily share your information with public or private third-party databases. As noted above, we may share aggregated and anonymized information with third parties as permitted by law; for example, we share aggregate information publicly to show trends about the use of FSA/HSA payments generally. 

4. Your Privacy Choices

Your use of our Services is voluntary. You may decline to share certain information with us, in which case we may not be able to provide you with some or all the features and functionality of the Services.

• Emails: If you no longer wish to receive marketing emails from us, you can unsubscribe at any time by following the instructions in those emails. You can also email us your opt-out request to legal@sikahealth.com with the subject line “Email opt-out request”. Please note that even if you unsubscribe from marketing or other nonessential emails, you may still receive emails from us related to the Services, such as emails about changes to our policies.
• Text Messages: With your consent as required by applicable law, we may send communications containing Services information by autodialed, prerecorded, or artificial voice calls or SMS, or text messages, at any phone number or email address you provide in connection with your account, even if your phone number is on the national or any state’s do-not-call registry. If you no longer wish to receive text messages from us, you can unsubscribe at any time by texting “STOP” in response to a text message from Sika.
• Cookies: Many web browsers enable cookies by default.  You can change your cookie settings or disable cookies at any time by updating your browser settings. You can find more information on how to opt-out of cookies at USA.gov. 
• Do Not Track Signals: We do not currently recognize or respond to automated browser signals regarding tracking, such as “Do Not Track” signals.”
  

5. Children’s Privacy

The Services are not intended for individuals under the age of 13. No one under age 13 may provide any personal information to or on the Services, and we do not knowingly collect personal information from children under 13. If you are under 13, you may not use the Services. If we learn we have collected or received personal information from a child under 13, we will use all reasonable efforts to delete such information. If you believe we might have any information from or about a child under 13, please contact us immediately at legal@sikahealth.com with the subject line “Children’s Privacy.”

6. Information Security

We take reasonable steps to protect your personal information from loss or unauthorized use, access, disclosure, alteration, or destruction. However, it remains possible that third parties may unlawfully intercept or access transmissions or private communications and may abuse or misuse your personal information that they unlawfully collect from the Services. Additionally, we can’t guarantee the complete security of any personal information you disclose online. For example, emails sent to or from our Services may not be secure, and so you should take care when considering what information you send to us via email. To the extent permitted under applicable law, we assume no liability or responsibility for the loss, disclosure, or destruction of your personal information due to errors in transmission, unauthorized access by third parties, or other causes beyond our control.

In the event of a data or security breach, Sika will take the following actions: (i) promptly upon becoming aware of a security incident, investigate the security incident, validate the root cause, and, where applicable, remediate any vulnerabilities within Sika’s control which may have given rise to the security incident; (ii) comply with laws and regulations directly applicable to Sika in connection with such security incident; (iii) as applicable, cooperate with any affected Sika user or client in accordance with the terms of Sika’s contract with such user or client; and (iv) document and record actions taken by Sika in connection with the security incident and conduct a post-incident review of the circumstances related to the incident and actions/recommendations taken to prevent similar security incidents in the future. Sika will notify you of any data or security breaches as required by and in accordance with applicable law.

7. Information Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, or for other essential purposes, such as complying with our legal obligations, resolving disputes, enforcing our agreement, or otherwise as required or permitted by law. Please note, Sika is not the “source of truth” for information typically retained in a patient medical record; all PHI and other data that may be considered part of your medical record will be maintained in accordance with all applicable medical retention laws, rules and regulations, by your provider. Further, Sika reserves the right to continue using de-identified data indefinitely, even after Your Information has been removed from Sika’s databases. We may continue to disclose de-identified data to third parties in a manner that does not reveal Your Information, as described in this Privacy Policy. Our continued use of de-identified data will comport with applicable law.

8. Additional Information for Certain U.S. Residents

If you reside in a U.S. state that currently has a comprehensive privacy law in effect that applies to Sika, you may be entitled to exercise the following privacy rights:

• Right to know or access your personal information
• Right to update or correct your personal information
• Right to deletion of your personal information
• Right to opt-out of sharing of your personal information for the purposes of targeted advertising purposes or automated decision-making 
• Right to nondiscrimination for exercising any of your privacy rights

To exercise any of these privacy rights, if they apply to your relationship with us, please email us at legal@sikahealth.com with the subject line “Privacy Request.”

9. Third Party Content

The Services may make available or provide links to websites and services provided and operated by third parties (“Third Party Content”). Sika does not control, and is not responsible for, any Third Party Content, and this Privacy Policy does not apply to Third Party Content.  We encourage you to review the privacy and security policies applicable to any Third Party Content before engaging with it.

10. Geographic Restriction

The Services are hosted in the United States and are intended for use by residents of the United States. We make no representations that the Services are appropriate or available for use in any location outside of the United States. If you are a resident of another country or are using the Services from outside of the United States, please note that you are transferring your data to the United States, which does not have the same data protection laws as other regions.

11. Contact Information

If you have any questions about this Privacy Policy or would like to exercise your data protection rights, you can reach us at legal@sikahealth.com. You may also contact us at the below address:

Sika Health, Inc.
2196 Third Ave, Unit 10039
New York NY, 10035
Attn: Legal

‍