Protecting your privacy on our web site
The TRUSTe certification covers only our collection, use and disclosure of information we collect through our web site kareo.com and the Services. The use of information collected through our Service shall be limited to the purpose of providing the Service for which the Client has engaged Kareo.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact TRUSTe here.
Information collection and how it is used
You do not have to give us any personal information to visit the product information portion of our web site. No personally identifying information (such as your name, e-mail address or Social Security number) will be collected unless you choose to provide that information to us.
Kareo collects personal information when you sign up for a trial or paid subscription to the Kareo Service. When you sign up, we ask for your name, email address, phone number and your company's demographic and financial information such as credit card information.
When you sign up for a paid subscription, we will ask you to enter your credit card or ACH information. This information is encrypted on computer systems that are secured in a locked cage at a data center co-location facility rented by Kareo.
Kareo automatically receives and records information on our server logs from your browser, including your IP address and the page you request.
Kareo uses information for the following general purposes: products and services provision, billing, identification and authentication, services improvement, contact, research, and anonymous reporting.
Kareo will send you strictly service-related announcements on rare occasions when it is necessary to do so. For instance, if our Service is temporarily suspended for maintenance, we might send you an email. Generally, you may not opt-out of these communications, which are not promotional in nature. If you do not wish to receive them, you have the option to deactivate your account.
If you wish to subscribe to our newsletter, we will use your name and email address to send the newsletter to you. Out of respect for your privacy, we provide you a way to unsubscribe by clicking on the link within the email.
IP Addresses are automatically reported by your browser each time you view a web page or use our Service. Your IP address is not permanently stored in a way that is identified with your personal information.
IP addresses may be used for various purposes, including:
- To diagnose or service technology problems reported by our users or engineers that are associated with the IP addresses controlled by a specific web company or ISP.
- To estimate the total number of users visiting Kareo from specific geographical regions.
Cookies and Other Tracking Technologies
A cookie is a small amount of data, which often includes an anonymous unique identifier that is sent to your browser from a web site's computers and stored on your computer's hard drive. We do link the information we store in cookies to personal information you submit while on our web site.
If you reject cookies, you may still use our web site, but your ability to use some areas of our site, such as contests or surveys, will be limited.
Web Beacons / Gifs
Kareo uses software technology called clear gifs (a.k.a. Web Beacons) to help us better manage content on our web site by informing us what content is effective. These technologies are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of Web users. In contrast to cookies, which are stored on a user’s computer hard drive, clear gifs are embedded invisibly on Web pages and are about the size of the period at the end of this sentence. In some cases we tie information gathered by clear gifs to our customers’ personal information; an example would be tracking emails that have been opened by recipients which allows us to measure the effectiveness of our communications and marketing campaigns.
3rd Party Tracking
We use Local Storage, such as HTML5, to store content information and preferences. Third parties with whom we partner to provide certain features on our website or to display advertising based upon your web browsing activity also use HTML5 to collect and store information. Various browsers may offer their own management tools for removing HTML5.
Behavioral Targeting / Re-Targeting
Protected Health Information
If you are a patient using the web site, please do not provide Kareo with Protected Health Information (PHI). If you are a patient using Kareo Clinical, Kareo Billing or Kareo Marketing (including Kareo DoctorBase), the information you provide to us through those Services may be considered PHI and will be protected by Kareo as required by federal and state laws.
Information sharing and disclosure
Kareo may be required to disclose personally identifiable information or protected health information under special circumstances, such as to comply with subpoenas or when your actions violate the Kareo Terms of Service.
Kareo may share demographic information with business partners, such as "7% of Kareo customers are in the Los Angeles region" or the like. No personally identifiable information or protected health information will ever be used without your permission (i.e., we will ask you before using a quote or testimonial).
Kareo does not rent, sell, or share personal information about you with other people or nonaffiliated companies for promotional purposes except to provide products or services you've requested or when we have your permission.
With your consent, we do share your name and email with certain partners we may work with. If you would not like your information shared with these partners, uncheck the box when asked this option or notify us via firstname.lastname@example.org.
We use other third parties such as a chat service provider to provide customer service to you, and a credit card processing company to bill you for goods and services, an email service provider to send out emails on our behalf. When you sign up for these services, we will specify what personally identifiable information is being shared as necessary for the third party to provide that service.
Accessing, updating, or correcting your personal information
If your personally identifiable information changes, or if you no longer desire our Service, you may correct it or request deletion by contacting us by telephone or postal mail at the contact information listed below. We will respond to your request to access within a reasonable timeframe.
We will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
The security of your personal information is important to us. When you enter sensitive information such as credit card number on our registration or order forms, we encrypt that information using secure socket layer technology (SSL).
While we follow generally accepted industry standards to protect the personally identifiable information submitted to us, both during transmission and once we receive it, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. If you have any questions about security on our web site, you can contact us at email@example.com.
Customer testimonials, comments and reviews
We post customer testimonials, comments and reviews on our web site which may contain personal information. These testimonials are publicly available from a partner site and we post them on our policy. We do obtain the customer's consent to post their name along with their testimonial via email prior to posting the testimonial. If you wish to update or delete your testimonial, you can contact us at firstname.lastname@example.org.
You should be aware that any personal information you submit on blogs on this site and others can be read, collected, or used by other users of these forums, and could be used to send you unsolicited messages. We are not responsible for the personal information you choose to submit in these forums. To request removal of your personal information from our blog, contact us at email@example.com. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
Links to other sites
If you click on a link to a third party site, you will leave this site and go to the site you selected. Because we cannot control the activities of third parties, we cannot accept responsibility for any use of your personally identifiable information by such third parties, and we cannot guarantee that they will adhere to the same privacy practices as us. We encourage you to review the privacy policies of any other service provider from whom you request services.
If you choose to use our referral service to tell a friend about our web site, we will ask you for your friend’s name and email address. We will automatically send your friend a one-time email inviting him or her to visit the web site. Kareo stores this information for the sole purpose of sending this one-time email. Your friend may contact us at firstname.lastname@example.org to request that we remove this information from our database.
Collection and Use of 3rd Party Personal Information
You may also provide personal information about other people, such as their name, email address and phone number. This information is only used for the sole purpose of completing your request or for whatever reason it may have been provided.
Social Media Widgets
You can log in to portions of our main Kareo web site using sign-in services such as LinkedIn Connect or an Open ID provider. These services will authenticate your identity and provide you the option to share certain personal information with us such as your name and email address to pre-populate our sign up form. Services like LinkedIn Connect give you the option to post information about your activities on portions of our main Kareo web site to your profile page to share with others within your network.
Information Related to Data Collected through the Kareo Services
Information Related to Data Collected for our Clients
Kareo may collect information under the direction of its Clients, and has no direct relationship with the individuals whose personal information it processes. If you are a customer of one of our Clients and would no longer like to be contacted by one of our Clients that use our Service, please contact the Client that you interact with directly. We may transfer personal information to companies that help us provide our Service. Transfers to subsequent third parties are covered by the service agreements with our Clients.
Access and Retention of Data Controlled by our Clients:
Kareo has no direct relationship with the individuals whose personal information it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his query to the Kareo Client (the data controller). If requested to remove data we will respond within 30-60 days. If the Client is a Covered Entity under HIPAA, your rights with respect to your protected health information are governed by HIPAA as well as our Business Associate Agreement with that Client.
We will retain personal information we process on behalf of our Clients for as long as needed to provide services to our Client. Kareo will retain this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Data Aggregation Services & De-identified Data
To the extent we receive protected health information from Clients that are Covered Entities under HIPAA, we may use such information to provide data aggregation services (as that term is defined by HIPAA) and to create de-identified data in accordance with 45 CFR 164.514(a)-(c) retaining any and all ownership claims relating to the de-identified data it creates from protected health information. Kareo may use, during and after this agreement, all aggregate non-identifiable information and de-identified data for purposes of enhancing the Software and Service, technical support and other business purposes, all in compliance with the HIPAA Privacy Standards, including without limitation the limited data set and de-identification of information regulations.
Kareo may update this policy at any time for any reason. If there are any material changes to how we handle personal information we will send a notice to the contact email address specified in your company's Kareo account or by placing a prominent notice on the home page of our site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
If you have questions or suggestions you can contact us at:
3353 Michelson Suite 400
Irvine, CA 92612
This policy was last updated on May 9, 2016.
For terms effective for purchases prior to May 9, 2016, click here.