Privacy Policy

Last Revised: August 2024

1. Introduction

Here at Cerebral, we are committed to respecting the privacy of users of our services. To that end, this Privacy Policy (“Privacy Policy”) describes the types of information Cerebral Inc. and its affiliates (collectively, “Cerebral,” “we,” “our,” or “us”) may collect, how we may use such information, and to whom we may disclose it in order to provide the services described below. This Privacy Policy applies to information that we collect and use about you from our websites located at www.cerebral.com and www.getcerebral.com, any other U.S. websites on which we post this Privacy Policy, and the affiliated Cerebral mobile application (the “Platform”), and when you otherwise interact with us (collectively, the “Services”). This Privacy Policy is incorporated into our Terms and Conditions of Use (the “Terms of Use”). All capitalized terms used in this Privacy Policy but not defined herein have the meanings assigned to them in the Terms of Use.

This Privacy Policy applies only to the Services. Except as provided herein, this Privacy Policy does not apply to information collected by us outside of the Services, including on any other website operated by Cerebral or any other party, or data collected outside of the Services by Providers, the Medical Groups, the Labs, or the Pharmacies. It also does not apply to the information practices of any other party, including other parties you may communicate with off the Services, or other parties you connect with through any application or content (including advertising) that may link to or be accessible from or on the Services.

Please read this Privacy Policy carefully to understand our policies and practices regarding your information and how we will treat it. By accessing or using the Services, you accept the practices and policies outlined in this Privacy Policy. If you use the Services on behalf of any other person, you represent that you are authorized to do so and that your use of the Services on such person’s behalf is acknowledged by that person. If any term in this Privacy Policy is unacceptable to you, do not use the Services. Continued use of the Services constitutes your express consent to the terms of this Privacy policy. If you do not agree with our Privacy Policy or the Medical Group Notice of Privacy Practices, you may not use or otherwise access the Services.

This Privacy Policy may change from time to time, and your continued use of the Services after we make changes is deemed to be acceptance of those changes, so please check the Privacy Policy periodically for updates.

Note: Cerebral operates the Platform but does not provide medical services and is not a medical group. Any telehealth consults obtained through our Services are provided by independent medical provider groups, including, but not limited to, Cerebral Medical Group, P.A. (collectively, the “Medical Groups”), which engage with a network of United States-based health care providers, including licensed therapists, nurse practitioners and doctors (each, a “Provider”). The Medical Groups and all Providers are required by law to maintain the privacy of your health information in accordance with federal and state law. The Medical Groups and their associated Providers process your health information in accordance with the Medical Group Notice of Privacy Practices. Where we process health information on behalf of the Medical Groups, we do so at the direction of such Medical Groups and in accordance with the policies set forth in their Medical Group Notice of Privacy Practices. 

2. Information We Collect and How We Collect It

When you create an account with Cerebral, you are creating an express consumer relationship with us that enables you to access and/or utilize the various functions of the Services we provide. As part of that relationship, you provided information that we collect. As part of Services, you authorize Cerebral to, and we may collect the following information:

• Information you provide to us. We may collect information you provide to us directly – for example, when you create a User Account, submit feedback, answer research questions, interact with Cerebral customer support, or use the Services. This includes contact information, such as name, home and billing address, email address, and telephone number; demographic information such as date of birth, gender, sexuality, race/ethnicity; payment details like billing address and credit or debit card number (for payment purposes only); identity-verification information; health-related information, such as information about your medical history, medical conditions, treatment options, physician referrals, prescriptions, lab results, lifestyle and personal preferences, health insurance information, or other related health information, such as your physical and emotional characteristics; other information, such as Social Security Number (collected by our trusted verification provider solely for purposes of identity verification), audio, images, and video of you; log-in credentials (if you create a User Account); and any other information you choose to provide to us about yourself or others. Note: if you choose to allow other apps on your device to disclose information to our Services, we may collect information from those other apps (for example, photos, health information, and/or audio clips). Some of this information you provide to us may include sensitive personal information including government identification documents such as a driver’s license, passport number, and social security numbers. As stated above, other sensitive information may also include account access information such as a username or account number in combination with a password, security or access code, or other credential that allows access to an account. We also may collect the contents of communications that you make via our services. We or our service providers may use biometric information to verify your identity prior to your use of the Service. Moreover, we collect and analyze information concerning your health. This may include information relating to your browsing activity on our site and your use of our app, the purchases you make via our platform, interests you express, or we infer based on your interactions with us, and other interactions between you and the Service.

• Information about your use of the Services. We may collect information related to your use of and interaction with the Services, such as communications with Providers through the Services, whether you are a current user, product interests, User Materials, and information related to your inquiries or requests.

• Information we collect automatically. When you interact with the Services, we may automatically collect information such as traffic data, logs, referring/exit pages, web page requests, location data, frequency and/or date and time of your activities on the Services, error information, clickstream data, IP address, usage data, and information about your Internet connection, device (such as a mobile device ID), connection speed, operating system, and/or browser. We may also collect information about your online activities over time and across other websites or online services. Some of this data is collected using cookies and similar technologies. To learn more about these technologies and your choices regarding them, please see the section below titled “Your Data Choices.”

• Information we receive from social media services and other sources. We may collect information about you if you use any of the other websites we operate or the other services we provide. We may collect information from public sources, advertisers, partners, and other parties (such as intermediaries, including Providers and the Pharmacies). We may also collect information about you through a social media or other account provided by another party, such as Facebook or Google (each, a “Third-Party Account”). For example, if you access the Services or create a User Account through a Third-Party Account, you may allow us to have access to certain information in your Third-Party Account. This may include your name, profile picture, gender, networks, user IDs, list of friends, location, date of birth, email address, photos, videos, people you follow and/or who follow you, and/or your posts or “likes.” Social media sites and other sites operated by other parties, such as Facebook and Google, have their own policies for handling your information. For a description of how these sites may use and disclose your information, including any information you make public, please consult the sites’ privacy policies. We have no control over how any site operated by another party uses or discloses the personal information it collects about you. We may combine information we receive from social media services and other sources with other information we collect from and about you.
  

3. How We Use Your Information

We may use the information we collect in the following ways:

• To provide, maintain, improve, manage, and optimize our Services.
• To facilitate the provision of telehealth services to you by the Medical Groups and its Providers, the Labs, the Pharmacies and/or other health care providers, including for purposes of treatment, case management, patient engagement, medication management, and coordination of care, and to ensure that such Medical Groups, Providers, Labs, Pharmacies and/or other health care providers have the services and support necessary for health care operations.
• To communicate with you about the Services, your use of the Services, including by responding to your inquiries and requests and providing customer support or by sending you communications on behalf of your Provider and other health care providers to meet your needs.
• To verify your identity and administer your User Account.
• To process your payments and fulfill your orders.
• To research and analyze the effectiveness and functionality of our Services and better understand our user base. If we publish or provide the results of this research to others, such research will be presented in a de-identified and aggregate form such that individual users cannot be identified, unless you give us your consent to be identified.
• To implement security features.
• To provide you with technical support and customer service and troubleshoot any technical issues or errors.
• In accordance with applicable legal requirements, advertise and market our Services and those of our partners to you, including on websites operated by other parties (subject to any opt-out preferences you have communicated to us).
• In accordance with applicable legal requirements, to personalize the Services, including engaging in analysis and research regarding use of the Services to better understand your interests and needs and measuring the effectiveness of advertising and content we serve to you and others to deliver and customize relevant advertising and content to you (subject to any opt-out preferences you have communicated to us).
• To comply in good faith with our policies and any procedures, laws, and regulations which apply to us where it is necessary for our legitimate interests or the legitimate interests of others.
• To protect the safety, rights, property, or security of Cerebral, our users, employees, other parties, members of the public and/or our Services.
• For any other permitted purpose, with your consent.

We may aggregate, de-identify and/or anonymize any information collected through the Services so that such information is no longer reasonably capable of being associated with you. We may use aggregated or anonymized information for any permitted purpose, including for research and marketing analytics purposes, and we may also disclose such information for any permitted purpose to any other parties. 

4. How We Disclose Your Information

We may disclose your personal information under the following circumstances:

• To our employees and other personnel to provide you with the Services, provide customer support, and for similar purposes.

• Among our subsidiaries and affiliates, including our ultimate holding company and its subsidiaries, for business purposes.

• To vendors with which we contract to help us deliver our Services and perform certain business and administrative functions, such as customer service, email management, payment processing, analytics, legal services, auditing, hosting the Services, and IT support (“Vendors”). These Vendors may also include the Medical Groups and their Providers, and other health care organizations, the Labs, and the Pharmacies.

• To our vendors that provide services to enable us to promote and advertise the Services and the products and/or services offered via the Services, such as ad platforms services, as well as to comply wit
• h contact removal requests or requirements, such as mailing list removal services, do not call registries, and similar services.
• To the Medical Groups and their Providers, the Pharmacies or the Labs to enable them to provide health care and related services to you via the Services, including (i) to schedule and fulfill appointments, (ii) to enable the sending of messages through our Services, and (iii) for other treatment, payment or health care operations purposes, including pharmacy and laboratory services.

• If we sell, transfer, or otherwise disclose some or all our assets with another party in the event of a merger, sale, divestiture, restructuring, reorganization, dissolution, or other similar transaction, or in the event of bankruptcy, if your information is among the assets transferred. We may also disclose your information in diligence leading up to a potential corporate transaction.

• As we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to any government or regulatory request); enforce or apply our Terms of Use and other policies; protect the rights, property, or safety of Cerebral, our employees and customers, and any other party; prevent an activity that may be illegal, unethical or legally actionable; or otherwise to comply with the law.

• Where we have your consent, or you have otherwise directed us to do so. For example, if you request us to disclose your information to another party, you have consented to this disclosure. 

5. Your Data Choices 

Cookies and similar technologies. When you interact with the Services, we (and other parties that support our advertising efforts) may automatically collect certain information about your browser, device, and use of the Services through cookies, pixel tags, web beacons, local storage, and other similar technologies. Cookies are small text files stored on your browser or device, which allow us to provide certain features of the Services, personalize your user experience, and advertise our Services to you. You can find more information about cookies at www.allaboutcookies.org.

You may be able to set your browser to manage cookies and similar technologies, or to alert you when cookies are being sent. Because each browser is a little different, we encourage you to check your browser’s “Help” feature to learn how to manage cookies. For more information about managing cookies, please visit www.allaboutcookies.org/manage-cookies. If you disable or refuse cookies, please note that some parts of the Services may then be inaccessible or not function properly. Because we and vendors we engage may use non-cookie technologies with your browser or device, browser settings that block cookies used in isolation may not affect the functioning of those technologies.

Mobile devices often include settings to help you manage how your device collects and discloses information for advertising purposes. For more information on how to manage those devices settings, please visit the Network Advertising Initiative’s mobile choice page at www.networkadvertising.org/mobile-choice.

Tailored advertising. We may engage other parties to serve tailored advertisements for our Services on our behalf on websites and applications operated by other parties. You have certain choices about how your information is used for this purpose. To learn more about tailored advertisements or to opt out of participating companies, see the Digital Advertising Alliance’s opt-out program at www.aboutads.info/choices or the Network Advertising Initiative’s opt-out page at optout.networkadvertising.org. We make no representation about the accuracy or effectiveness of these opt out mechanisms. You can opt out of Google Analytics through its currently available opt-outs for the web. Please note that if you choose to opt out, you will continue to see ads, but they may not be based on your interests. In addition, these other parties may provide you with ways to choose not to have your information collected or used in this way. You may also opt out of such advertising cookies and tracking technologies by following the directions here: Do Not Sell or Share My Personal Information.

Marketing communications. If you do not wish to receive marketing communications from us, you can check certain boxes on the forms we use to collect your data or under your User Account page and/or follow the instructions in our marketing emails. You may also send us a return email asking to be omitted from future email distributions. Regardless of your indicated email preferences, we may send you administrative emails regarding the Services, including, for example, notices of updates to our Terms of Use or this Privacy Policy, appointment reminders, and other information related to your User Account.

SMS communications. You can opt out of SMS communications as described in our Terms of Use.

Location information. You can choose whether to allow our Services to collect real-time information about your device’s location through the device’s privacy settings. If you do not authorize us to collect location information, some parts of our Services may be inaccessible or not function properly.

Social media and other Third-Party Accounts. To control the information you disclose to us when you follow us, like our posts, or otherwise interact with us on social media, you can adjust your social media account settings related to how your information is disclosed. If you access the Services or create a User Account through a Third-Party Account, please consult the settings in the applicable Third-Party Account to control how the provider of the Third-Party Account discloses information to us.

Push notifications: If your device is configured to receive push notifications, we may send you push notifications. If you no longer wish to receive these types of communications, you may turn them off through your device settings.

Other choices. You can review and change certain data processing preferences at any time by choosing 'Sharing Settings' on the homepage or after logging into your account. Depending on your jurisdiction of residence, you may have certain rights to access, delete, or correct your information. Your rights will be subject to applicable exceptions, and we will need to verify your identity before processing your request. If you would like to submit a request relating to your data, please email us at privacy@getcerebral.com.

Please note that if you delete your User Account, medical providers, including Providers, and other affiliates may still have the right to retain information under applicable law, regulations, or their own retention policy. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect. 

6. Protected Health Information

When you set up a User Account with Cerebral, you are creating a direct customer relationship with Cerebral that enables you to access and/or utilize the Services. As part of that relationship, you provide information to Cerebral, including but not limited to, your name, email address, shipping address, phone number and certain transactional information that are not “protected health information” or “medical information.”

However, in using certain components of the Services, some of the information we collect may constitute “protected health information” (“PHI”) under the Health Insurance Portability and Accountability Act (“HIPAA”). While Cerebral is not a “covered entity” as defined in HIPAA, one or more of the Medical Groups and its Providers, the Pharmacies, the Labs and/or other health care providers engaging with you through our Services may be a “covered entity” or “business associate” under HIPAA and therefore subject to HIPAA, and Cerebral may in some cases be a “business associate” of a Medical Group, Pharmacy and/or Lab. Please note that HIPAA does not necessarily apply to an entity or person simply because there is health information involved, and HIPAA may not apply to your transactions or communications with Cerebral, the Medical Groups, the Providers, the Pharmacies, and/or the Labs. To the extent Cerebral is deemed a “business associate” however, and solely in its role as a business associate, Cerebral, may be subject to certain provisions of HIPAA with respect to PHI. In addition, any medical or health information that you provide that is subject to specific protections under applicable state laws (collectively, with PHI, “Protected Information”), will be used and disclosed in accordance with such applicable laws. However, any information that does not constitute Protected Information under applicable laws may be used or disclosed in any manner permitted under this Privacy Policy. Protected Information does not include information that has been de-identified in accordance with applicable laws.

The Medical Groups and its affiliated Providers have adopted a Medical Group Notice of Privacy Practices that describes how they use and disclose PHI. By accessing or using the Services to interact with a Medical Group and/or Provider, you acknowledge that you have received and agreed to the Medical Group Notice of Privacy Practices from your Medical Group and/or Provider(s). 

Where Cerebral collects, uses, and discloses Protected Information on behalf of your Medical Group or Provider, such processing on behalf of your Medical Group or Provider shall be consistent with the Medical Group Notice of Privacy Practices and as permitted in Cerebral’s agreements with the Medical Groups or Provider, except to the extent you have expressly authorized additional uses and disclosures. We may use PHI for purposes of treatment, payment, and health care operations, including to communicate with you, to provide requested services, to provide information to your Medical Groups or Providers, pharmacies, and insurers, to obtain payments for our services, and to communicate with your Medical Groups or Providers, pharmacies, and benefits program. We may combine your PHI with other information about you, including information from other sources, such as from your Medical Groups or Providers, pharmacies, insurers, or benefits program, to maintain an accurate record of our users. We may use your PHI to contact you for any services or products offered by Cerebral or the Medical Groups. 

7. Data Retention

Generally, we keep your information no longer than the period necessary for the purposes for which it is processed. The length of time for which we retain information depends on the purposes for which we collected and use it and your choices, after which time we may delete and/or aggregate it. We may also retain and use this information as necessary to comply with our legal obligations, as necessary for our legitimate business interests, to resolve disputes, and to enforce our agreements. For further information on how long we retain specific types of personal information, please refer to Covered Information Retention Schedule.

8. Data Security

We have implemented measures designed to secure your information from accidental loss and from unauthorized access, use, alteration, and disclosure. We use encryption technology for information sent and received by us. However, transmitting information via the Internet is not completely secure, so although we take steps to protect your information, we cannot guarantee complete security. You disclose information to us at your own risk.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our Services, you are responsible for keeping this password confidential. We ask you not to disclose a password with anyone. 

9. Links and Offerings from Other Parties

This Privacy Policy does not address and we are not responsible for the practices or policies of any other parties using, accessible through, or linked from the Services, including Providers, the Medical Groups, the Pharmacies, the Labs, the manufacturer of your mobile device and other IT hardware or software, and any app or website operated by another party to which our Services may contain a link. These other parties may gather information from or about you. We have no control over the privacy practices of these other parties and make no representations about them. We encourage you to review the Medical Group Notice of Privacy Practices and the privacy policies of each website and application you visit and use.

10. Minors’ Information

Our Services are not directed to children under the age of eighteen (18) without parental consent. We do not knowingly collect information for individuals under the age of 18 (including, for children under the age of thirteen, “personal information” as defined in the U.S. Children’s Online Privacy Protection Act) without the verifiable consent of that child’s parent or guardian. If we learn that we have received any information for an individual under the age of eighteen, we process and delete that information as required by applicable law. If you are aware of a child providing personal information to us without parental consent, please contact us using the information below.

11. U.S. Residents

If you are a US resident, you may have certain additional privacy rights. Visit our Your US State Privacy Rights page for more information.

12.  UK, EU, & EMEA Residents

If you are a resident of the Middle East, EU, or resident, you may have certain additional privacy rights. Visit our UK, EU, & EMEA Privacy Rights page for more information.

13. Revisions to Our Privacy Policy

We reserve the right to change this Privacy Policy at any time. It is our policy to post any changes we make to our Privacy Policy posted on this page. The date this Privacy Policy was last revised is identified at the top of the page. You are responsible for periodically monitoring and reviewing any updates to the Privacy Policy. Your continued use of our Services after such amendments will be deemed your acknowledgment of and agreement to these changes to this Privacy Policy.

14. Contacting Us

If you have any questions about this Privacy Policy, please email us at privacy@cerebral.com. For general customer support questions, please email us at support@cerebral.com.

• Call 911 if you are having a mental health emergency.
• Text Home to 741-741 if you are in emotional distress and need immediate support.
• Call 988 For National Suicide Prevention Hotline

Let us stay in touch.

Get the latest in mental health, free events, feature updates and more.

© 2024 Cerebral Inc. All rights reserved.2093 Philadelphia Pike #9898 Claymont, DE 19703