Little Otter, Inc. Privacy Policy

Effective Date: May 3, 2021

Last Updated: April 30, 2021

 

We at Little Otter, Inc. value your privacy and are committed to keeping your Personal Data confidential. We use your data solely in the context of providing you with a convenient and high-quality software solution that allows healthcare providers and patients to easily and purposefully connect with each other for the provision of telebehavioral health services. 

This privacy policy applies to Personal Data Little Otter, Inc. collects from (1) legal parents or guardians of child(ren) receiving treatment through the Little Otter website and application (the “App”) and any related services (the “Services”); and (2) healthcare providers providing treatment to pediatric patients on behalf of an organization authorized to use the App (individually a “User” and collectively the “Users”). “Personal Data” includes any information that can be used on its own or with other information in combination to identify or contact one of our Users. We believe that transparency about the use of Our Users’ personal information is of utmost importance. In this privacy policy, We provide Users with detailed information about our collection, use, maintenance, and disclosure of Users’ Personal Data. The policy explains what kind of information We collect, when and how We might use that information, how we protect the information, and User rights as a provider or parent/legal guardian.

BY USING THE APP, USER IS ACKNOWLEDGING THAT USER HAS READ AND AGREES TO THE TERMS OF THIS POLICY. IF USER DOES NOT AGREE, PLEASE DO NOT LOG INTO, ACCESS, OR, IF APPLICABLE, ALLOW YOUR CHILD TO LOG INTO OR ACCESS THE APP AND DO NOT SUBMIT ANY PERSONAL DATA TO US.

Notice Regarding Updates: Please note that We occasionally update this Privacy Policy. If We make a material change to this Privacy Policy, We will post a link to the modified terms on our website and will also notify User via email. User can store this policy and/or any amended version(s) digitally, print it, or save it in any other way. Any changes to this privacy policy will be effective immediately upon providing notice, and shall apply to all information We maintain, use, and disclose. If User does not agree to the changes, immediately delete the App and all associated files from User’s device. If User continues to use the App such notice, User is agreeing to those changes.

In case User has any questions or concerns after reading this Privacy Policy, please do not hesitate to contact Us at privacy@littleotterhealth.com. We appreciate your feedback. If you do not agree to the terms of this Privacy Policy or if you changes your mind at any point, you can delete your account by deleting the App or notifying us by email at privacy@littleotterhealth.com.

Responsible Entity

Little Otter, Inc. (“We”, “Us”, “the Company”) may process User Personal Data in accordance with this Privacy Policy. If We are processing Personal Data on behalf of a third party that is not an agent or affiliate of the Company, the terms of this Privacy Policy do not apply—instead, the terms of that third party’s privacy policy will apply. You can contact Us with any questions about our Privacy Policy at privacy@littleotterhealth.com

Links to Other Sites 

Our App may contain links to websites and services that are owned or operated by third parties (each, a “Third-party Service”). Any information that User provides on or to a Third-party Service or that is collected by a Third-party Service is provided directly to the owner or operator of the Third-party Service and is subject to the owner’s or operator’s privacy policy. We are not responsible for the content, privacy or security practices and policies of any Third-party Service. To protect User information, We recommend that Users carefully review the privacy policies of all Third-party Services that the User accesses.

What Personal Data do We collect?

We collect Personal Data, which includes the following types of data and may include healthcare information or “protected health information”. 

Demographic Data

We collect demographic information, such as your name and email address, to assist us in creating User’s User Account.

Parents/Guardians: We also collect Personal Data such as your child’s birth year, sex assigned at birth, gender, height, and weight to assist us in creating your User Account and communicating with your child’s provider.

Payment Data

If User makes payments via our App, We may require that Users provide to Us User’s financial and billing information, such as billing name and address, credit card number or bank account information.

Support Data

If User contacts Us for support or to lodge a complaint, We may collect technical or other information from User through log files and other technologies, some of which may qualify as Personal Data. (e.g., IP address). Such information will be used for the purposes of troubleshooting, customer support, software updates, and improvement of the Services in accordance with this Privacy Policy. Calls with Little Otter may be recorded or monitored for training, quality assurance, customer service, and reference purposes.

Device, Telephone, and ISP Data

We use common information-gathering tools, such as log files, cookies, web beacons, and similar technologies to automatically collect information, which may contain Personal Data, from User’s computer or mobile device as Users navigate our Services, or interacts with emails We have sent you. The information We collect may include your Internet Protocol (IP) address (or proxy server), device and application identification numbers, location, browser type, Internet service provider and/or mobile carrier, the pages and files you viewed, your searches, your operating system and system configuration information, and date/time stamps associated with your usage. This information is used to analyze overall trends, to help Us provide and improve our Services and to guarantee their security and continued proper functioning.

Health and App Data (Parents/Guardians)

In addition to demographic information, We will collect information regarding your child’s health conditions, age, sex assignment at birth, gender, weight, height, medical history, symptoms, information from the App, and communications between your and the healthcare provider providing healthcare services to your child via the App. We collect this information to provide User with the Services and to provide User’s healthcare provider providing healthcare services through the App with the information required to provide medical treatment.

How will We use your Personal Data?

We process Users’ Personal Data based on legitimate business interests, in order to provide Our Services, to comply with Our legal obligations, and/or with User’s consent when we are required to obtain it. We only use or disclose Personal Data when it is legally mandated or where it is necessary to fulfill those purposes described herein. Where required by law, we will ask for your prior consent before doing so.

Specifically, we process Users’ Personal Data for the following legitimate business purposes:

  • To fulfill our obligations to User under the Terms of Service

  • To communicate with User about and manage User’s Accounts

  • To properly store and track User data within our system

  • To respond to lawful requests from public and government authorities, and to comply with applicable state/federal law, including cooperation with judicial proceedings or court orders.

  • To protect Our rights, privacy, safety or property, and/or that of User by providing proper notices, pursuing available legal remedies, and acting to limit Our damages

  • To handle technical support and other requests from User

  • To enforce and ensure User compliance with Our Terms of Service or the terms of any other applicable services agreement We have with User

  • To manage and improve Our operations and the App, including the development of additional functionality

  • To manage payment processing

  • To evaluate the quality of service that User receives, identify usage trends, and thereby improve User’s experience

  • To keep Our App safe and secure for User, and for Us

  • To send User information about changes to Our terms, conditions, and policies

  • To allow Us to pursue available remedies or limit the damages that We may sustain

  • Parents/Guardians: To provide access to the authorized healthcare provider/caregiver (with User’s consent), to enable that individual to monitor your child’s progress and overall condition and to follow up with User, as they deem appropriate.

Where is User Personal Data processed?

Personal Data We through the App will be stored on secure cloud-based servers in the United States. Personal Data may be transmitted to third parties, which parties may store or maintain the data on their secure servers. 

The mobile App from different App Stores is “native” to User’s devices, meaning information User enters into the App is also stored directly on the device User uses to access and enter information into the App. A non-native browser-based web application is also available for use. 

Will We share User Personal Data with anyone else?

Yes, with third parties that help Us power Our Services

We have a limited number of service providers and other third parties (“Business Partners”) that help Us run various aspects of Our business. These Business Partners are contractually bound to protect User’s Personal Data and to use it only for the limited purpose(s) for which it is shared with Us. Business Partners’ use of Personal Data may include, but is not limited to, the provision of services such as data hosting, IT services, customer service, and payment processing.

Yes, with third parties and the government when legal or enforcement issues arise

We may share Personal Data, if reasonable and necessary, to (i) comply with legal processes or enforceable governmental requests, or as otherwise required by law; (ii) cooperate with third parties in investigating acts or omissions that violate this Privacy Policy or the Terms of Service; or (iii) bring legal action against someone who may be violating the Terms of Service or who may be causing intentional or unintentional injury or interference to the rights or property of Little Otter, Inc. or any third party, including other users of Our Services.

Yes, with third parties that provide advisory services

We may share  Personal Data with third parties that provide use services, including but not limited to, Our lawyers, auditors, accountants, or banks, when We have a legitimate business interest in doing so.

Yes, with third parties in the event of a reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of Little Otter, Inc.’s corporate entity, assets, or stock (including in connection with any bankruptcy or similar proceedings).

If We share Personal Data with a third party other than as provided above, you will be notified at the time of data collection or transfer, and you will have the option of not permitting the transfer.

Parents/Guardians - Yes, with a healthcare provider, third-party, and/or caregiver for purposes of treatment or as you direct us to 

Parents/ Guardians- We will share information you enter into the App, as well as any reports generated by the Services based on the information you enter, with your child(ren)’s healthcare provider for treatment purposes. We will also share this information with any third-party or caregiver with whom you choose to allow Us to share such information. If, at any point, you want to deny access to one or more third parties, you can do so by emailing privacy@littleotterhealth.com

How long do We retain Personal Data?

We will retain Personal Data for as long as you maintain a User Account and up to 7 years after the account is closed. The exact period of retention will depend on the type of Personal Data, Our contractual obligation to you, and applicable law. We keep Personal Data for as long as necessary to fulfill the purpose for which it was collected, unless otherwise required or necessary pursuant to a legitimate business purpose outlined in this Privacy Policy. At the end of the applicable retention period, We will remove Personal Data from our databases and will request that our Business Partners remove Personal Data from their databases. If there is any data that We are unable, for technical reasons, to delete entirely from our systems, We will put in place appropriate measures to prevent any further processing of such data. We retain anonymized data indefinitely.

NOTE: Once We disclose Personal Data to third parties, We may not be able to access that Personal Data any longer and cannot force the deletion or modification of any such information by the parties to whom We have made those disclosures. Written requests for deletion of Personal Data other than as described should be directed to privacy@littleotterhealth.com.

What is Our Cookie Policy?

Cookies are small files that a web server sends to your computer or device when a User visits a web application that uses cookies to keep track of your activity on that site. Cookies also exist within applications when a browser is needed to view certain content or display certain content within the application. Cookies hold a small amount of data specific to a web application, which can later be used to help remember information User enters into the application (like your email or username), preferences selected, and movement within the application. If you returns to a previously visited web application (and User’s browser has cookies enabled), the web browser sends the small file to the web server, which tells it what activity User engaged in the last time User used the web application, and the server can use the cookie to do things like expedite logging in and retrieving user data and keeping  User’s browser session secure.

We use cookies and other technologies to, among other things, better serve Users with more tailored information, and to facilitate efficient and secure access to the Services. We only use essential cookies. Essential cookies are those necessary for Us to provide services to Users.  We have provided, below, a full list of Our cookies, categorized as described above. We have described the purpose of each, whether they are Our cookies or Third-Party cookies, and how to withdraw consent to their use. We have also indicated which cookies are “session cookies” (which last for as long as Users’ browsers remain open) and “persistent cookies” (which remain on a User’s hard drive until the User deletes them or they expire).

We may also collect information using pixel tags, web beacons, clear GIFs or other similar technologies. These may be used in connection with some website pages and HTML­ formatted email messages to, among other things, track the actions of users and email recipients, and compile statistics about usage and response rates.

Essential Cookies:

Cookie Name, Who Controls It, and DurationPurposeInformation CollectedHow to Withdraw Consentmp_[random hash]. Little Otter, Inc. During active sessionTo track de-identified data for product analytics.A generated token that allows the server to identify User.Do not use Our Service if User do not want to receive this cookie.hubspotutk. Little Otter, Inc. During active sessionTo track data during registration flow for marketing purposes.A generated token that lets User log in.Do not use Our Service if User do not want to receive this cookie.session_id Little Otter, Inc. During active sessionIdentifies the user and allows authentication to the serverA generated token that lets User log in.Do not use Our service and do not unsubscribe from automated emails if User does not want this cookie.

How can Users “Opt Out” of Cookies?

Users can usually choose to set their browsers to remove cookies and reject cookies. However, the cookies we use are all Essential Cookies, meaning that if a User enables a do not track (DNT) signal or otherwise configures their browser to prevent Us from collecting cookies, the User will be unable to use our services..

How do We protect the Personal Data we collect?

We are committed to protecting the security and confidentiality of User Personal Data. We use a combination of reasonable physical, technical, and administrative security controls to maintain the security and integrity of Our Users’ Personal Data, to protect against any anticipated threats or hazards to the security or integrity of such information, and to protect against unauthorized access to or use of such information in our possession or control that could result in substantial harm or inconvenience to Users. However, internet data transmissions, whether wired or wireless, cannot be guaranteed to be 100% secure. As a result, We cannot ensure the security of information Users transmit to Us. By using the Services, Users are assuming this risk.

Safeguards

We store Personal Data on secure servers, and protect this data using a combination of technical, administrative, and physical security safeguards, such as authentication, encryption, backups, and access controls in accordance with federal privacy law. If We learn of a security concern, We may attempt to notify Users and provide information on protective steps to mitigate any potential harm, if available, through the e­mail addresses that Users have provided to Us or by an in-app notification. Depending on where Users live, Users may have a legal right to receive such notices in writing.

Users are solely responsible for protecting information entered or generated via the Little Otter, Inc. App that is stored on Users’ devices and/or removable device storages. We have no access to or control over Users’ devices security settings, and it is up to Users to implement any device level security features and protections Users feel are appropriate (e.g., password protection, encryption, remote wipe capability, etc.). We recommend that Users take any and all appropriate steps to secure any device that Users use to access Our Services.

NOTWITHSTANDING ANY OF THE STEPS TAKEN BY US, IT IS NOT POSSIBLE TO GUARANTEE THE SECURITY OR INTEGRITY OF DATA TRANSMITTED OVER THE INTERNET. THERE IS NO GUARANTEE THAT YOUR PERSONAL DATA WILL NOT BE ACCESSED, DISCLOSED, ALTERED, OR DESTROYED DESPITE THE IMPLEMENTATION OF OUR PHYSICAL, TECHNICAL, OR ADMINISTRATIVE SAFEGUARDS. THEREFORE, WE DO NOT AND CANNOT ENSURE OR WARRANT THE SECURITY OR INTEGRITY OF ANY PERSONAL DATA YOU TRANSMIT TO US AND YOU TRANSMIT SUCH PERSONAL DATA AT YOUR OWN RISK.

How Can Users Protect Their Personal Data?

In addition to securing User devices, as discussed above, We will NEVER send you an e­mail requesting confidential information such as account numbers, usernames, passwords, or social security numbers, and you should NEVER respond to any e­mail requesting such information. If you receive such an e­mail that looks like it is from Us, DO NOT RESPOND to the e­mail and DO NOT click on any links and/or open any attachments in the e­mail, and notify Little Otter, Inc. support at help@littleotterhealth.com

Users are responsible for taking reasonable precautions to protect their User ID, password, and other User Account information from disclosure to third parties, and Users are not permitted to circumvent the use of required encryption technologies. Users should immediately notify Us at help@littleotterhealth.com if they know of or suspect any unauthorized use or disclosure of User ID, password, and/or other User Account information, or any other security concern.

User Rights

Users have certain rights relating to their Personal Data, subject to local data protection laws. These rights may include:

  • to access Personal Data held by Us;

  • to erase/delete Personal Data, to the extent permitted by applicable data protection laws;

  • to receive communications related to the processing of Personal Data that are concise, transparent, intelligible and easily accessible;

  • to restrict the processing of Personal Data to the extent permitted by law (while we verify or investigate User concerns with this information, for example);

  • to object to the further processing of Personal Data, including the right to object to marketing;

  • to request that Personal Data be transferred to a third party, if possible;

  • to receive User Personal Data in a structured, commonly used and machine-readable format;

  • to lodge a complaint with a supervisory authority;

  • to rectify inaccurate Personal Data and, taking into account the purpose of processing the Personal Data, ensure it is complete;

  • to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects ("Automated Decision-Making"); and

Where the processing of Personal Data by Little Otter, Inc. is based on consent, Users have the right to withdraw that consent without detriment at any time or to exercise any of the rights listed above by emailing Little Otter, Inc at privacy@littleotterhealth.com.  

How can Users update, correct, or delete Personal Data?

Users can change their e­mail address and other contact information by contacting Us at help@littleotterhealth.com. Users may make changes or corrections to other information, by contacting Us at privacy@littleotterhealth.com. Please note that in order to comply with certain requests to limit use of Personal Data, We may need to terminate User’s account and User’s ability to access and use the Services, and User agrees that We will not be liable to User for such termination or for any refunds of prepaid fees paid by the User. User can deactivate User’s account by contacting us at privacy@littleotterhealth.com.

Can User “OPT­OUT” of receiving communications from Us?

We pledge not to market third party services to your without your consent. The only emails We send to you without your consent are those regarding User accounts or the Services. You can choose to filter these e­mails using your e­mail client settings, but We do not provide an option for you to opt out of these e­mails.

Information submission by minors (Parents/ Guardians)

If Your child is under the age of 13, you must give parental consent prior to allowing your child to use the App. The App does NOT allow children or any User to make their information publicly available. Parents/legal guardians have the right to review or ask us to delete their child’s Personal Data, as well as to refuse to permit Us to further collect or use Your child’s Personal Data. To do any of these, please contact us at privacy@littleotterhealth.com with User’s request.

California Residents

California residents may request and obtain from Us, once a year, free of charge, a list of third parties, if any, to which We disclose their Personal Data for direct marketing purposes during the preceding calendar year and the categories of Personal Data shared with those third parties. If User is a California resident and wishes to obtain that information, please submit a request by sending Us an email at privacy@littleotterhealth.com. with “California Privacy Rights” in the subject line.

Contact Us

Users may contact Us with any questions about this Privacy Policy by email at 

privacy@littleotterhealth.com

 or 660 4th St, 168, San Francisco, CA, 94107. Please note that email communications are not always secure; so please do not include sensitive information in your emails to Us.