Our ApproachAbout UsBlog
Learn more

Koa Foundations App Privacy Policy (HIPAA applicable)

Effective Date: March 2022

Koa Health B.V., a company registered in the Netherlands (registered number 78707838) with a registered address at Basisweg 10, 1043 AP, Amsterdam, The Netherlands, (“Koa”, “we”, “our” or “us”) provides the Foundations mobile application (the “App” or “Foundations”) in the United States.  This Privacy Policy applies to our handling of personal information collected from or about users of the App (“you”, “your”, or “user(s)”).

Summary of Privacy Policy - Reading time 1 min

This summary helps you to quickly understand the main points of the Privacy Policy. It is provided for convenience only.  Because it does not replace our full Privacy Policy, please read the full Privacy Policy to understand the complete picture of how we handle personal information.

We’re Koa Health.

Your insurer has given us permission to use information about you and your health so that you can use Foundations.

We only collect the information we need to run and improve Foundations.

We collect your information to help you support and maintain your health and wellness. We may collect additional information with your permission or to comply with the law.

We share information about you with third-party service providers.

This helps us provide some parts of the service (such as notifications). We ask our service providers to keep your information safe.

You need to be 18 or over to use Foundations.

By using Foundations you are telling us that you are at least 18 years old.

We work hard to keep your information safe.

We work to protect your information from being lost, stolen or misused. Because no system is perfect, you can help by keeping your password and account details safe.

We use your information to contact you.

This helps us communicate with you and respond to your questions.

Full Privacy Policy - Reading time 7 mins

This Privacy Policy applies to the collection and processing of personal information connected to your use of the App.

1. Personal Information We Collect

We receive information from your health care insurance carrier to verify your eligibility to access and use the App. We also collect information about you, directly or indirectly, when you use our App. Below is a summary of the information we collect.

- Profile information: We collect your (a) name, (b) email address, (c) date of birth, and (d) member ID number.

- Program and activity information: The App offers an interactive program designed to support and maintain your general health and wellbeing.  You may participate in activities, quizzes or exercises and provide information using the App.  Information we collect for the App may include:
Your goals for using the app, such as feeling overwhelmed, trouble sleeping, etc

  • Information related to how you perceive your stress, such as a Perceived Stress Scale assessment with questions around how stressed or overwhelmed you have felt over the past week. We collect this information so that you can better understand your perceived stress and see how it might change over time. This information is used to determine the evolution of your perceived stress.
  • Information related to the activities provided within the App, such as text you insert into the App within the journaling activities.
  • Your opinion on the App and its functionality, if you choose to provide us feedback.
  • Periodic information about how you feel and your mood e.g. stressed, happy.

Dates and times at which exercises or quizzes were performed.

- Device data: Our App will register information about the device you use to access the App.  This includes fields such as device type, operating system and version, and IP address.

- App activity data: We collect data about how you interact with the App.  This includes data about the length of your sessions in the App, how long you view specific screens, what App features you may click on or use, and what you search for in the App.

- Error and troubleshooting data: We collect data about problems users encounter while using the app, and suspicious uses of the App.  This data includes suspicious activity alerts, crash reports, error reports, or similar reports.

- Additional information you choose to provide. Our App may collect additional personal information if you choose to provide it to us. Such information is not shared with your healthcare insurance carrier.  We have access to your information, but we use your information only as described in this Privacy Policy.

A Note about Protected Health Information and HIPAA.

If you are receiving Foundations from your US health insurer, some of the information we collect about you is “Protected Health Information” (“PHI”) under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).  Generally speaking, the following information will be PHI: (a) the information we receive from your healthcare insurance carrier and (b) information you provide in the App that relates to your past, present, or future physical or mental health or condition; the provision of health care to you; or the past, present or future payment for the provision of health care to you.

We want to make sure you know that, notwithstanding anything else in this Privacy Policy, we only use and share PHI as permitted by HIPAA and our business associate agreement with your healthcare insurance carrier. This means we only use and share your PHI with your healthcare insurance carrier to support your treatment or upon your direction or consent. Your healthcare insurance carrier will provide you with a “Notice of Privacy Practices” that explains how they use your PHI in compliance with HIPAA.

Note that PHI can be deidentified in which case it is no longer considered PHI.  This can be done by removing 18 specific types of identifier from the information pursuant to HIPAA regulations. We may de-identify PHI, in accordance with HIPAA, and use it as non-PHI for the purposes listed in Section 2.

2. How We Use Personal Information

We use personal information for the following purposes:

- Providing our App to you: We use personal information to authenticate you as the authorized user of our App and to provide the App and its features to you.  We may also use personal information to provide you with notices about your account or changes to our terms or this Privacy Policy.

- Support service and communications: We use personal information to process any requests or inquiries from you or to otherwise communicate with you, including sending you email and/or notifications.

- Analytics and service improvement: We analyze how people use our App .  We evaluate and improve our App, and develop new features or services.

- Personalization: We may use personal information to personalize your experience in the App, or to optimize notifications to you.

- Research: We may use personal information to conduct internal and scientific research.  If our research results in a published study, it will contain only aggregated data that cannot be traced back to any specific individual.

- Maintaining integrity of the App and our systems: Personal information may be used to prevent fraudulent or suspicious activity, or otherwise protect the App, users, or our IT systems.

- Compliance and legal claims: We use personal information in connection with complying with applicable laws, regulations, policies, legal process, and agency requests.  We also use personal information to carry out our obligations and enforce our rights arising from any contracts entered into between you and us.  We may also use personal information in connection with establishing, exercising, or defending legal claims.

- Protection of rights and health: Personal information may be used to protect the health, safety, welfare, rights, or interests of you, us, any third party, or the general public.

- Other purposes: We may use personal information for other purposes but only with your direction or consent.

3. How We Share Personal Information

We will not disclose your personal information to third parties for monetization. We only share personal information as described in this Privacy Policy. We may share personal information with third parties for any of the purposes listed above, to the extent we are allowed by law to do so.  The categories of parties that may receive personal information from us are as follows:

- Koa Health affiliates: We may share personal information with other companies in the Koa Health group.

- Our service providers and business partners: We may share personal information with companies that provide services to us, or otherwise help us operate our business or the App.

- Government authorities and law enforcements: We may share information with government authorities, law enforcements or other third parties in connection with: (a) compliance with applicable laws, regulations, policies, legal process, and agency requests; (b) establishing, exercising, or defending legal claims; or (c) protecting the health, safety, welfare, rights, or interests of you, us, any third party, or the general public.

- Third parties in connection with a sale of business: We may share or transfer information with another business in connection with a merger or sale of our business or assets to that business.

- Other third parties: We may share information for other purposes but only with your consent.

4. Security

We maintain safeguards designed to protect personal information collected through our App and require our service providers to implement reasonable security measures to protect personal information. However, no security system is impenetrable, nor can we guarantee the security of the information you transmit to us over the Internet, including your use of e-mail.  We ask you to take responsibility to safeguard your access credentials and the devices you use to access our App (such as laptops, tablets and mobile devices) and to use appropriate security settings on those devices.

5. Retention

We retain information we collect in connection with our App for the period of time necessary for us to perform the purposes listed in this Privacy Policy, and for any further periods permitted or required by law. This may involve us retaining your information after you have stopped using our App.

6. Minors

Our App is not designed for or intended to be used by persons under the age of 18. In particular, if you think that we have collected personal information from a child under the age of 13 through our App, please contact us immediately at privacy@koahealth.com.

7. Do Not Track

As there is currently no generally-recognized Do Not Track signal, our App is not designed to respond to Do Not Track signals or requests.

8. Changes to this Privacy Policy

We may modify this Privacy Policy from time to time, and will post any revisions on our App.  We will indicate at the top of the Privacy Policy the Effective Date of the most recent update.  If we believe an update requires additional notice to you or your consent, we will contact you to provide that notice or seek that consent.

9. Contact Us

If you have any questions about this Privacy Policy or our App, contact us at any time at privacy@koahealth.com.