Privacy Policy

Last updated June 18, 2025

This Privacy Policy (the “Privacy Policy” or “Policy”) describes the types of information Certainly Health and its affiliates (“Certainly,” “we,” “our,” or “us”) collect and process from and about you.

Except as described in this Privacy Policy, the Policy applies to any and all websites, mobile applications, and any other electronic and/or digital products and/or other services that are made available by Certainly and that link to this Policy, and our offline services (collectively, the “Services”).

By using the Services, you are agreeing to the practices described in this Policy. If you do not agree to the practices described in this Policy, please do not access or use the Services.

Any use of the Services is subject to the Agreement (as the term “Agreement” is defined in our Terms of Use, which incorporates this Privacy Policy).

1. HIPAA and PHI
Certain demographic, health and/or health-related information that Certainly collects about Users on behalf of our Healthcare Providers as part of providing the Services may be “protected health information” (“PHI”) governed by the Health Insurance Portability and Accountability Act (“HIPAA”). Specifically, when (i) Certainly is providing administrative, operational, or other services to a Healthcare Provider that is a “Covered Entity” (as defined by HIPAA); and (ii) in order to provide those services, Certainly receives identifiable information about a User on behalf of the Healthcare Provider, where Certainly is acting as a “Business Associate” (as defined by HIPAA); and (iii) this identifiable information is regulated as PHI.

This Privacy Policy does not apply to PHI, which is instead regulated by HIPAA. HIPAA provides specific protections for the privacy and security of PHI and restricts how PHI is used and disclosed. Please read the Notice of Privacy Practices of your Health Provider to understand how your PHI can be used and disclosed.

Personal data that a User provides to Certainly when Certainly is not acting as a Business Associate is not PHI and is therefore covered by this Privacy Policy. To provide just a few examples, we are collecting personally identifiable information (“PII”) when you (i) create an account, (ii) search for Healthcare Providers or available appointments with Healthcare Providers; (iii) post reviews; (iv) provide device/IP Information or Web Analytics information by browsing our websites (see below); or (v) authorize your Covered Entity health provider to disclose PHI to Certainly pursuant to a HIPAA Authorization form you have completed.

2. Information We Collect
When you access or otherwise use our Services, we may collect information from you. The types of information we collect depend on how you use our Services. Please note that we need certain types of information to provide the Services to you. If you do not provide us with such information, or if you ask us to delete that information, you may no longer be able to access or use certain Services. The information we collect may include data you directly provide to us, data we obtain automatically from your interactions with our Services, and data we obtain from other sources.

Information you provide directly to us. We may collect information directly from you. For example, you may provide us with information when you use the Services, communicate with us, create an account, subscribe to newsletters, or participate in a promotion. Information you provide directly to us may concern you and others and may include, but is not limited to:
You are not required to provide us with such information, but certain features of the Services may not be accessible or available absent the provision of the requested information.

Information we collect automatically. We and our third-party vendors, which include ad networks and analytics companies such as Google Analytics, may use cookies and other tracking technologies to collect information about the computers or devices (including mobile devices) you use to access the Services. As described further below, we may collect and analyze information including but not limited to (a) browser type; (b) ISP or operating system; (c) domain name; (d) access time; (e) referring or exit pages; (f) page views; (g) IP address; (h) unique device identifiers; (i) version of our Services you’re using; and (j) the type of device that you use. We may also track when and how frequently you access or use the Services, including how you engage with or navigate our site or mobile application. We may use this information (including the information collected by our third-party vendors) for analytics (including to determine which portions of the Services are used most frequently and what our users like/do not like), to evaluate the success of any advertising campaigns, and as otherwise described in this Policy.

We and our third-party vendors may use cookies and other technologies that help us better understand user behavior, personalize preferences, perform research and analytics, and improve the Services. These technologies, for example, may allow us to tailor the Services to your needs, save your password in password-protected areas, track the pages you visit, help us manage content, make recommendations for cosmetic care, and compile statistics about usage of our Services. We or our third-party vendors also may use certain of these technologies in emails to our customers to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.

When you use the Services, we may collect general location information (such as general location inferred from an IP address).

Information we collect from other sources. We may also collect information about you from other parties, such as when you are referred to us by another user.
3. How We Use the Information We Collect
We may use your information for any of the following purposes:
We may combine information that we collect from you through the Services with information that we obtain from other sources. We may also aggregate and/or de-identify information collected through the Services. We may use and disclose de-identified or aggregated data for any purpose, including without limitation for research and marketing purposes.
4. When We Disclose the Information We Collect
We may disclose your information in any of the following circumstances:

5. Online Analytics
Analytics. We may use third-party web analytics services on the Services, such as those of Google Analytics. These vendors use the sort of technology described in the “Information We Collect Automatically” section above to help us analyze how users use the Services, including by noting the third-party website from which you arrive. The information collected by such technology will be disclosed to or collected directly by these vendors, who use the information to evaluate your use of the Services. To prevent Google Analytics from using your information for web analytics, you may install the Google Analytics Opt-Out Browser Add-on.

6. Your Choices
We offer you certain choices regarding the collection, use, and disclosure of information about you.

Profile information. You may deactivate your account by emailing support@certainlyhealth.com. You may also verify, correct, update, or delete certain of your information through your account profile page.

Marketing communications. You can unsubscribe from marketing emails by following the directions in those emails. Please note that if you unsubscribe from marketing emails, we may still send you administrative emails regarding the Services, including, for example, notices of updates to our Terms of Service or this Policy.

Exercising Your Rights. You can exercise privacy rights described in this section by submitting a request by emailing support@certainlyhealth.com

Please note that certain information may be exempt from such requests under applicable law. For example, we may retain certain information for legal compliance and to secure our Services. We may need certain information in order to provide the Services to you; if you ask us to delete it, you may no longer be able to use the Services.

You also have the right to not be discriminated against (as provided for in applicable law) for exercising your rights.

Depending on applicable law, you may have the right to appeal our decision to deny your request, if applicable. We will provide information about how to exercise that right in our response denying the request. Certainly may update these Rules at any time. If Certainly makes an update, Certainly will post the update on the certainlyhealth.com website and applications. Continued use of the Services after any update will mean that you have agreed to the update.

7. Children's Privacy
While you can technically use Certainly if you are under 18, you must have a parent or guardian create and manage your account as you cannot book appointments on Certainly without adult supervision due to legal requirements regarding healthcare for minors; essentially, a parent or guardian needs to be involved in scheduling appointments for anyone under 18

8. Security
Certainly implements technical, administrative, and physical safeguards to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or email transmission is ever fully secure or error free. Therefore, we do not promise and cannot guarantee the security of your information or communications.

9. Data Retention
We keep your information for the time necessary for the purposes for which it is processed. The length of time for which we retain information depends on the purposes for which we collected and use it and your choices, after which time we may delete and/or aggregate it. We may also retain and use this information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

10. Consent to Transfer
You understand and agree that if you are using any Certainly Service from a country outside the United States and provide Personal Information to the Certainly Service, you will be authorizing and consenting to the transfer of Personal Information about yourself to the United States. You understand that the privacy laws of the United States may be different from and not as comprehensive or protective as those in your country, and you agree that the transfer of your Personal Information to the United States occurs with your consent. Personal Information collected on the Certainly Service may be stored and processed in the United States or abroad.

11. Links to Third Party Websites
The Services may contain links to third-party websites or services. We are not responsible for the content or practices of those websites or services. The collection, use, and disclosure of your information by third parties will be subject to the privacy policies of the third-party websites or services, and not this Policy. We urge you to read the privacy and security policies of these third parties before providing information to them.

12. Mobile Messaging and Data Sharing
No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties. We may change this Policy to reflect changes in the law, our information practices or the features of the Services. We will indicate the date of the most recent update in this Policy. By continuing to use the Services, you are confirming that you have read and understood the latest version of this Policy.

13. Changes to this Policy
We may change this Policy to reflect changes in the law, our information practices or the features of the Services. We will indicate the date of the most recent update in this Policy. By continuing to use the Services, you are confirming that you have read and understood the latest version of this Policy.

14. Contact Us
If you have any questions about our Privacy Policy or information practices, please email us at support@certainlyhealth.com