Privacy Policy for the Envoy App.

Hi, we’re CHESS Health, the company that makes and supports the Envoy App. In this Privacy Policy, the company will be referred to as “CHESS”.

At CHESS, we don’t sell or give the Envoy App to individuals directly; you’re getting the Envoy App through a provider or other type of organization that has a contract with us for our eIntervention or eRecovery solution. Throughout the rest of this document, this other organization who is enabling your use of the Envoy App will be referred to as the “Provider”.

Please read this Privacy Policy closely and, if you have any more questions after reading this, please contact us at CHESS (privacy@chess.health) or discuss with your Provider.

This Privacy Policy will describe the following:

The data about you that will be stored by CHESS
Who has access to this dat
Who else might get access to the data
Optional notifications outside of the App
Where your data is stored
How we protect and secure your data
How long data is stored
What to do if you want your identifiable data erased or deleted
Our policy regarding children
Your consent
How you can contact us

Very important… If you use the Envoy App, then we assume you’re giving us consent to store your data, to give access to this data to your Provider, and you consent to everything in the Privacy Policy. You will also have to accept our End User License Agreement (EULA) before you can start using the App. We will update the Privacy Policy from time to time; you can always read it on our website or from within the App (under Settings).

The data about you that will be captured and stored by CHESS

In the course of creating or getting an account, your use of the Envoy App, and the Provider’s use of the eIntervention or eRecovery solutions, personally identifiable information (“PII”) about you will be captured and stored by CHESS.

The PII that may be stored through your interactions with the Envoy App and through the use of eIntervention and eRecovery by your Provider includes, without limitation, your name, alias name, email address, physical address, IP address, gender, date of birth, telephone numbers, payer type, payer name, member ID, current situation, any referrals entered for you and the reasons for this referral.

The Envoy App may also collect certain information automatically, including, without limitation, the type of mobile device you use, your mobile devices unique device ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browsers you use, and information about the way you use the App (“Automatically Collected Information”).

Who has access to this data

Your Provider has access to all of the PII.

CHESS, which operates and supports the eRecovery solution for the Provider, has access to all the PII and the Automatically Collected Information.

Who else might get access to the data

CHESS may disclose your data to other organizations when (1) required to by law, such as to comply with a subpoena, or similar legal process; or (2) when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

Optional notifications outside of the App

The Envoy App has an optional capability to push notifications to the home screen of your mobile device when a new message is sent to you within the App. This feature is optional. To be enabled, you must first allow notifications from Envoy on your mobile device. At any time, notifications can be turned off through the settings within the Envoy App and/or through the settings on your mobile device.

If enabled, a push notification is a message that pops up on a mobile device and can be sent at any time, even when you are not using the app. Please be aware that these notifications will indicate that they are from the Envoy App and may be seen by others who have access to your phone.

Where your data is stored

CHESS stores your data on secure Amazon Web Services (“AWS”) servers. You can learn more about AWS and how it helps us protect your information here:

https://aws.amazon.com/compliance/hipaa-compliance/

How we protect and secure your data

We are committed to safeguarding the confidentiality of your data. We provide physical, electronic, and procedural safeguards to protect information we process and maintain. For example, we limit access to this information to authorized employees and contractors who need to know that information in order to operate, develop or improve the Envoy App. In addition, CHESS employs a variety of technical safeguards to protect the confidentiality, integrity, and availability of your data including encryption of the data in transit and at rest and other industry best practices. Please be aware that, although we strive to provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches.

How long data is stored

Your data will be stored by CHESS as long as your Provider remains a customer of CHESS.

What to do if you want your identifiable data erased or deleted

If you have stopped using the Envoy App, have deleted the app from all mobile devices, and want to be sure your identifiable data is cleared from all databases, you can reach out to your Provider to get your identifiable data erased or deleted from the CHESS servers.

Our policy regarding children

The Envoy App is not for patients under the age of thirteen. If a parent or guardian becomes aware that his or her child has entered their own personal data into the Envoy App or somehow been given an account by a Provider, please contact us at support@chess.health.

Your consent

As stated earlier, your use of the Envoy App is an acknowledgement that you understand and consent to this Privacy Policy. CHESS may modify this Privacy Policy at any time effective upon its posting. Your continued use of the Envoy App constitutes your acceptance of this Privacy Policy and any updates.

You will also have to accept our End User License Agreement (EULA) before you can create an account and start using the App. Read it carefully too.

How you can contact us

If you have any questions regarding the Privacy Policy, please contact us at privacy@chess.health.

Cookie	Duration	Description
__cfruid	session	This cookie is set by the provider Cloudflare. This cookie is used for load balancing and for identifying trusted web traffic.
__hssrc	session	This cookie is set by Hubspot. According to their documentation, whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__hssc	30 minutes	This cookie is set by HubSpot. The purpose of the cookie is to keep track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.
bcookie	2 years	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	This cookie is set by LinkedIn and used for routing.
optimizelyEndUserId	1 year	set by the Optimizely website optimization platform. This cookie is used to store a unique identifier which is a combination of an identifier and a random number. The purpose of the cookie is to track information on a per user basis. This is to allow the user to be properly identified and prevent duplicated data.

Cookie	Duration	Description
__hstc	1 year 24 days	This cookie is set by Hubspot and is used for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_gtag_UA_92639085_1	1 minute	This cookie is set by Google and is used to distinguish users.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
CONSENT	16 years 5 months	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
hubspotutk	1 year 24 days	This cookie is used by HubSpot to keep track of the visitors to the website. This cookie is passed to Hubspot on form submission and used when deduplicating contacts.
pardot	past	The cookie is set when the visitor is logged in as a Pardot user.

Cookie	Duration	Description
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
uid	1 year	This cookie is used to measure the number and behavior of the visitors to the website anonymously. The data includes the number of visits, average duration of the visit on the website, pages visited, etc. for the purpose of better understanding user preferences for targeted advertisments.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.
yt-remote-connected-devices	never	These cookies are set via embedded youtube-videos.
yt-remote-device-id	never	These cookies are set via embedded youtube-videos.
yt.innertube::nextId	never	These cookies are set via embedded youtube-videos.
yt.innertube::requests	never	These cookies are set via embedded youtube-videos.

Cookie	Duration	Description
AnalyticsSyncHistory	1 month	No description
ANV_MCP_TKX_SID	1 hour	No description
li_gc	2 years	No description
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.