CARE Privacy Policy

Effective Date: 9/20/2017

This Privacy Policy describes the type of information that Resources Online, L.L.C. (“Resources Online” or “we”) collects through each individual user’s use of our website and CARE platform (collectively, the “Services”) and health information collected from your healthcare providers. This Privacy Policy does not apply to information collected about you through any other means.

This Privacy Policy covers:

  • What personal information is collected by Resources Online through our Services.
  • How Resources Online uses this information.
  • With whom Resources Online may share personal information.
  • What choices are available to you with respect to collection, use and sharing of this information.
  • What types of security procedures are in place to protect the loss or misuse of this information under our control.

By accessing or using the Services, or by clicking the “accept” button when you register to use a Service, you consent to our use of your personal information as described in this Privacy Policy. This Privacy Policy may change from time to time. If we make any material changes to this Privacy Policy, we’ll notify you of those changes by posting them on the Services or by sending you an email or other notification, and we’ll update the “Last Updated Date” above to indicate when those changes become effective.

This Privacy Policy is part of, and is governed by, the Resources Online Terms of Service.

A. Information We Collect

We collect information from and about you in three ways. First, you provide us with certain information when you register for and use our Services. Second, your healthcare providers may upload health information such as test results and other data into your account. Finally, we collect certain information automatically as you interact with our Services.

1. Information You Provide to Us

We collect this information when you register for an account and use the Services. This type of data includes:

  • Account information. We may collect personally identifying information, including your name, telephone number, mailing address, birth date (day and month only) and email address.
  • Information submitted through the Services. You may submit information such as goals, responses to questions, and behavior summaries through the Services (“User Feedback”). This information may include sensitive healthcare and diagnostic information, including PHI as that term is defined below.

We do not operate an ecommerce website and therefore do not collect any financial information from you.

2. Information Submitted by Your Healthcare Provider

Your healthcare provider will have access to your healthcare data via the Services. Additionally, your healthcare providers may upload data (such as test results) into your account. Some of this information and data constitutes “Protected Health Data” or “PHI” as that term is used in the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). By registering for the Services, you hereby grant Resources Online permission to collect and store PHI received from you or your healthcare provider and maintain PHI on your behalf and on behalf of your healthcare providers.

3. Information We Automatically Collect from You When You Use the Services

Information collected through our cookies and beacons. We (or service providers on our behalf) may use technologies, including “cookies” and “web beacons,” to automatically collect information from you when you use the Services. Cookies are small amounts of data that are stored within your Internet browser that saves and recognizes your earlier activities. Resources Online uses both session cookies, which track a user’s progression during a single visit, and persistent cookies, which track a user over time. Beacons are web page elements that can recognize certain types of information on your computer or mobile device, such as cookies and when a page or email was viewed.

Information that may be collected by cookies and web beacons when you use the Services may include, without limitation:

  • Date and time of your visit to or use of the Services;
  • Amount of time you spend using the Services; and
  • Your computer or mobile device and connection information such as your browser type and version, operating system and platform.

You can delete cookie files from your hard drive, or avoid them altogether, by configuring your browser to reject them or to notify you when a cookie is being placed on your hard drive. Not all features of the Services will function as intended if you reject cookies.

The information we collect automatically is statistical information and may include personal information. We may combine it with personal information we collect in other ways or receive from

third parties. If you do not want us to collect this information, do not download the app or use the Services, and delete the app from your device.

B. Do Not Track Requests

Your Internet browser and mobile device may allow you to adjust your browser settings so that “do not track” requests are sent to the websites you visit.

C. How We Use the Information We Collect

We may use information collected from or about you for any of the following purposes:

  • for clinical purposes covered by your agreement with your health care provider.
  • to develop, provide and improve the Resources Online products and services;
  • to manage and verify your account and the identity of users of the Services;
  • to contact you when necessary about your account or your use of the Services;
  • to comply with regulatory requirements for the maintenance of records;
  • to conduct internal reviews of our Services and to help us better understand how you use our Services;
  • to protect the security and integrity of our Services;
  • to comply with court orders and legal process, and to enforce our Terms of Service and this Privacy Policy; and
  • for any other business purpose that is not inconsistent with the terms of this Privacy Policy.

We may use your User Feedback and PHI to create de-identified or aggregated data that does not identify you, in accordance with 45 CFR 164.514 (“De-Identified Data”). For example, we may aggregate the number of users who follow a similar treatment plan to better understand how that treatment plan is working.

We may also combine information we collect about you through the Services with other information about you that we receive from third-party sources. By way of example and not limitation, we may combine test results or other medical information from another provider with your records.

D. How We Share Your Information with Third Parties.

We may share the information we collect in connection with the Services with the following third parties:

1. De-Identified Data

We may share or sell De-Identified Data (such as anonymized responses to evaluative questions) to third parties. Because this De-Identified Data cannot be linked to you personally, this Privacy Policy does not restrict our use or disclosure of De-Identified Data.

2. Healthcare Providers

We share all data, including PHI, User Feedback, and other personal information, with your healthcare provider at your sponsoring clinic. You are responsible for reading and understanding any terms and conditions and privacy policy that apply to your interaction with your healthcare provider. You acknowledge sole responsibility for and assume all risk arising from your interactions with your healthcare provider.

3. Service Providers

We may share your personal information with our third-party service providers who provide services to us or on our behalf, such as operating and supporting the Services. These third-party service providers are restricted from using your personal information for their own purposes.

4. Our Affiliates

We may share some or all of your information with our subsidiaries and corporate affiliates, joint venturers, or other companies that are or may become under common control with us. We will require these entities to comply with the terms of this Privacy Policy with regard to their use of your information.

5. Transfer or Assignment in Connection with Business Transfers or Bankruptcy

In the event of a merger, acquisition, reorganization, bankruptcy or other sale of all or a portion of our assets, any user information owned or controlled by us may be one of the assets transferred to third parties. We reserve the right, as part of this type of transaction, to transfer or assign your personal information and other information we have collected from users of the Services to third parties. Other than to the extent ordered by a bankruptcy or other court, or as otherwise agreed to by you, the use and disclosure of all transferred user information will be subject to this Privacy Policy. However, any information you submit or that is collected after this type of transfer may be subject to a new privacy policy adopted by the successor entity.

6. Response to Subpoenas or Court Orders or to Protect Our Rights

We may disclose your information to government authorities or third parties if:

  • you have given us permission to share your information;
  • we are required to do so by law, or in response to a subpoena or court order;
  • we believe in our sole discretion that disclosure is reasonably necessary to protect against fraud, or to protect our property or other rights or those of other users of the Services, third parties or the public at large; or
  • we believe that you have abused a Service by using it to attack or gain unauthorized access to a system or to engage in spamming or other conduct that violates applicable laws or the Resources Online Terms of Service.

E. Your Choices

Using the Services is optional. At any time, you may stop providing User Feedback or other data. In addition, you may cancel your account at any time. If your healthcare provider set up your account, contact your healthcare provider to cancel the account. Otherwise, contact Resources Online at to cancel your account. Upon termination, we have no obligation to maintain, store or transfer any data that you have on the Services. However, we may retain User Feedback as permitted or required by any state or federal law or at the request of your healthcare providers.

If you terminate your Account, you acknowledge that BehaviorSpace may continue to retain your Health Information as required by any state or federal law regarding retention of medical records or at the request of your Healthcare Providers, in connection with the services BehaviorSpace provides such Healthcare Providers. You further acknowledge and agree that BehaviorSpace may retain your Health Information on your behalf even if a particular Healthcare Provider’s relationship with BehaviorSpace ends, as agreed to pursuant to a separate access request that complies with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).

F. Do-Not-Track Signals

Resources Online does not track its users over time and across third-party websites to provide targeted advertising and therefore does not respond to Do Not Track signals.

G. California Privacy Rights

Under California Civil Code sections 1798.83-1798.84, California residents are entitled to ask us for a notice that identifies the categories of personal information we share with affiliates or third parties for their marketing purposes. However, Resources Online does not share personal information with third parties for marketing purposes, so this California statute does not apply.

H. How We Protect Your Information

We have implemented commercially reasonable measures designed to secure your personal information from unauthorized access, use, alteration and disclosure. Personal information, including User Feedback and PHI, is stored in a HIPAA-compliant, cloud-based data store. Only authorized, trained personnel have access to this data. We do not store names, addresses, phone numbers, or financial data. However, the transmission of information via the Internet is not completely secure. You

acknowledge that: (a) the limitations of the Internet are beyond our control; (b) the security, integrity and privacy of information and data exchanged between you and us cannot be guaranteed; and (c) any such information and data may be viewed or tampered with in transit by a third party. Resources Online has no responsibility or liability for the security of information transmitted via the Internet.

I. No Use by Children

The Services are not intended for users younger than 13. We do not knowingly collect contact information from children under the age of 13 without verifiable parental consent. If we become aware that a visitor under the age of 13 has submitted personal information without verifiable parental consent, we will remove his or her information from our files.

J. Use of Information Outside Your Country of Residence

The Services are directed to users located in the United States. If you are located outside of the United States and choose to use the Services or provide your information to us, you should be aware that we may transfer your information to the United States and process it there. The privacy laws in the United States may not be as protective as those in your jurisdiction. Your consent to this Privacy Policy followed by your submission of information to us through or in connection with the Services represents your agreement to the transfer of your information to the United States.

K. Contact Us

If you have any questions about this Privacy Policy or our use of the information we collect from you in connection with the Services, email us at