Privacy Policy

star1
star2
star3

Last Updated: May 25, 2018

This privacy policy (“Policy”) describes how Lyra Health, Inc. (“Company”) collects, uses, and shares personal information of consumer users of this website, https://www.lyrahealth.com, and any affiliated “micro-sites” set up for our customers (together, the “Site”), as well as associated products and services, including, without limitation, mobile applications and the provider portal at https://provider.lyrahealth.com/ developed by the Company (together, the “Services”), and applies to customer information that we collect through our Site and Services as well as information you provide to us directly. This Policy also applies to any of our other websites that post this Policy. This Policy does not apply to websites that post different statements, such as third party websites that may be accessible through hyperlinks on this Site. Please see Lyra Clinical Associate P.C.’s HIPAA Notice of Privacy Practices for how our contracted partners specifically use and disclose protected health information and the policies specific to Company’s provider portal at https://provider-support.lyrahealth.com/ for how information on health care providers is specifically collected, used and shared. Please note that by using the Site or the Services, you accept the practices described in this Policy. If you do not agree to this Policy, please do not use the Site or Services. IF YOU ARE UNDER 13 YEARS OF AGE OR RESIDE OUTSIDE OF THE UNITED STATES, PLEASE DO NOT USE OR ACCESS OUR SITE.

 

WHO WE ARE

We are Lyra Health, Inc., a company focused on helping people feel emotionally healthy at work and at home. As an employer-sponsored benefit that connects employees and their dependents with effective and convenient care for their mental and emotional well-being, we combine technology, research-backed therapeutic methods, and top providers to offer personalized care.

We are a Delaware corporation, headquartered in California in the United States, and operate according to USA laws. We work closely with a number of affiliated medical groups to deliver clinical services, including Lyra Clinical Associates P.C., a California professional corporation. You may see us use “Lyra” to refer to the consolidated group of affiliated entities, and sometimes we receive information from and share information among the Lyra entities. We have included specific explanations and examples in this Privacy Policy to help you better understand when we do that and your choices regarding that sharing.

 

WHAT WE COLLECT

We get information about you in a range of ways.

Information You Give to Us or Lyra affiliated entities. We may collect your‎ name, postal address, email address, phone number, username, password, demographic information (such as your gender and birth date) as well as other information you directly give us on our Site and/or through our Services. By providing us with an email address, you consent to receiving information from us by email to that address, including protected health information which is private to you and protected by HIPAA.

Information We Get From Your Lyra Benefit Sponsor. We may receive information from your Lyra benefit sponsor (typically your employer) to enable us to confirm you or your household member(s)’ eligibility for Lyra benefits, to contact you in order to inform you of the availability of the Lyra benefit, and to help us measure the effectiveness of the Lyra benefit.

Information We Get From Others. We may get information about you from other sources. We may add this to information we get from this Site and/or through our Services. For example, you may also be able to access your Lyra account by signing on through various sites such as Google. Your participation with the services provided on these platforms is voluntary. If you choose to sign on using this service, Lyra will collect certain information from your account including your public profile, user name, email address, birthday, stated location city, contact lists, and other interactions on that platform (such as interests and likes). The information we may have access to will vary by platform and is controlled by privacy settings on that platform and your choices on that platform. Your use of services on third party platforms are governed by the privacy statement and other terms of use for that third party platform, until such information is shared with us, and then such information is also subject to this Policy.

Information Automatically Collected. We automatically log information about you and your computer, phone, tablet, or other devices you use to access the Site and/or Services. For example, when visiting our Site or when using the Company’s mobile applications, we log your computer or device identification, operating system type, browser type, browser language, the website you visited before browsing to our Site, pages you viewed, how long you spent on a page, access times and information about your use of and actions on our Site or in the Company’s mobile applications. How much of this information we collect depends on the type and settings of the device you use to access the Site and/or Services.

Cookies. We may log information using “cookies.” Cookies are small data files stored on your hard drive by a website. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Site. Other similar tools we may use to collect information by automated means include web server logs, web beacons and pixels. This type of information is collected to make the Site and/or Services more useful to you and to tailor the experience with us to meet your special interests and needs.

California Do Not Track Disclosure. We currently do not support the Do Not Track browser setting or respond to Do Not Track signals. Do Not Track (or DNT) is a preference you can set in your browser to let the websites you visit know that you do not want them collecting certain information about you. For more details about Do Not Track, including how to enable or disable this preference, visit https://termsfeed.com/do-not-track.

If you choose to interact on the Site and/or through the Services (such as by registering; using our Services; completing questionnaires, surveys, service contacts, or requests for information) the Company will collect the personal information that you provide. We may collect personal information about you that you provide through telephone, email or other communications. If you provide us with personal information regarding another individual, we will assume that you have that person’s consent to give us his or her personal information.

 

USE OF PERSONAL INFORMATION

How we use the information we collect depends in part on which Services you use, how you use them, and any preferences you have communicated to us. Below are the specific purposes for which we use the information we collect about you. We use your personal information as follows:

  • To provide the Services and personalize your experience: We use information about you to provide the Services to you, including to
    • help establish and verify the identity and eligibility of users;
    • provide search results and notifications that are most relevant for you;
    • open, maintain, administer, and manage Service users profiles and accounts;
    • provide, deliver, operate and maintain the Services and other products and services that you request, including those from our selected partners;
    • link or combine user information with other personal information, such as when you use Services offered by Lyra Clinical Associates P.C. or our other contracted providers of clinical services;
    • respond to comments and questions and provide customer service; and
    • send information including confirmations, notices, updates, security alerts, and support and administrative messages.
    • For example, we use the information you provide when you register (e.g., first name, last name, the micro-site you are using) to verify eligibility for our Services. When you share with Lyra your needs and preferences around clinical care, we may use algorithms and automated decision-making to identify and surface providers who may be a good fit for you based on the information you provide (although you always have the choice to consider more providers than what Lyra surface). When you seek clinical care through one of affiliated providers, we may combine information about you and your clinical activities to provide an integrated experience.
  • For research and development: We are always looking for ways to make our Services smarter, secure, integrated and useful to you. We use collective learnings about how people use our Services and feedback provided to us to troubleshoot and to identify trends, usage, activity patterns and areas for integration and improvement of the Services; to analyze and improve our Site and/or Services (including developing new products and services); improving safety; managing our communications; analyzing our products; performing market research; and performing data analytics. For example, we used information collected about how users engage with our micro-sites to design a better, more user-friendly user experience. In some cases, we may apply these learnings across all our Services to improve and develop similar features or to better integrate the Services you use. We also test and analyze certain new products, workflows, and user experiences with some users before rolling them out to all users.
  • To communicate with you about the Services: We use your contact information to send transactional communications via email and within the Services, including sending you reminders, responding to your comments, questions and requests, providing customer support, soliciting outcomes and feedback, and sending you technical notices, updates, security alerts, and administrative messages. Depending on your settings, we send you email notifications when you or others interact on the Services, for example, when you are sent a message from your Lyra provider through our Services. We also provide tailored communications based on your activity and interactions with us. For example, certain actions you take in the Services may automatically trigger a feature or third-party app suggestion within the Services that would support your care. We also send you communications as you onboard to a particular Service to help you in using that Service. These communications are part of the Services and in most cases you cannot opt out of them as they are an integral part of our Services. If an opt out is available, you will find that option within the communication itself or in your account settings.
  • To market, promote, and drive engagement with the Services: We use your contact information and information about how you use the Services to send promotional communications that may be of specific interest to you, including by email. These communications are aimed at driving engagement and maximizing what you get out of the Services, including information about new features, products and services offered by our selected partners, survey requests, and articles we think may be of interest to you. You can control whether you receive these communications within the communication itself or in your account settings.
  • For Customer support: We use your information to resolve technical issues you encounter, to respond to your requests for assistance, to analyze crash information, and to repair and improve the Services. Where you give us permission to do so, we share your information with a Lyra expert for the purpose of responding to support-related requests.
  • For safety and security: We use information about you and your Service use to verify accounts and activity, to monitor suspicious or fraudulent activity, identify violations of Service policies, authenticate, protect against, investigate, and deter fraudulent, unauthorized, or illegal activity.
  • To protect our legitimate business interests and legal rights: Where required by law or where we believe it is necessary to protect our legal rights, interests and the interests of others, we use information about you in connection with legal claims, compliance, accounting, regulatory, and audit functions, and disclosures in connection with the acquisition, merger or sale of a business.
  • With your consent: We use information about you where you have given us consent to do so for a specific purpose not listed above. For example, we may publish testimonials or featured client stories to promote the Services, with your permission. If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.

We may combine all of the information that we collect with data obtained from third parties or through our products and Services. We may also collect and store information locally on your device using mechanisms such as browser web storage (including HTML 5) and application data caches.

Lyra will take reasonable precautions to protect your information from loss, misuse or alteration. Please be aware, however, that any text, email or other transmission you send unencrypted through the Internet cannot be completely protected against unauthorized interception. In particular, we want to make you aware that personal email may be unsecure, and Lyra cannot be responsible for any unauthorized access to information when information is sent to your personal email. You are not required to authorize the use of email for this purpose, a decision not to consent or to opt out of receiving these emails will not restrict your ability to access care from your provider, and you can continue to receive other emails from Lyra, using our secure electronic communication system instead of your personal email. Our secure electronic communication system will require you to log into a separate portal to access the email that is being sent.

 

SHARING OF PERSONAL INFORMATION

Personally Identifiable Information: We will not rent or sell your personally identifiable information to others without your consent, although we may share it with partners for the purposes described above under “Use of Personal Information”, such as the provision and personalization of Services. For example, we may share your personal information with our contracted partners, such as Lyra Clinical Associates P.C., to provide you with Services, with third parties who help us with our business functions, such as payment processing or data storage, and with business partners. Such third parties are not authorized to use or disclose your information except as necessary to perform Services or comply with legal requirements, and are subject to agreements requiring them to maintain the confidentiality of any such information. If you seek treatment or other services from a clinical provider, such as Lyra Clinical Associates P.C. in its capacity as a health care provider, the use and disclosure of your health information in connection with such services will be governed by its separate HIPAA Notice of Privacy Practices, available at https://www.lyrahealth.com/hipaa-notice/. We also reserve the right to disclose personal data or other information that we believe, in good faith, is appropriate or necessary to (i) take precautions against liability, (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of the Service and any facilities or equipment used to make the Service available, or (v) protect our property or other legal rights, enforce our contracts, or protect the rights, property, or safety of others.

We may store personal information in North American locations outside our direct control (for instance, on servers or databases co-located with hosting providers). In the event that personal information is compromised as a breach of security, Lyra will promptly notify our customers, users, and clients in compliance with applicable law. We will retain personal data we process for as long as needed to provide our Services, and as recommended to comply with our legal obligations (including those under HIPAA), resolve potential or actual disputes, conduct research and development for our Services, or enforce our agreements.

Any personally identifiable information you elect to make publicly available on our Sites or through the Services, such as posting comments on our blog page, will be available to others. If you remove information that you have made public on our Sites or through the Services, copies may remain viewable in cached and archived pages of our Sites or through the Services, or if other users have copied or saved that information.

Non-Personally Identifiable Information: We may share non-personally identifiable information (such as anonymous usage data, referring/exit pages and URLs, platform types, number of clicks, etc.) with interested third parties to help us understand the usage patterns for certain Services and those of our partners. Lyra may also share with your Lyra benefit sponsor the outcomes and impact of our Services, which would consist solely of non-personally identifiable information, e.g., aggregated and anonymized data. Non-personally identifiable information may be stored indefinitely.

Instances Where We Are Required To Share Your Information: Lyra will disclose your information where required to do so by law, if subject to subpoena or other legal proceeding or if we reasonably believe that such action is necessary to (a) comply with the law and the reasonable requests of law enforcement, or when required by health oversight agencies, such as the Secretary of Health and Human Services, for legally authorized health oversight activities; (b) to protect the rights to enforce our Terms of Service or Lyra Clinical Associate P.C.’s HIPAA Notice of Privacy Practices, or to protect the security or integrity of our Service; and/or (c) to exercise or protect the rights, property, or personal safety of Lyra, our users or others, including enforcing Lyra’s agreements, policies and terms of use or sharing information in an emergency.

What Happens In The Event Of A Change Of Control: We may buy or sell/divest/transfer the Company (including any shares in the Company), or any combination of its products, services, assets and/or businesses. Your information such as names and email addresses, and other User information related to the the Service may be among the items sold or otherwise transferred in these types of transactions. We may also sell, assign or otherwise transfer such information in the course of corporate divestitures, mergers, acquisitions, bankruptcies, dissolutions, reorganizations, liquidations, similar transactions or proceedings involving all or a portion of Lyra, but only if the recipient of personally identifiable data commits to a Privacy Policy that has terms substantially consistent with this Privacy Policy. You will be notified via email and/or a prominent notice on our Site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

 

HOW INFORMATION IS STORED AND PROCESSED

Your information is stored in databases maintained by the Company or third parties that are located within North America, where privacy rules differ and may be less stringent than those of the country in which you reside. For E.U. residents, please note that we are not located in the E.U., nor do we collect or process the personal data of EU residents. As such, Lyra is neither a controller nor a processor under the EU’s General Data Protection Regulation (GDPR).
You should be aware that when you are on the Site and/or using our Services, you can be directed to other websites that are beyond our control, and we are not responsible for the privacy practices of third parties or the content of linked websites.

 

HOW INFORMATION IS PROTECTED

We are committed to protecting your privacy and data. We encrypt sensitive information (e.g. your login credentials, PII) during transmission and storage. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you, other involved parties, and any applicable regulator(s) of a breach where we are legally required to do so.

However, no method of transmission over the Internet or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security. If you have any questions about the security of our Services, you can contact us at privacy@lyrahealth.com.

 

INFORMATION CHOICES AND CHANGES

Our marketing emails tell you how to “opt-out.” After doing so, you will not receive future promotional emails unless you open a new account, or sign up to receive newsletters or emails. If you opt out, we may still send you non-marketing emails. Non-marketing emails include emails about your accounts and our business dealings with you.

You may send requests about personal information to our Contact Information below or to privacy@lyrahealth.com. You can request to change contact choices, opt out of our sharing with others, and update your personal information.

You can typically remove and reject cookies from our Site with your browser settings. Many browsers are set to accept cookies until you change your settings. If you remove or reject our cookies, it could affect how our Site works for you.

If you are a California resident, you have the right to request information from Lyra regarding the manner in which Lyra shares certain categories of your personal information with third parties, for the third parties’ direct marketing purposes. We do not share your personal information with third parties for third party marketing purposes.

 

CONTACT INFORMATION.

We welcome your comments or questions about this privacy policy. You may also contact us at our address:

Lyra Health, Inc.
205 Park Road
Burlingame, California 94010

 

CHANGES TO THIS PRIVACY POLICY.

We may change this privacy policy so please check this page occasionally to ensure that you’re happy with any changes. If we make any changes, we will change the Last Updated date above.