Privacy Policy
Enveda Health Inc. (“Fern Health,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, and share personal information in connection with our website and services (the “Services”). “Personal Information” means any information that identifies or is reasonably linkable to an identifiable individual. This Policy is incorporated into and subject to our Terms of Use. California residents have additional rights described in Section 8.
1. The Information We Collect and the Sources of Such Information
A. Information You Provide Directly
- Contact information: name, address, phone number, date of birth, and email address;
- Health information: medical conditions, treatment options, genetic information, photographs of affected areas, laboratory results, and other health-related data;
- Account credentials: username and password;
- Billing and payment information;
- Identity verification documents (such as government-issued ID);
- Purchase and transaction history;
- Demographic information: gender, race or ethnicity, age, and marital status;
- Information about others: emergency contacts or information provided on behalf of a minor; and
- User-generated content you submit through the Services.
B. Information Collected Automatically
- Device and network information: IP address, device type, browser type, and operating system;
- General location inferred from IP address (state/country level);
- Precise geolocation, only if you grant permission;
- Usage data: pages viewed, links clicked, search terms, time spent, error logs, and downloads; and
- Tracking technologies: cookies, SDKs, tracking pixels, and web beacons.
C. Information from Social Media
If you interact with our social media profiles or register through a social login (e.g., Facebook, Instagram), we may receive information from those platforms. Third-party applications (fitness, calendar, contacts) connected to the Services may also share data with us.
D. Information from Other Sources
We may receive information from third parties such as healthcare providers, pharmacies, advertising networks, analytics providers, and marketing partners.
2. Purposes for How We Use Your Information
We use your personal information to:
- Deliver, operate, and improve the Services;
- Facilitate the provision of healthcare services by licensed providers;
- Conduct internal research (published only in de-identified or aggregate form);
- Communicate with you about the Services, your care, surveys, and promotions;
- Provide technical support and customer service;
- Verify your identity and process payments;
- Present content effectively and maintain security;
- Deliver personalized advertising and measure its effectiveness;
- Understand user interests and improve our products;
- Comply with legal obligations; and
- Establish and defend legal rights.
We may combine information collected through the Services with data from other sources to accomplish these purposes. We may also use aggregate or de-identified data for research and may share it with advertisers or sponsors.
3. Online Analytics and Advertising
A. Analytics
We use tools including Google Analytics (with Google Signals and User-ID features) and MixPanel to analyze usage, detect fraud, and improve the Services. These tools may track activity across devices. You may opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on or by adjusting your Google Signals settings.
B. Online Advertising
We work with advertising partners including Facebook, Google, TikTok, and Criteo. We may share hashed email addresses with these networks for retargeting purposes. You can opt out of interest-based advertising through:
- Google Ads Settings
- Facebook and Instagram ad preferences in your account settings
- TikTok privacy settings in your account
- Network Advertising Initiative opt-out
- Digital Advertising Alliance opt-out
C. Mobile Advertising
We may deliver tailored in-app advertisements through mobile advertising platforms. You can limit interest-based ads through your device operating system settings (iOS, Android).
D. Do Not Track
Some browsers transmit “Do Not Track” (DNT) signals. We acknowledge these signals; however, there is no uniform standard for how websites should respond, and our current practices may not change in response to all DNT signals. We do honor Global Privacy Control (GPC) signals where required by applicable law.
4. How We Share and Disclose Your Information
- Affiliates and Subsidiaries: We share information internally to deliver consistent services.
- Healthcare Providers: We share relevant information with licensed clinicians and pharmacies for scheduling, care delivery, treatment, payment, and healthcare operations.
- Service Providers: We share information with third parties that perform services on our behalf, including billing, marketing, analytics, customer support, data storage, IT security, payment processing, legal, and consulting services.
- Advertising Networks: As described in Section 3.
- Joint Marketing Partners: We may share information with partners for joint products or marketing programs, subject to their own privacy policies.
- Legal and Safety: We may disclose information if required by law, court order, or governmental authority, to enforce our Terms, respond to intellectual property claims, or protect the safety of any person.
- Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred to a successor entity.
- Public Forums: Content posted in public areas of the Services may be viewed and used by others, including in testimonials or marketing materials with your consent.
- With Your Consent: We may disclose your information for any other purpose with your explicit consent.
- Aggregate and De-Identified Data: We may share de-identified or aggregated information that cannot reasonably be used to identify you.
Your Rights and Choices
Depending on your state of residence, you may have the right to: request information about how your data is processed; access or receive a copy of your personal information; correct inaccurate information; and request deletion of your personal information. To exercise these rights, contact us at support@tryfern.com. We will verify your identity before fulfilling any request. We will not discriminate against you for exercising your privacy rights.
Opt-Out of Targeted Advertising
If you are a resident of a state with applicable privacy laws, you may opt out of the sale or sharing of your personal information for targeted advertising by contacting us at support@tryfern.com, or by using the opt-out links listed in Section 3. We honor Global Privacy Control (GPC) signals where required by law. Authorized agents may also submit opt-out requests on your behalf.
5. Your Marketing Choices
You may opt out of receiving marketing emails or postal mail by following the unsubscribe instructions in any marketing message, or by contacting us at support@tryfern.com. Note that you cannot opt out of transactional or operational communications related to your account or care.
Sensitive Personal Information
We may collect sensitive personal information, including health information and information about sexual orientation or sex life, where relevant to your care. You have the right to limit our use of sensitive personal information to purposes directly related to providing the Services. To exercise this right, contact us at support@tryfern.com or submit a request via Global Privacy Control where supported.
Children’s Privacy
The Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such information, we will take steps to delete it promptly. Parents or guardians who believe their child has provided us with personal information should contact us at support@tryfern.com.
6. Health Information and Third-Party Services
Fern Health is not responsible for the privacy practices of third-party healthcare providers, device manufacturers, or linked applications. Those entities’ own privacy policies govern their use of your information.
Uses and Disclosures of Protected Health Information
To the extent we are subject to applicable health privacy laws, we may use or disclose your protected health information (“PHI”) for the following purposes without your additional authorization:
- Treatment: Coordinating care and communicating with other providers involved in your treatment;
- Payment: Insurance verification (where applicable), billing, and collections;
- Healthcare Operations: Quality assessment, audits, legal services, and accreditation;
- As Required by Law: Responding to legal processes, regulatory oversight, public health activities, and law enforcement requirements;
- Research: With appropriate institutional review board approval; and
- Other Permitted Purposes: Including organ and tissue donation, workers’ compensation, military and veterans activities, and inmate care.
Your Rights Regarding PHI
- Right to Inspect and Copy: You may request access to your PHI. A reasonable fee may apply.
- Right to Amend: You may request corrections to your PHI.
- Right to an Accounting of Disclosures: You may request a list of certain disclosures made in the past six years.
- Right to Request Restrictions: You may ask us to restrict certain uses or disclosures of your PHI.
- Right to Confidential Communications: You may request that we contact you in a specific way or at a specific location.
- Right to Breach Notification: We will notify you if there is a breach of your unsecured PHI.
To exercise these rights, contact us at support@tryfern.com. Electronic PHI transmitted through the Services is protected using SSL or equivalent encryption.
7. How We Protect Your Information
We implement reasonable technical and organizational security measures designed to protect your personal information from unauthorized access, disclosure, alteration, or destruction. However, no method of transmission over the internet or electronic storage is 100% secure. You are responsible for keeping your account password confidential and for notifying us immediately if you suspect unauthorized access to your account.
8. Privacy Information for California Residents
This section applies to California residents and provides additional disclosures required by the California Consumer Privacy Act (“CCPA”) and related regulations.
Categories of Personal Information Collected
In the past 12 months, we have collected the following categories of personal information:
- Identifiers and contact information (name, email, IP address, phone number);
- Commercial and transactional information (purchase history);
- Financial information (payment card data);
- Internet and network activity (browsing behavior, interaction data);
- Geolocation data;
- Demographic and statistical data;
- Physical characteristics (photos);
- User-generated content; and
- Customer service data.
Your CCPA Rights
- Right to Know: You may request information about the categories and specific pieces of personal information we have collected, the sources, our purposes, and the categories of third parties with whom we share it.
- Right to Access/Copy: You may request a portable copy of your personal information.
- Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
- Right to Opt Out of Sale/Sharing: You may opt out of the “sale” or “sharing” of your personal information for cross-context behavioral advertising.
Sale and Sharing of Personal Information
We may share certain online identifiers (such as cookies or device IDs) with third-party advertising partners in ways that may constitute a “sale” or “sharing” under the CCPA. You may opt out of this activity through the opt-out links in Section 3 or by contacting us at support@tryfern.com.
Shine the Light
We do not share personal information with third parties for their own direct marketing purposes without your consent.
Additional Rights for Health Information
California law provides additional protections for health information, including rights related to sensitive services such as reproductive health, mental health, and substance use treatment. Upon request, we may withhold certain sensitive service information from parents or guardians of minors.
To submit a CCPA request, contact us at support@tryfern.com.
9. Retention of Your Information
We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including to provide Services, comply with legal obligations, resolve disputes, and enforce our agreements. When information is no longer needed, we take reasonable steps to delete or de-identify it.
10. Revisions to Our Privacy Policy
We reserve the right to update this Privacy Policy at any time. The revised Policy will be accessible through the Services. Your continued use of the Services after the effective date of any changes constitutes your acknowledgment of the revised Policy. Where required by law, we will provide appropriate notice of material changes.
11. Contacting Us
If you have questions or concerns about this Privacy Policy or our privacy practices, please contact us:
Enveda Health Inc. (Fern Health)5700 Flatiron Parkway
Boulder, CO 80301 USA
Phone: 720-816-9716
Email: support@tryfern.com