CAREIMO INC.
SECTION 1 – SCOPE AND APPLICABILITY
1.1 Purpose of This Policy
This Consumer Health Data Privacy Policy (“Health Data Policy”) describes how CareIMO Inc. (“CareIMO,” “we,” “us,” or “our”) collects, uses, shares, and protects consumer health data through the CareIMO website (www.careimo.com), mobile applications, and related services (collectively, the “Services”).
This Health Data Policy is published to comply with the Washington My Health My Data Act (RCW 19.373) (“MHMDA”), Nevada Senate Bill 370 (“Nevada SB 370”), and other applicable state consumer health data privacy laws. This policy supplements, and is separate from, our general Privacy Policy available at www.careimo.com/privacy.
1.2 Who This Policy Applies To
This Health Data Policy applies to consumers whose consumer health data is collected through the Services, including residents of Washington, Nevada, and any other state with applicable consumer health data privacy laws. If you are located in one of these states, or if CareIMO otherwise collects your consumer health data, this policy describes your rights and our obligations.
1.3 What This Policy Does Not Cover
This Health Data Policy does not apply to:
1.4 Relationship to Other CareIMO Policies
This Health Data Policy supplements, and should be read together with, the CareIMO Terms of Service at www.careimo.com/terms and the Privacy Policy at www.careimo.com/privacy. The Terms of Service govern your overall use of the Services and include provisions regarding user content licensing, de-identified data rights, limitation of liability, indemnification, and dispute resolution that apply to all data practices, including those described in this Health Data Policy. Where this Health Data Policy conflicts with the general Privacy Policy regarding consumer health data, this Health Data Policy controls. Where this Health Data Policy is silent, the Terms of Service and Privacy Policy apply.
SECTION 2 – DEFINITIONS
“Consumer health data” means personal information that is linked or reasonably linkable to a consumer and that identifies the consumer’s past, present, or future physical or mental health status. For CareIMO, this includes the specific categories described in Section 3.
“Consumer” means a natural person who is a resident of Washington, Nevada, or another applicable state, or whose consumer health data is collected through the Services while physically present in such a state.
“Collect” means to buy, rent, access, retain, receive, acquire, infer, derive, or otherwise process consumer health data in any manner.
“Share” means to release, disclose, disseminate, make available, provide access to, or otherwise communicate consumer health data to a third party.
“Third party” means any entity other than the consumer, CareIMO, or a processor acting on CareIMO’s behalf under a written contract.
SECTION 3 – CONSUMER HEALTH DATA WE COLLECT AND WHY
3.1 Categories, Sources, and Purposes
The following table describes the categories of consumer health data CareIMO collects, the sources from which it is collected, and the purposes for which it is collected and used.
| Category of Consumer Health Data | Source | Purpose of Collection | Example |
|---|---|---|---|
| Health-related questions and descriptions | Provided directly by you when creating a post | To operate the public Q&A discussion platform; to display your question to providers and community members; to organize content by specialty | A post describing symptoms, conditions, treatments, or health concerns |
| Replies and comments containing health information | Provided directly by you when replying to a post | To facilitate public health discussions; to build provider answer history and reputation metrics | A reply discussing a health condition, treatment option, or clinical experience |
| Clinical images | Uploaded directly by you | To allow you to share visual information about a health condition in your post; to display the image publicly alongside your post | A photograph of a skin condition, dental issue, or other clinical finding |
| Provider and specialty search queries | Entered directly by you when searching the provider directory | To return relevant provider search results; to operate the provider directory, map, and specialty browsing features | Searching for "dermatologist" or filtering providers by specialty and location |
| Health-related browsing activity | Collected automatically when you interact with health-related content | To operate and improve the Services; to display relevant content; to calculate platform metrics | Viewing posts in a specific specialty category; reading provider answers about a condition |
| Insurance information (if voluntarily provided) | Entered directly by you when filtering providers by insurance | To return provider search results filtered by accepted insurance | Selecting an insurance carrier when searching for providers |
3.2 Data We Do Not Collect
CareIMO does not collect the following types of consumer health data:
SECTION 4 – HOW WE SHARE CONSUMER HEALTH DATA
4.1 Public Display
CareIMO is a public discussion platform. When you post a question, reply, or upload a clinical image, that content is publicly visible to other users, visitors, and search engines. Public content may be indexed, cached, copied, or redistributed by third parties beyond CareIMO’s control. You should not post information that you do not want to be publicly available.
4.2 Service Providers (Processors)
CareIMO shares consumer health data with the following categories of service providers that process data on our behalf under written contracts:
These service providers are contractually prohibited from using consumer health data for any purpose other than providing services to CareIMO and are subject to confidentiality and data protection obligations.
4.3 Advertising Partners
CareIMO displays advertisements through Google AdSense (web) and Google AdMob (mobile app). These advertising services receive standard advertising signals such as page URLs, cookies, device identifiers, and interaction data. CareIMO does not share the text content of your health-related posts, replies, search queries, or clinical images with advertising partners.
4.4 Affiliates
CareIMO Inc. does not currently have any subsidiaries or corporate affiliates. If CareIMO acquires or creates affiliates in the future, this Health Data Policy will be updated before any consumer health data is shared with such affiliates.
4.5 Other Disclosures
CareIMO may disclose consumer health data in the following limited circumstances:
4.6 Sale of Consumer Health Data
CareIMO does not currently sell consumer health data that is linked or reasonably linkable to an identifiable consumer. CareIMO does not share the content of health-related posts, replies, or clinical images with advertising networks, data brokers, or any third party for purposes unrelated to operating the Services. If CareIMO decides to sell identifiable consumer health data in the future, CareIMO will first update this Health Data Policy and obtain consent as required by applicable law.
4.7 De-Identified and Aggregated Data
As described in our Terms of Service and Privacy Policy, CareIMO may create de-identified or aggregated datasets from information collected through the Services. De-identified data is information that has been processed so that it cannot reasonably be linked to an identified or identifiable consumer. De-identified and aggregated data is not consumer health data under the MHMDA, Nevada SB 370, or this Health Data Policy, and CareIMO may use, share, license, or sell de-identified or aggregated data without restriction for research, analytics, healthcare transparency, industry insights, and other lawful purposes.
SECTION 5 – HOW WE OBTAIN YOUR CONSENT
5.1 Consent for Collection
CareIMO collects consumer health data that is necessary to provide the Services you have requested, such as displaying your health question to providers and community members when you submit a post. Where collection is necessary to provide a product or service you have requested, separate consent may not be required under applicable law.
For collection of consumer health data beyond what is necessary to provide the Services, or for uses beyond those described in this Health Data Policy, CareIMO will obtain your affirmative consent before collecting such data. This consent is separate from your acceptance of our Terms of Service. We obtain consent through a clear, specific disclosure presented at the point of collection. The disclosure will identify the categories of consumer health data being collected and the purposes for which it will be used.
As an additional safeguard, CareIMO presents a health data disclosure to users before their first health-related post or clinical image upload, informing them of the categories of consumer health data collected and the purposes described in this policy.
5.2 Consent for Sharing
If CareIMO shares your consumer health data with any third party for purposes beyond those described in this Health Data Policy, we will obtain a separate consent for that sharing. Consent for sharing is distinct from consent for collection.
5.3 How We Will Not Obtain Consent
CareIMO will not obtain consent for consumer health data collection or sharing through any of the following methods:
5.4 Withdrawing Consent
You may withdraw your consent to the collection and sharing of consumer health data at any time. To withdraw consent, contact us at support@careimo.com with the subject line “Withdraw Health Data Consent.” After we process your withdrawal, CareIMO will stop collecting new consumer health data from you. Withdrawal of consent does not affect the lawfulness of data collection that occurred before withdrawal. If you withdraw consent, certain features of the Services that depend on health data collection (such as posting health questions) will no longer be available to you.
SECTION 6 – YOUR RIGHTS
6.1 Right to Confirm and Access
You have the right to confirm whether CareIMO is collecting, sharing, or selling your consumer health data. If we are, you have the right to access a list of the specific consumer health data we have collected about you.
6.2 Right to Delete
You have the right to request that CareIMO delete your consumer health data. Upon receiving a verified deletion request, CareIMO will:
CareIMO may retain consumer health data after a deletion request to the extent permitted by applicable law, including for: (a) compliance with legal obligations, such as CSAM record retention under 18 U.S.C. § 2258A; (b) responding to or defending against legal claims or litigation holds; (c) detecting and preventing fraud, security incidents, or prohibited conduct; (d) completing a transaction or providing a service you requested; and (e) internal uses reasonably aligned with your expectations based on your relationship with CareIMO. Where data is retained after a deletion request, CareIMO will limit its use to the applicable exception and delete it when the exception no longer applies.
Important: When you delete a post or clinical image through the app, the content is removed from public display. The underlying data is currently retained in our systems in a non-public state. If you want consumer health data fully deleted from CareIMO’s systems, including from backups, you must submit a deletion request as described in Section 6.5. CareIMO cannot delete copies of public content that were cached, indexed, or saved by search engines, other users, or other third parties before deletion.
6.3 Right to Withdraw Consent
You have the right to withdraw your consent to the collection and sharing of consumer health data at any time, as described in Section 5.4.
6.4 Right to Appeal
If CareIMO denies your request to exercise any right under this Health Data Policy, you may appeal by emailing support@careimo.com with the subject line “Health Data Rights Appeal.” CareIMO will respond to your appeal within the timeframes required by applicable law. If your appeal is denied, you may file a complaint with the attorney general in your state.
6.5 How to Exercise Your Rights
To submit a request to access, delete, or exercise any other right described in this Health Data Policy, contact us by:
We will verify your identity before fulfilling your request. We may ask you to provide information that matches the information associated with your account. We will respond to your request within the timeframes required by applicable law, generally within 30 to 45 days depending on the applicable state law. If we need additional time, we will notify you of the reason and the expected response date.
6.6 Non-Discrimination
CareIMO will not discriminate against you for exercising your rights under this Health Data Policy. We will not deny you access to the Services, charge you different prices, or provide you with a different level of service because you exercised a right described in this policy.
SECTION 7 – STATE-SPECIFIC RIGHTS
7.1 Washington Residents
If you are a Washington resident or if the Washington My Health My Data Act (RCW 19.373) otherwise applies to you, you have the following rights in addition to those described in Section 6:
7.2 Nevada Residents
If you are a Nevada resident or if Nevada SB 370 otherwise applies to you, you have the rights described in Section 6 as well as any additional rights provided under Nevada law. To exercise your rights, contact us as described in Section 6.5.
7.3 Other States
Residents of Connecticut, Virginia, and other states with consumer health data provisions within their comprehensive privacy laws may have additional rights regarding health-related data. These rights are described in the state privacy rights section of our general Privacy Policy at www.careimo.com/privacy. CareIMO will honor verifiable requests in accordance with applicable law.
SECTION 8 – PUBLICLY POSTED HEALTH INFORMATION
CareIMO is a public health discussion platform. When you post a question, reply, or upload a clinical image, that content is publicly visible to anyone, including other users, visitors who are not logged in, and internet search engines.
Before posting, consider carefully whether the content you are about to share could identify you or someone else. CareIMO accounts use a username, and you are not required to use your real name. However, the health information you describe in your posts, combined with other details you share, may make you identifiable.
CareIMO collects and retains your publicly posted health content in order to operate the Q&A platform. When you post health-related content, other people can view, save, share, and copy it. Even after you delete a post, copies may remain in search engine caches, third-party archives, or other users’ saved content. CareIMO cannot control or remove those copies.
CareIMO does not share the text content or clinical images from your posts with advertising partners.
SECTION 9 – DATA SECURITY
CareIMO implements reasonable administrative, technical, and physical safeguards to protect consumer health data from unauthorized access, disclosure, alteration, or destruction. These measures include encryption of data in transit using TLS/HTTPS, encryption of stored data in our cloud infrastructure, access controls and multi-factor authentication for administrative access, and role-based access limitations for CareIMO personnel.
No method of transmission over the internet and no method of electronic storage is completely secure. CareIMO cannot guarantee absolute security of consumer health data. For additional information about our security practices, see Section 8 of our Privacy Policy at www.careimo.com/privacy.
SECTION 10 – DATA RETENTION
CareIMO retains consumer health data for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention practices for consumer health data include:
Upon receiving a verified deletion request, CareIMO will delete consumer health data from active systems within 30 days and from archived or backup systems within 6 months, as described in Section 6.2.
SECTION 11 – CHANGES TO THIS HEALTH DATA POLICY
CareIMO will not collect additional categories of consumer health data, use identifiable consumer health data for additional purposes, or begin sharing identifiable consumer health data with new categories of third parties beyond those described in this policy, without first updating this Health Data Policy and obtaining your affirmative consent for the new collection, use, or sharing. This requirement does not apply to de-identified or aggregated data, which CareIMO may use, share, license, or sell as described in Section 4.7.
If we make material changes to this Health Data Policy, we will update the effective date and last-updated date at the top of this policy and provide notice through the Services. Material changes will become effective 30 days after posting unless otherwise required by law.
SECTION 12 – CONTACT INFORMATION
If you have questions about this Health Data Policy, or if you wish to exercise any of the rights described in this policy, contact us at:
CareIMO Inc.
c/o Republic Registered Agent LLC
262 Chapman Rd, Ste 240
Newark, DE 19702
Email: support@careimo.com
Website: www.careimo.com
If you believe CareIMO has violated your rights under applicable consumer health data privacy law, you may file a complaint with the attorney general in your state of residence.
Washington residents: Washington Attorney General, www.atg.wa.gov
Nevada residents: Nevada Attorney General, ag.nv.gov
Clinical images may be selected from your photo library or captured with your camera when you choose to upload them. Location filters, map searches, and current-location search may involve location information when you choose those features.
Communities may contain health-related posts, replies, and browsing activity connected to the community topics you choose to view or join.