Privacy Policy

Last Updated: July 31, 2024

This Privacy Policy (“Policy”) applies to all visitors to and users of HelloJoy, Inc. dba Blueprint’s ("Blueprint",” “Company” “our,” “us,” or “we”) website www.blueprint-health.com.com (the “Website”) and to all users of our other services (together with the Website, "Blueprint's Services").

Blueprint respects the privacy of all visitors and users of Blueprint's Services and is committed to protecting privacy through our compliance with this Policy. We understand that Personal Information and Protected Health Information (both, defined below) are private, and we are dedicated to maintaining the accessibility, confidentiality and integrity of all such information.

Your Consent To This Privacy Policy

Please read this Policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our Policy, your choice is not to use Blueprint's Services. By accessing, using, reviewing and indicating your acceptance, you agree to our Policy. We may change this Policy from time to time, and while we will do our best to notify you of any changes it is your responsibility to review this Policy periodically. Your continued use of Blueprint's Services after we make changes is deemed to be an acceptance of those changes, so please check our Policy periodically for updates. When we do change this Policy, we will also update the “Effective” date at the beginning of this Policy and may notify you or post a message via our Website.

Terms of Service

This Policy is incorporated by reference and should be read in conjunction with Blueprint’s Terms of Service and/or Platform Services Agreement.

Why We Collect Information About You

In general, Blueprint collects Personal Information and Protected Health Information (both, defined below) that is necessary to perform our Services (i.e. measuring health behaviors and outcomes). Your information may be shared with our researchers and your health care provider(s).

Information We Collect About You and How We Collect It

We collect several types of information from and about users of Blueprint's Services. This Policy describes the types of information we may collect from you or that you may provide, and our practices for collecting, using, maintaining, protecting and disclosing that information. At all times, we will only use or disclose your Personal Information and Protected Health Information (both, defined below) to the extent minimally necessary for the intended use or disclosure.

The Privacy Policy applies to information we collect:

On our website.
Via e-mail, text, video and voice communications between you and us.
Via electronic communications between you and us and between you and our website.
Via offline activities and communications.
Between you and your health care provider.
Through any/all of Blueprint's Services.
This Privacy Policy does not apply to information collected, used or disclosed by your physician that is not shared with us.

Aggregated and De-Identified Data

We may also collect, use, and disclose aggregated and de-identified data such as statistical or demographic data for any purpose. Aggregated and de-Identified data could be derived from your Personal Information but is not considered Personal Information under applicable law as this data will not directly or indirectly reveal your identity. However, if we combine or connect aggregated or de-identified data with your Personal Information so that it can directly or indirectly identify you, we treat the combined data as Personal Information which will be used in accordance with this Policy.

Pixels‍

Facebook pixels, and related pixels, are pieces of code for Blueprint’s Services that allows Blueprint to measure, optimize, and build audiences for advertising campaigns. The pixel activates when a user takes action on Blueprint’s Services, such as logging into Blueprint’s Services. The pixel receives these actions and then enables Blueprint to provide options to reach visitors again through future Facebook and related social media ads by retargeting those who have interacted with Blueprint’s Services. Blueprint may utilize pixels as part of its retargeting efforts for its clinician users. Please note, Blueprint does not and will not activate pixels for any users who are patients or whose information is governed by an applicable business associate agreement. You can learn more about Facebook Pixels by visiting this address: https://www.facebook.com/gpa/blog/the-facebook-pixel

Free-Text Boxes

The information that you provide in each case will vary. In some cases, you may be able to provide Personal Information via email or free text boxes, such as contacting Blueprint to request further information. When providing your Personal Information, please provide only relevant information and do not provide unnecessary sensitive information, such as Social Security numbers, credit card information or other sensitive personal data, unless required for our services.

Username and Password; Other Sources.

We may ask you to create a username and password that should only be known to you. When you provide this information to us, you are no longer anonymous. Additionally, we may receive information about you from other sources and add it to the information you have provided to us.

Personal Information

As used in this Policy, “Personal Information” is information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual, user, household, or device.

You may have the opportunity to provide Blueprint with Personal Information, including but not limited to:

‍

Health Related Information

We may also collect Personal Information regulated under applicable law, such as the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) or an equivalent state law governing the use or disclosure of health information. Please understand that Blueprint is not a Covered Entity as defined under HIPAA. Therefore, any Protected Health Information (as defined by HIPAA) you provide to a Covered Entity, that is in turn shared with Blueprint, will be safeguarded and processed in accordance with any applicable Business Associate Agreement.

When you use Blueprint's Services, we may collect, use or disclose your Personal Information but only to the extent minimally necessary and consistent with this Policy. You acknowledge that we may collect this Personal Information from you directly or from your health care provider. We may ask you and/or your clinician to provide Personal Information about you that will enable us to enhance our ability to serve your needs and/or your use of Blueprint's Services. It is entirely your choice whether or not to provide Personal Information through Blueprint's Services. If you choose not to provide requested Personal Information, you may not be able to use certain features of Blueprint's Services.

By providing us with Personal Information (whether of yourself, a patient, or a third party), you warrant and represent that you have obtained all requisite consent and authorization required under law to share Personal Information (including Protected Health Information) with Blueprint. Blueprint shall not be responsible for your failure to obtain lawful authorization to disclose Personal Information with Blueprint.

In addition, you warrant and represent that all Personal Information shared with Blueprint is accurate and complete. Blueprint shall not be responsible for Blueprint’s Services based on inaccurate or unreliable information.

Accessing and Correcting Your Personal and/or Protected Health Information‍

You can review and, subject to applicable laws, change your Personal Information by sending us an e-mail at team@blueprint-health.com, or writing to us at 222 W Merchandise Mart Plaza, Suite 1230, Chicago, IL 60654. We may not be able to accommodate a request to change Personal or Protected Health Information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

The length of time Blueprint intends to retain Personal Information, including Protected Health Information (if any), is for as long as reasonably necessary to carry out Blueprint’s intended business purpose for such information. In the case of Protected Health Information, Blueprint health will honor any retention restrictions set forth under HIPAA or any applicable Business Associate Agreement.

How We May Use or Disclose Your Information

Except as described in this Policy or in our Terms of Service, Personal Information, Protected Health Information, Technical Information, Location-Based Information and Behavior Tracking Information (collectively, “Information”) that you or your health care provider provide to us or that we collect from you or your health care provider, will be kept confidential and used or disclosed only to the extent minimally necessary to support Blueprint's Services. Blueprint's Services exist to allow you and/or your clinician to measure treatment response, progress, and outcomes.

We may use or disclose your Information only to the extent minimally necessary:

To present and facilitate Blueprint's Services to you and/or on your behalf.
To provide you with information, products or services that you request from us.
To provide you with notices and to facilitate communications deemed appropriate by us.
To fulfill any other purpose for which you provide the Information.
To carry out our obligations and enforce our rights arising from any contracts we have entered into regarding you, including Business Associate Agreements, for treatment, payment and health care operations.
To ensure security of Blueprint’s Services and prevent fraud.
To provide you with a personalized experience.
To develop new products and services.
To better understand your needs.
To notify you about changes to Blueprint's Privacy Policy and/or Blueprint's Services.
To comply with any court order, law or legal process, including responding to any government or regulatory request.
To enforce or apply our Terms of Service.
If we believe disclosure is necessary or appropriate to protect the rights, privacy, security, accessibility of Information and/or property of Blueprint.
For research purposes according to the policies and procedures described in the Informed Consent
In any other way we may describe when you provide the Information.
For any other purpose with your lawful consent.

We do not sell or lease your Personal Information to any third party. We may disclose your Personal Information to a third party for a business purpose, including the following categories of third parties:

Our Affiliates. We may disclose the information collected through Blueprint’s Services with our affiliates in order to provide our products, services and effective customer support.
Third-party Service Providers. We disclose Personal Information collected through the Blueprint’s Services with third-party Service Providers who act for or on behalf of Blueprint. These third parties may need information about you to perform their functions. “Service Providers” may include suppliers, dealers, distributors, companies and consultants that provide website hosting, artificial intelligence (AI) processing, software development, payment processing, website and data analytics, order fulfillment, information technology and related infrastructure support, customer service, email delivery, and auditing.
In Aggregate or De-Identified Form. We may aggregate or otherwise anonymize the data we collect for purposes of analytics, research, marketing and other business interests of the Company. Such use shall not include Personal Information or information that can identify you as an individual or reasonably be used to identify you.

Blueprint has entered into agreements with trusted third-party service providers responsible for processing information, including Personal Information consistent with the services requested by you and our customers. Blueprint, for example, has executed agreements with Deepgram, Inc. and OpenAI, LLC to utilize AI technology to support Blueprint’s Services. Blueprint only shares the Personal Information, and in some cases Protected Health Information, necessary to achieve the Blueprint Services requested, and both Deepgram, Inc. and OpenAI, LLC are prohibited from further sharing and use of your Personal Information without your consent and authorization. To the extent required under applicable law, Blueprint has entered into Business Associate Agreements with all third-party service providers, including Deepgram, Inc. and OpenAI, LLC.

Except as described in this Policy, we will not disclose your information with third parties without your notice and consent, unless it is under one of the following circumstances:

We believe that disclosure is reasonably necessary to comply with any applicable law, regulation, subpoena, or court order;
To respond to duly authorized information requests from law enforcement or other governmental authorities;
To enforce our agreements or policies;
To investigate and prevent security threats, fraud, or other malicious activity; or
To respond to an emergency that we believe in good faith requires us to disclose such information to assist in preventing the death or serious bodily injury of any person or Blueprint employee.

We may also use your Information to contact you about our own products and services that may be of interest to you. The technologies we use for this automatic data collection may include:

Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of Blueprint's Services. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our website.
Blueprint's website does not currently recognize “Do Not Track” signals sent by some browsers.

Data Security

We use technical, physical, and administrative safeguards that are designed to improve the confidentiality, integrity and accessibility of your Personal Information and Protected Health Information. We incorporate secure storage and transmission technologies including strong encryption, firewalls, fine grained access control and secure audit. We cannot, however, ensure or warrant the security of any information you transmit to us via Blueprint's Services, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our technical, physical, or administrative safeguards.

International Visitors

This website and Blueprint's Services are hosted in the United States and are intended for visitors located within the United States. Your use of Blueprint's Services and provision of your information is subject to the laws and regulations of the United States and the State of Illinois. If you choose to use Blueprint's Services from other regions of the world with laws governing data collection, use and disclosures that may differ from United States law, then you acknowledge and agree that (a) you are transferring your personal information outside of those regions to the United States, and (b) the laws and regulations of the United States regarding data privacy and security governing the use and disclosure of Personal Information and Protected Health Information may differ from those of your country of residence.

Transfer of Ownership

There are circumstances where Blueprint may decide to buy, sell, or reorganize its business. Under these circumstances, it may be necessary to disclose or receive Personal Information with prospective or actual purchasers, acquisition targets, partners or affiliates. If ownership of Blueprint (HelloJoy, Inc) or any of the Services changes, whether in whole or in part, information collected about you may be transferred to the new owner so the associated Services can continue. In that case, your user information would remain subject to the terms and conditions of the then current Privacy Policy.

California Privacy Rights

Shine the Light law. Pursuant to California Civil Code Section 1798.83, we will not disclose or share your Personal Information with third parties for the purposes of third-party marketing to you without your prior consent.

Do Not Track Signals. Other than as disclosed in this Policy, the Website does not operate any differently when it receives Do Not Track signals from your internet web browser.‍

WE DO NOT SELL OR SHARE YOUR PERSONAL INFORMATION. If we ever decide to “sell” or “share” Personal Information, as those terms are defined under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020, we will update you via this Policy and include a link entitled “Do Not Sell or Share My Personal Information,” to provide you with an opportunity to opt out of the selling or sharing of your Personal Information.

Your Choices and Privacy Preferences

We want to provide you with relevant information that you have requested. When possible, we will always provide options as to what information we collect and how you can manage any preferences that pertains to such information.

If we provide subscription-based services, such as email newsletters, we will allow you to make choices about what information you provide at the point of information collection or at any time after you have received a communication from us while you are subscribed. Transactional or service-oriented messages, such as delivery confirmation messages, are usually excluded from such preferences, as such messages are required to respond to your requests or to provide goods and services, and are not intended for the purposes of marketing.

From time to time, we may send you email newsletters and marketing emails. You may opt out of them at any time by selecting the “unsubscribe” link at the bottom of each email. Please note that by opting out or unsubscribing you may affect other services you have requested we provide to you, in which email communication is a requirement of the service provided. Even if you opt-out of receiving marketing material, we may still need to contact you with important information about your account or responding to your requests or questions.

Children's Privacy Policy

Blueprint's Services are not designed nor intended to be used or accessed by children under the age of 13. No one under age 13 may provide any information to or through Blueprint's Services. We do not intentionally collect Personal Information or Protected Health Information from children through Blueprint's Services. If you are under age 13, do not use or provide any information on or through Blueprint's Services, including, but not limited to, your name, address, telephone number, e-mail address, user name or other. If we learn we have collected or received Personal Information or Protected Health Information from a child under age 13 without verification or parental consent, we will delete that information. If you believe that we may have collected any information, including Personal Information or Protected Health Information, from or about a child under age 13, please contact us immediately at team@blueprint-health.com.

Changes to Our Privacy Policy

We will occasionally update this Privacy Policy to reflect company and customer feedback. We encourage you to periodically review this Privacy Policy to be informed of how we are protecting your information. If we make material changes to how we treat our users’ Personal Information or Protected Health Information, we will notify you by e-mail to the primary e-mail address you have provided and/or through a notice on the home page of our website. The date our Privacy Policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable e-mail address for you, and for periodically visiting our website and this Policy for changes. For any questions or comments regarding this Privacy Policy, please contact us at team@blueprint-health.com.

Contact Information

Please contact us with any questions or comments about this Policy, your Personal Information or Protected Health Information, our use and disclosure practices, or your consent choices by email at team@blueprint-health.com.