Privacy Policy
At Embla, we care about your privacy. If you have any questions, you are always welcome to ask.
Last updated on: 01.20.2025
Embla Health U.S. Inc. (“Embla,” “we,” “us,” or “our”) values our relationship with you and takes your privacy seriously. This Privacy Policy applies to our processing of personal data in relation to activities covered by our website, www.joinembla.com (the "Website") and our app "Embla" (the "App") (collectively referred to as the "Platform"). The purpose of this Privacy Policy is to explain how we collect, process, store, share, and use the data that we collect from you in connection with your access to and use of the Platform. This Privacy Policy also describes your rights with respect to your Personal Information (defined below), as described in more detail below. “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
We may update this Privacy Policy at any time by posting the amended version to the Platform. We will notify you of any material changes to this Privacy Policy via email.
Please note that some of the information you provide is Protected Health Information (“PHI”) governed by the Health Insurance Portability and Accountability Act (“HIPAA”). Please see our HIPAA Notice of Privacy Practices to learn more about our collection, use, and disclosure of your PHI. To the extent there are inconsistencies between the HIPAA Notice of Privacy Practices you receive and this Privacy Policy, the HIPAA Notice of Privacy Practices will govern.
1. How to Contact Us
You can update your preferences with respect to your information by updating your contact information through the Digital Platform or Marketing Site or by contacting us at the email address below. Additionally, if you have any questions or concerns about this Privacy Policy or our use of your Personal Information, please do not hesitate to contact us through any of the methods listed below.
Embla Health U.S. Inc.
Mail: Georgetown Office Evolution,
501 South Austin Avenue #1220 – 302, Georgetown, TX 78626
Email: [email protected]
Web: www.joinembla.com
2. The Information We Collect
We collect information from you manually when you provide it to us and automatically when you access or use the Platform. We may also collect information about you—usually within the context of the Platform—from your employer, health plan, and care team, which may consist of physicians, other healthcare professionals, and support personnel. This may include members of our own care team with whom you may communicate on or through the Platform.
We may collect the following categories of information (which include Personal Information and PHI) from you, depending on your interactions with the Platform and the choices you make:
Business Contact Information
When you visit the website, we collect certain electronic information automatically, including your IP address, unique identifiers, the type of browser you use, and other information. This information is collected via cookies and trackers, which are described further below. This information is not collected on the Platform.
We may also collect from third parties contact information for representatives of prospective clients.
How We Use This Information
- To provide company representatives with more relevant advertisements pertaining to the website.
- To inform company representatives of the availability of our services.
- To provide, maintain, personalize, and improve the website.
- To monitor the usage of the website.
- To gather analysis and assess trends and interests.
Contact Information and Account Registration Information for Platform Users
This is the Personal Information provided to us by you, your employer, or your health plan, or that you input when you register to access or learn more about the Platform. This may include your name, address, email address, phone number, date of birth, gender, and health information.
How We Use This Information
- To determine your eligibility to use the Platform.
- To communicate with you through the Platform.
- To respond to your questions and requests.
- To create, maintain, and personalize your account with us.
- To provide customer support.
- To notify you about changes to the Platform.
- To allow you to participate in interactive features of the Platform when you choose to do so.
- To contact you with newsletters, marketing or promotional materials, and other information that may be of interest to you.
- To perform other duties as required by law.
- To gather analysis and assess trends and interests.
Protected Health Information (PHI)
The Platform may access PHI submitted by you or your care team. Our collection, use, and disclosure of PHI are governed by separate terms and conditions between Embla and our customers, as well as by our HIPAA Notice of Privacy Practices. PHI should only be submitted through the Platform as permitted or required for use of the Platform.
The PHI we may collect from you, your employer, health plan, and your care team may include:
- The identifiers and contact information associated with your account
- Medical insurance details
- Information about physical and mental health conditions and diagnoses
- Treatments for medical conditions
- Genetic information
- Family medical history
- Symptoms and health history
- Medications an individual may take, including the dosage, timing, and frequency
- Lab or diagnostic results
- Other results from clinical consultations or interactions
How We Use This Information
- To determine your eligibility to use the Platform.
- To provide, maintain, and personalize the Platform.
- To create, maintain, and personalize your account with us.
- For the purposes described in our HIPAA Notice of Privacy Practices.
Feedback and Correspondence
We may collect the Personal Information you provide when you contact us with questions or feedback or otherwise correspond with us online through the Platform.
How We Use This Information
- To communicate with you through the Platform.
- To respond to your questions and requests.
- To provide customer support.
Logbook data
We process the following personal data about you when you keep a log of your health via the App:
- Diet and liquid
- Exercise
- Sleep
- Medicine
- Symptoms
- Weight
- Body measurements
- Status
How We Use This Information
- To make it possible for you to be able to follow your health on an ongoing basis via the logbook.
- To create, maintain, and personalize your account with us.
- To provide, maintain, personalize, and improve the Platform.
Location Information
We may collect general location information if you use features on the Platform that provide location-based services.
How We Use This Information
- To provide you with location-based services.
- To monitor the usage of the Platform.
- To gather analysis and assess trends and interests.
Platform Usage Information
This can be information that is collected about you by automated means when you are using the Platform, and this may include:
- Information about your interactions with the Platform, which includes the data and time of any information you enter into the Platform and your interactions with other users of the Platform.
- User content you post to the Platform including messages you send and/or receive and your interactions with our customer service team.
- Technical data, which may include URL information, cookie data, web beacons and other tracking technology information, the types of devices you are using to access or connect to the Platform, unique device IDs, device attributes, network connection type (e.g., WiFi, 3G, LTE, Bluetooth) and provider, network and device performance, browser type, language, and operating system. Further details about the technical data that is processed by us can be found below.
How We Use This Information
- To optimize the display of the Platform on your device.
- To create, maintain, and personalize your account with us.
- To provide, maintain, personalize, and improve the Platform.
- To provide customer support.
- To monitor the usage of the Platform.
- To allow you to participate in interactive features of the Platform when you choose to do so.
- To gather analysis and assess trends and interests.
- To detect, prevent, and address technical issues.
- To help maintain the safety, security, and integrity of the Platform.
We may use Personal Information to create anonymized and/or aggregated data that is no longer associated with individuals or our customers. We may use and share this information for our lawful purposes.
We may engage in the sharing of anonymized and aggregated data for statistical analysis and research purposes. This data sharing is conducted with statisticians or research professionals who are bound by confidentiality agreements and ethical standards.
3. Texas Medical Records Privacy Act (TMRPA)
In addition to complying with the Health Insurance Portability and Accountability Act (HIPAA), we also adhere to the Texas Medical Records Privacy Act (TMRPA), which imposes additional privacy and security protections for medical records. Under the TMRPA, we are committed to ensuring that your Protected Health Information (PHI) is handled with the highest level of confidentiality and security, as follows:
- Consent and Authorization: We will obtain your explicit consent before disclosing your medical records to third parties, except where required or permitted by law.
- Confidentiality: Your medical records will be treated as confidential, and we will take reasonable measures to safeguard them against unauthorized access or disclosure.
- Secure Storage: We implement appropriate security measures for the storage and protection of your health information.
- Breach Notification: In the event of a data breach involving your PHI, we will comply with both HIPAA and TMRPA breach notification requirements to ensure that you are promptly informed.
- Retention and Destruction: Your medical records will be retained for the required time period and will be securely destroyed once no longer needed.
- Compliance with Texas Law: In the event of a conflict between federal and state laws, we will comply with the more stringent provisions of Texas law to ensure the privacy and security of your health data.
For more detailed information on how your PHI is used and protected, please refer to our HIPAA Notice of Privacy Practices.
- Disclosing Your Information
We may share your Personal Information with certain third parties, including under the following circumstances:
- Software and Service Providers: We use various third-party software and service providers to manage and process your information, for example, providers of claims processing software or services that help operate our services and the Platform.
- Healthcare-Related Entities: Entities involved in your treatment and care, such as pharmacies, physicians, and other healthcare providers, as well as health plans, claims processors, and other service providers that assist with healthcare operations. Please refer to our HIPAA Notice of Privacy Practices for more on disclosures of PHI.
- Your Employer: As necessary to facilitate your access to the Digital Platform, performance evaluation, quality improvement, and payment. Information disclosed to your employer does not include PHI.
- Clinical Research: Organizations, researchers, and healthcare institutions conducting clinical research. PHI will be handled in accordance with HIPAA authorization requirements.
- Product-Related Service Providers: Vendors and manufacturers related to our products or services.
- Marketing Service Providers: Providers who assist us in communicating with you.
- Business Partners: Companies that provide products or services in collaboration with us.
- Legal and Compliance: Law enforcement, government agencies, or other third parties, as required by legal process, or to assist in investigations.
- Legal Advisors: Our attorneys, consultants, or similar advisors for legal or business matters.
- Other Third Parties: Any third parties you expressly request we share your information with.
Additionally, we will share your Personal Information with third parties where required by law, or where it is necessary in connection with the Platform, or where we have another legitimate interest in doing so. We may also share de-identified information with third parties at our discretion.
- How We Safeguard Your Personal Information
We have implemented commercially reasonable security measures designed to reduce the risks of loss, misuse, unauthorized access, disclosure, and alteration of your Personal Information. However, please note that no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security. Any transmission of Personal Information is at your own risk.
4. Data Breach Notification
If we become aware of a data breach involving your Personal Information, we will notify you within 60 days, as required by Texas law. The notice will include the type of information that was compromised, the date of the breach, and any steps you can take to protect yourself.
Notification will be made via email or by postal mail to the affected individuals. In the case of a large breach, we may provide public notice or an alternative method of contact.
5. How Long We Store Your Personal Information
We will retain your Personal Information only for as long as necessary to fulfill the legitimate business purposes described in this Privacy Policy. We will retain and use your Personal Information as required to comply with legal, accounting, or reporting obligations, resolve disputes, and enforce our legal agreements and policies. Additionally, we may continue to store your Personal Information contained in our standard backups.
6. Tracking Technologies and Options Regarding Your Personal Information
We use cookies, pixels, web beacons, and similar technologies to collect information over time when you use or access the Platform. These technologies allow us to collect information about the pages you view, the functions you access, the buttons and icons you click, and to remember your login information and settings.
You can choose to disable cookies by changing your browser or device settings, but please note that doing so may impair your experience with the Platform, and some features may not work as intended.
Additionally, we recognize the “Do Not Track” setting available in some browsers but do not currently respond to this signal. You can manage marketing preferences and other data collection options through various tools such as the Global Privacy Control ("GPC") or by following the opt-out instructions for platforms like Facebook, LinkedIn, and Google.
7. Rights Regarding Your Personal Information
Depending on where you live, you may have rights to access, amend, delete, restrict, or opt out of certain uses of your Personal Information. You may also have the right to appeal if we deny your request. To exercise these rights, please contact us using the methods listed in “How to Contact Us” above.
8. Marketing Communications
We respect your preferences regarding marketing communications. You have the right to opt-out of receiving marketing messages at any time. You can unsubscribe from marketing emails by clicking the "unsubscribe" link in any marketing email we send. You can also choose not to receive marketing emails and sms from us when you sign up. At any time, you can also opt out of receiving marketing communication on email and SMS via “Email and SMS preferences” in the account settings in the Embla app.
For both opt-out of email and text messages, you can also contact us directly at [email protected] to request that we stop sending you marketing communications.
9. Transfer of Data
Embla operates in the United States, and our infrastructure, including databases that store Personal Information, is hosted within the U.S. In some cases, Personal Information may be accessed by our technical and clinical teams located in Europe to ensure the quality of our services, perform technical troubleshooting, or provide other necessary support.
We are committed to protecting the privacy and security of your Personal Information in compliance with applicable U.S. laws. When Personal Information is accessed outside the United States, we implement strict safeguards to ensure it remains protected and is handled in accordance with applicable privacy and security requirements. These measures include encryption, access controls, and adherence to strict confidentiality agreements.
By using our services, you consent to the transfer of your Personal Information as described above.
10. Children’s Information
The services are not intended for children under the age of 18. We do not knowingly collect or sell Personal Information of children under 18. If you believe we have collected information from a child under 18, please contact us so we can take the necessary steps to delete it.
11. Links to Other Websites
Our Platform may contain links to third-party websites. We are not responsible for how these websites collect or manage your information. Please read their privacy policies before sharing any Personal Information.
12. Updates to This Privacy Policy
We may update this Privacy Policy from time to time, and any changes will be posted on this page. If the changes are significant, we will provide notice to you via email or a prominent notice on the Platform. Please review this Privacy Policy regularly to stay informed about how we are protecting your information.