Privacy Policy
Last Updated: September 16, 2024
HeadacheDoc LLC (“we,” “us,” “ours” or “HeadacheDoc”) respects your privacy. This privacy policy (“Privacy Policy”) explains how we collect, process, store and share personal information in connection with our applications located at https://www.headachedoc.net (including all subdomains such as https://forum.headachedoc.net), our diagnosis decision support system and other services (collectively, the “HeadacheDoc Services”), including HeadacheDoc Services provided to our registered healthcare professional customers (“Pro Customers”), and the operation of our company. If you are an individual, this Privacy Policy also provides you with important information about your personal information rights with respect to personal information that we control and how to exercise them.
By visiting our website, using the HeadacheDoc Services, or otherwise providing personal information to us, you acknowledge that you have read, understand and accept our privacy practices and policies outlined below, and you consent that we may collect, process, store and share personal information as described in this Privacy Policy, subject to the exercise of individual rights as explained in this Privacy Policy.
1. Notice at Collection of Personal Information
Definition of Personal Information
We collect, process, store and share information that identifies, relates to or could reasonably be linked, directly or indirectly, with a particular individual or household (“personal information”). Personal information does not include information publicly available from government records, or which is not personal, like anonymous, deidentified or aggregated data (even if it originally comes from personal information).
Categories of Personal Information We Collect
Depending on your relationship with us, we may collect, process and store, and share with third parties, the following categories of personal information:
- Contact information, if you register with HeadacheDoc, such as full name and email address
- Professional or employment-related information, if you register with HeadacheDoc in connection with your organization or employer, such as your place of employment, governing organization, registered number, job title and role in institution
- Account credentials, if you register with HeadacheDoc, such as username and password
- Commercial information, such as the billing details we use to bill you for the HeadacheDoc Services, your billing and payment history, products or services you purchased, obtained or considered, or other of your purchasing histories or tendencies
Internet and device information (including identifiers, activity and analytics), such as IP address from which you are accessing our website and other information we automatically collect through cookies and similar technologies used on our website and in our online HeadacheDoc Services, including internet service provider, browser type, operating system and language, any website from which you linked to our website, referring and exit pages and URLs, date and time, amount of time spent on particular pages, what sections of our website you visit, number of links you click while on our website, search terms, and other data regarding your use of our website
Approximate geolocation when you are using our website or HeadacheDoc Services
Sensitive personal information (including health, sex life, sexual orientation, racial or ethnic origin, age and gender), when you provide symptom or other health information to us, which may include any details of medical symptoms, history and conditions and any other data you provide, including any information on racial or ethnic origin or sex life or sexual orientation
Preference information, including preferences related to marketing, privacy or communications
Inferences drawn from any of the personal information listed in this section; for example, to create a profile of an individual’s preferences and characteristics
Other information you choose to provide to us, such as how you heard about the website or HeadacheDoc Services, your views on the effectiveness and ease of use of our website, and other information you choose to provide when you communicate with us
Our Business Purposes for Collecting and Sharing Personal Information
We collect, process, store and/or share all of the categories of personal information identified above (unless a limited subset of categories is indicated) for our following business purposes, our legitimate interests and the legitimate interests of third parties to:
- Provide our website and services, including to provide possible conditions which are suggested by the symptoms you report to us; provide users with access to the appropriate areas and functions of the HeadacheDoc Services; and limit the use of the Symptom Checker and the availability of free trials of other functionality of our websites
- Administer, protect, support and improve our website and services, including to keep our website and the HeadacheDoc Services working, safe, and secure by troubleshooting, testing, conducting data analysis, making updates, and detecting and preventing fraud (including through identity verification); improve or customize our website and HeadacheDoc Services, including to provide relevant content to you; develop new services or products; analyze and monitor usage, trends or other activities related to our website and services; respond to requests and inquiries from, or otherwise communicate with, our users, Pro Customers and third parties; contact you to ask for your views on our website or services and notify you about important changes or developments at HeadacheDoc
- Support our business operations, which consist of running websites and offering services for profit, providing assistance to health professionals and to others in making conditions of symptoms, accumulating data which enables analysis and reporting of circumstances and medical outcomes assistance and ancillary purposes; we process, store and share personal information to conduct data analysis and research to support and improve our business operations, to bill and collect payment for our services and to prepare and file tax forms and other documents; and we share personal information with third parties who provide services that support our business operations to enable them to provide such services, including website hosting, payment processing, email delivery services, credit card processing, text messaging services, customer service and auditing services
- Market our products and services, for example, we use limited categories of personal information (contact information, professional information, internet and device information, location data, preference information and inferences) to show you advertisements and send you marketing communications regarding HeadacheDoc’s products and services and to determine the effectiveness of our promotional campaigns
- Aggregate personal information, including aggregating, anonymizing and deidentifying personal information so that it is no longer personal information
- Meet legal and compliance requirements, including to perform audits, monitoring and reporting; support information security and anti-fraud operations; investigate and respond to disputes; exercise and defend legal claims; protect the rights, property or safety of Pro Customers, you, us or a third party; act in the overriding public interest as permitted by law; respond to legal process (including subpoenas) and governmental, court or law enforcement requests, investigations or orders; and comply with and enforce applicable laws, regulations, policies, procedures and agreements
- Evaluate or conduct business changes, including a merger, acquisition, sale, equity or debt financing, reorganization, dissolution, bankruptcy, or other transaction in which a third party invests in, finances or acquires control of our business or assets (in whole or in part), or any similar corporate event to any of the foregoing
We do not collect or process personal information for the purposes of automated decision-making or profiling (meaning the automatic processing of your personal information to identify your preferences and interests).
Under the laws of some jurisdictions, we must be able to describe the legal bases on which we rely to process personal information. We primarily rely on the legitimate interests, described above, to process personal information when not overridden by an individual’s data protection interests or fundamental rights and freedoms. Other legal bases for our processing of personal information include when the processing is necessary to perform a contract with you, we have a legal obligation to process the personal information or we have your consent to process the personal information.
Categories of Parties Whom We Share Your Personal Information
Third Parties
We share personal information with the following categories of third parties:
- Our affiliates (“Affiliates”) for purposes consistent with this Privacy Policy, including to support marketing, sale and delivery of our website and HeadacheDoc Services
- Our support vendors (“Support Vendors”) who provide us with services and products that help us provide services or operate our business but only to the extent needed to enable them to provide such services or products, including order fulfilment, billing, customer service, data storage, disaster recovery services and sales support companies; hosting, technology and communication providers; cyber security and other security providers; our attorneys, advisors, auditors and accountants; and our analytics providers
- Our support vendors (“Support Vendors”) who provide us with services and products that help us provide services or operate our business but only to the extent needed to enable them to provide such services or products, including order fulfilment, billing, customer service, data storage, disaster recovery services and sales support companies; hosting, technology and communication providers; cyber security and other security providers; our attorneys, advisors, auditors and accountants; and our analytics providers
- Parties you access, authorize or authenticate (“Authorized Parties”), including third parties you access through the services, such as identity verification providers and payment processors; information provided to such third parties are subject to such third parties’ privacy policies; please consult the applicable third party’s privacy policy for more information on how the third party uses your personal information
- Parties for legal purposes (“Legal Parties”), including governmental authorities, law enforcement, courts or other third parties in connection with any of the activities set forth in the bullet beginning with “Meet legal and compliance requirements” in the section above called Our Business Purposes for Collecting and Sharing Personal Information
- Parties for business changes, for example, personal information that we collect may be shared with or transferred to a third party if we consider or undergo a merger, acquisition, sale, equity or debt financing, reorganization, dissolution, bankruptcy, or other transaction in which a third party invests in, finances or acquires control of our business or assets (in whole or in part), or any similar corporate event to any of the foregoing
We Do Not Sell or Share Your Personal Information for Targeted Advertising
We do not sell personal information. For purposes of this Privacy Policy, “sell” means the disclosure of personal information to a third party in exchange for money or other valuable consideration.
We do not share personal information with third parties for cross-contextual behavioral advertising or targeted advertising.
Retention of Personal Information
We retain personal information for as long as we deem to be necessary or advisable for our business purposes described in the above section called, Our Business Purposes for Collecting and Sharing Personal Information (such as providing services to you or Pro Customers). This may include keeping your personal information for up to 7 years after you have stopped using our services; for example, we may retain your personal information to market our products and services to you (unless you opt-out), comply with legal obligations, resolve disputes or collect fees owed. We may retain your personal information longer pursuant to a specific legal reason or requirement. When our retention period ends, we may either delete your personal information or retain it in a form such that it does not identify you personally.
2. Applicability of this Privacy Policy
This Privacy Policy covers how we treat personal information that we acquire from you, or in connection with our website or services provided to you or a Pro Customer, or in connection with our other business or interactions with you. This Privacy Policy applies to personal information we process on behalf of Pro Customers unless otherwise provided in our agreement with a Pro Customer.
This Privacy Policy applies to you no matter where you are located in the world. Please see the below section called Contact Us for the data controller and contacts applicable to your jurisdiction.
This Privacy Policy does not apply to information that we collect in connection with your employment or application for employment at HeadacheDoc.
Sources of Personal Information
We collect personal information from the following categories of sources:
- Directly from you, such as when you register on our website, sign up to receive our newsletters, sign up to receive product information or contact us via our website, or when you otherwise communicate or interact with us in any way, including via mail, email, phone, chat, browser form, online request form, QR code or social media
- Indirectly from you, for example, we collect cookie data and other information from your device, browser or activity on our website or in our HeadacheDoc Services
- From third parties or public sources, for example, from our analytics providers and social media pages
Generally, you are not under a statutory or contractual obligation to provide personal information to us. However, if you do not provide the personal information required for us to provide certain services, verify your identity or process transactions, we may be unable to offer services or otherwise conduct business with you.
Third-Party Links
Our website and HeadacheDoc Services may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share personal information about you. We do not endorse or control these third-party websites or applications and are not responsible for their privacy practices or any information on their websites or in their applications. When you leave our website, we encourage you to read the privacy policy of every website you visit.
Personal Information of Others You Share with Us
You may not disclose the personal information of another individual to us unless you have their prior written consent or are otherwise authorized under applicable law to share their information with us. To the extent that you provide another individual’s personal information to us or we collect another individual’s personal information on your behalf, you acknowledge and agree that you are responsible for compliance with all applicable laws concerning such personal information, including:
- providing all applicable notices
- receiving the proper authority or consent to allow us to collect, store, process and share such personal information
- responding to data subject requests
Protected Health Information
We do not collect or process Protected Health Information (“PHI”) as that term is defined under the Health Insurance Portability and Accountability Act of 1996, as amended, and any and all rules and regulations promulgated from time to time thereunder (“HIPAA”). You are prohibited from providing or making PHI available to us, including uploading to, making available on, or transmitted PHI via our website or HeadacheDoc Services.
Aggregated Data
We may anonymize, deidentify and/or aggregate data so that it no longer constitutes personal information. Anonymized or deidentified data is not personal information and deidentified PHI is not PHI, and restrictions on our use of personal information or PHI contained in this Privacy Policy or under HIPAA do not apply to such anonymized or deidentified data even if such data was created or derived from personal information or PHI. We may share anonymized, deidentified and/or aggregated data that does not identify you personally with third parties, including our Affiliates, Support Vendors and Marketing Vendors. We may also disclose aggregated user statistics in order to describe our HeadacheDoc Services and our website to current and prospective business partners and to other third parties for other lawful purposes. Finally, we may also disclose aggregated and depersonalized user statistics with other members of the healthcare community for purposes of detecting and tracking public health trends, all subject to and in accordance with appliable law.
We may disclose non-personal information to any third party for any reason in our sole discretion.
Personal Information of Children
We do not collect any personal information directly from children under 16 years of age. As a parent or guardian, you may provide or make available personal information of your children to us, and, by doing so, you agree and consent to our collection and use of your children’s personal information.
If you are a child under the age of 16, please do not attempt to use our website or services or send us any personal information. If we learn we have collected personal information directly from a child under 16 years of age, we will delete that data as quickly as possible. If you believe that a child under 16 years of age may have provided personal information to us, please contact us at admin@headachedoc.net.
To our knowledge, we do not sell, or share for cross-contextual behavioral advertising or targeted advertising purposes, the personal information of children under the age of 16.
3. Your Privacy Rights and Choices
Notice of Your Personal Information Rights
With respect to personal information that we control, subject to exemptions and limitations provided by applicable law, if you are an individual you have the right to:
- Know or access – request that we disclose certain information to you about our collection and use of your personal information:
- Whether or not we are processing your personal information
- The categories of your personal information we have collected
- The categories of sources for your personal information we have collected
- Our business purposes for collecting or sharing that personal information
- The categories of third parties with whom we shared your personal information, identifying the personal information categories that each category of recipient obtained and the purposes for sharing your personal information
- The types of personal information we shared with third parties for third parties’ direct marketing purposes and the identities of such third parties
- The specific pieces of personal information we collected about you and access to that personal information
Data portability – request a copy of the personal information you provided to us in a portable, and, if feasible, readily usable format to be transferred to you or a third party
Deletion – request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions under applicable privacy law
Correction – request that we correct inaccurate or complete incomplete personal information
Limit use of sensitive information – request that we limit the use or disclosure of your sensitive personal information to just those actions necessary to perform specific purposes outlined by law. We do not use or disclose sensitive personal information (for example, complete account credentials, racial or ethnic origin, age, gender or health, sex life or sexual orientation information) for purposes other than purposes that would continue to be allowable after the receipt of a limitation request, including to provide services to you
Third-party marketing opt out – direct us to not share your personal information with third parties for third parties’ direct marketing purposes
Object to processing – object to our processing of your personal information based on legitimate interests or for direct marketing purposes
Restriction of processing – request that we restrict or suspend the processing of your personal information in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to delete it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it
Withdraw your consent to the processing of your personal information if our processing is based on your consent (without affecting the lawfulness of any processing prior to your withdrawal of consent)
Non-discrimination – be free from unlawful discrimination for exercising your rights under applicable privacy law
We may be the processor or service provider with respect to personal information obtained from or on behalf of our Pro Customers. Please make any privacy requests directly to our Pro Customers or third parties with respect to personal information in their control.
How to Exercise Your Personal Information Rights
To exercise the rights described above, you or your Authorized Agent (defined below) must send us a written request (via the method described below) that (1) provides sufficient information to allow us to verify that you are the person about whom we have collected personal information, and (2) describes your request in sufficient detail to allow us to understand, evaluate and respond to it. Each request that meets both of these criteria will be considered a “Valid Request.”
We may ask for information to verify your identity and process your Valid Request, such as name, phone number, email and address. If applicable, we recommend that you submit the email that you used when you registered with the HeadacheDoc Services. After you submit a Valid Request, you will be required to verify access to the email address you submitted. You will receive an email with a follow-up link to complete your email verification process. You are required to verify your email in order for us to proceed with your Valid Request. Please check your spam or junk folder in case you can't see the verification email in your inbox. We will only use personal information provided in a Valid Request to verify your identity and complete your request. You do not need an account to submit a Valid Request.
We will work to respond to your Valid Request promptly within the timeframes required by applicable privacy law (usually between 15 to 45 days depending on the type of Valid Request, with the right for us to extend the response time as necessary). We will not charge you a fee for making a Valid Request unless your Valid Request is excessive, repetitive or manifestly unfounded. If we determine that your Valid Request warrants a fee, we will notify you of the fee and explain that decision before completing your request.
You may submit a Valid Request using the following method:
- Send an email to: admin@headachedoc.net
- To opt-out of direct marketing emails, you may also click on the “Manage Email Preferences” link located on the bottom of any HeadacheDoc marketing email and follow the instructions found on the page to which the link takes you. You will still receive transactional emails related to your account, purchase orders, inquiries or requests.
You may also authorize an agent (an “Authorized Agent”) to exercise your rights on your behalf. To do this, you must provide your Authorized Agent with written permission to exercise your rights on your behalf, and we may request a copy of this written permission from your Authorized Agent when they make a request on your behalf.
In some instances, we may not be able to honor your request. For example, we may not honor your request if we cannot verify your identity or if we cannot verify that you have the authority to make a request on behalf of another individual. We may not honor your request if we are not the controller of your personal information (for example, when our Pro Customer is the controller and we are the processor or service provider for our Pro Customer). Additionally, we may not honor your request where not required to do so under applicable privacy laws. For example, we may deny a deletion request if the information is necessary for us to provide our services to you or comply with our legal obligations. We may deny certain right to know requests made more than twice in a 12-month period or for information collected and disclosed more than 12 months ago. We will advise you in our response if we are not able to honor your request.
You have the right to appeal our decision to not honor your request or our refusal to take action on a request within a reasonable period of time by contacting us at the email listed above and clearly stating that the purpose of the contact is an “appeal of privacy rights.” Within 45 days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions.
4. Our Use of Cookies
Our Use of Cookies and Other Tracking Technology
Our website uses cookies and similar technologies such as JavaScript (collectively, “cookies”). Cookies are small pieces of data– usually text files – placed on your computer, tablet, phone or similar device when you use that device to access our website. We use cookies to gather data about visitors to our website, analyze trends and operate and improve our website and services. For example, cookies allow our website to remember your username and password to save you having to retype it every time you visit our website. We may also supplement the information we collect from you with information received from third parties, including third parties that have placed their own cookies on your devices.
Monitoring and Recording Keystrokes and Other Communication
We use cookies and other tracking technology to monitor and record keystrokes and other communications made through the HeadacheDoc Services, including via webform, webchat, email, phone and text message. This includes monitoring your keystrokes while you are using the HeadacheDoc Services. You consent to us monitoring and recording all of your communications made through the HeadacheDoc Services and to us using and sharing such recordings for all purposes described in this Privacy Policy.
Do Not Track
“Do Not Track” is a privacy preference that users can set in their web browsers. When a user turns on the Do Not Track signal, the browser sends a message to websites requesting them not to track the user. Our website is not currently configured to respond to Do Not Track signals or other mechanisms that provide users the ability to exercise choice regarding the collection of personal information about a user’s online activities over time and across third-party websites or online services.
Disable or Delete Cookies and Tracking Technology; Third-Party Cookies
Disable or Delete Cookies from Your Browser or Device
You can decide whether or not to accept certain cookies through your internet browser’s settings. Most browsers have an option for turning off the cookie feature, which will prevent your browser from accepting new cookies, as well as (depending on the sophistication of your browser software) allow you to decide on acceptance of each new cookie in a variety of ways. To explore what cookie settings are available to you, look in the “preferences” or “options” section of your browser's menu.
You can also delete all cookies that are already on your device. If you do this, however, you may have to manually adjust some preferences every time you visit our website and some of the website and functionalities may not work.
Third-Party Cookies and Resources
We allow third parties to set and collect cookies through our website, such as HubSpot. Please review such third parties’ privacy policies and other terms for information on their privacy practices and uses of personal information.
To find out more information about cookies, including information about how to manage and delete cookies, please visit https://www.allaboutcookies.org/.
5. Our Uses of Personal Information in the Last 12 Months
In the last 12 months, we have collected personal information and disclosed personal information to third parties for our business purposes. We have not sold personal information or shared personal information for cross-contextual behavioral advertising (or targeted advertising) in the last 12 months.
Our business purposes for disclosing your personal information are the business purposes in the above section called, Our Business Purposes for Collecting and Sharing Personal Information. For more information on the categories of third parties, see the above section called, Categories of Parties Whom We Share Your Personal Information.
6. Data Security and Processing
Security of Personal Information
We will maintain reasonable technical and organizational safeguards for the protection of the security and confidentiality of personal information from unauthorized access, use, disclosure or transfer. Despite our efforts to ensure security, we cannot guarantee or warrant that personal information will not be accessed, acquired, disclosed for an improper purpose, altered or destroyed by an unauthorized person or as a result of a breach of our security safeguards or those of our hosting provider or other vendors or service providers. We cannot ensure the security of any data transmitted to us over the internet. To the fullest extent permitted by applicable law, we accept no liability for any unintentional disclosure by us of personal information. Therefore, we urge you to take adequate precautions to protect personal information as well, including, without limitation, never sharing your account username or password.
International Transfer, Storage and Processing
The personal information we collect or receive is stored and processed in the United States. You consent to the transfer, processing and storage of personal information in the United States. You also consent to the transfer, processing and storage of personal information by us, our affiliated entities, our vendors or third parties across borders and from your country or jurisdiction to other countries or jurisdictions around the world subject to the provisions of this Privacy Policy.
If you are located in the European Economic Area or other regions with laws governing data collection and use that may differ from United States law, please note that we may transfer data, including personal information, to a country and jurisdiction that does not have the same data protection laws as your jurisdiction and may afford materially less privacy protections for your personal information than your jurisdiction. You consent to the transfer of data to the United States or any other country in which we, our affiliates or vendors maintain facilities and the use and sharing of information about you as described in this Privacy Policy.
7. Changes and Amendments to Privacy Policy
We reserve the right to amend this Privacy Policy at our discretion and at any time. When we do, we will post the revised policy on our website with a new “Last Updated” date. We may, but are not required to, also provide you with notice of the amended Privacy Policy via any others means we consider reasonable, including, without limitation, email, posting on in our services, or updates to our services. Your continued use of our website or services or your provision of personal information to us following the posting of changes (or other notice we provide in our sole discretion) constitutes your acceptance of such changes and the Privacy Policy as amended. We may, but are not required to, also provide you with alternative means of accepting any changes to or amended version of this Privacy Policy. We encourage you to visit this page regularly for any changes.
8. Contact Us
The controller of your personal information is HeadacheDoc LLC.
You may contact us with questions, concerns, complaints or disputes related to this Privacy Policy and our privacy policies and practices.
HeadacheDoc LLC
- Address: 5131 Vivian St, Wheat Ridge, CO 80033
- Email: admin@headachedoc.net
Disability Access
If you have a disability, you may access this Privacy Policy in an alternative format by contacting us at:
- Email: admin@headachedoc.net