Privacy Policy and Statement

Privacy STATEMENT AND policy

(Last updated February 2024)

At OnBalance LLC (“OnBalance”), our mission is to provide a platform through which mental health care providers can proactively manage the mental health of collegiate and professional athletes, and on a permission basis, communicate with coaches, administrators, parents and advisors. A necessary part of that mission is to set a high standard for protecting the privacy of your information. We want to be clear about how we collect, use, protect, and share information, including Personal Information about you, and the rights and choices you have about the ways in which you can help us protect your privacy.

OnBalance respects your privacy and collects no Personally Identifiable Information (“PII”) about you unless you affirmatively choose to make such information available to it. OnBalance does not actively share Personal Information about web site visitors. Personal Information provided by visitors, such as e-mail addresses or information submitted via online forms, is used by OnBalance to assist individual visitors as necessary. This assistance may involve redirecting an inquiry or comment to another OnBalance individual or unit better suited to provide resolution.

This Privacy Statement explains:

What information we collect and why we collect it
How we use that information and when we disclose it
Your rights regarding your information, including how to access and update your information
How we maintain information and the steps we take to protect your information

Privacy Policy Scope: This Privacy Statement applies to the information that we obtain through your use of OnBalance products and services, including our website (www.onbalancehealth.com) and your interactions and communications through our website, our portal, virtual terminal, hosted sites, social media, and web-based tools (collectively, our “Services”).

This Privacy Statement does not apply to Personal Information arising from OnBalance employment-related activities. Except to the extent that a third party provides services on our behalf (such as a SaaS vendor), this Privacy Statement also does not apply to the practices of third parties to which we may link or otherwise refer you, such as consultants, pen testing firms, audit firms, and other vendors.

Geography: OnBalance is a United States (“U.S.”) based company that offers its Services to domestic collegiate and professional sports organizations. As a result, Personal Information will be transmitted and retained solely in the U.S. to comply with our legal and contractual obligations, to provide information and services to prospective and current stakeholders, and to perform related business activities.

However, we understand that we may have constituents (i.e. athletes and service providers) from different countries and regions with different privacy expectations, and we endeavor to meet those expectations even when the U.S. imposes lesser obligations. Stated differently, we work hard to adhere to applicable data privacy laws wherever we do business, working with our Data Protection Officer as part of a cross-functional team that oversees our privacy compliance efforts. Additionally, if our vendors or affiliates have access to Personal Information, they must sign agreements that require them to comply with our privacy policies and with applicable data privacy laws.

OnBalance is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

For those of you in Canada, please see our Notice to Canadian Residents.

Notice to Canadian Residents

OnBalance complies with the Canadian Anti-Spam Law (“CASL”), which went into effect on July 1, 2014. OnBalance has certified that it adheres to the CASL. The purpose of the CASL is to promote the efficiency of the Canadian economy by regulating commercial conduct that discourages the use of email to carry out commercial means and to promote the efficiency and adaptability of the Canadian economy by regulating commercial conduct that discourages the use of electronic means to carry out commercial activities, because that conduct:

(a) impairs the availability, reliability, efficiency and optimal use of electronic means to carry out commercial activities;

(b) imposes additional costs on businesses and consumers;

(d) undermines the confidence of Canadians in the use of electronic means of communication to carry out their commercial activities in Canada and abroad.

In cases of a violation pursuant to CASL, OnBalance is potentially liable. If there is any conflict between the policies in the Privacy Policy and the CASL, the CASL shall govern. To learn more about the CASL and OnBalance’s compliance program, please visit fightspam.gc.ca. For any complaints in connection with any potential violation of the CASL, please first contact OnBalance at privacy@onbalancehealth.com.

For those of you in California, please see our Notice to California Residents.

Notice to California Residents

The California Consumer Privacy Act of 2018 (Cal. Civ. Code §1798.100 et seq., as amended, “CCPA”), gives California residents rights and control over their Personal Information. OnBalance provides this statement to California residents in accordance with requirements under the CCPA to make certain disclosures about the collection and processing of their Personal Information. This is OnBalance’s California-specific description of consumers’ privacy rights under the CCPA.

We Do Not Sell Your Personal Information

Under the CCPA, a business that sells California residents’ Personal Information to others:

must give notice to California residents before selling their Personal Information to others; and
must provide the right to opt out of the sale of their Personal Information.

OnBalance does not sell Personal Information, including Personal Information of anyone under 16 years old, without consent. 

Your Rights Under the CCPA

1. Right to know what Personal Information is being collected, for what purposes and with whom it is shared

California residents have the right to request from a business disclosure of the categories and specific pieces of Personal Information it has collected from them in the preceding 12 months, the categories of sources from which such Personal Information is collected, the business or commercial purpose for collecting or selling such Personal Information, and the categories of third parties with whom the business shares Personal Information.

If you request that a business disclose categories and specific pieces of Personal Information collected about you, you have the right to receive that information, free of charge, twice a year. The information may be delivered by mail or electronically and, if provided electronically, shall be in a portable and, to the extent technically feasible, readily usable format that allows the California resident to relatively easily transmit this information to another entity.

2. Right to know whether your Personal Information is sold or disclosed for a business purpose and to whom

California residents have the right to request from a business that sells or discloses Personal Information for a business purpose separate lists of the categories of Personal Information collected, sold or disclosed for a business purpose in the preceding 12 months, including the categories of third parties to whom the Personal Information was sold or disclosed for a business purpose.

3. Right to say no to the sale of your Personal Information

As explained above, the CCPA requires businesses that sell Personal Information to allow residents the ability to opt out of the selling of their information.

4. Right to non-discrimination of service or price if you exercise your privacy rights

The CCPA prohibits businesses from discriminating against a California resident for exercising any of their rights under the CCPA, including by:

denying goods or services to the resident;
charging different prices or rates for goods or services, including through the use of discounts or other benefits or by imposing penalties;
providing a different level or quality of goods or services; or
suggesting that the person exercising their rights will receive a different price or rate for goods or services or a different level or quality of goods or services.

5. Right to deletion

California residents have the right to request that a business delete any of their Personal Information that the business collected from them, subject to the exceptions in CCPA §1798.105.

To Exercise Your CCPA Rights

To exercise your CCPA rights, or have any questions specifically about CCPA, you may reach out to us at privacy@onbalancehealth.com.

OnBalance will verify your request within seven (7) days and complete the request within 45 days from receipt of the request, as required by law. 

For those of you in Colorado, please see our Notice to Colorado Residents.

Notice to Colorado Residents

OnBalance complies with the Colorado Privacy Act (“COPA”), which goes into effect on July 1, 2023, and gives Colorado residents rights and control over their Personal Information. OnBalance provides this statement to Colorado residents in accordance with requirements under the COPA to make certain disclosures about the collection and processing of their Personal Information. This is OnBalance’s Colorado-specific description of consumers’ privacy rights under the COPA.

We Do Not Sell Your Personal Information

Under the COPA, a business that sells Colorado residents’ Personal Information to others:

must give notice to Colorado residents before selling their Personal Information to others; and
must provide the right to opt out of the sale of their Personal Information.

OnBalance does not sell Personal Information, including Personal Information of anyone under 16 years old, without consent. 

Your Rights Under the COPA

Colorado residents have the right to:

Confirm whether or not a business is processing their Personal Information;
Access their Personal Information;
Correct inaccuracies in their Personal Information;
Delete their Personal Information;
Obtain a copy of their Personal Information in a portable and, to the extent technically feasible, readily usable format that allows the consumer to transmit the information to another entity; and
Opt out of the processing of their Personal Information for purposes of (i) targeted advertising, (ii) the sale of Personal Information, or (iii) profiling that may produce a legal or other significant impact on the Colorado resident.

If you request that a business disclose categories and specific pieces of Personal Information collected about you, you have the right to receive that information twice per calendar year, with the first such request being free of charge. You may be charged a reasonable fee for additional requests made in the same calendar year.

OnBalance may use de-identified data (data that cannot reasonably be linked to an identified or identifiable person or a device linked to such person) in some instances, but OnBalance either maintains such data without attempting to re-identify it or treats such data as Personal Information.

The COPA prohibits businesses from discriminating against a Colorado resident for exercising any of their rights under the COPA, including by:

denying goods or services to the resident;
charging different prices or rates for goods or services; or
providing a different level or quality of goods or services.

To Exercise Your COPA Rights

To exercise your COPA rights, or have any questions specifically about COPA, you may reach out to us at privacy@onbalancehealth.com.

OnBalance will verify your request within seven (7) days and complete the request within 45 days from receipt of the request, as required by law. Additionally, you have the right to appeal the denial of any of these rights by submitting a form that will be provided to you if we deny a data request. If you are not satisfied with the results of the appeal, you have the right to contact the Colorado Attorney General.

For those of you in Connecticut, please see our Notice to Connecticut Residents.

Notice to Connecticut Residents

OnBalance complies with the Connecticut Data Privacy Act (“CTDPA”), which goes into effect on July 1, 2023, and gives Connecticut residents rights and control over their Personal Information. OnBalance provides this statement to Connecticut residents in accordance with requirements under the CTDPA to make certain disclosures about the collection and processing of their Personal Information. This is OnBalance’s Connecticut -specific description of consumers’ privacy rights under the CTDPA.

We Do Not Sell Your Personal Information

Under the CTDPA, a business that sells Connecticut residents’ Personal Information to others:

must give notice to Connecticut residents before selling their Personal Information to others; and
must provide the right to opt out of the sale of their Personal Information.

OnBalance does not sell Personal Information, including Personal Information of anyone under 16 years old, without consent. 

Your Rights Under the CTDPA

Connecticut residents have the right to:

Confirm whether or not a business is processing their Personal Information;
Access their Personal Information;
Correct inaccuracies in their Personal Information;
Delete their Personal Information;
Obtain a copy of their Personal Information in a portable and, to the extent technically feasible, readily usable format that allows the consumer to transmit the information to another entity; and
Opt out of the processing of their Personal Information for purposes of (i) targeted advertising, (ii) the sale of Personal Information, or (iii) profiling that may produce a legal or other significant impact on the Connecticut resident.

The CTDPA prohibits businesses from discriminating against a Connecticut resident for exercising any of their rights under the CTDPA, including by:

denying goods or services to the resident;
charging different prices or rates for goods or services; or
providing a different level or quality of goods or services.

To Exercise Your CTDPA Rights

To exercise your CTDPA rights, or have any questions specifically about CTDPA, you may reach out to us at privacy@onbalancehealth.com.

For those of you in Utah, please see our Notice to Utah Residents.

Notice to Utah Residents

OnBalance complies with the Utah Consumer Privacy Act (“UCPA”), which goes into effect on December 31, 2023, and gives Utah residents rights and control over their Personal Information. OnBalance provides this statement to Utah residents in accordance with requirements under the UCPA to make certain disclosures about the collection and processing of their Personal Information. This is OnBalance’s Utah-specific description of consumers’ privacy rights under the UCPA.

We Do Not Sell Your Personal Information

Under the UCPA, a business that sells Utah residents’ Personal Information to others:

must give notice to Utah residents before selling their Personal Information to others; and
must provide the right to opt out of the sale of their Personal Information.

OnBalance does not sell Personal Information, including Personal Information of anyone under 16 years old, without consent. 

Your Rights Under the UCPA

Utah residents have the right to:

Confirm whether or not a business is processing their Personal Information;
Access their Personal Information;
Correct inaccuracies in their Personal Information;
Delete their Personal Information;
Obtain a copy of their Personal Information in a portable and, to the extent technically feasible, readily usable format that allows the consumer to transmit the information to another entity; and
Opt out of the processing of their Personal Information for purposes of (i) targeted advertising, or (ii) the sale of Personal Information.

If you request that a business disclose categories and specific pieces of Personal Information collected about you, you have the right to receive that information for a twelve month period free of charge, once a year. You may be charged a reasonable fee for additional requests made in the same twelve month period.

The UCPA prohibits businesses from discriminating against a Utah resident for exercising any of their rights under the UCPA, including by:

denying goods or services to the resident;
charging different prices or rates for goods or services; or
providing a different level or quality of goods or services.

To Exercise Your UCPA Rights

To exercise your UCPA rights, or have any questions specifically about UCPA, you may reach out to us at privacy@onbalancehealth.com.

OnBalance will verify your request within seven (7) days and complete the request within 45 days from receipt of the request, as required by law.  

For those of you in Virginia, please see our Notice to Virginia Residents.

Notice to Virginia Residents

The Virginia Consumer Data Protection Act (“VCDPA”) became effective on January 1, 2023, and gives Virginia residents rights and control over their Personal Information. OnBalance provides this statement to Virginia residents in accordance with requirements under the VCDPA to make certain disclosures about the collection and processing of their Personal Information. This is OnBalance’s Virginia-specific description of consumers’ privacy rights under the VCDPA.

We Do Not Sell Your Personal Information

Under the VCDPA, a business that sells Virginia residents’ Personal Information to others:

must give notice to Virginia residents before selling their Personal Information to others; and
must provide the right to opt out of the sale of their Personal Information.

OnBalance does not sell Personal Information, including Personal Information of anyone under 16 years old, without consent. 

Your Rights Under the VCDPA

Virginia residents have the right to:

Confirm whether or not a business is processing their Personal Information;
Access their Personal Information;
Correct inaccuracies in their Personal Information;
Delete their Personal Information;
Obtain a copy of their Personal Information in a portable and, to the extent technically feasible, readily usable format that allows the consumer to transmit the information to another entity; and
Opt out of the processing of their Personal Information for purposes of (i) targeted advertising, (ii) the sale of Personal Information, or (iii) profiling that may produce a legal or other significant impact on the Virginia resident.

If you request that a business disclose categories and specific pieces of Personal Information collected about you, you have the right to receive that information, free of charge, twice a year.

The VCDPA prohibits businesses from discriminating against a Virginia resident for exercising any of their rights under the VCDPA, including by:

denying goods or services to the resident;
charging different prices or rates for goods or services; or
providing a different level or quality of goods or services.

To Exercise Your VCDPA Rights

To exercise your VCDPA rights, or have any questions specifically about VCDPA, you may reach out to us at privacy@onbalancehealth.com.

OnBalance will verify your request within seven (7) days and complete the request within 45 days from receipt of the request, as required by law. Additionally, you may have the right to appeal the denial of any of these rights by submitting a form that will be provided to you if we deny a data request. 

If you have any questions or concerns about this Privacy Statement or about our privacy or data security practices, please contact us at privacy@onbalancehealth.com or security@onbalancehealth.com.

Personal Information Definitions

For purposes of this Privacy Statement, “Personal Information” means information from or about you that identifies you directly and information that is associated with you and thus could potentially identify you, including when combined with other information from or about you.

Types of Information Collected

Names
Social Media Handles
Messenger App Handles
Physical address
Email addresses
Telephone numbers
Business contact information, including names, email addresses, business addresses, telephone numbers, company name or business affiliation, and title
User IDs and passwords
Personal information that you choose to share within our user communities
Payment card and financial account information
Identifiers of devices used to access our Services

Data Collection

Voluntary Collection

Account and Profile Information: We collect information about you and your university or employer when you register for an account, create or modify your profile, and seek support through our Services. Information we collect includes the type of information identified above. You may provide this information directly through our Services or in some cases another user or service provider (such as an account administrator) may create an account on your behalf. If you provide information (including Personal Information) about someone else, you confirm that you have the authority to act for them and to consent to the collection and use of their Personal Information as described in this Privacy Policy.

Content: We collect and store content that you create, input, submit, post, upload, transmit, or store while using our Services. Such content may include any personal or other sensitive information submitted using our Services, such as Health Insurance Portability and Accountability Act (HIPAA) protected health information, European Union (EU) personal data, and other information such as source code or regulatory compliance materials.

Other submissions: We collect other data that you may submit to our Services or to us directly, such as when you request customer support or communicate with us via email or social media Sites.

Automatic Collection

Web Logs and Analytics Information: We record certain information and store it in log files when you interact with our Services. This information may include Internet protocol (IP) or other device addresses or ID numbers as well as browser type, Internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information that you search for, your locale and language preferences, your mobile carrier, and system configuration information. We and our analytics providers also collect and store analytics information when you use our Services to help us improve our Services.

Cookies and Other Tracking Technologies: We use various technologies to collect information, including cookies that we save to your computer or mobile device. Cookies are small data files stored on your hard drive or in device memory. We use cookies to improve and customize our Services and your experience; to allow you to access and use the Services without re-entering your username or password; and to count visits and understand which areas and features of the Services are most popular. We may also associate the information we store in cookies with Personal Information you submit while on our Services. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from websites you visit. If you do not accept cookies, however, you may not be able to use all aspects of our Services.

Collection from Other Sources

Information from Third Parties: We may obtain information, including Personal Information, from our business partners and service providers. This information includes, but is not limited to, information that we receive from university or employer representatives, health care professionals, patient referrals, and other interactions. We also may combine information we receive from third parties with other information we collect from you through our Services as described in this Privacy Statement. If we use this information to provide you with opportunities that we think may be of interest to you, you will have the ability to inform us that you do not wish to receive such offers, and you may unsubscribe from our marketing and other email communications by clicking on the link in the email, sending an email to privacy@onbalancehealth.com, or accessing your user account and changing your distribution preferences.

Information Provided by Other Individuals: While using our Services, individuals may provide information about another individual, or an authorized user (such as an account administrator) creating an account on your behalf may provide information about you. When one individual provides us with information (including Personal Information) about another individual, we assume that the individual has permission and authority to do so and to consent on behalf of that individual to the collection and use of Personal Information as described in this Privacy Statement. Please contact us immediately at privacy@onbalancehealth.com if you become aware of an individual providing us with Personal Information about another individual without being authorized to do so, and we will act consistently with this Privacy Statement.

Data Provided by Stakeholders

Our stakeholders use our Services to develop, establish, implement, and maintain protocols and plans to support athletes, including Personal Information. While using our Services, our customers may create, input, submit, post, upload, transmit, or store Personal Information that they have collected from individuals. During the course of our business relationship, we may need to access a customer’s account and the information it contains to provide support for our Services.

Our stakeholders are responsible for complying with all applicable federal, state, local, and international laws and regulations regarding notice, disclosure, consent, and transfer of Personal Information, prior to providing that Personal Information to OnBalance.

In addition, our stakeholders are also responsible for identifying, in their services agreements with OnBalance or in a related document (such as a HIPAA Business Associate Agreement or General Data Protection Regulation (GDPR) agreement), any additional requirements for protecting, accessing, and handling Personal Information in a manner that exceeds the reasonable, risk-based administrative, technical, and physical safeguards that OnBalance would otherwise routinely implement, or that are inconsistent with the collection and use practices identified in this Privacy Statement.

Unlike the other collections of information described in this section, our agreements with stakeholders include protections and limitations regarding our access to and use of Personal Information collected by stakeholders, and we do not access, use, copy, retain, or aggregate stakeholder data except as stated in those agreements.

Why We Collect Data From and About You

We will not use your Personal Information for anything other than the following lawful purposes:

To facilitate the provision of services to athletes:

To establish and maintain relationships with stakeholders
To fulfill our obligations to stakeholders in the delivery of the Services
To contact athletes, universities and employers regarding account-related issues and business communications relating to the Services, including technical notices, updates, security alerts, and administrative messages
To enable our stakeholders to access and use our Services

To comply with our legal obligations:

To comply with legal obligations, including but not limited to complying with tax and financial reporting requirements
To demonstrate compliance with applicable privacy and data security laws and regulations, such as HIPAA, CCPA and GDPR
To comply with incident monitoring, reporting, assessment, and notification requirements
To comply with other applicable criminal and civil law and regulatory requirements under federal, state, and international law

To provide services and information that you request and consent to receive:

To provide customer service and support
To communicate with you, including responding to your comments, questions, and requests regarding our Services
To process and complete transactions, and send you related information

To conduct business operations necessary for the continued operation of our business:

To administer, operate, maintain, and secure our website and Services
To monitor and analyze trends, usage, and activities in connection with our Services
To investigate and prevent fraudulent transactions, unauthorized access to our Services, and other illegal activities
To verify compliance with our internal policies and procedures
For accounting, record keeping, backup, and administrative purposes
To customize and improve the content of our communications, websites, and social media accounts
To educate and train our workforce in data protection and customer support
To provide, operate, maintain, improve, personalize, and promote our Services
To develop new products, services, features, and functionality
To market our products and services (first-party marketing only; we do not provide Personal Information for use in marketing any non-OnBalance, third-party goods or services)

When possible, we will use anonymized data for these purposes, but if we do not, or if we combine it with Personal Information, we will treat it in accordance with this Privacy Statement.

When and Why We Share or Disclose Personal Information

Except to the extent necessary to fulfill our obligations, to accomplish one of the lawful purposes described in this Privacy Statement, or pursuant to your express instructions, we do not sell, transfer, or otherwise disclose Personal Information that we collect from or about you. 

We may share your information in the following ways:

With Your Express Consent: We will share your Personal Information with universities, employers, providers, companies, organizations, or individuals outside of OnBalance when we have your consent to do so.

When You Choose to Directly Share Your Information While Using Our Services: When you use our Services, certain features allow you to make some of your content accessible to other users of the Services. We urge you to consider the sensitivity of any information prior to sharing it with other users.

When Your Account Is Accessed by Your Organization’s Designated OnBalance Administrator: Your OnBalance account owners and administrators may be able to:

Access information in and about your OnBalance account;
Disclose, restrict, or access information that you have provided or that is made available to you when using your OnBalance account, including your content; and
Control how your OnBalance account may be configured, accessed, or deleted.

With universities, employers and providers to accomplish our business purposes: We may share your information with your university, employer or provider and other third parties who perform services on our behalf. We provide your payment information to our service providers for payment processing and verification. We also work with third-party service providers to provide the cloud-based tools that our stakeholders use to create their secure storage containers and securely store their sensitive information, including Personal Information.

When Necessary to Comply with Laws and Law Enforcement Requests, or Otherwise to Protect Our Rights or Those of Individuals: We may disclose your information (including your Personal Information) to a third party if:

We believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request
To enforce our agreements, policies and terms of service
To protect the security or integrity of OnBalance’s products and services
To respond to an incident involving personal data for which OnBalance has direct or indirect responsibility
To protect the property, rights, and safety of OnBalance, our customers or the public from harm or illegal activities
To respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person
To investigate and defend ourselves against any third-party claims or allegations.

As the result of a business transition: We may share or transfer your information (including your Personal Information) in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. We will take reasonable steps to assure that any other entity involved continues to comply with the terms of this Privacy Statement. We will notify you of such a change in ownership or transfer of assets by posting a notice on our website.

Sharing aggregated, anonymized, de-identified, or otherwise non-personal data: We may share aggregated, anonymized, de-identified, or otherwise non-Personal Information that does not directly or indirectly identify you and that cannot with reasonable effort, be used to re-identify you in order to improve the overall experience of our Services. Such aggregated, anonymized, de-identified, or otherwise not re-identifiable information is not Personal Information within the scope of this Privacy Statement.

NOTE: OnBalance does not sell your Personal Information

How we respond to compelled disclosure

OnBalance may disclose Personal Information or other information we collect about you to law enforcement in response to a valid subpoena, court order, warrant, or similar government order, or when we believe in good faith that disclosure is reasonably necessary to protect our property or rights, or those of third parties or the public at large.

In complying with court orders and similar legal processes, OnBalance strives for transparency. When permitted, we will make a reasonable effort to notify users of any disclosure of their information, unless we are prohibited by law or court order from doing so, or in rare, exigent circumstances.

How we, and others, communicate with you

We may use your email address to communicate with you, if you have expressly allowed us to do so, and only for the reasons you have allowed. For example, if you contact our support team with a request, we will respond to you via email. You cannot opt out of receiving important communications from us, such as emails from our support team or system emails, but you can manage your communication preferences and limitations in your user profile, as described in greater detail in the section below.

Depending on your email settings, OnBalance may occasionally send notification emails about changes in a repository you are watching, new features, requests for feedback, important policy changes, or offer support. We also send marketing emails, based on your choices and in accordance with applicable laws and regulations. We will provide an unsubscribe link located at the bottom of each of the marketing emails we send you.

Our emails may contain a pixel tag, which is a small, clear image that can tell us whether or not you have opened an email and what your IP address is. We use this pixel tag to make our email more effective for you and to make sure we’re not sending you unwanted email.

Your Control Over Your Personal Information

You maintain control over the data you share with us, as described below.

You may decline to share certain Personal Information with us, in which case we may not be able to provide to you some of the features and functionality of our Services or fulfill your requests. For example, we need your email address to authenticate you and perform account services such as password resets, or to provide you with customer support.
You may decline to accept cookies, but that decision may affect the functionality and performance of our Services.
You may update or correct your Personal Information at any time by accessing the account settings page on the website or within our platform.
You may opt out of receiving promotional communications from OnBalance by using the unsubscribe link within each email. Note that, as long as you maintain an account with us, you will continue to receive administrative messages from us regarding the Services.
You may request information about, and access to, the personal data that we collect from you.
You may ask questions or make complaints about our privacy and data security practices with regard to your personal data.

You may request that we delete information that we have collected about you.
You may ask us for a copy of the information that we collect from you.

To exercise any of these options, or for additional information about our privacy and data security practices, contact us at privacy@onbalancehealth.com.

Security

Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. That said, we employ a variety of organizational, technical and administrative measures to provide a level of security appropriate to the risk associated with the Personal Information you trust us with. 

To that end, we manage our data protection program consistent with ISO 27001 (https://www.iso.org/isoiec-27001-information-security.html), HIPAA Security Rule (HIPAA Security Rule | HHS.gov), HIPAA Privacy Rule (HIPAA Privacy Rule | HHS.gov), FERPA (Family Educational Rights and Privacy Act (FERPA) |ed.gov), GDPR (General Data Protection Regulation | GDPR.eu), and the NIST Cybersecurity Framework (Cybersecurity Framework | NIST).

OnBalance protects Personal Information under its control and requires its service providers to also protect against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to, personal data transmitted, stored, or otherwise processed.

If you have concerns about the security of your information with OnBalance, please contact us immediately at privacy@onbalancehealth.com or security@onbalancehealth.com to report an issue.

Data Retention

We retain your Personal Information only as long as necessary to accomplish the business purpose for which it was collected or to comply with our legal and contractual obligations, and then securely dispose of that information.

Children’s Privacy

Our Services are not directed to individuals under 13. We do not knowingly collect Personal Information from children under 13. If we become aware that a child under 13 has provided us with Personal Information, we will take steps to delete such information. If you become aware that a child has provided us with Personal Information, please contact us at privacy@onbalancehealth.com.

Privacy STATEMENT AND policy

Contact Us

Information