LAST UPDATED: OCTOBER 2025

Connect by Spring Health - Privacy Policy

‍

Spring Care, Inc. takes your privacy seriously and wants you to be familiar with how we collect, use and disclose information and do so in accordance with laws applicable to our business.

This privacy policy describes our practices in connection with any information that we collect through the connect.springhealth.com, www.springhealth.com/connect, and springhealth.com/blog websites, as well as any affiliated blog pages (the “Connect Websites”) operated by us from which you are accessing this privacy policy (the “Connect Privacy Policy”). Your use of the Connect Website shall be referred to as the “Connect Services.”

PLEASE NOTE: THIS CONNECT PRIVACY POLICY APPLIES TO USERS IN THE UNITED STATES VISITING CONNECT WEBSITES AND DOES NOT APPLY TO ANY OTHER WEB PAGES ASSOCIATED WITH THE SPRINGHEALTH.COM DOMAIN OR TO USERS FROM OUTSIDE OF THE UNITED STATES.

Information collected through your use of any other Spring Health website other than Connect Websites through the software applications made available by us for use on or through computers and mobile devices (the “Apps”), and through our social media pages that we control, as well as through HTML-formatted email messages that we may send to you that link to pages other than connect.springhealth.com are governed by the Privacy Policy located at https://www.springhealth.com/privacy-policy.

Personal Information

Personal Information We May Collect

“Personal Information” is information that identifies you as an individual or relates to an identifiable person, including: Name, Email address, and any other health related information, or any other identifiable information provided in connection with your use of the Connect Services. If you submit any Personal Information relating to other people to us or to our service providers in connection with the Connect Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this Connect Privacy Policy.

We may also collect the following Sensitive Personal Information:

Social security, driver’s license, state identification card, or passport number
Account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account
Precise geolocation
Racial or ethnic origin, religious or philosophical beliefs, or union membership
Health information
Information concerning a consumer’s sex life or sexual orientation

This information is collected as noted in the Sections above entitled How We May Collect Personal Information and How We May Collection Other Information. The business purposes for which we collect and disclose this information are:

Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards
Performing services on behalf of the business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, or providing similar services on behalf of the business
Helping to ensure security and integrity
Debugging to identify and repair errors that impair existing intended functionality
Providing advertising and marketing services to consumers
Undertaking internal research for technological development and demonstration
Undertaking activities to verify or maintain the quality or safety of our services, and to improve, upgrade, or enhance the services

How We May Collect Personal Information

We and our service providers may collect Personal Information in a variety of ways, including:

Through the Connect Services: We may collect Personal Information directly from you, or automatically through the use of tracking technology, through the Connect Services, e.g., when you visit the Connect Websites or register for an account.
From Other Sources: We may receive your Personal Information from other sources with your consent or as permitted by applicable law, such as from your insurance or healthcare provider, public databases, joint marketing partners, service providers, analytics providers, and other third parties.

How We May Use and Disclose Your Personal Information

Spring may have an arrangement with your insurance or healthcare provider and, under that arrangement, may be permitted to use and disclose your Personal Information as directed by them, consistent with applicable law. Spring also uses and discloses Personal Information to provide the Connect Services as described below.

We May Use Personal Information:

To respond to your inquiries, fulfill your requests, and send you communications that you request. To send administrative information to you, for example, information regarding using the Connect Services and registering for a Spring Health account, and changes to our terms, conditions and policies.
For our internal management and business purposes to the extent required or permitted under applicable law, such as data analysis, developing new products and services, enhancing, improving or modifying the Connect Services, audits, fraud monitoring and prevention, identifying usage trends, and related purposes, which may include the use of artificial intelligence or machine learning.
To create de-identified and/or aggregated information to improve our services, enhance our ability to provide personalized and effective care, provide our customers with utilization insights, improve patient outcomes, and any other purpose permitted by law.
As we believe to be necessary or appropriate, and only as permitted under the Health Insurance Portability & Accountability Act and amendments thereto (HIPAA) or other applicable law: (a) to comply with legal process; (b) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (c) to protect our operations or those of any of our affiliates, including in connection with investigating security incidents; or (d) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.
For marketing, individual outreach, and/or to serve personalized and/or targeted advertisements across other websites and platforms (known as “cross-context behavioral advertising”).
For such other purposes as you may consent or as may be authorized or required by applicable law.

AI DISCLAIMER: We may use information we collect internally to refine, improve, and train the models and algorithms that support our AI features. This helps us enhance AI-driven insights, improve therapy recommendations, and contribute to better mental health outcomes. Before using your information for these purposes, our practice is to remove personal details that could reasonably directly identify you. We apply strict security safeguards to protect your information from unauthorized access.

Your Personal Information may be transferred or disclosed:

To our third party service providers who assist us to provide the Connect Services (such as website hosting, data analysis, care delivery support, information technology and related infrastructure provision, email delivery, auditing, marketing and other services), and with whom we have a contract that includes appropriate privacy obligations.
To third parties, such as your insurance or healthcare provider. As de-identified and aggregated information to third parties to improve our services, enhance our ability to provide personalized and effective care, provide our customers with utilization insights, improve patient outcomes, and any other purpose permitted by law.
As we believe to be necessary or appropriate, and only as permitted under HIPAA or other applicable law: (a) to comply with legal process; (b) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (c) to protect our operations or those of any of our affiliates, including in connection with investigating security incidents; or (d) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.
To comply with federal, state, or local laws, cooperate with law enforcement agencies, exercise or defend legal claims, comply with a court order or subpoena to provide information, or to comply with certain government agency requests for emergency access to your Personal Information if you are at risk or danger of death or serious physical injury
To such third parties and for such purposes to which you consent or which may be authorized or required by law

Disclosures

In the preceding twelve (12) months, we have disclosed the following categories of Personal Information for a business purpose:

Identifiers: Name, residential address, Internet Protocol (IP) address, email address, or other similar identifiers
Customer records information: Name, address, telephone number, medical information, health insurance information
Characteristics of protected classifications under California, additional US state or federal law: Race, gender identity, age
Internet or other similar network activity: Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement
Geolocation data: physical location or movement
Professional or employment-related information

Please note that under state law some of the activities described in this policy may be considered “sharing” or "selling" or your Personal Information. You may remove or adjust your cookie preferences on your device or browser as they permit, and you may contact us to exercise your rights at any time (see “Contacting Us” below).

The categories of third parties to whom we shared personal information with are:

Service providers: Cloud hosting, email delivery, medical record management, telehealth video platform, care delivery support, service desk management, platform usage analytics, business analytics, SMS delivery, log aggregation, geolocation

The categories of third parties to whom, with your consent, we shared information for commercial purposes (“sold”) are:

Advertising platforms and websites

Other Information

Other Information We May Collect

“Other Information” is any information that does not reveal your specific identity or does not directly relate to an individual, such as:

Browser and device information
App usage data
Information collected through cookies, pixel tags and other technologies
General demographic information
Aggregated information

If we are required to treat Other Information as Personal Information under applicable law, then we may use it for the purposes for which we use and disclose Personal Information as detailed in this Policy.

How We May Collect Other Information

We and our third party service providers may collect Other Information in a variety of ways, including:

Through your browser or device: Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version and the name and version of the Connect you are using. We use this information to ensure that the Connect Services function properly.
Through your use of the Apps: When you download and use the Apps, we and our service providers may track and collect usage data, such as the date and time the App on your device accesses our servers and what information and files have been downloaded to the App based on your device number.
Using cookies, pixel tags and other similar technologies: Pixel tags (also known as web beacons and clear GIFs) may be used in connection with the Connect Service to, among other things, track the actions of users of the Connect Services (including email recipients), and compile statistics about usage of the Connect Services and response rates. If you consent we may also use these cookies for marketing purposes.
Analytics: We use services (such as Google Analytics and Mixpanel), which use cookies and similar technologies to collect and analyze information about use of the Connect Services and report on activities and trends. This service may also collect information regarding the use of other websites, apps and online resources.
IP Address: Your IP address is a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP). An IP address may be identified and logged automatically in our server log files whenever a user accesses the Connect Services, along with the time of the visit and the page(s) that were visited. Collecting IP addresses is standard practice and is done automatically by many websites, applications and other services. We use IP addresses for purposes such as calculating usage levels, diagnosing server problems and administering the Connect Services. We may also derive your approximate location from your IP address.
Physical Location: We may collect the physical location of your device by, for example, using satellite, cell phone tower or WiFi signals. We may use your device’s physical location to provide you with personalized location-based services and content. You may be permitted to allow or deny such use, but, if you do, we may not be able to provide you with the applicable personalized services and content.
From you: Information such as your preferred means of communication is collected when you voluntarily provide it.

How We May Use and Disclose Other Information

We may use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law. In some instances, we may combine Other Information with Personal Information. If we do, we will treat the combined information as Personal Information as long as it is combined.

Third Party Services

This Connect Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any site or service to which the Services link. The inclusion of a link on the Connect Services does not imply endorsement of the linked site or service by us or by our affiliates. In addition, we are not responsible for the information collection, use, disclosure or security policies or practices of other organizations, such as Meta, Apple, Google, Microsoft, or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including with respect to any Personal Information you disclose to other organizations through or in connection with the Connect Services.

Security and Retention

Security

We seek to use administrative, physical, and technical safeguards that are reasonable and appropriate for the protection of the Personal Information in our custody or control. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us in accordance with the “Contacting Us” section below.

Retention

We will retain your Personal Information in the data centers of our service providers. We will retain your Personal Information for the period necessary to fulfill the purposes outlined in this Connect Privacy Policy unless a longer retention period is required or permitted by law. We will keep and maintain all information for at least the minimum period required by applicable state and federal data record retention laws in order to comply with our legal and compliance obligations. As our operations are conducted from the US, all Personal Information that we collect is used and stored in the US, is subject to US laws, and may be subject to disclosure to US governments, courts or law enforcement or regulatory agencies pursuant to those laws.

Use of Connect Services by Minors Under Age 13

The above sections of this Connect Privacy Policy contains details about the information we collect, which extend to information we collect about children. The information we collect will be used and disclosed for the purposes described above. We will not require a child to disclose more information than is reasonably necessary to participate in an activity.

No Personal Information about a child will be made available to the public or sold. We may engage employees and third-party services providers to work with us to administer and provide the Connect Services or to promote our Connect Services. These employees and third-party services providers have access to your Personal Information only for the purpose of performing services on our behalf, always in accordance with all applicable laws, including HIPAA, and are expressly obligated not to disclose or use your Personal Information for any other purpose. You have the right to agree for us to collect and use your child’s Personal Information but still not allow disclosure to third parties unless such disclosure is part of our Connect Services.

In addition to your right to revoke your consent for the collection of your child’s Personal Information, you may request to review the Personal Information we have collected from your child or ask to delete the information we have collected from your child unless we are required by law to maintain that information. Please submit your request or any questions to us at privacy@springhealth.com.

Individual Rights

You have rights under certain US state data protection laws. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law. These rights include:

Right to know whether or not we are processing your personal data
Right to access your personal data
Right to correct inaccuracies in your personal data
Right to request the deletion of your personal data
- Each request for deletion will be evaluated on a case by case basis to determine whether we are required by state and/or federal record retention laws, or other legally compelling reason, to preserve specific categories of information. See the “Security and Retention” section above.
Right to obtain a copy of the personal data you previously shared with us
Right to non-discrimination for exercising your rights
Right to opt out of the processing of your personal data if it is used for targeted advertising (or sharing as defined under state privacy law), the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects ("profiling")

The following list of rights are not available to all US residents and will depend upon the state where you live. If your state guarantees it, you may also have the following rights:

Right to access the categories of personal data being processed
Right to obtain a list of the categories of third parties to which we have disclosed personal data
Right to obtain a list of specific third parties to which we have disclosed personal data
Right to review, understand, question, and correct how personal data has been profiled
Right to limit use and disclosure of sensitive personal data
Right to opt out of the collection of sensitive data and personal data collected through the operation of a voice or facial recognition feature

You may submit a verifiable consumer request to us to exercise any of these rights by contacting privacy@springhealth.com. We will process such requests in accordance with applicable laws.

Response Timing and Format

We will respond to a verifiable consumer request within 10 days of its receipt. We will generally process these requests within 45 days of its receipt. If we require more time (up to an additional 45 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

Verification

Only you or a person that you authorize to act on your behalf in compliance with state law, may make a verifiable consumer request related to your Personal Information. For privacy protection, we will ask you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.

Non-Discrimination

We will not discriminate against you for exercising any of your consumer rights. Unless permitted by state law, we will not:

Deny you goods or services.
Charge you different prices or rates for goods or services, including through
Granting discounts or other benefits, or imposing penalties.
Provide you a different level or quality of goods or services.
Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Updates to This Connect Privacy Policy

We may change this Connect Privacy Policy. The “Last Updated” legend at the top of this page indicates when this Connect Privacy Policy was last revised. Any changes will become effective when we post the revised Connect Privacy Policy on the Connect Services. Your use of the Connect Services following these changes means that you accept the revised Connect Privacy Policy.

Contacting Us

If you have any questions about this Connect Privacy Policy, please contact the Privacy Office at privacy@springhealth.com, or by calling 1-855-629-0554. Because email communications are not always secure, please do not include credit card or other sensitive information in your emails to us.

From Vision to Impact: How Moda Health Transformed Behavioral Health Access

From 6 to 12 sessions: How Wellstar drove a 37% increase in utilization through expanded access

Introducing Continuous Care: A New Model of Mental Healthcare

Introducing Journeys: Personalized Mental Health Support for Every Moment That Matters

8 essential questions to ask when evaluating an EAP or mental health solution

Off-label AI: The mental health risk nobody is talking about