CareMind® - About Us - Our Leadership Team

Website Privacy Policy

Effective as of May 29, 2026.

This Website Privacy Policy applies to personal information collected through our public Website and other public online properties that link to it. It covers Mindoula Health, Inc., Caremind, and our subsidiaries and affiliates ("Mindoula," "we," "us" or "our"). It does not apply to information collected through our member portal, patient-facing applications, or in the course of providing care services. If information you provide through the public Website is or becomes protected health information (PHI) under HIPAA, our Notice of Privacy Practices governs our use and disclosure of that PHI. If there is a conflict between this Website Privacy Policy and the Notice of Privacy Practices with respect to PHI, the Notice of Privacy Practices controls.

Personal Information We Collect

Information you provide to us or that we generate about you. Personal information you may provide to us through the Website or otherwise or that we may generate about you includes:

Contact information, such as your first and last name, salutation, email address, mailing addresses, phone number and, as applicable, relevant professional contact information.
Demographic data, such as your city, state, country of residence, and postal code.
Communications data based on our exchanges with you, including when you contact us through the Website, communicate with us via chat features, social media, or otherwise.
Marketing data, such as your preferences for receiving our marketing communications and details about your engagement with them.
Other data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

Please do not use public website forms, email links, chat features, or social media pages to submit urgent medical information, request emergency help, or communicate with your care team about time-sensitive treatment issues. If you are experiencing an emergency, call 911 or go to the nearest emergency room. If you are a Mindoula member, use the member portal or the contact method provided by your care team for care-related communications.

If you choose to provide health-related information through our public website, we use it only to respond to or route your inquiry, provide information you request, evaluate or facilitate your interest in Mindoula services, comply with law, and protect rights, safety, security, and integrity. To the extent health-related information submitted through the public website is not PHI governed by our Notice of Privacy Practices, we treat it as sensitive information and do not sell it or use it for targeted advertising.

Third-party sources. We may combine personal information we receive from you with personal information falling within one of the categories identified above that we obtain from other sources, such as:

Public sources, such as government agencies, public records, social media platforms, and other publicly available sources.
Data providers, such as information services and data licensors.
Service providers that provide services on our behalf or help us operate the Website or our business.
Business transaction partners. We may receive personal information in connection with an actual or prospective business transaction. For example, we may receive your personal information from an entity we acquire or are acquired by, a successor, or assignee or any party involved in a business transaction such as a merger, acquisition, sale of assets, or similar transaction, and/or in the context of an insolvency, bankruptcy, or receivership.

Automatic data collection. We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and your interaction over time with the Website, our communications and other online services, such as:

Device data, such as your computer or mobile device's operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state or geographic area.
Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Website, navigation paths between pages or screens, information about your activity on a page or screen, access times and duration of access, and whether you have opened our emails or clicked links within them.
Communication interaction data such as your interactions with our email, text or other communications (e.g., whether you open and/or forward emails) – we may do this through use of pixel tags (which are also known as clear GIFs), which may be embedded invisibly in our emails.

For more information concerning our automatic collection of data, please see the Tracking & other technologies section below.

Tracking and Other Technologies

Cookies and similar technologies. Some of the automatic data collection described above is facilitated by the following technologies:

Cookies are small text files that websites store on user devices and that allow web servers to record users' web browsing activities and remember their submissions, preferences, and login status as they navigate a site. We may use the following categories of cookies:
- Strictly Necessary Cookies: Required for the website to function. These cannot be disabled. Examples: session management, security tokens.
- Analytics Cookies: Help us understand how visitors use our Website. Example: Google Analytics.
- Functional Cookies: Enable enhanced functionality and personalization. Examples: language preferences, region selection.
- Marketing Cookies: Used to deliver relevant advertisements.
Local storage technologies, like HTML5, provide cookie-equivalent functionality but can store larger amounts of data on your device outside of your browser in connection with specific applications.
Web beacons, also known as pixel tags or clear GIFs, are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.

We design our use of analytics and tracking technologies to avoid disclosing PHI or health-related information submitted through public Website forms to third-party advertising or analytics vendors unless permitted by applicable law and, where required, supported by appropriate contractual safeguards. We do not permit third-party analytics or advertising vendors to use PHI or health-related Website submissions for their own advertising, profiling, model training, or independent commercial purposes.

For information concerning your choices with respect to the use of tracking technologies, see the Your Choices section, below.

How We Use Your Personal Information

We may use your personal information for the following purposes or as otherwise described at the time of collection:

Service delivery and operations. We may use your personal information to:

provide the Website and operate our business;
enable security features of the Website;
communicate with you about the Website, including by sending service-related announcements, updates, security alerts, and support and administrative messages; and
provide support for the Website, and respond to your requests, questions and feedback.

Service personalization, which may include using your personal information to:

understand your needs and interests;
personalize your experience with the Website and our Website-related communications; and
remember your selections and preferences as you navigate webpages.

Service improvement and analytics. We may use your personal information to analyze your usage of the Website, improve the Website, improve the rest of our business, help us understand user activity on the Website, including which pages are most and least visited and how visitors move around the Website, as well as user interactions with our emails, and to develop new products and services. For example, we use Google Analytics as a web analytics tool for this purpose. You can learn more about Google Analytics and how to prevent the use of Google Analytics relating to your use of our sites here: https://tools.google.com/dlpage/gaoptout?hl=en.

SMS Communications. Mindoula may send SMS messages specifically for care engagement purposes. The mobile numbers collected for these care engagement purposes are used only to deliver those messages and are not sold or shared for third-party marketing. Message and data rates may apply for these messages.

Marketing. We may use contact information to send marketing communications about Mindoula services, events, or resources, where permitted by law. We do not use PHI for marketing except as permitted by HIPAA or with a valid authorization, and we do not use health-related information submitted through public website forms for targeted advertising. You may opt out of marketing emails at any time.

Compliance and protection. We may use your personal information to:

comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas, investigations or requests from government authorities;
protect our, your or others' rights, privacy, safety or property (including by making and defending legal claims);
audit our internal processes for compliance with legal and contractual requirements or our internal policies;
enforce the terms and conditions that govern the Website; and
prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

Data sharing in the context of corporate events. We may share certain personal information in the context of actual or prospective corporate events with business transferees – for more information, see How We Share Your Personal Information, below.

To create aggregated, de-identified and/or anonymized data. We may create aggregated, de-identified and/or anonymized data from your personal information and other individuals whose personal information we collect. We make personal information into de-identified and/or anonymized data by removing information that makes the data identifiable to you. We may use this aggregated, de-identified and/or anonymized data and share it with third parties for our lawful business purposes, including to analyze and improve the Website and promote our business. Where we maintain or use de-identified data, we maintain and use it in de-identified form and do not attempt to reidentify it except as permitted by applicable law.

Further uses. In some cases, we may use your personal information for further uses, in which case we will ask for your consent to use your personal information for those further purposes if they are not compatible with the initial purpose for which the information was collected.

Automated Decision-Making. We do not use automated decision-making technology to make decisions that produce legal or similarly significant effects on you based on information collected through our Website.

We may share your personal information with the following parties and as otherwise described in this Privacy Policy, in other applicable notices, or at the time of collection.

Affiliates. Our corporate parent, subsidiaries, and affiliates.

Service providers. Third parties that provide services on our behalf or help us operate the Website or our business (such as hosting, information technology, customer support, customer service-related services, marketing, consumer research and website analytics).

Third parties designated by you. We may share your personal information with third parties where you have instructed us or provided your consent to do so.

Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.

Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the Compliance and protection purposes described above.

Business transferees. We may disclose personal information in the context of actual or prospective business transactions (e.g., investments in or financings of Mindoula, public stock offerings, or the sale, transfer or merger of all or part of our business, assets or shares), for example, we may need to share certain personal information with prospective counterparties and their advisers. We may also disclose your personal information to an acquirer, successor, or assignee of Mindoula as part of any merger, acquisition, sale of assets, or similar transaction, and/or in the event of an insolvency, bankruptcy, or receivership in which personal information is transferred to one or more third parties as one of our business assets.

Data Retention

We retain personal information for as long as reasonably necessary to fulfill the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements.

Cookie and local storage retention varies depending on the technology and purpose. Session cookies are deleted when you close your browser; persistent cookies and local storage remain for the period set by the technology unless you delete them or change your settings.

Health-related inquiries submitted through the public website are retained only as long as reasonably necessary to respond to or route the inquiry, comply with law, resolve disputes, maintain records, and protect rights, safety, and security. If information becomes part of a medical, member, or business record governed by another notice or legal requirement, that record may be retained under the applicable retention schedule.

Your Choices

Opt-out of email marketing communications. You may opt-out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us using the information in the "How to Contact Us" section below. Please note that if you choose to opt-out of marketing-related emails, you may continue to receive service-related and other non-marketing emails.

Opt-out of SMS messaging. You may discontinue receiving SMS messages at any time, by replying "STOP" to 51458 from your mobile device.

Cookies. You can manage non-essential cookies and applicable opt-out rights by clicking the "Your Privacy Choices" link in our Website footer, or by contacting us using the information in the "How to Contact Us" section below. We also honor legally recognized opt-out preference signals, such as Global Privacy Control, where required by applicable law. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Please note that if you set your browser to disable cookies, the Service may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org. Your cookie choices may be browser- or device-specific, so you may need to set your preferences on each browser and device you use.

Blocking images/clear gifs. Most browsers and devices allow you to configure your device to prevent images from loading. To do this, follow the instructions in your particular browser or device settings.

Do Not Track and Global Privacy Control. Some browsers transmit "Do Not Track" (DNT) signals. We do not currently respond to DNT signals. However, we honor Global Privacy Control (GPC) signals as opt-out-of-sale/sharing requests where required by applicable law, such as the California Consumer Privacy Act. To learn more about GPC, visit https://globalprivacycontrol.org.

Declining to provide information. We need to collect personal information to provide certain services. If you do not provide the information we identify as required or mandatory, we may not be able to provide those services.

Your Privacy Rights

Depending on where you reside, applicable privacy laws may give you certain rights regarding the personal information we collect about you through our Website. These rights may include:

Right to Confirm / Know / Access. You may request that we disclose the categories and specific pieces of personal information we have collected about you, the sources of collection, the purposes for collection, and the categories of third parties with whom we have shared your information. You may also request to obtain a portable copy of personal information we have collected about you.
Right to Delete. You may request that we delete personal information we have collected from you, subject to certain exceptions.
Right to Correct. You may request that we correct inaccurate personal information we maintain about you.
Right to Opt Out of Sale or Sharing. We may share certain personal information with third-party advertising or analytics partners in ways that may be considered "selling" or "sharing" under applicable state privacy laws. You may opt out of this sharing by clicking the "Your Privacy Choices" link on our Website footer or by contacting us using the information in the "How to Contact Us" section below. We will process your request within 15 business days.
Right to Opt Out of Targeted Advertising and Certain Profiling. You may opt out using the same means as described above, to opt out of sale or sharing.
Right to Limit Use of Sensitive Personal Information. Where applicable, you may limit our use and disclosure of your sensitive personal information to purposes necessary to provide the Website.
Right to Non-Discrimination. We will not discriminate against you for exercising any of your privacy rights.
Right to Appeal. If we deny your privacy request, you may appeal our decision by replying to our response or by contacting us using the information below and noting that you are submitting an appeal.

To exercise these rights, please contact us using the information in the "How to Contact Us" section below. We may need to verify your identity before processing your request. If you are an authorized agent submitting a request on behalf of a consumer, we may require proof of authorization. We will respond to privacy requests and appeals within the time required by applicable law.

Note: This policy does not apply to protected health information (PHI) governed by HIPAA. For information about your rights regarding PHI, please see our Notice of Privacy Practices.

Other Sites and Services

The Website may contain links to websites, mobile applications, and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites, mobile applications or online services operated by third parties, and we are not responsible for their actions. We encourage you to read the privacy policies of the other websites, mobile applications and online services you use.

Security

We use administrative, technical, and physical safeguards designed to protect personal information, taking into account the nature of the information and the risks of the processing. However, no internet or information system can be guaranteed to be completely secure.

International Data Transfer

We are headquartered in the United States, and our public Website is intended for users in the United States. We may use service providers that operate in other countries. If you access the website from outside the United States, you understand that your personal information may be processed in the United States and other jurisdictions where our service providers operate and where privacy laws may not be as protective as those in your state, province, or country.

Children

Our public Website is not directed to children under 13, and children under 13 should not provide personal information through the public Website. Minors and guardians should not use public Website forms to submit medical, behavioral health, or time-sensitive care information. If a minor receives Mindoula services, privacy rights and communications may be governed by the applicable Notice of Privacy Practices and other applicable laws.

If you are a parent or guardian of a child under 13 from whom you believe we have collected personal information in a manner prohibited by law, please contact us. If we learn that we have collected personal information through the Website from a child without the consent of the child's parent or guardian as required by law, we will comply with applicable legal requirements to delete the information.

Changes to this Privacy Policy

We may modify this Privacy Policy from time to time. If we make material changes, we will update the effective date, post the updated version on the Website, and provide additional notice where appropriate. If applicable law requires consent for a new or materially different processing activity, we will seek consent before engaging in that activity. In all other cases, your use of the Website after the effective date of any modified Privacy Policy indicates your acknowledgement that the modified Privacy Policy applies to your interactions with the Website and our business.

How to Contact Us

If you have questions about our practices or if you would like to exercise any privacy related right that may be available to you, please contact us at:

CareMind Health
8040 Georgia Ave., Suite 170
Silver Spring, MD 20910
(888) 879-9786
PrivacyRequest@caremindhealth.com, or https://caremindhealth.com/privacy-concerns/

HIPAA, medical record, Part 2, and Notice of Privacy Practices requests should be directed to the Privacy Officer contact listed in the Notice of Privacy Practices.