skip to content

Privacy policy

Your information. Your rights. Our responsibilities.

Privacy Policy

Cecelia Health (“we”, “us”, “Cecelia”) respects your privacy and our Privacy Policy describes what types of personal information we collect, the reasons why we collect it, and how we collect your informationThis Privacy Policy also to explain how we use and disclose your personal information, and the requests and choices you can make about the Personal Information (defined below) we collect. Our practices associated with our collection, use, disclosure and maintenance or protected health information (“PHI”) can be found in our HIPAA Notice of Privacy Practices 


This Privacy Policy applies to Personal Information collected or processed through our products and services (the “Services”), and and any other Cecelia-operated website, app, or social media page that links to this Privacy Policy (collectively, the “Site and Services”).  Your doctor and your health care providers other than us may have different practices or notices about their use and sharing of health information in their own offices or clinics. This Privacy Policy does not govern your healthcare provider’s use of Personal Information or Protected Health Information (“PHI”) (as that term is defined under HIPAA) that you share with the Provider, in the course of receiving those health care services.  For more information on your Provider’s use and disclosure of your protected health information (“PHI”), please reach out to your provider for their HIPAA Notice of Privacy Practices.  


If you visit our Site and use any of our Services from outside the United States, please be aware that Personal Information may be collected, stored, and processed in the United States and is subject to the jurisdiction of U.S. state and federal law. Cecelia’s Services are intended for people located in the United States. Please be aware that the data protection laws of the United States might not be as comprehensive as those in your country.  


Please review this Privacy Policy – it is important that you understand that by using our Platform, you are agreeing to the terms of this Privacy Policy. If you have any questions, you can Contact Us at any time. 


What Information We Collect 

Information You Provide to Us Voluntarily

In various places on the Site and Services, we request information from you via forms. The exact information that we need to collect, including Personal Information will depend on the purpose of the form.  


“Personal Information” is information that identifies or relates to a particular individual. Examples of Personal Information include, among others, name, email address, phone number, mailing address, and online identifiers.  


Examples of Personal Information we collect include, when you apply for a job, we may collect your educational background information. When you open an account on the site (“Account”) we will collect your basic demographic information including, name, address, phone number/email address and insurance information. In addition, Cecelia will collect information about your health and behavioral habits, e.g., eating habits, activity level, mood, etc. Our forms will indicate when certain information may be required or when a response is optional, if you choose not to provide certain information, we may not be able to provide you with the Services you request. If any feedback or other information is collected through the Site, it is owned by Cecelia and may be used at our sole discretion. If you purchase any services or items through the Site, our payment processing vendor will collect payment information from you (e.g., credit card numbers, expiration date and CVV) under the terms and conditions set out on the vendor’s site and subject the vendor’s Privacy Policy.  


Information that We Automatically Collect From and About You

When you use or access the Site and Services, and our service providers use cookies, tracking pixels, device identifiers and other third-party tools that collect information about how you use and interact with our Site. The information we collect is processed through these technologies and may be combined with Personal Information to help operate certain features of the Site and Services, to personalize your experience and help us improve the functionality of the Site and Services. 


Most browsers offer ways to limit or block cookies and other web tracking technologies. Each browser developer provides consumer resources to help manage cookies. Please refer to your browser’s resources to help you with managing settings, (e.g., clearing, caching and deleting cookies.) 


Do Not Track

Some of our service providers may use cookies or other methods to gather information regarding your use of the Site and Services and may combine the information in these cookies with any Personal Information about you that they may have.  The use of such tracking information by a third party depends on the privacy policy of that third party. We do not respond to Do Not Track (“DNT”) signals sent to us by your browser at this time. To learn more about how DNT works, please visit 


Google Analytics

To assist us with analyzing our website traffic through cookies and similar technologies, we may use analytics services, including Google Analytics.  For more information on Google Analytics’ processing of your information, please see “How Google uses data when you use our partners’ sites or apps.”   


Log File Information

When you use our Site, our servers automatically record you Internet Protocol (IP) Address, browser type, referring URLs (aka: the site you visited before navigated to our Site), domain names associated with your internet service provider, information about your interaction on our Site, and other such information (collectively “Log File Information”). We may also collect similar information from emails we send you which can help us track which emails you open and when you click on links. We also use Log File Information to improve our Site’s function and content, and to identify potential security threats and vulnerabilities. 


Disclosure of Personal Information 

Cecelia Health will not disclose Personal Information except as set forth in this Privacy Policy or with your consent. Specifically, we do not sell Personal Information.  This section describes to whom we disclose Personal Information and for what purposes: 



The Site and Services support the treatment relationship between you and your Provider.  For us to provide our Services, we must confidentially disclose Personal Information to your Provider and/or your Provider’s third-party service providers.  Our use and disclosure of any Personal Information collected on behalf of the Provider, including PHI, is limited in accordance with applicable privacy laws and our agreements with your Provider or Health Plan. 


Payment Services Vendor

When you make a purchase of an item or services through our Site or associated with our Services, you will be securely transferred to our Payment Services Vendor that is considered a “data processor”. A data processor facilitates the payment transactions on behalf of and at the direction of the merchant from whom you will purchase the item or service. Once you choose to make the purchase, the transaction will be governed under the Terms of Use and the protections afforded under the terms of the payment service vendor’s Privacy Policy applies to the Personal Information that you disclose to the vendor. Cecelia’s ability to access any of your Personal Information related to any purchases you make through our Site and Services is limited in accordance with applicable agreements that we enter into with the payment services vendor.    


Health Information Exchange

We may share information that we obtain or create about you with other health care providers or other health care entities, such as your primary care doctor, hospital, health plan or health insurer, as permitted by law, through Health Information Exchanges (HIEs) to which we are connected. For example, information about your past medical care and current medical conditions and medications can be available to us, if they participate in the HIE as well. Exchange of health information can provide faster access, better coordination of care and assist providers and public health officials in making more informed decisions. You may opt out of sharing information that you provide to us with health information exchanges by contacting us at Even if you choose to opt-out, public health reporting and Controlled Dangerous Substances information, as part of the State Prescription Drug Monitoring Program (PDMP), will still be available to providers as permitted by law.    


Our Service Providers

We engage service providers to perform tasks on our behalf and to assist us in operating the Site and Services or providing our products and services. For example, Cecelia may use third-party vendors and hosting companies to provide the necessary hardware, software, networking, storage, and related technology required to operate the Site and Services. We may store encrypted database backups off site with a third-party storage provider to ensure data security in the case of an emergency or catastrophe. We take commercially reasonable steps to help ensure our service providers provide at least the same level of protection for Personal Information as we do.


Companies Involved in Mergers and Acquisitions Transactions

If we sell or otherwise transfer part or the whole of our business or assets to another organization (e.g., in the course of a transaction like a merger, acquisition, bankruptcy, dissolution, or liquidation), any information collected through the Site and Services, including Personal Information, may be among the items sold or transferred. 


Law Enforcement, Government Agencies, and Courts

We may disclose Personal Information at the request of law enforcement or government agencies; in response to subpoenas, court orders, or other legal process; to establish, protect, or exercise our rights; to defend against a legal claim; to protect the rights, property, or safety of any other person; or as otherwise required by law. 


How We Protect the Confidentiality of Personal Information  

We protect the confidentiality and security of Personal Information we obtain in the course of doing our business. We use commercially reasonable safeguards, such as industry-standard encryption technology, to help keep the Personal Information collected through the Site and Services secure.  


Despite these efforts to store Personal Information in a secure operating environment, we cannot guarantee the security of Personal Information during its transmission or its storage on our systems. Further, while we attempt to ensure the integrity and security of Personal Information, we cannot guarantee that our security measures will prevent third parties such as hackers from illegally obtaining access to Personal Information. We do not represent or warrant that Personal Information about you will be protected against, loss, misuse, or alteration by third parties.  


Retention and Deletion 

We will only retain your Personal Information for as long as necessary to fulfill the purposes for which it was collected and processed, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements. Depending on the program, Cecelia may be required to comply with a ten (10) year records retention requirement. This means that, we will only delete Personal Information associated with your account after ten (10) years from the last date of Service or the contract for the Services ends. In some circumstances, your Personal Information may be de-identified, aggregated, or otherwise anonymize consistent with applicable laws and industry standards so that it can no longer be associated with you, in which case it is no longer treated as Personal Information.  


Accessing, Updating, or Deleting Personal Information  

If you would like to otherwise access, update, or delete Personal Information about you, you may submit a request to We will promptly review all such requests and will respond as required and in accordance with applicable law. 


Opting Out of Receiving Electronic Communications  

We may send notifications, promotions, or other information via email or text message (“Communications”). When you set up an account you must provide a cell phone number or email address which grants us permission to contact you via text or email. You may choose to stop receiving Communications by indicating your preference in your account profile or settings. Please note that certain Site and Services-related Communications are necessary for the proper functioning and use of the Site and Services (e.g., to verify your account or your identity) and you may not have the ability to opt out of those Communications.   


California Residents 

This section applies to our collection and use of “Personal Information” as defined under California law, if you are a resident of California. 


Categories of Personal Information Collected, Used, and Disclosed

In accordance with California law, we collected the following categories of Personal Information within the preceding twelve (12) months: 

  • Identifiers such as your name, email address, IP address, and online identifiers; 
  • Certain categories of Personal Information described in subdivision (e) of California Civil Code Section 1798.80;  
  • Internet or other electronic network activity information, including information on your usage of our Website (“Usage Information”); 
  • Information used to create a profile about a consumer reflecting the consumer’s preferences or behavior; 
  • Location data such as the GPS coordinates of a mobile device;  
  • Commercial information, including records of products or services purchased or other purchasing histories; and 
  • Professional or employment-related information. 

We share each of these categories of Personal Information with our service providers to the extent necessary for them to facilitate our business purposes (including any purpose specified in Section 2, above).   


Additionally, within the past twelve (12) months, some of our online advertisers may have used and disclosed Usage Information collected automatically from the Service. This may be a “sale” as broadly defined under the CCPA.  Therefore, we provide you the right to opt out of this “sale” of Personal Information as described, below.  


Your California Privacy Rights

If you are a resident of the California, you have the following rights: 


Right to Know. You may have the right to request information on the categories of personal information that we collected in the previous twelve (12) months, the categories of sources from which the Personal Information was collected, the specific pieces of Personal Information we have collected about you, and the business purposes for which such personal information is collected and shared. You also have the right to request information on the categories of Personal Information which were disclosed for business purposes, and the categories of third parties in the twelve (12) months preceding your request for your personal information.  


Right to Delete.  You may have a right to request us to delete Personal Information that we collected from you. 


Right to Opt-Out. You have a right to opt-out of certain disclosures of Personal Information to third parties, if such disclosures constitute a “sale” under California law.  As noted above, in the past twelve (12) months we enabled advertisers to collect certain information from the Site and Services, which the advertisers may use to improve their interest-based advertising networks.  Regardless of whether this is a “sale,” you may opt-out of interest-based advertising as described in Section 3(B), above.


If you would like to exercise your rights listed above, please contact (or have your authorized agent contact) us at  When doing so, please tell us which right you are exercising and provide us with contact information to direct our response.   


We must verify your identity before fulfilling your requests.  If we cannot initially verify your identity, we may request additional information to complete the verification process. Any Personal Information you disclose to us for purposes of verifying your identity will solely be used for the purpose of verification.   


You have a right not to receive discriminatory treatment by any business when you exercise your California privacy rights. 


Children’s Privacy  

We do not knowingly collect or solicit any Personal Information from children. In the event that we learn that we have collected Personal Information from a child, we will promptly take steps to delete that information.  


Other Websites and Sites, Including Social Media  

We are not responsible for the practices employed by any websites or services linked to or from our Site and Services, including the information or content contained within them.  A link to a third party’s website is provided as a convenience and should not be construed as an endorsement by Cecelia.  We encourage you to investigate and ask questions before disclosing Personal Information to third parties.   


Changes to Our Privacy Policy  

We may modify or update this Privacy Policy from time to time, so please review it periodically. We may provide you with notice of material changes to the Privacy Policy as appropriate under the circumstances. Unless otherwise indicated, any changes to this Privacy Policy will apply immediately upon posting to the Site and Services.   


How to Contact Us  

If you have any questions about this Privacy Policy or the Site and Services, please email us at