Privacy Policy

Last Updated: January 5, 2025

Circular Health, Inc. d/b/a Vindara Health (collectively, “Vindara Health”, “we”, “us”, “our”) is in the business of operating website(s) and platform(s), including providing you access to an affiliate network of expert providers and other clinical services. Vindara Health is the creator of the Vindara Health App (the “Platform”). The Platform, including all relevant content and functionality associated with the Platform, and Vindara Health’s website, located at https://joincircular.com/ (the “Website”), are collectively referred to as the “Services”.

At Vindara Health, trust is foundational to everything we do. Many of the people who come to us are navigating complex health journeys, and we understand that sharing personal and health-related information requires care, transparency, and respect.

We design our systems with privacy and security as core principles—not as afterthoughts. While not all parts of our business are legally subject to healthcare privacy laws such as the Health Insurance Portability and Accountability Act (“HIPAA”), we intentionally build our technology, internal processes, and security controls using HIPAA as a benchmark. When you access the Services or send your Personal Information to us via email, text messages, or other electronic messages, you consent to receive communications from us, in accordance with this Privacy Policy.

This Privacy Policy is intended to explain, in clear terms:

  • what information we collect,

  • how and why we use it,

  • when it may be shared,

  • and how we work to keep it secure.

If you ever have questions, we want you to ask them. You can reach us at support@vindarahealth.com.

Please read this Privacy Policy carefully. If you don’t agree with this Privacy Policy, do not use our Services. By accessing or using our Services, you agree that you have read this Privacy Policy and you understand, and consent to be bound by, the terms and conditions herein. If you have not done so already, please also review our Terms of Service. The Terms of Service contain provisions that limit our liability to you. If you are using the Services on behalf of an individual other than yourself, you represent that you are authorized by such individual to act on such individual's behalf and that such individual acknowledges and agrees to the terms and conditions herein.

Changes to this privacy policy and notifications

We reserve the right to amend this Privacy Policy at any time. We will notify you and/or require you to accept the updated Privacy Policy only if the supplemented, amended or otherwise modified Privacy Policy implements material changes from our then-current Privacy Policy. It is your responsibility to carefully review this Privacy Policy each time you visit, access or use the Service.

Vindara Health may provide you with notices, including those regarding changes to this Agreement, using any reasonable means now known or hereafter developed, including by email, regular mail, SMS, MMS, text message or postings on the Website or Platform. Such notices may not be received if you violate this Agreement by accessing the Website or Platform in an unauthorized manner. You agree that you are deemed to have received any and all notices that would have been delivered had you accessed the Services in an authorized manner. We will not make retroactive changes that reduce your privacy rights unless we are legally required to do so. Your continued use of our Services after we make changes shall constitute your acceptance of those changes, so please check this Privacy Policy periodically for updates. The amended Privacy Policy supersedes all previous versions.

Information we collect about you

The Personal Information we collect depends on how you interact with us, the portions of the Service you use, and the choices you make. We receive and collect information that you directly submit to us or that we gather when you use our Services or interact with our advertising and applications on third-party websites and services, including:

  1. Personal information such as your name, mailing address, telephone number, email address, health data, demographic information (e.g., age, gender, ethnicity), payment information, communications via text and email, and third-party website, network, platform, server and/or application information (e.g., Facebook, Twitter, Instagram),

  2. Non-personal information such as IP addresses and device information, usage data, including information that is passively or automatically collected through cookies, your browser or device, or other services, and information from third parties. Information we create or generate.

  3. Inferences from other data we collect, including using automated means to generate information about your likely preferences or other characteristics. For example, we infer your general geographic location (such as city, state, and country) based on your IP address. We may also collect information on your physical location, which may be provided by you or collected through the use of our Website, Platform, or other communication channels.

  4. Personal Information related to your health history, biometrics, updated lab data or scans, and prior diagnoses in order to determine your eligibility for Services (“Healthcare Information”). In this Privacy Policy, we refer to all of the above as “Personal Information.”

When you are asked to provide Personal Information, you may decline. And you may use web browser or operating system controls to prevent certain types of automatic data collection. But if you choose not to provide or allow information that is necessary for certain services or features, those services or features may not be available or fully functional.

Special Protections for Healthcare Information

Vindara Health is not a licensed healthcare provider. Certain healthcare services made available through the Services are provided by independently operated medical practices and clinicians (the “Affiliated Providers”).

As a result, Vindara Health may not be directly subject to HIPAA in all circumstances. However:

  • We design and operate our technology platform using HIPAA standards as a benchmark, including administrative, technical, and physical safeguards.

  • We limit access to health-related information to authorized personnel only, based on role and necessity.

When you receive medical care from an Affiliated Provider, the Affiliated Provider’s use of your medical record is governed by their own privacy practices and applicable healthcare privacy laws. Where Vindara Health supports the delivery of care through technology or operational support, we handle any related information with at least the level of protection you are entitled to under laws applicable to the Affiliated Providers—that is, consistent with this Privacy Policy and our contractual commitments to our Affiliated Providers, and applicable state laws concerning consumer and healthcare information.

Our Core Commitments Regarding the Use and Protection of Your Personal Information

We want to be clear about what we do—and do not do with your information. Here are our core commitments:

  • We do not sell your Personal Information to data brokers. This means your information will not be transferred to third parties who aggregate and resell consumer data.

  • We do not share your Personal Information with advertisers or social media companies for their marketing purposes.

  • We do not use your Healthcare Information for website analytics or marketing purposes, and we do not use any Personal Information to target individuals based on health conditions.

  • We use encryption, access controls, audit logging, and secure infrastructure designed for sensitive data.

  • When we work with third-party service providers that support our platform (such as hosting, analytics, communications, or AI tools), we require contractual safeguards and technical controls that are at least as protective as those described in this Privacy Policy.

  • Where appropriate, we use de-identified or aggregated information to improve our services, which means the data cannot be traced back to individual users.

In the following sections, we provide more detail about how we use and protect your information.

How We Use Your Personal Information

Vindara Health processes your Personal Information for legitimate business purposes, the fulfillment of our services to you, compliance with our legal obligations, and/or your consent. ****We use Personal Information to:

  • fulfill the reason for which you shared such information. For example, if you enter your payment information, we will use it to process a payment;

  • provide you with information, products, or services you request. For example, if you elect to receive healthcare services, we may share your Personal Information with a third-party lab provider or an Affiliated Provider network;

  • communicate with you and manage your account;

  • ‍understand you and your preferences to enhance your experience and enjoyment using our services offered via the Services;

  • properly store and track your data within our system;

  • determine your eligibility for the products and services available through the Services, including confirming your location;

  • respond to lawful requests from public and government authorities, and to comply with applicable state/federal law, including cooperation with judicial proceedings and court orders;

  • protect our rights, privacy, safety, or property, and/or that of you or others by providing proper notices, pursuing available legal remedies, and acting to limit our damages;

  • manage and improve our operations, the Services, including the development of additional functionality;

  • evaluate the quality of service you receive, identify usage trends, conduct research, and improve your experience;

  • develop, test, or improve the Services and content, features and/or products or services offered via the Service, and identify or create new products or services;

  • keep our Services safe and secure;

  • send you information about changes to our terms, conditions, and policies;

  • carry out our obligations and enforce our rights arising from any contracts entered into between users and us, including for collection of payments;

  • provide you with email alerts, event registrations, and other notices concerning our products or services, or events or news, that may be of interest to you; and

  • testing, research, analysis and product development.

In some states, we may be required to obtain your consent prior to using certain sensitive Personal Information that constitutes Healthcare Information.

We may de-identify your information and use such de-identified information for business, research, analytics, or service improvement purposes, in compliance with applicable law.

We may use your Personal Information to contact you with offers, promotions, and other marketing communications. We may also use cookies to provide relevant advertising or other communications or services.‍ You may opt out of receiving these messages at any time by following the unsubscribe link within the applicable message or by contacting us at support@vindarahealth.com.

How we keep your Personal Information secure

We retain Personal Information as long as it is necessary and relevant for our operations. We also retain Personal Information from closed accounts to comply with applicable law, prevent fraud, resolve disputes, troubleshoot problems, assist with investigations, enforce our Terms of Service, collect any fees owed, and take other actions permitted by law. After it is no longer necessary for us to retain information, we dispose of it according to our Data Retention Policies.

We strive to use industry-standard data collection, storage, and processing practices and security measures to protect against any unauthorized access to, accidental loss of, or disclosure of your information.  These safeguards may vary based on the sensitivity of the information that we collect and store.

Unfortunately, no security method or combination of methods is foolproof. We will always do our best and will work with third-party service providers that strive to do the same, but we cannot warrant or guarantee the absolute security of any Personal Information that may be transmitted to or from our Services. There is no guarantee that Personal Information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. Therefore, any transmission of Personal Information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Services or your computer or mobile device.

We are not responsible for any interception or interruption of any communications through the internet or for changes to or losses of data. You are responsible for maintaining the security of any password, user ID or other form of authentication involved in obtaining access to password protected or secure areas of our Services. To protect you and your data, we may suspend your use of any of the Services without notice, pending an investigation, if any breach of security is suspected. If you have reason to believe that the security of your Account has been compromised, please notify us immediately at contact@vindarahealth.com.

Please note that we will never send you an email requesting confidential information, such as account numbers, usernames, passwords, or Social Security Numbers.

In the event of a data or security breach, we will take the following actions: (i) promptly investigate the security incident, validate the root cause, and, where applicable, remediate any vulnerabilities within our control which may have given rise to the security incident; (ii) comply with laws and regulations directly applicable to us in connection with such security incident; (iii) as applicable, cooperate with any affected user in accordance with the terms of our contract with such user;  (iv) document and record actions taken by us in connection with the security incident; and (v) conduct a post-incident review of the circumstances related to the incident and actions/recommendations taken to prevent similar security incidents in the future. We will notify you of any data or security breaches as required by and in accordance with applicable law.

Cookies and Other Data Collection Tools

A cookie is a small piece of data sent from a website and stored on your computer by your web browser. Cookies contain information about your computer, such as a user ID, user settings, browsing history and activities conducted while using the Services. Cookies are not themselves personally identifiable but may be linked to Personal Information. A cookie typically contains the name of the domain (internet location) from which the cookie originated, the “lifetime” of the cookie (i.e., when it expires) and a randomly generated unique number or similar identifier.

The file is added once you agree to store cookies on your computer or device, and the cookie helps analyze web traffic or lets a web server know when you visit a particular site. Cookies allow sites to respond to you as an individual. Using cookies, the Website can also tailor its operations to your needs, likes, and dislikes by gathering and remembering information about your preferences. We use cookies and other data collection tools (such as web beacons and server logs), which we collectively refer to as “data collection tools,” to help improve your experience with our Services. For example, we may use web beacons in our email messages or newsletters to tell us if you open and act on them.

Mobile analytics and advertising IDs are generated by operating systems for mobile devices (iOS and Android) and can be accessed and used by apps in much the same way that websites access and use cookies. Our apps contain software that enables us and our third-party analytics and advertising partners to access these mobile IDs.

How do we and our partners use cookies and similar technologies?

We, and our analytics and advertising partners, use these technologies in our websites, apps, and online services to collect Personal Information (such as the pages you visit, the links you click on, and similar usage information, identifiers, and device information) when you use our Services, including Personal Information about your online activities over time and across different websites or online services. This data is used to store your preferences and settings, enable you to sign-in, analyze how our websites and apps perform, track your interaction with the site or app, develop inferences, deliver and tailor interest-based advertising, combat fraud, and fulfill other legitimate purposes.

Overall, cookies help us provide you a better experience with Vindara Health, by enabling us to monitor which pages you find useful and which you do not. You can accept or decline cookies. Most web browsers automatically accept cookies, but you can modify your browser setting to decline cookies if you prefer. To find out more about cookies, including how to manage and delete cookies, visit www.allaboutcookies.org. Some web browsers (including some mobile web browsers) provide settings that allow a user to reject cookies or to alert a user when a cookie is placed on the user’s computer, tablet or mobile device. Most mobile devices also offer settings to reject mobile device identifiers. Although users are not required to accept cookies or mobile device identifiers, blocking or rejecting them may prevent access to some features available through the Services.

Note: We do not currently respond to web browser "do not track" signals or other mechanisms that provide a method to opt out of the collection of information across the networks of websites and online services in which we participate. If we do so in the future, we will describe how we do so in this Privacy Policy.

Text Messaging

By opting to use the Services provided by Vindara Health, you consent to receive SMS (text) messages from Vindara Health, its affiliates, and its partners pertaining to your account, services you have requested, and your interaction with Vindara Health's Services. These messages may include, but are not limited to, appointment reminders, updates on services, promotional offers, and information relevant to your account and services.

You acknowledge and agree that:

  1. You are the owner of the mobile device you used in order to initiate the SMS Enrollment and that you are authorized to consent to receive and pay for messages at that number;

  2. SMS messages may be sent using automated technology;

  3. You do not have to consent to receive SMS messages as a condition of purchasing any goods or services;

  4. Standard message and data rates may apply to any SMS messages sent or received;

  5. The frequency of messages varies – you may receive messages periodically based on your interaction with Vindara Health's Services; and

  6. We shall not be liable for delayed or undelivered messages.

If you are experiencing any issues with our text messaging or email services, or if you have any concerns about sending or receiving any sensitive information through text or email, please contact us directly at support@vindarahealth.com. If you have questions specific to your text or data plan, please contact your wireless provider.

Advertising and Marketing Analytics and Opting Out

We may use common analytics and marketing tools to understand how visitors use our Website and to improve outreach. These tools do not receive Healthcare Information. To learn more about the analytics program(s) and how you can opt out of information sharing, see below.

  1. Facebook: (1) Privacy Policy; (2) Opt Out Settings.

  2. Google Analytics: (1) Privacy Policy; (2) Opt Out Settings.

You can also use third party opt-out controls such as NAI and DAA.

Disclosure of your Personal Information

We do not sell, share, or otherwise disclose your Personal Information for reasons other than those described in this Privacy Policy.

We may disclose your Personal Information to a few third parties, including:

  • Affiliated Providers from whom you choose to receive products or services

  • our parent company, subsidiaries and affiliates;

  • the third-party service providers, contractors, subcontractors, and business associates we use to support our business (e.g., electronic health record platforms, laboratory services, cloud hosting providers, payment processors, and communication tools);

  • law enforcement or government agencies in order to protect the security, safety, and rights of our users and ourselves or when we believe that doing so is necessary to comply with applicable law or respond to valid legal process

  • marketing and advertising partners, including marketing analytics vendors, in compliance with applicable law; and

  • to any company we might merge with or acquire, or that acquires us, or in the event of structural change of our company of any form (e.g., a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding).

We may also disclose, without restriction, aggregated information about our users and information that does not identify any individual user. Our continued use of aggregated and de-identified data will comply with applicable law.

Data Retention

We may retain your Personal Information for as long as necessary for our business purposes, or as required to comply with our legal obligations, resolve disputes, and enforce our agreements. We reserve the right to retain and use your information as necessary to provide our Services and fulfill our business operations. We may dispose of or delete any such information at our discretion, subject to any other agreement you may have with us or as required by applicable law (“Data Retention Policies”).

Similarly, our Affiliated Providers may retain your Personal Information for periods they deem necessary for their operational purposes, to comply with their legal obligations, to resolve disputes, and to enforce their agreements. These Affiliated Providers may dispose of or delete your information in accordance with their own retention policies, except as otherwise outlined in any agreements you have with them or as required by law.

Links to other sites

Our Services may contain links to third-party websites, services, applications, or other resources not operated by us (“Third Party Services”). Any information you provide to these parties is not subject to the terms of this Privacy Policy. It is your responsibility to review these policies, as they govern how these third parties handle your Personal Information, including the duration for which it is retained and the conditions under which it may be disposed of or deleted.

This Privacy Policy does not address, and we are not responsible for, the privacy, information, or other practices of Third-Party Services, including any third party operating a website or service to which the Services link.  The inclusion of a link on the Services does not imply our endorsement of the linked site or service. Personal Information collected by our Affiliated Providers is subject to those providers’ Notice of Privacy Practices or other data privacy notices, which you can request at the time of your receipt of healthcare services.

We are not responsible for the information collection, use, disclosure, or security policies or practices of other organizations, such as Facebook, Twitter, Instagram, YouTube, Pinterest, LinkedIn, Apple, Google, Microsoft, or any other app developer, app provider, social media platform, operating system provider, wireless service provider, or device manufacturer, including any Personal Information you disclose to other organizations through our Website and Platform or social media pages.

Children under the age of 18

This Website and Platform are not for persons under the age of 18 (collectively, “Minors”). Minors are not authorized to use this Website or the Platform, or to provide any information through the Services. We do not solicit or knowingly collect information from Minors, and if we become aware of any such information being collected, we will take immediate action to delete it. Should you become aware that we have collected Personal Information from a Minor, please contact us at support@vindarahealth.com.

Opt-out and unsubscribe

We may send communications, including emails, to you using your Personal Information. You may opt out of receiving certain communications (e.g., newsletters, promotions) by emailing us your preference. However, even if you opt out, we may still send you communications necessary to provide ongoing services you request from us.

If you’d like to opt-out of receiving offers, promotions, and other marketing communications, you may do so by emailing contact@vindarahealth.com

Jurisdiction and cross-border transfer

We are located in the United States.  We may store and process your Personal Information in any country where we have facilities or in which we engage service providers.  By using the Services, you understand that your information may be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country.

Contacting us

If you’d like to receive additional information about our privacy practices, have questions, or would like to make a request, you may contact us at the below addresses.

support@vindarahealth.com

Circular Health, Inc. (d/b/a Vindara Health)

2093 Philadelphia Pike #8006

Claymont, DE 19703

Be the first to know when we launch in your area

Join waitlist

Be the first to know when we launch in your area

Join waitlist