Ourera Website Privacy Policy

1. Introduction & Scope

This Privacy Policy describes:

  • What information we collect when you visit or use our Website,

  • How we use, share, and protect that information,

  • How this interacts with HIPAA and 42 CFR Part 2 if your data on this site is tied to your status as a patient,

  • What choices you have about our collection and use of your information.

Important note: The protections under 42 CFR Part 2 apply to substance use disorder (SUD) treatment records, not to general website analytics or non–treatment website user data. However, if your Website visit becomes tied to your identity as a patient or linked to your record, it may become “protected health information,” triggering stricter protection.

Thus, in cases where your Website activity is or becomes linked to your identity as a patient, we treat it in compliance with HIPAA and Part 2 as described in our Notice of Privacy Practices.

2. What Website Information We Collect

We may collect two broad types of information:

A. Automatically Collected Data (analytics, cookies, logs, etc.)

When you visit the Website (even without logging in or identifying yourself), we or our third-party service providers may collect:

  • Your IP address, browser type and version, operating system, device type

  • The web page you came from, pages you visit, time stamps, and duration

  • Cookies, web beacons, and similar technologies to improve site performance, measure usage, or customize content

We use this data to analyze Website traffic, improve the site, and provide a better user experience.

B. User-Provided Information

If you voluntarily submit data—such as through contact forms, appointment requests, email signups, patient portal login, or surveys—we may collect:

  • Your name, email address, phone number

  • Any optional comments or messages you enter

  • Potentially more, if part of a form for patient services

If you provide information that links your Website use to your identity as a patient, that data may become Protected Health Information (PHI) under HIPAA or Part 2.

3. How We Use Website Data

We may use the data we collect for purposes including:

  • Monitoring, analyzing, and improving Website performance, features, and design

  • Security, fraud detection, and attack prevention

  • Personalizing content or user experience

  • Evaluating and improving our outreach, educational materials, and advertising effectiveness.

    We do not use or share any data that is considered Protected Health Information (PHI) or Part 2–protected substance use disorder information for marketing or advertising purposes without your explicit authorization.

4. Disclosure of Website Data to Third Parties

We may share or disclose website data under the following categories:

  • With service providers (e.g., analytics, hosting, security, email services) under contract, subject to confidentiality

  • When required by law, court order, subpoena, or to respond to legal process

  • For public safety or emergencies, if permitted by law

  • To protect our rights, property, or with your consent

5. Data Retention & Anonymization

  • Automatically collected analytics / log data may be retained in aggregated or de-identified form indefinitely.

  • Identifiable data from forms or accounts will be kept as long as necessary to fulfill its purpose or comply with legal obligations.

  • Where feasible, we will de-identify or anonymize data so it is no longer personally identifiable.

6. Your Choices & Controls

Cookies / Tracking

You may disable or restrict cookies via your browser settings. But doing so may disable certain features or degrade Website performance.

Opt-In Communications

If you subscribe to newsletters or alerts, you can unsubscribe at any time.

Website Account & Linking

If you connect Website data to your patient account, you can ask us to delete or unlink it, subject to retention or legal constraints.

Access, Deletion, or Restriction of Website Data

If your Website-supplied information becomes PHI (or SUD data), you may request:

  • Access to that data,

  • Amendment or correction,

  • Restriction on certain uses or disclosures (though we may refuse in some cases),

  • Deletion when permitted by applicable law.

Contact: privacy@ourera.health

7. Security

We use industry-standard technical and administrative safeguards (e.g., encryption, secure servers, access controls) to protect against unauthorized access, alteration, or misuse.

However, no system is perfectly secure. We cannot guarantee absolute protection of data transmitted via the Internet or stored electronically.

8. Children and Minors

Our Website is not intended for use by children under age 13. We do not knowingly collect data from such minors via the Website. If we learn we have inadvertently collected their data, we will delete it to the extent required by law.

9. Changes to This Privacy Policy

We may update this Privacy Policy at any time. We will post the revised version on this page with a new effective date. Your continued use of the Website after changes means you accept them.

10. Contact & Complaints

If you have questions or complaints about this policy or our practices:

Privacy Officer
Ourera Project LLC
Email: privacy@ourera.health

You also have the right to file a complaint with the U.S. Department of Health & Human Services, Office for Civil Rights (OCR) (for HIPAA or Part 2 issues).