Introduction

Mario Health ("we," "our," or "Mario") is committed to protecting your privacy and securing your personal health information. This Privacy Policy describes how we collect, use, disclose, store, and protect your personal information when you use our website, mobile app, and related services (collectively, the "Services").

Information We Collect

• Personal Information: Name, date of birth, contact information, phone number (used for authentication), insurance details, employer information, and payment information.
• Health Information: Prescription details, medical conditions, healthcare services and procedures sought, provider interactions, and explanations of benefits (EOBs).
• Technical Information: IP address, browser type, device identifiers, operating system, and usage details of our Services.
• Geolocation Information: Location data (via GPS, IP address, or H3 indexing) to provide location-specific healthcare provider and service options.

How We Collect Your Information

• Direct interactions: when you register, authenticate, submit forms, upload insurance cards, and communicate with customer support.
• Automated technologies: cookies, web beacons, analytics tools, and location-based services.
• Third-party sources: employers, insurance providers (upon your authorization), healthcare providers, and publicly available databases.

Use of Information

We use the collected information to:
• Provide personalized healthcare pricing, provider recommendations, and pharmaceutical services.
• Authenticate and manage your account securely.
• Communicate with you regarding appointments, billing, rewards, and important updates.
• Analyze usage patterns to enhance the functionality and effectiveness of our Services.
• Ensure compliance with applicable laws, regulations, and internal policies.

Disclosure of Information

We may disclose your information to:
• Authorized healthcare providers and pharmacies to facilitate your requested healthcare services.
• Insurance companies, upon your explicit consent, for obtaining accurate benefit information and cost transparency.
• Employers (for employer-sponsored accounts) to enable management of health benefits and cost-saving programs.
• Service providers assisting us with IT services, data analytics, payment processing, and customer support.
• Legal or regulatory authorities when required by law or in response to valid legal requests, court orders, or legal processes.

Data Security

Mario Health employs robust technical, administrative, and physical security measures designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These include:
• Encryption of data in transit and at rest (AES-256 encryption).
• Secure authentication mechanisms including multi-factor authentication (MFA).
• Regular security audits and penetration testing.
• Access controls and employee training on data privacy and protection.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for satisfying any legal, accounting, or reporting requirements. Upon expiration of the retention period, your data will be securely deleted or anonymized.

Your Privacy Rights

You have the right to:
• Access your personal data.
• Correct inaccuracies in your personal data.
• Request deletion or anonymization of your personal data.
• Withdraw consent for data processing, particularly for accessing insurance or medical data.
• Obtain your data in a portable format.

Requests should be directed to privacy@mariohealth.com. We will respond promptly, typically within 30 days.

Cookies and Tracking Technologies

Our Services use cookies and similar tracking technologies for functionality, analytics, and personalized content. You may manage cookie preferences through your browser settings.

Third-Party Links

Mario Health may include links to third-party websites. This Privacy Policy does not apply to those sites, and we recommend reviewing the privacy practices of any third-party site you visit.

Children's Privacy

Our Services are not directed at individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware of such collection, we will promptly delete the information.

Changes to This Policy

We may periodically update this Privacy Policy. Any changes will be posted on this page with an updated effective date. We encourage you to review our Privacy Policy regularly.