Privacy Policy

Privacy Policy

Your privacy is very important to Caravan Health, Inc (“we” or “us”). This Privacy Policy (this “Policy”) describes how we protect the personal information we collect in connection with your use of our Wellpepper, Wellpepper Outcomes, web-based reports and our other services, the website (the “Website”), and our mobile application (“Mobile App”) provided for your use in connection with our services (such services, Website, and Mobile App, collectively, the “Services”). This Policy also describes how we use, and in some cases, disclose that personal information. This Policy is part of, and incorporated into, the Patient Terms of Service and Healthcare Provider Terms of Service for our Services. Capitalized terms that are used in this Policy that are not otherwise defined have the meaning given to them in the Patient Terms of Service and Healthcare Provider Terms of Service.

Personal Information” for purposes of this Policy means any information that specifically identifies you, such as your name, date of birth, street address, phone number, fax number, or e-mail address, health condition or injury, or images or video of you. Personal Information includes information you provide to us, or information about you that is provided by a Healthcare Provider (as defined below).

What Personal Information We Collect

The Services work in conjunction with a user account on the Website (a “Wellpepper Account”). You can also sync your data related to your Services with various third-party programs including health tracking and fitness programs. If you are using the Services with a healthcare provider, including but not limited to, a physical therapist, occupational therapist, personal trainer, researcher, rehabilitation organization, doctor, nurse, medical assistant, clinic, hospital or other healthcare organization (each a “Healthcare Provider”), the Healthcare Provider may provide us with your Personal Information. We may collect Personal Information obtained from the following:

  • When you sign up for a Wellpepper Account, you are required to provide an e-mail address (which will be used as your login ID), and to create an account password (collectively the “Registration Information”).
  • In order to benefit fully from the Services, you may also add additional detail to your Wellpepper Account, including gender, and age.
  • You can upload documents, images, videos or other data files into the Services, and also submit data to the Services by responding to questionnaires and surveys. Information that you add to the Services is stored in your Wellpepper Account.
  • When you elect to share data from your Wellpepper Account with others, we collect the information you provide about those individuals including their name and e-mail address.
  • If you are using Services with a Healthcare Provider, the Healthcare Provider may create, generate, exchange, transfer, and share Personal Information as authorized or directed by you, including general medical information, and private medical information, which may include Personal Information about you, including but not limited to,  text, data, images, photographs, video, audiovisual works, or other information related to you or your injury type, treatment plan, or other works in which you are identifiable.

How We Use Your Personal Information

We may use your Personal Information to:

  • Identify you to a Healthcare Provider that you have opted to work with;
  • Provide you with the Services;
  • Analyze Site usage and improve the Services;
  • Deliver to you any administrative notices and communications relevant to your use of the Services;
  • Provide you with updates to the Services;
  • Perform internal market research, project planning, troubleshooting, and to detect and protect against error, fraud, or other criminal activity;
  • Enforce the Patient Terms of Service and Healthcare Provider Terms of Service; and
  • Further improve upon and refine the Services and to create new services.

Disclosure to Healthcare Providers

The Services are designed to provide a secure communication channel between you and your Healthcare Provider. By using the Services in connection with a Healthcare Provider, you acknowledge that any information you share within the application is provided to your Healthcare Provider and may be shared with any authorized person within that organization or those authorized by the provisions in the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act).

Disclosure to Third Parties

In the course of providing the Services, we may also share your personal information with third party service providers such as hosting service providers. We may also provide personal information (including sensitive personal health information) to our subsidiaries, affiliated companies, and other trusted businesses or persons for the purpose of providing our Service, and for our other purposes described in this policy. We limit the personal information shared with these third parties to that which is necessary to carry out those functions.

At times, we may make certain Personal Information available to strategic partners that work with us to provide additional services to you. In such cases, your account with such third-party will continue to be subject to that third-party’s privacy policy and your Wellpepper Account will continue to be governed by this Policy.

We may also disclose Personal Information if we determine that disclosure is reasonably necessary to enforce our Patient Terms of Service and Healthcare Provider Terms of Service, or to protect our operations or users, or if we are required to do so by any applicable law, rule, regulation, subpoena or other legal process.

Use of Non-Personally Identifiable Data

We may collect non-identifying information such as traffic volume, frequency of visits, lengths of visits, time of login, access to patient records, changes to patient records, etc., using various technological means (including “cookies” and other technologies such as pixel tags and web beacons, as further described below), or aggregated Personal Information (without the inclusion of a user’s name or other identifying information) including aggregated gender, age, injury, etc. (“Non-Personally Identifiable Data”). We may use Non-Personally Identifiable Data for the same uses as Personal Information, as described above. We may disclose Non-Personally Identifiable Data to:

  • Organizations approved by us that conduct consumer research into health and wellness;
  • Users of the Service for purposes of comparison of their personal health and wellness situation relative to the broader community;
  • Your Healthcare Provider;
  • Researchers at accredited universities studying how our Services are used; and
  • Advertisers and other third parties for their marketing and promotional purposes.

We may also combine or link Non-Personally Identifiable Data with Personal Information. If so, we will treat the combined or linked information as Personal Information under this Privacy Policy.

Cookies and Other Technology

The Services may use “cookies” and other technologies such as pixel tags and web beacons.

Cookies are alphanumeric identifies in the form of text files that are inserted and stored by your Web browser on your computer’s hard drive. These technologies tell us which parts of our website you have visited and how you use our Services.  They are also used to analyze and improve our Service’s design and functionality.

If you choose to delete cookies from your device or block them from being stored on your device, please note that the full functionality of the Services may not be available to you.

“Web beacons” are images embedded in a Web page or e-mail for the purpose of measuring and analyzing Site usage and activity. We, or third-party service providers acting on our behalf, may use Web beacons to help us analyze usage and improve our Services.

We may use third-party service providers to help us analyze certain online activities and improve our Services. For example, these service providers may help us measure the performance of our online campaigns or analyze visitor activity on the Website. We may permit these service providers to use cookies and other technologies to perform these services for us. We do not share any Personal Information about our customers with these third-party service providers, and these service providers do not collect such information on our behalf. Our third-party service providers are required to comply fully with this Policy.

Information You Elect to Share With Others

You acknowledge and agree that we are not responsible for any information you share with your Healthcare Provider through comments or other functionality in the Services. However, this information is limited to you, your Healthcare Provider, and other professionals they may choose to share it with within their organization or as afforded by HIPAA.


From time to time, we may ask you to participate in surveys designed to help us improve the Services. Any Personal Information provided to us in connection with any such survey will be used only in relation to that survey and as elsewhere set forth in this Policy.


Unless expressly authorized in writing by a child’s parent or guardian, we do not knowingly or intentionally collect any Personal Information from children under 13. If we discover that a child under the age of 13 has provided us with Personal Information without the consent of his or her parent or guardian, we will take steps to delete the information as soon as possible.

Data Life

You may e-mail us at with a request that we delete your Personal Information. We will use commercially reasonable efforts to honor your request. We may retain a copy of your records as required by law or for a legitimate business purpose.

 E-mail Communications From Us

We may provide our registered customers with weekly summaries of their Wellpepper Account data and e-mail alerts. Customers have the ability to opt-out of receiving our weekly summaries.

Opting out in this manner will not end transmission of service-related e-mails, such as e-mail alerts.

Data Security

We use a combination of firewall barriers, encryption techniques and authentication procedures, among others, to maintain the security of your data and to protect Wellpepper Accounts and systems from unauthorized access according to the requirements of HIPAA and according to the Business Associate Agreement we have signed with your Healthcare Provider. If you are using the Services without a Healthcare Provider or you have ended that relationship, bear in mind that even though we have taken steps to protect your Personal Information, no company, including us, can fully eliminate security risks to your Personal Information.

When you register for the Services, we require a password from you for your privacy and security. This password is stored in an encrypted fashion on our systems.

It is important to understand that these precautions apply only to our Services and systems.

International Transfer

The Services are hosted and operated entirely in the United States and are subject to United States law. Any Personal Information that you provide to us or that we collect is being provided to us or collected solely in the United States and will be hosted on United States servers.

If you are accessing the Services from outside the United States, please be advised that your Personal Information may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States, and chose to provide information to us, we transfer Personal Information to the United States and process it there. Your consent to this Policy represents your agreement to that transfer.

Your Responsibility for Maintaining the Confidentiality of your Login ID and Password

You are responsible for maintaining the security of your login ID and password. If you believe that your login ID or password have been compromised you should immediately change your password and contact support . We are not responsible if someone else accesses your Wellpepper Account through registration information they have obtained from you or through a violation by you of this Policy, the Patient Terms of Service or Healthcare Provider Terms of Service. If you have a security related concern, please contact support.


You consent and agree that the agreement between you and us as evidenced in this Policy, any licenses herein, and any information collected about you, including any Personal Information collected pursuant to this Policy, can be sold, assigned, transferred, or otherwise conveyed to a third-party as part of a merger, acquisition, reorganization, sale of all or substantially all of our assets or capital stock, in the event of a bankruptcy, or any other such change of control situation.  Additionally, you agree that this Policy continues to bind you and guide the terms and conditions of your use of the Services in any of the foregoing circumstances.

Updates to this Policy

We may update this Policy periodically. The date last revised appears at the bottom of the Policy. Changes take effect immediately upon posting.

If you have questions, comments, concerns or feedback regarding this Policy or any other privacy or security concern, send an e-mail

This policy was last updated on April 16, 2020.