Privacy Policy

Effective June 23, 2017

Bay Area Accountable Care Network, Inc. d/b/a Canopy Health (“Canopy Health” “we” or “us”) respects your right to privacy and is committed to providing users of our websites with authoritative and reliable health information.  

This Privacy Policy is designed to inform you about how we collect, use, and share the information we collect through and (the “Sites”) and the MyCanopyHealth mobile application (the “App”). When we refer to the Website and the App together, we will call them the “Services.” 

By visiting or using the Service, you consent to our collection, use, and sharing of your information in accordance with this Privacy Policy.

This Privacy Policy is incorporated into and made part of our Terms of Use. We encourage you to review our Terms of Use, because they contain important limitations on our liability to you when you use the Services.

Please note that this Privacy Policy describes how we protect your privacy as a general user of the Service. This Privacy Policy does not describe how we protect and use your information as a patient receiving medical care from healthcare provider you obtained through the Services. If you are a patient receiving medical care from one of Canopy Health’s participating providers, you have other rights with respect to the access, use, and disclosure of your protected health information (“PHI”). For a more complete description of your patient rights under the Health Insurance Portability and Accountability Act (“HIPAA”), please refer to the Notice of Privacy Practices available in your patient portal.

Please use the links below to jump to the sections of our Privacy Policy to learn more:

Collection and Use of Information.

Personal Information. When using our Services, we may ask you for certain personally identifiable information, such as various contact and identity information (e.g., email address, mailing address and phone number), health insurance information (e.g., policy/group number) and health information (collectively, “Personal Information”). We collect and use your Personal Information to provide, administer, and improve the Services, including to:

  • Enable you to Create a Canopy Health Account, log onto the services as a registered user, complete a user profile.
  • Respond to your questions and comments.
  • Resolve service and other technical problems.
  • Provide you with system or administrative messages.
  • Send you newsletters and other promotional material that we think may be of interest to you, at your request. If you decide at any time that you no longer wish to receive marketing communications, please follow the unsubscribe instructions provided in any of the communications or select the appropriate option in your user profile.
  • Complete surveys that help us research, evaluate, and improve the Services.
  • Enforce our Terms of Use.
  • For any other purpose described to you at the time of collection.

You always have the option not to provide your Personal Information. For example, do you do not have to create a Canopy Health Account. If you choose not to provide your Personal Information, you may not be able to use certain features of the Services. 

Location Data. We may collect “Location Data", which is a category of Personal Information collected about the location of the mobile device or computer you are using. We gather Location Data using the GPS or WiFi technology on your device, your IP address, or other information made available by you that may indicate your current or prior location. We collect Location Data so that we can offer you certain location-based services (such as finding a doctor or medical office near you) and conduct analytics to improve the Services. You may adjust your preferences to prevent us from collecting your Location Data by declining to allow Location Data collection in the App or turning off your location services through the settings on your device.

Usage Data. We also may collect “Usage Data”, which is data we collect automatically about your use of the Services but does not identify you, such information about your device (e.g., IP address, browser type, operating system), information about your browsing activities (e.g., webpages you visited, time spent on those pages, searches), and other statistics. We collect and use Usage Data to improve the functionality of the Services, including to:

  • Monitor and analyze use of the Services.
  • Provide technical support.
  • Better understand users’ needs and interests.
  • Increase user-friendliness and personalize your experience better, such as by remembering your log-in credentials.
  • Detect and protect us against error, fraud, and other criminal activity.

Information Sharing and Disclosure.

We will not rent or sell your Personal Information without your prior express consent. We may share your Personal Information with third parties or non-affiliated companies when we have your permission or under the following circumstances:

  • Service Providers. We may share your Personal Information with our service providers so that they can help us provide the Services to you, including tasks such as payment processing, website hosting, database management, and website analytics. Service Providers are prohibited from using or disclosing your Personal Information for purposes not authorized by us.
  • Business Partners and Other Trusted Entities. To the extent permitted by applicable laws, we may provide Personal Information to our business partners or other trusted entities for internal business purposes, such as sharing information across the Canopy Network with your care teams.
  • Compliance with Laws and Law Enforcement. We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including, but not limited to, subpoenas), to protect the property and rights of Canopy Health or a third party, to protect the safety of the public or any person, or to prevent or stop activity we may consider to be, or to pose a risk of being, any illegal, unethical or legally actionable activity.
  • Business Transfers. We may sell, transfer or otherwise share some or all of our assets to a third party in connection with a merger, acquisition, reorganization or sale of assets, or in the event of bankruptcy. In such event, your Personal Information may be transferred to that third party.

Sharing of Aggregate Information. We may share aggregated data with third parties in a variety of ways, such as for industry analysis, demographic profiling, and other purposes. When we disclose this aggregate data, we perform appropriate procedures aimed to eliminate certain data elements so that the data cannot reasonably be used to identify you.

Cookies and Other Data Collection Technologies.

We and third parties acting on our behalf use various technologies that help us to manage the operations of the Services and track usage behavior so that we can tailor information to make your visits more enjoyable and meaningful. For example, we use Google Analytics to collect information about how often users visit the Website, what pages they visit when they do, and what other websites they used prior to coming to this Website. We use the information we get from Google Analytics to improve the Services. For more information about Google’s ability to use and share information collected by Google Analytics about your visits to the Website, please see the Google Analytics Terms of Service and the Google Privacy Policy.

We may use the following data collection technologies:

  • Cookies: Cookies are text files containing small amounts of information that are stored on your computer or mobile device's browser directory.
    • We use persistent cookies to save your user ID and password for future logins to the Services.
    • We use session ID cookies to better understand how you interact with the Services and to monitor aggregate usage and web traffic routing. Unlike persistent cookies, session cookies are deleted from your computer when you log off from the Services and close your browser.
    • Third-party advertisers on the Service may also place or read cookies on your browser.

You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you do not accept cookies, however, you may not be able to use all portions or all functionality of the Service. To find more information about cookies, visit

  • Web Beacons: We may occasionally use web beacons (also known as clear gifs, web bugs, 1-pixel gifs, etc.) that allow us to collect Usage Data about your activities on the Services or email communications we send. Web beacons are tiny images placed on a webpage or email that can tell us if you have visited a particular area of the Services. We do not collect any Personal Information with a web beacon, and do not link web beacons with any other Personal Information you have given us. Because web beacons are used in conjunction with persistent cookies (described above), if you set your browser to decline or deactivate cookies, web beacons cannot function.

How We Respond to “Do Not Track” Signals.

Some web browsers have “Do Not Track” or similar features that allow you to tell each website you visit that you do not want your activities on that website tracked. At present, the Services do not respond to “Do Not Track” signals and consequently, the Services will continue to collect information about you even if your browser’s “Do Not Track” feature is activated.

User and Patient Communications.

As a general user: Comments or questions you send to us through the Services (“User Communications”) will be shared with Canopy Health personnel who are most able to address your concerns. We will archive your User Communications once we have made our best effort to provide you with a complete and satisfactory response. Other than as described below, your User Communications will not become part of your medical record or a designated record set unless and until, in each instance, you are seen and examined in person by one of Canopy Health’s participating providers.

As a patient: When you log into your Canopy Health Account and interact directly with Canopy Health staff or one of Canopy Health’s participating providers (“Patient Communications”), some information you provide may be documented in your medical record and available for their use to guide your treatment as a patient. If such information is PHI, it will be treated in accordance with the Notice of Privacy Practices available in your patient portal.

Managing Your Information and Controlling Your Preferences.

Users who have a Canopy Health Account may access, modify, correct, or delete the Personal Information in their registration by making the appropriate modifications in your user profile. All users may contact us at to request access, modification, correction or deletion of his or her information. Please note that if you completely delete all information in your user profile, then your account may become deactivated. If you would like us to remove your information from our system, please contact us and we will attempt to accommodate your request if we do not have any legal obligation to retain the information.

If you have given us permission to send promotional and marketing emails to you, you may revoke that permission at any time by sending an email to Please understand that removal from our distribution list may not be immediate, but we will endeavor to respond to or fulfill your request for removal as soon as possible.


We employ reasonable security measures designed to safeguard and protect Personal Information under our control from unauthorized access, use, and disclosure. Despite these measures, the confidentiality of any communication or material transmitted to or from us via the Service by Internet or email cannot be guaranteed. At your discretion, you may contact us at the mailing address or telephone number listed at the end of this document.

Links to Third-Party Websites.

We may offer you the opportunity to access third-party content, services, or products by linking to a third-party’s website. If you click on a third-party link, you will be directed to that third-party’s website. We do not exercise control over third-party websites and are not responsible for the privacy practices of such third parties. We recommend that you check the privacy policies of third-party websites before providing your Personal Information to them. The fact that we may link to a third-party website or present a banner ad or other type of advertisement from a third party is not an endorsement, authorization, or representation of any affiliation by us with that third party, nor is it an endorsement of their privacy or information security policies or practices.

Your California Privacy Rights.

If you are a California resident, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your Personal Information to third parties for the third parties’ direct marketing purposes. To make such a request, please send an email to or write us:

Canopy Health
Attention: Compliance
6475 Christie St., Suite 560
Emeryville, CA 94608

If you are a California resident under the age of 18, and a registered user of any Services where this Privacy Policy is posted, California Business and Professions Code Section 22581 permits you to request and obtain removal of content or information you have publicly posted. To make such a request, please send an email with a detailed description of the specific content or information to Please be aware that such a request does not ensure complete or comprehensive removal of the content or information you have posted and that there may be circumstances in which the law does not require or allow removal even if requested.


In accordance with the Children's Online Privacy Protection Act of 1998 (“COPPA”), Canopy Health will never knowingly request personally identifiable information from anyone under the age of 13 without verified parental consent. When we do receive information with verified parental consent from users under the age of 13, we will not share their personally identifiable information with third parties. If we become aware that a user of the Service is under the age of 13 and has provided us with Personal Information without verifiable parental consent, we will delete such information from our files.

Notice to International Users.

The Services are hosted in the United States and are subject to U.S. law. If you are accessing the Services from outside the United States, please be advised that U.S. law may not offer the same privacy protections as the laws of your jurisdiction. By accessing and using the Services, you consent to the transfer to and processing of your Personal Information in the United States.

Changes to this Website Privacy Policy.

We may amend this Privacy Policy from time to time. We will post notice of any material revisions to this Privacy Policy on the Services. We will also indicate above when such terms are effective. By continuing to access or use the Services, you agree to be bound by the modified Privacy Policy.

Contacting Us.

We encourage you to contact us if you have any questions concerning our Privacy Policy or about our data collection practices. You may reach us at:

Canopy Health
Attention: Compliance
6475 Christie St., Suite 560
Emeryville, CA 94608
1-888-8-CANOPY (1-888-822-6679)