Privacy Policy

Effective date: April 13, 2022

Your privacy is important to us. This privacy policy (“Privacy Policy”) applies to your use of the Services offered by Midi Health, Inc. is referred to in this Privacy Policy as “Midi,” “we,” “us,” or “our.” Capitalized terms not otherwise defined in this Privacy Policy have the same meaning as set forth in the Terms of Service.

This Privacy Policy applies to any information we collect or maintain about you, including (1) personal information that you provide to us on or through the Services, and (2) information collected through your use of or interaction with the Services. This Privacy Policy also explains the use of cookies and similar technologies on the Services. Your access to and use of the Services constitutes acceptance of this Privacy Policy and consent to our collection and use of your information as outlined below.

Please note that the Services are directed towards users who reside in the United States. It is not our intent to gather personal information from individuals residing outside the United States. This Privacy Policy does not apply to instances where your information is collected under a different privacy policy or notice made available to you at the time your information is collected.


Our Services are not intended for or designed to attract children under the age of 18. Moreover, we do not knowingly collect any personal information from anyone under the age of 18 without the consent of a parent or guardian, and you must be 18 years of age or older to submit registration or survey information. Should you believe that a minor of whom you are a parent or guardian has registered, please contact us at and we will make reasonable efforts to remove all personal information related to the minor.


From time to time, we may revise this Privacy Policy. Any such changes to this Privacy Policy will be promptly reflected on this page. We encourage you to review this Privacy Policy regularly for any changes. Your continued use of this Services will be subject to the then-current Privacy Policy. The effective date of this Privacy Policy is provided above.


You can generally visit the Services without revealing any personal information about yourself. However, to access certain options and services we may ask you to provide certain personal information and without providing such personal information, you may be unable to access certain options and services.   The following is a list of information that we may collect from or about you:

  • Personally identifying information, including your name and contact information, such as your physical address, e-mail address and phone number
  • Electronic signature
  • Demographic information, including your gender, date of birth and zip code
  • Billing and payment information, including billing address, health plan participation and enrollee information, and credit card information, such as account number, expiration date and security information
  • Account information, including your username and password 
  • Device and/or browser information, including your IP address, operating system, connection speed, bandwidth, browser type,  web page requests, cookie information, other hardware and software attributes
  • Location information
  • Usage activity and viewing preferences
  • Photographic or video images submitted for identification purposes, including photographs of your driver’s license or passport
  • User information, including information or content you post or submit on the Services
  • Transaction history
  • For Providers: your name and contact information and medical specialty
  • Other, including information we collect from or about you in other online or offline contexts, including information submitted during purchases of Services and Products and interactions with our employees.

In addition, when you request treatment from a Practice or Provider through the Services or services from a Laboratory or Pharmacy, you may share:

  • Personal information:  your name and contact information and demographic information
  • PHI (Defined below), including medical information submitted for diagnosis or treatment purposes (including information about your applicable medical history) and current complaint or other reason for visiting a Provider
  • Date of visit
  • Images or videos you share for diagnosis or treatment purposes
  • Communications with the Practice or its Providers

The information you provide to a Practice, Provider or Pharmacy through the Services may be protected under applicable federal and state laws applicable to health information, including but not limited to the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, and its implementing regulations, as may be amended from time to time (collectively, “HIPAA”).  To the extent applicable, the Practice, Providers and Pharmacies will use and disclose information about you that is protected under such privacy laws only as permitted or required by such laws.  The Practice has adopted a NOTICE OF PRIVACY PRACTICES that describes how they use and disclose PHI. By accessing or using any part of the Service, you are acknowledging receipt of the Notice of Privacy Practices from the Practice. 

We will not use or disclose PHI or other information about you that is protected under health information privacy laws except on behalf of the Practice, Providers and Pharmacies, or as otherwise permitted by such laws, but we may combine the personal information your share with us through the Services with other information we collect from or about you, both online and offline.  We also may combine personal information with records provided by third parties. We use this consolidated information to help us better design our Services, including the selection of Services and Products, to communicate information to you, to enhance our marketing and research activities, and to facilitate other business functions.  We also may de-identify PHI in compliance with HIPAA, and use such de-identified data for research or marketing purposes, or any other purpose not prohibited by law.


We may collect information directly from you when you visit, access or use the Services or when you register an account with us. We may also collect information when you purchase a service or any Products available on our Services, submit information to use through a survey, register for in-person or virtual educational or promotional events, communicate with us, or post or submit content on or in the Services.

In addition to the information we collect directly from you, we may also collect information from the Practice and/or Providers who provide treatment and other services you in connection with the Services.  This information may include, but is not limited to, diagnoses, treatment plans (including details about the Therapies provided), and notes.  We also may receive information from third parties that pay for your care or provide you with treatment or prescription medication, which may include prescription history, insurance policy, insurance eligibility and coverage, and laboratory or other testing results.

Some of the information we collect depends on the settings on your web browser or mobile device. Please check your web browser or mobile device if you want to learn what information your browser or mobile device sends or how to change your settings. In addition to the information sent by your web browser or mobile device, as you navigate through a website or mobile app, certain information can be passively collected (that is, gathered without you actively providing the information) using various technologies and means, such as navigational data collection.

Like most website operators, we use cookies and similar technologies, local shared objects (or any other successor tracker technology), Software Development Kits, and pixel tags that automatically receive and track certain data about how you and other visitors interact with our Services, preferences expressed and settings chosen. For example, we may collect information about the technology you use (such as your browser, type of computer, operating systems, mobile device and network used, and Internet service providers) and server log data (such as access dates and times, online features or pages viewed, system activity, and the third-party site or service you were using before interacting with our Services). These technologies are described in more detail below.

Cookies” are small text files that are stored on your browser or device by websites, mobile apps, online media and advertisements. There are different types of cookies. Cookies served by the entity that operates the website or app you are visiting or using are called “first party cookies” (so cookies served by us while you are using our Services are first party cookies). Cookies served by companies that are not operating the website or app you are visiting or using are called “third party cookies” (so, we may use a website analytics provider to set a cookie on your computer via our Services while you visit our Services, and that would be a third party cookie). Cookies may also endure for different periods of time. “Session Cookies” last only as long as your browser or app is open. These are deleted automatically once you close your browser or app. Other cookies are “persistent cookies” meaning that they survive after your browser or app is closed (for example, they may recognize your computer when you re-open our online services).

Local shared objects” (also called Flash cookies or HTML5 cookies) and any other successor technology refers generally to the collection of cookie-like data stored on a browser or computer by websites, ads, or third parties.

Pixel tags” (also called beacons or pixels) are small blocks of code installed on (or called by) a web page, app or advertisement which can retrieve certain information about your device and browser, including device type, operating system, browser type and version, website visited, time of visit, referring website, IP address, and other similar information (including the small text file (the cookie) that uniquely identifies the device). Pixels provide the means by which third parties can set and read browser cookies from a domain that they do not themselves operate and collect information about visitors to that domain, typically with the permission of the domain owner. “Software Development Kits” (also called SDKs) function like pixels and cookies, but operate in the mobile app context where pixels and cookies cannot always function. The primary app developer can install pieces of code (the SDK) from partners in the app, thereby allowing such partners to collect certain information about user interaction with the app, information about the user device and network information.


We may use the personal information identified above to:

  • Verify your identity and your location;
  • Provide Products and/or Services to you;
  • Provide information about our Services and Products to you;
  • Fulfill your requests;
  • Manage your account;
  • Process your payments;
  • Communicate with you;
  • Assist the Practice and/or Providers in their care for you; 
  • Assist the Laboratories and Pharmacies with fulfillment of your Therapies;
  • Provide you with research opportunities; 
  • Provide support and training;
  • Develop, test or improve the Services, including its features and/or the Services and Products;
  • Facilitate marketing activities and/or promotions;
  • Analyze behaviors on the Services (e.g., evaluating site usage patterns, assessing throughput);
  • Protect or enforce our rights, title, and interest;
  • Comply with applicable law, regulation, legal process, or other government authority;
  • Investigate fraud; and
  • Any other such use that is otherwise necessary under applicable law.

Subject to the limitations described in the Applicability of HIPAA section below, we may share the information we collect from you with the following third parties:

  • Our third party service provides (“Vendors”) that provide services to us to enable us to provide the Services, such as the hosting of the Services, data analysis, IT services and infrastructure, customer service, email delivery, and other similar services
  • Our Vendors that provide services to enable us to run our business and administrative operations, such as legal and financial advisory services, auditing services, and other similar services
  • Our Vendors that enable us to promote and advertise the Services, such as ad platforms or ad retargeting services, as well as those that enable us to comply with contact removal requests or requirements, such as mailing list removal services, do not call registries, and other similar services
  • The Practice, Providers and Pharmacies to enable them to provide services to you via the Services and to collect payment on their behalf
  • To researchers, to permit them to study women’s health

We also may de-identify your information and disclose such de-identified information for any purpose not prohibited by applicable law.


The Services may use social media plugins (e.g., the Facebook “Like” button, ‘“Share to Twitter”‘ button) to enable you to easily share information with others. When you visit the Services, the operator of the social plugin can place a cookie on your computer, enabling that operator to recognize individuals who have previously visited the Services. If you are logged into the social media website (e.g., Facebook, Twitter, Google+) while browsing on our Services, the social plugins allow that social media website to receive information that you have visited our Services. The social plugins also allow the social media website to share information about your activities on our Services with other users of their social media website. For example, Facebook Social Plugins allows Facebook to show your Likes and comments on our pages to your Facebook friends. Facebook Social Plugins also allow you to see your friends’ Facebook activity on our Services. We do not control any of the content from the social media plugins. For more information about social plugins from other social media websites you should refer to those sites’ privacy and data sharing statements.


Midi may retain your information for as long as it believes necessary, including as long as necessary to comply with applicable law, resolve disputes or enforce its agreements, and/or as long as needed to provide you with the Services.  Midi may dispose or delete such information at any time, except as set forth in any agreement entered into by Midi, or as required by law.

Similarly, the Practice and Providers may retain your information for as long as they believe necessary, including as long as necessary to comply with applicable law, resolve disputes or enforce their agreements, and/or as long as needed to provide you with the Services.  The Practice and Providers may dispose or delete such information at any time, except as set forth in any agreement entered into by Midi, or as required by law.

In the event we retain and use personal information for purposes not covered by the original notice, we will provide you with additional notice.

  1. OPT OUT

If you don’t want your name and/or contact information to be used in the manner described in this Privacy Policy, you may indicate this at the time you provide the information. If an “opt-out” option is not offered, or you decide after you have provided this information that you do not want us to share your information with us or our third parties, you may also notify us at We cannot, however, remove your name from any third party list; you will have to contact them directly.


As described in our Terms of Service, Midi does not engage in the practice of medicine and is not a health care provider or a "covered entity" as defined by HIPAA.  The Laboratories, Pharmacies, Practice and its Providers each may be considered a "covered entity" under HIPAA, and Midi may, in some cases, may also be a "business associate" of a Practice or Provider. If Midi is deemed a "business associate," we will be subject to additional protections with respect to your "protected health information," as defined under HIPAA (“PHI”), or other state laws. Your PHI will be used and disclosed only in accordance with such applicable laws and regulations. 


We may employ procedural and technological security measures, consistent with industry practice. Such measures are reasonably designed to protect your personal information from loss, unauthorized access, disclosure, alteration or destruction. We may use encryption, password protection, secure socket layers, internal restrictions and other security measures to help prevent unauthorized access to your personal information. However, you provide your information to us at your own risk. We cannot guarantee that your data will not be lost, accessed without authorization, disclosed, altered, or destroyed.


If you are a California resident, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your personal information by certain members of Midi to third parties for the third parties’ direct marketing purposes. To make such a request, please send an email to with the title “Shine the Light''.


Because of the changing state of technology and indecision within the industry regarding the meaning of DNT signals, we currently do not make any guarantee that we will honor DNT signals.


Our Services may contain links to other websites on the Internet that are not under the control of or maintained by us. Such links do not constitute an endorsement by us of those other websites, the content displayed therein, or the persons or entities associated therewith. You acknowledge that we are providing these links to you only as a convenience, and you agree that we are not responsible for the content of such websites. Your use of these other linked websites is subject to the respective terms of use and privacy policies located on the linked websites.


For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us at