Important Agreements & Compliance Information

Privacy Policy

Last Updated: November 4, 2022


All terms used herein are as defined in the Health Gorilla SaaS Terms of Use, unless additional definitions are required.

The purpose of this Policy is to describe how Health Gorilla and our partners collect, use, and share information about You. This Policy may incidentally describe how Our Services gather and use information about other individuals or information about You that may be submitted by another Participant.  

Health Gorilla is dedicated to protecting the privacy of the individuals whose health information is stored or transmitted by Our Service and of the users of any of Our Services.  Maintaining your trust is important to us, and by having this Policy available, You agree and fully consent to all of the terms and conditions of this Policy.

This Privacy Policy (this “Policy”) applies to the Services that we offer through our website located at, and/or in any other manner, and may include, but is not limited:  to facilitate the ordering of lab tests or procedures and/ or the exchange of general Health Information, as well as the viewing and analysis of the results, the analysis of Data from other health monitoring and other devices and other Data as integrated from time to time, and (i) to make it available to You; (ii) to facilitate the sharing of individuals’ Health Information among Participants, and (iii) to make Health Information available to Your Authorized Workforce through the Patient Portal. 

You may make Your Health Information accessible to other You and Your Authorized Workforce through the Services for these purposes. If You are a patient using the Patient Portal, then you can request, view, and share Your medical records from Participants or from the Health Gorilla Clinical Network. You authorize Us, as Your business associate, to use and disclose Your Health Information, subject to the recipient’s agreement to comply with our Policies and Procedures and with applicable laws and regulations relating to the use and disclosure of Health Information. The methodology by which we use your Health Information is set forth in the Health Gorilla SaaS Terms of Use. 

Health Gorilla, (referred to as “Health Gorilla,” “we” or “us”), is committed to protecting your privacy. This Policy also describes how we collect, use, secure and share your personal information when you:   

  • access or use our various products or services.
  • access or use our website that link to this Policy.
  • interact with us, including by email, telephone, and in person.
  • apply for a job at Health Gorilla.
  • otherwise communicate with Health Gorilla.  

Separate Terms of Use    

This Policy is not a contract and does not create any contractual rights or obligations. Your use of the Services is governed by the Health Gorilla SaaS Terms of Use or other terms of use or contract linked to the particular Services.

Revisions, Changes, and Updates     

Health Gorilla may revise, change or update this Policy and/or the Health Gorilla SaaS Terms of Use at any time, without notice to You. We encourage You to periodically reread this Privacy Policy and the SaaS Terms of Use, to see if there have been any changes to them that may affect You.

All updates to this Policy will be posted on the website. An updated Policy will supersede all previous versions. Your continued use of our Services after we have posted the updated Policy and/or SaaS Terms of Use on the website constitutes your acceptance of such changes. 

Your Obligations

You agree that You will use other persons’ Health Information available on or through this site (whether or not Protected Health Information) strictly in accordance with applicable laws and regulations, and You will ensure that others under your control who have access to such information also comply with applicable laws and regulations. You are solely responsible for obtaining and maintaining all patient consents and authorizations necessary for Your use of Our Services and Your technology to the extent that it facilitates access to Your Authorized Workforce and/ or any other Participant.

Account Access

To access your account, You must supply the identifier We assign to You. With this information, We can verify You and permit You to view Data in the Services. We log and audit system use in order to ensure that Participants are using the Services appropriately. If We have questions about Your use of the Services, We may contact You. We may also disclose Your identity, or the identity of Participants in your Authorized Workforce to others to assist in the investigation of suspected misuse of Our Services, and otherwise to ensure the proper operation of Our Services.

Surveys, Questionnaires, and Polls

Health Gorilla may ask You to participate in use surveys, questionnaires, or polls, to facilitate feedback and input from our Participants. When you respond to surveys, questionnaires or polls related to Our Services, We reserve the right to collect information that identifies You, as set forth in the Health Gorilla SaaS Terms of Use.       

Types of Personal Information We Collect  

This section lists the general categories of Personal Information we collect for the Services. 

Throughout this Policy we use the term “Personal Information” to describe any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to a particular person or household that does not include Protected Health Information as defined in HIPAA. This Policy covers all personal information and that we collect from you or on your behalf through our Services. We may collect the following types of personal information:

  • Personal information provided by you or your clinician. We collect any personal information that you voluntarily provide to us, such as Health Information you provide to us or your clinician, or that your clinician provides to us to facilitate our provision of Services. If you are an ordering clinician, we may collect your name, phone number, place of business and other contact information you submit to use the Services. 
  • Communications between you and Health Gorilla. We collect personal information you submit when contacting us (such as your name and email address).
  • Registration information. When you register with Health Gorilla or create a user account to access our Services, we collect personal information and contact information. We will use your registration information to provide Services to you.    
  • Job application information. If you apply for a position with Health Gorilla, we will collect your resume, contact information, employment and education history, and other related information. We may also receive information from references you identify and other third parties (for instance, via background checks.)
  • Device information. When you use a mobile device (e.g., a tablet or smartphone) to access our Services, we may collect information about your device. We may collect information about your device’s hardware, operating system or software, device name, unique device identifier, your mobile network information and any other information about your device’s interaction with our Services. Some features of the Services may not function properly if the use or availability of device identifiers is impaired or disabled.
  • Information about your use of the Services. When you browse our website, our System automatically collects information such as your web request, Internet Protocol (“IP”) address, browser type, browser language, domain names, referring and exit pages and URLs, platform type, pages viewed, the date and time of your request. This information is used to ensure secure delivery of our Services, analyze trends, administer our website, improve the design of our website, and otherwise enhance our Services.
  • Cookies. We use technologies like cookies, to gather information about how you are interacting with our Services. We use two types of cookies, “session” cookies and “persistent” cookies.
  • A “session cookie” is temporary and expires after You end a session and close Your web browser. We use session cookies to help customize Your experience with our Services and maintain Your signed-on status as You navigate the Services.
  • “Persistent cookies” remain on your hard drive after You have exited from Our Services until you erase them and/ or they expire. Persistent cookies will not contain any personal information about You, unless as otherwise allowed pursuant to the Health Gorilla SaaS Terms of Use.

 Use and Sharing of Personal Information

This section lists some of the general ways Health Gorilla uses and shares your personal information we may collect for the Services. 

  • Maintain legal and regulatory compliance. Our Services require us to use or disclose your Personal Information and/or Protected Health Information in ways that ensure compliance with applicable laws and regulations. For example, we may use or disclose your Personal Information to fulfill our business obligations, ensure compliance with employment laws, or as necessary to manage risk as required under applicable laws.
  • Ensure the security of the Services. We may process your Personal Information to combat spam, malware, malicious activities or security risks; improve and enforce our security measures; and to monitor and verify your identity so that unauthorized users do not access your account. 
  • Sale, Merger, or Bankruptcy. In connection with a bankruptcy, merger, acquisition or sale or other business transaction, involving all or a portion of our assets or business, user information will also be transferred as part of or in connection with the transaction.


We may store your personal information for as long as we need it to provide you our Services and to perform the activities described in this Policy, all to the extent permitted by law.  


Portions of this site require a valid username, e-mail address, part of your social security a photo of a valid government issues ID, a photograph, number, code or password and/ or other unique identifiers (or a combination of the foregoing) to access and use services or materials on the site. You are solely responsible for (1) maintaining the strict confidentiality of any user name, e-mail address, code or password (collectively, “User IDs”) assigned to You, (2) not allowing another person to use Your User IDs to access the Services, (3) any damages or losses that may be incurred or suffered as a result of your failure to maintain the strict confidentiality of Your User IDs, and (4) promptly informing Health Gorilla in writing of any need to deactivate a User ID due to potential or actual security breaches. Health Gorilla is not liable for any harm related to the theft of Your IDs, your disclosure of Your User IDs, or Your authorization to allow another Participant to access and use the site using Your User IDs. You agree to immediately notify Health Gorilla in writing of any unauthorized use of any of Your User IDs.  (Please also refer to the Health Gorilla SaaS Terms of Use for a complete set of Terms regarding Your obligations and limitations on Our liability.) 

Account Information for Account Creation & Maintenance

When you sign up for and use Health Gorilla Services, we collect personal information from you for account creation and maintenance (“Account Information”). Such Account Information includes, as applicable or permitted under law, items such as your name, address, e-mail address, telephone number, your contact preferences, device identifiers, IP address.  From time to time, we may send you emails that communicate information about your account, about the Services, or emails that Health Gorilla reasonably deems are required by law or necessary to prevent or mitigate a security or fraud risk, or to continue to provide you with the Services.

Records Collection and Sources. We collect personal information about you, including Health Information, using one or more of the following processes:  

  • If applicable, sending a request for your Health Information to the Health Gorilla Clinical Network.
  • Any information we receive from outside sources will be treated in accordance with this Privacy Policy. We are not responsible or liable for the accuracy of the information provided to us by third parties including the Health Gorilla Clinical Network and are not responsible for any third party’s policies or practices.

Other Information that Health Gorilla Collects

Product Interaction and Feedback. We collect search queries within the Services, and transactions you make regarding the Services. We collect product interaction and feedback that you provide to us through our Service to provide you with the Services, improve and enhance the Services, and conduct research and analytics.

Marketing Products and Services

We will NOT place advertisements of any type on the interface (“GUI”) to our Services. In addition, the use of Health Information can be found in the Health Gorilla SaaS Terms of Use.

User Forums and User Generated Content. We may offer forums for the exchange of information among authorized Participants. You agree to assume all responsibility for Your use of such forums. In particular, You understand that We do not assure the accuracy, reliability, confidentiality or security of information made available through the use of Our forums. You agree not to disclose any unauthorized Data and/or Health Information. Health Gorilla may provide you with an opportunity to engage in blog discussions, message boards, chat rooms, and other forms of social networking and post reviews and post content, such as messages relating to healthcare experiences, and interact with other users (User Generated Content” or “UGC”) and such information may include communications maintained by outside platforms such as LinkedIn, You Tube, or Twitter.

Additional Information. We collect any other information you choose to include in communications with us, for example, your e-mail address or telephone number when sending a message or submitting information through a webform. We may use this information to communicate with you, such as sending you emails, solicitations, invitations, newsletters, awareness campaigns, and announcements. You may also provide Data, and/or content or material to the Services by participating in forums, discussion groups and the like. The use of such Data and/or content or material is fully described in the Health Gorilla SaaS Terms of Use.

How Health Gorilla Uses Your Information

Health Gorilla will use your information to create and manage your account, and also for the following purposes:

  • To help us deliver and improve the Services and, when necessary, for loss prevention and anti-fraud purposes and account and network security purposes.
  • To send important notices regarding the Services, including changes to terms, conditions, and policies. 

In addition to the sharing identified earlier in this Policy, Health Gorilla may share data related to your usage of the Services – including Account Information as follows:

  • To enforce any applicable terms of service.
  • When you request us to share certain information with third parties.

When you make a decision to share your data outside of Health Gorilla including (Personal or Health Information), the data practices under this Privacy Policy will no longer apply to the information held by that outside entity. We recommend that you review and determine you are comfortable with that entity’s privacy policy prior to sharing your data (including Account Information and Health Information) outside of Health Gorilla.

In any circumstance where your consent is sought prior to Health Gorilla sharing Personal or Health Information about you, you will be able to withdraw that consent at any time, provided we can individually identify you in such data. Such withdrawal of consent will apply only to new uses or disclosures of Personal or Health Information about you within a reasonable amount of time after Health Gorilla has received the withdrawal or at such other time as required by applicable law.

California Residents    

This Section only applies to users of our Services that reside in the State of California. For purposes of this 

Section, the term “personal information” does not include information subject to HIPAA or the California Confidentiality of Medical Information Act. 

California privacy rights. In addition to the rights described elsewhere in this Policy, California residents have the right to (1) request additional disclosures about your personal information we collect, use, disclose and sell; (2) request access to and deletion of your personal information; (3) opt out of the sale of your personal information; and (4) obtain a copy of your personal information. We will not discriminate against you for exercising any of these rights, for example, by charging a different price or denying services. However, we may charge a different price or rate or provide a different level or quality of services when that difference is reasonably related to the value provided to you by the data.

If you make a request related to personal information about you, you will be required to supply a valid means of identification as a security precaution. We will verify your identity with a reasonably high degree of certainty using the following procedure where feasible: we will match identifying information you provide when making the request to the personal information maintained by us or use a third-party identity verification service. If it is necessary to collect additional information, we will use the information only for verification purposes and will delete it as soon as practicable after complying with your request. For requests related to particularly sensitive information, we may require additional proof of your identity.  We will process your request within the timeframe provided by applicable law.  

Categories of personal information we collect. In the previous 12 months, Health Gorilla has collected the following categories of personal information:     

  • Identifier such as names, date of birth, and contact information
  • Information protected by the California Customer Rights Statute such as names and contact information
  • Characteristics of protected classifications under California or Federal Law
  • Commercial information such as records of services purchased 
  • Internet or other electronic network activity information
  • Professional or employment-related information  

Sources from which we collect personal information. Health Gorilla may collect personal information from you directly. Health Gorilla may also receive personal information about you from third parties or through automated means.

Additional disclosures 

Purpose for collecting or selling personal information. Your personal information may be collected or used for the purposes described in this Policy, as well as for other purposes that may be described to you at the time we collect your personal information.     

Categories of third parties with whom we share your personal information. Health Gorilla may share your personal information with the third parties described in this Policy or the SaaS Terms of Use.

Sale and disclosures of personal information
  • In the preceding 12 months, Health Gorilla has not sold personal information. 
  • In the previous 12 months, Health Gorilla has disclosed the following categories of personal information for a business purpose, but only to service providers that are prohibited from using that information for any purpose other than providing services to us:
  • Identifiers
  • Information protected by the California Customer Rights Statute and characteristics of protected classifications under California or Federal law 
  • Commercial information such as records of services purchased
  • Internet or other electronic network activity information
  • Professional or employment-related information

California Shine the Light law. California residents may also request information from us once per calendar year about any personal information shared with third parties for the third party’s own direct marketing purposes, including the categories of information and the names and addresses of those businesses with which we have shared such information. To make such a request, please reach us at the contact information listed below. This request may be made no more than once per calendar year, and we reserve our right not to respond to requests submitted other than to the email or mailing addresses specified below.  

Do Not Track Signal    

Certain web browsers and other devices you may use to access the website may permit you to submit your preference that you do not wish to be “tracked” online. Like many websites, our website is not currently designed to recognize a Do Not Track signal from a web browser. 

Other locations around the world 

If you live in another part of the world not specifically mentioned here, please contact us as detailed in the Contacting Us section of this Policy. 

Links to Other Materials

This Service may provide links to sites operated by third parties. Health Gorilla, Inc. has no control over the content of such linked sites and is not responsible for it, or for the effect of Your accessing a site through a link on our site. You should assume that any information that does not bear the Health Gorilla logo is operated by a third party, and You should read the site’s privacy notice before using it.  Please refer to the Health Gorilla SaaS Terms of Use regarding third party information and related disclaimers and limitations of liability. 

Applicable Law

Any claim relating to the use of this site or the systems or information to which it gives access shall be governed by the internal substantive laws of the State of Delaware. 

Term; Modification; Suspension; Termination

The initial Term of this Policy shall retroactively commence on Your date of first use and continue for as long You use the Services, unless continued as indicated in the Health Gorilla SaaS Terms of Use and/ or the terms of an express written contract. The retroactive commencement of the Term of the Services will supersede any and all other contracts, agreements or policies.  Other terms and conditions regarding the suspension and/ or Termination of access to Services is fully described in the Health Gorilla SaaS Terms of Service.

We may update or change the Services and/ or the terms set forth in this Policy from time to time and recommend that You review the Agreement on a regular basis. You understand and agree that Your continued use of the Services after the Agreement has been updated or changed constitutes Your acceptance of the revised Policy. We reserve the right to make changes to our Policy at any time without prior notice and to apply the changes to information received by Us prior to the effective date of the change.  

Contacting Us    

Our website is owned and operated by Health Gorilla, Inc..  If you have any questions about this Policy or our Services, you can email us at, call us at (844) 446-7455, or write to us via regular mail at Health Gorilla, Inc., Attention: Privacy Officer, 800 W El Camino Real, Suite 100, Mountain View CA 94040.