Effective Date: Jan 31, 2025
Our Cookies Policy describes how we collect and use information, and what choices you have. One way we collect information is through the use of technologies including, but not limited to, cookies, pixels, web beacons, local storage, mobile device IDs, software development kits (SDKs), and similar current and future technologies. These technologies help us and our partners collect data, including but not limited to usage data, identifiers, device information, behavioral data, and any other information that may be collected through our services.
We and our partners use a variety of methods to automatically collect data when you visit our sites and use our apps. This Cookies Policy refers to these technologies collectively as “cookies.”
When you go online, you use a program called a “browser” (like Firefox, Safari, or Chrome). Most websites store a small amount of text in the browser called a “cookie.” A cookie can later be read when your browser connects to a web server in the same domain that placed the cookie. The text in a cookie contains a string of numbers and letters that may uniquely identify your device and can contain other information as well. This allows the web server to recognize your browser over time, each time it connects to that web server.
We use session cookies (that last until you close your browser) and persistent cookies (that last until you or your browser delete them). For example, we use persistent cookies to store your language preferences or other settings so you don’t have to set them up every time you visit Sleep Reset.
Web beacons are electronic images (also called single-pixel or clear GIFs) contained within a website or email. When your browser opens a webpage or email that contains a web beacon, it automatically connects to the web server that hosts the image (typically operated by a third party). This allows that web server to log information about your device and to set and read its own cookies. Third-party content on our websites (such as embedded videos and plug-ins) similarly results in your browser connecting to the third-party web server hosting that content. We also include web beacons in our email messages to tell us if you open and interact with them.
Mobile analytics and advertising IDs are generated by operating systems for mobile devices (iOS and Android) and can be accessed and used by apps in much the same way that websites access and use cookies. Our apps contain software that enables us and our third-party analytics and advertising partners to access these mobile IDs.
Some of the cookies we use are associated with your Sleep Reset account (including information about you, such as the email address you gave us), and other cookies are not.
HIPAA Compliance for Telehealth Services:
When you use Sleep Reset's telehealth services, certain cookies and tracking technologies may collect Protected Health Information (PHI) as defined by HIPAA. We implement additional protections for healthcare-related tracking:
Business Associate Agreements (BAAs):
- All tracking technology vendors that may access PHI must execute HIPAA-compliant BAAs
- We ensure all third-party analytics and advertising partners meet HIPAA security standards
- Vendors are contractually required to maintain PHI confidentiality and security
BAA Compliance Monitoring:
- Annual compliance audits of all tracking technology vendors
- Regular security assessments of business associate cookie practices
- Incident response coordination with business associates
- Termination procedures for non-compliant vendors
Vendor Due Diligence:
We conduct thorough vetting of tracking technology vendors including:
- HIPAA compliance history and certifications
- Security infrastructure and encryption capabilities
- Data breach history and response procedures
- Insurance coverage and financial stability
Healthcare Cookie Categories:
Essential Healthcare Cookies: Required for telehealth platform functionality, including:
- Secure session management for provider-patient communications
- Authentication and access controls for medical information
- HIPAA-compliant audit logging and security monitoring
Clinical Analytics Cookies: Used to improve telehealth services while protecting PHI:
- De-identified usage analytics for platform optimization
- Clinical outcomes tracking (anonymized and aggregated only)
- Quality improvement metrics that comply with HIPAA standards
PHI Protection Standards:
- Healthcare cookies use enhanced encryption and security measures
- PHI is never shared with marketing or advertising partners
- All healthcare tracking complies with HIPAA minimum necessary standards
- Automatic deletion of healthcare cookies upon session termination
TELEHEALTH SESSION COOKIE SAFEGUARDS
Active Session Protections:
During live telehealth consultations:
- Real-time encryption of all cookie data containing PHI
- Immediate deletion of temporary session cookies upon disconnection
- Automatic logout and cookie clearing after session timeouts
- Enhanced monitoring for unauthorized access attempts
Provider-Specific Cookies:
Healthcare provider interactions may involve:
- Provider authentication cookies (HIPAA-compliant)
- Clinical decision support cookies (anonymized)
- Quality assurance cookies (de-identified)
- Billing and coding cookies (minimum necessary PHI only)
Patient Safety Override Authority:
In medical emergencies, authorized personnel may:
- Override cookie privacy settings for patient safety
- Access essential health information via emergency cookies
- Coordinate with emergency services using necessary PHI cookies
- Document all emergency cookie access for audit purposes
We, along with our analytics, advertising partners, and other third parties, use these technologies on our websites, apps, and online services to collect personal data—including, but not limited to, pages you visit, links you click on, usage information, identifiers, device information, behavioral patterns, preferences, and technical data—when you use our services. This data collection may occur over time and across different websites, applications, or online services. We and our partners may combine this information with other information we collect about you from various sources, including offline interactions.
We use cookies and similar technologies in the following ways:
Essential Cookies: Enable core functionality including, but not limited to, sign-in capabilities, security features, fraud prevention, system administration, load balancing, and remembering your settings and preferences.
Analytics Cookies: Help us improve Sleep Reset by analyzing how our websites and apps perform, identifying popular features, understanding user behavior, and collecting data for business intelligence and service optimization. This analysis may include automated processing and machine learning applications.
Personalization Cookies: Remember your preferences and interactions to show you relevant content and optimize your experience. This may include creating user profiles and inferring interests based on your activities.
Marketing Cookies: Allow us and our advertising, social media partners, and other business partners to track interactions with our site or app, develop insights, deliver targeted interest-based advertising, and measure campaign effectiveness. This includes the right to share data with our partners for commercial purposes.
General Data Rights:
We reserve the right to use collected data for developing new products, services, and features, EXCEPT for Protected Health Information (PHI) collected during telehealth services.
PHI Restrictions:
For any information that constitutes PHI under HIPAA:
- We will NEVER sell, rent, or share PHI with third parties for marketing purposes
- PHI sharing is limited to HIPAA-permitted uses: treatment, payment, and healthcare operations
- All PHI sharing requires appropriate Business Associate Agreements
- PHI is never used for AI training or algorithm improvement without explicit authorization
State Health Privacy Law Compliance:
We comply with state-specific health data privacy laws, including:
- Washington My Health My Data Act
- Nevada Senate Bill 370
- Connecticut consumer health data protections
- Other applicable state health privacy requirements
De-identification Standards:
- Health-related data may only be de-identified using HIPAA safe harbor methods
- Expert determination is used for complex de-identification cases
- De-identified data undergoes regular re-identification risk assessments
- We maintain documentation of all de-identification processes
Corporate Transaction Limitations:
In the event of merger, acquisition, or business transfer:
- PHI transfers require individual authorization or HIPAA-compliant successor agreements
- Healthcare data is subject to additional due diligence and security requirements
- Patients will be notified of any PHI transfers as required by law
HIPAA Rights (For Telehealth Users):
If you use our telehealth services, you have additional rights under HIPAA:
Right to Access Healthcare Cookie Data:
- Request copies of all PHI collected through cookies and tracking
- Receive information about how healthcare cookies are used
- Obtain audit logs of PHI access and sharing (where technically feasible)
Right to Restrict Healthcare Tracking:
- Request restrictions on PHI use for healthcare operations
- Opt-out of non-essential healthcare analytics while maintaining treatment capabilities
- Control sharing of healthcare data with business associates
Right to Amend Healthcare Information:
- Request corrections to inaccurate PHI collected via cookies
- Add statements of disagreement to healthcare tracking data
- Update health information preferences and consent status
Enhanced Cookie Controls for Healthcare:
Medical Session Cookies: Cannot be disabled during active telehealth sessions for safety reasons
Healthcare Analytics: Can be disabled with impact to service optimization
Clinical Research: Always requires explicit opt-in consent
Marketing Cookies: Automatically disabled for all healthcare-related pages
Healthcare Cookie Consent Process:
For telehealth services, we obtain consent through:
- Separate, specific consent for healthcare tracking (not bundled with general website consent)
- Clear explanation of healthcare cookie purposes before telehealth sessions
- Option to modify healthcare cookie preferences between sessions
- Re-consent requirements for material changes to healthcare tracking
HIPAA Authorization Requirements:
When cookies may collect PHI beyond essential functions:
- Written authorization using HIPAA-compliant forms
- Clear description of PHI to be collected via cookies
- Specific purposes for PHI collection and use
- Right to revoke authorization at any time
State Privacy Rights:
Depending on your location, you may have additional rights under state privacy laws:
Right to Delete: Request deletion of health-related personal information (subject to medical record retention requirements)
Right to Opt-Out: Refuse sale or sharing of health data for non-medical purposes
Right to Data Portability: Receive your health-related data in a portable format
Right to Non-Discrimination: Receive equal service regardless of privacy choices
Important Healthcare Limitations:
- Essential telehealth cookies cannot be disabled during medical sessions
- Some healthcare tracking is required for regulatory compliance
- Medical record retention laws may prevent deletion of certain health data
- Emergency situations may require overriding some cookie preferences
Important Notes About Controls:
STATE HEALTH PRIVACY LAW COMPLIANCE
Multi-State Privacy Protection:
Sleep Reset complies with health data privacy laws in all states where we operate, including:
Washington My Health My Data Act:
- Enhanced consent requirements for consumer health data
- Restrictions on sharing sleep and health tracking information
- Geofencing protections for healthcare locations
Nevada Consumer Health Data Privacy Law:
- Specific protections for health-related website interactions
- Enhanced security requirements for health data processing
- Consumer rights to health data deletion and correction
Connecticut Consumer Data Privacy Act:
- Special protections for healthcare-related personal information
- Requirements for health data breach notification
- Restrictions on health data use for advertising
Additional State Considerations:
- California CCPA/CPRA: Enhanced health data protections
- New York: Emerging health information privacy requirements
- Illinois: Genetic information and biometric protections
- Texas: Medical privacy and consumer protection laws
State-Specific Rights:
Your privacy rights may vary based on your state of residence:
- Some states provide broader health data deletion rights
- Certain states require enhanced consent for health data sharing
- Various states have different breach notification timelines
- Many states provide private rights of action for violations
Conflict Resolution:
When state laws conflict with HIPAA or other federal requirements:
- We apply the most restrictive privacy protection
- We provide clear notice of applicable law variations
- We maintain compliance with all applicable jurisdictions
We may modify this policy at any time without prior notice. Changes become effective immediately upon posting to our website. Your continued use of Sleep Reset after any changes constitutes acceptance of the updated policy. We may notify you of material changes via email or website notice, but are not obligated to do so. You are responsible for periodically reviewing this policy for updates.
HEALTHCARE-SPECIFIC LIMITATIONS AND DISCLAIMERS
HIPAA Compliance Limitations:
While we implement comprehensive HIPAA protections, we cannot guarantee:
- Prevention of all possible healthcare data breaches
- 100% accuracy of automated health data de-identification
- Complete elimination of technical vulnerabilities in healthcare cookies
- Absolute protection against sophisticated cyber attacks targeting health data
Medical Advice Disclaimer:
Healthcare cookies and tracking technologies:
- Do NOT constitute medical advice or clinical recommendations
- Should never be relied upon for medical decision-making
- Cannot replace professional healthcare provider consultations
- May not capture all relevant health information for treatment
Technical Healthcare Limitations:
Healthcare tracking systems may experience:
- Temporary disruptions during critical medical sessions
- Data synchronization delays affecting health information accuracy
- Technical incompatibilities with certain medical devices or software
- Performance variations affecting telehealth service quality
Legal and Regulatory Changes:
Healthcare cookie compliance is subject to:
- Evolving HIPAA interpretations and enforcement
- Changing state health privacy law requirements
- New federal healthcare technology regulations
- Updated cybersecurity standards for healthcare data
Third-Party Healthcare Vendor Limitations:
We cannot control:
- Healthcare cookie performance by third-party vendors
- Business associate compliance with HIPAA requirements
- State privacy law compliance by tracking technology partners
- International healthcare data protection standards variations
Patient Safety Considerations:
In emergency medical situations:
- Healthcare cookie preferences may be overridden for safety
- Essential medical tracking cannot be disabled during treatment
- Emergency services may require access to health cookie data
- Patient safety takes precedence over privacy preferences
Telehealth Emergency Situations:
In the event of medical emergencies during telehealth sessions, certain cookies may be necessary to:
- Maintain connection stability for emergency consultations
- Log critical medical information for continuity of care
- Enable emergency services coordination when required
- Preserve audit trails for medical-legal purposes
Data Breach Response for Healthcare Cookies:
If healthcare-related cookies are involved in a security incident:
- Immediate suspension of affected tracking technologies
- Within 24 hours: Risk assessment and containment measures
- Within 60 days: Individual notification as required by HIPAA Breach Notification Rule
- Coordination with HHS Office for Civil Rights for reportable breaches
Technology Failure Protocols:
When healthcare cookies malfunction or are compromised:
- Automatic fallback to essential-only cookie operation
- Immediate notification to affected patients via secure channels
- Documentation of all PHI potentially affected
- Remediation plan implementation within 24 hours
INTERNATIONAL HEALTHCARE DATA TRANSFERS
Cross-Border PHI Protections:
When PHI collected via cookies is transferred internationally:
- Compliance with destination country healthcare privacy laws
- Adequate data protection safeguards as required by HIPAA
- Business Associate Agreements with international vendors
- Regular assessment of international data protection standards
Specific International Frameworks:
- EU GDPR: Enhanced health data protections for European patients
- Canada PIPEDA: Cross-border health information safeguards
- UK Data Protection Act: Post-Brexit healthcare data compliance
- Australia Privacy Act: Health record privacy requirements
Patient Notification:
We will notify patients when their healthcare cookie data may be:
- Processed in countries with different privacy standards
- Subject to foreign government access requests
- Transferred to international business associates
- Stored in overseas data centers or cloud services
REGULATORY COMPLIANCE MONITORING
Ongoing Compliance Updates:
We continuously monitor healthcare privacy developments including:
- HHS Office for Civil Rights guidance updates
- State health privacy law changes
- FTC health data enforcement actions
- Healthcare cybersecurity standard evolution
Policy Update Procedures:
- Quarterly review of healthcare cookie compliance requirements
- Immediate updates for regulatory changes affecting patient rights
- 30-day advance notice for material healthcare cookie policy changes
- Automatic notification to active telehealth patients
Audit and Documentation:
We maintain comprehensive records of:
- All healthcare cookie compliance activities
- Business associate compliance certifications
- Patient consent and authorization documentation
- Security incident response and remediation actions
If you have any questions or concerns about this Cookies Policy, please contact us at:
Sleep Reset
Attention: Privacy Officer
Email: help@thesleepreset.com or 2261 Market St #4408, San Francisco, CA 94114
Last Updated: Jan 31, 2025
Start Sleeping
Better Today!
