Our Core Commitment
GEM SLEEP (“we,” “our,” or “the Company”) protects personal information and ensures it is never sold, rented, or shared for advertising or commercial purposes. We use privacy‑first, de‑identified information to improve patient experience, and individuals may opt out of such uses they do not feel comfortable with.
This applies to:
- All patients, clients, and users of our virtual health‑care services
- All employees, contractors, and authorized partners
- All digital platforms, applications, and communication channels operated by the Company
You receive the option to set your preference for Do Not Sell or Share My Information when you first visit our mygemsleep.com website, along with setting your cookie preferences. You can change those preferences at any time.
Changing Preferences for Data Sharing
Any visitor or patient may choose to change their preference for the sharing of de‑identified information used for analytics or experience optimization. We honor preference change requests in accordance with applicable state laws and industry best practices.
We want you to know that:
- Opting out does not affect access to care or clinical services
- Opt‑out requests apply to future data collection and processing
- Opt‑out mechanisms are available through our website footer, cookie settings, or by contacting our Patient Support Team.
Preferred option for updating your Opt-Out preferences:
Secondary option for updating your Opt-Out preferences:
Contact our Patient Support Team at: Contact@mygemsleep.com
Information We Protect
We only use and disclose information as permitted by law and as necessary to deliver safe, effective virtual health‑care services. We protect all forms of personal information, including:
- Identifying information (name, date of birth, contact details)
- Health information (diagnoses, treatment plans, clinical notes)
- Payment and insurance information
- Technical data (IP address, device identifiers, usage logs)
All such information is treated as confidential and safeguarded in accordance with HIPAA and applicable state privacy laws.
Use and Disclosures
Permitted Uses and Disclosures
We may use or disclose personal information only for:
- Providing and coordinating virtual health‑care services
- Processing payments and insurance claims
- Meeting legal or regulatory obligations
- Securing, maintaining, and improving our technology systems
Any third‑party service providers (e.g., secure hosting, billing processors) are contractually bound to protect information and are prohibited from using it for independent purposes.
Prohibited Uses and Disclosures
We strictly prohibit:
- Selling personal or health information
- Sharing identifiable personal information with advertising platforms
- Using identifiable personal information for targeted or behavioral advertising
- Disclosing information without patient authorization unless legally required
We may use de‑identified information to improve our services, enhance patient experience, and understand how our digital tools are used. This information cannot identify an individual and is created using methods consistent with HIPAA’s de‑identification standards.
To de-identify information we remove or alter personal identifiers so that the information cannot reasonably be used to identify an individual, using recognized technical and administrative standards for de‑identification.
We may share only de‑identified, aggregated, privacy‑first key event information with analytics or advertising platforms to:
- Understand how users interact with our website or app
- Improve navigation, accessibility, and user experience
- Measure the performance of content and
- Support non‑targeted service delivery optimization
We do not permit:
- Re‑identification of de‑identified data
- Use of de‑identified data to infer health conditions, diagnoses, or treatments
- Combining our de‑identified data with other datasets for profiling
Controls and Safeguards
To ensure privacy‑first use of de‑identified data:
- We require contractual assurances that partners cannot re‑identify or attempt to re‑identify data
- We limit the scope of data shared to the minimum necessary for analytics
- We prohibit partners from using data for their own marketing or advertising
We comply with many applicable state privacy laws, including but not limited to California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) and will update our practices as state laws evolve to ensure continued compliance.
In addition, we use administrative, technical, and physical safeguards to protect information including multi-factor authentication, access controls and audit logs, secure data storage and transmission.
We may update our practices to reflect changes in laws and technology. Updates will be posted on our website and communicated to users when required.
