July Savings: Couples Heart and Lung Scan Only $149* ►

Privacy Policy

INTRODUCTION

Craft Body Scan (“Craft Body Scan,” “we“, or “us“) owns and operates the Craft Body Scan website located at https://craftbodyscan.com and the Craft Body Scan mobile application (collectively, the “Platform”). Your access and use of the Platform, any part thereof, or anything associated therewith, including its content (“Content”), any products or services provided through the Platform, and any affiliated website, software or application owned or operated by Craft Body Scan (collectively, including the Platform and the Content, the “Service”) are governed by this Privacy Policy (“Privacy Policy”).

We are committed to respecting the privacy of users of the Service. We created this Privacy Policy (“Privacy Policy”) to tell you how Craft Body Scan collects, uses and discloses information in order to provide you with the Service. As with our Terms of Use for the Service (the “Terms of Use”), if we make any changes to our Privacy Policy, we will post the revised Privacy Policy and update the “Last Revised” date of the Privacy Policy.

By accessing or using the Service, you acknowledge the practices and policies outlined in this Privacy Policy. If you are using the Service on behalf of an individual other than yourself, you represent that you are authorized by such individual to act on such individual’s behalf and that such individual acknowledges the practices and policies outlined in this Privacy Policy.

PROTECTED HEALTH INFORMATION 

Craft Body Scan is not a “covered entity” under the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, and its related regulations and amendments from time to time (collectively, “HIPAA”), however, the Medical Group (as defined in our Terms of Use) may be a “covered entity” and, solely in its role providing administrative services to the Medical Group, Craft Body Scan may be a “business associate” of the Medical Group. Therefore, the Medical Group and, solely in its role as a business associate, Advanced Body Scan of Tulsa, may be subject to certain provisions of HIPAA with respect to “protected health information,” as defined under HIPAA, that you provide to the Medical Group. PHI does not include information that has been de-identified in accordance with HIPAA (“De-Identified Health Information”), and does not include information that you submit to Craft Body Scan for purposes other than connecting you with the Medical Group or Providers.

Under HIPAA, a “covered entity” is required to provide their patients a Notice of Privacy Practices that describes how the covered entity uses and discloses “protected health information” (“PHI”). As a result, the Medical Group has adopted and has separately provided or will provide to you a HIPAA Notice of Privacy Practices that describes how the Medical Group may use or disclose your PHI (the “Medical Group Notice of Privacy Practices”).

HIPAA also requires a covered entity to obtain a patient authorization that satisfies certain requirements in order for the covered entity or its business associates to use or disclose PHI in certain ways. In order to ensure that the Medical Group and Craft Body Scan are able to effectively provide their respective services to you and that you are able to utilize the full functionality of the Service, the Medical Group and/or Craft Body Scan may need to use or disclose your PHI in ways that would require the Medical Group to obtain an authorization under HIPAA. As a result, the Medical Group has obtained or will obtain from you a patient authorization (a “Patient Authorization”) that authorizes the Medical Group and Craft Body Scanto use and disclose your PHI in certain ways that may not be described in this Privacy Policy or the Medical Group Notice of Privacy Practices.

To the extent that Craft Body Scanis in fact a “business associate” of the Medical Group, Advanced Body Scan of Tulsa’s use and disclosure of your PHI will comply with HIPAA and any Patient Authorization. Any information that does not constitute PHI may be used or disclosed in any manner permitted under this Privacy Policy.

COLLECTION OF INFORMATION 

We collect any information you provide when you use the Service, including, but not limited to: (1) personally identifying information (“PII”) such as your name and contact data such as your e-mail address, phone number, and billing and physical addresses; (2) your login and password; (3) demographic data (such as your gender, date of birth and zip code); (4) your communications with your Providers; and (5) any information you provide when you contact or communicate with us. We may also collect information from you necessary to provide you with services from your Providers, which may include, but is not limited to: (a) payment information; (b) insurance information; and (c) health and medical data (such as previous doctors or other healthcare providers you visited, your reason for visiting a healthcare provider, date of visit, medical history and condition, medications, images or videos and other medical and health information and data you share with us)

In addition to the information we collect directly from you, we may also collect certain information from the Medical Group and/or Providers who provide treatment or other services to you in connection with our Service. This information may include, but is not limited to, diagnoses, treatment plans (including prescription details) and notes, and is accessible and visible through certain components of the Service.

We may also receive information from third parties that pay for your care or provide you with treatment, laboratory care or prescription medication, which may include, for example, your prescription history, insurance policy, insurance eligibility and coverage, and laboratory test results.

We or our service providers may automatically collect certain information from the device through which you access the Service. This information includes, but is not limited to, your language preferences, your phone number or other unique device identifier (the International Mobile Equipment Identity or the Mobile Equipment ID number), the IP address of your device, the manufacturer, model and operating system of your device, the name and version of our Service you are using, information regarding your browser and information that allows us to personalize our Service. We or our service providers may also collect information about how you interact with our Service and any of our websites to which our Service links, such as how many times you use a specific part of our Service, the amount of time you spend using our Service, how often you use our Service, actions you take in our Service and how you engage with our Service.

We and our service providers may obtain information regarding your location or the location of your device through which you access our Service. Information regarding your location may be obtained directly from you when you provide us with information as part of the registration process.

We may store cookies (e.g., locally stored objects) in your computer’s hard drive when you use the Service. These devices are used to help us speed up your future activities or to improve your experience by remembering the information that you have already provided to us. Some of our service providers may also use cookies to provide us with anonymous data and information regarding your use of the Service. At your option, you may block or delete devices from your hard drive. However, by disabling such tracking devices, you may not have access all features of the Service. For more about cookies, including links to web browser instructions for disabling and managing such tracking devices, visit http://www.usa.gov/optout-instructions.shtml.

In addition, we may use Google Analytics. Google Analytics is a web analytics tool that helps operators (like Advanced Body Scan of Tulsa) understand how users (like you) engage with their applications. Google Analytics uses cookies to track your interactions with our Service and to collect information about how you use the Service. We then use the information to compile reports that help us improve the Service.

Google Analytics collects, processes and creates reports about website trends without identifying individual users. For more information regarding Google Analytics visit “How Google uses data when you use our partners’ sites or apps” located at www.google.com/policies/privacy/partners.

USE OF INFORMATION 

In connection with providing the Service, we and our affiliates and service providers may use your information, subject to the limitations addressed in the Protected Health Information Section above, for a number of purposes, including, but not limited to: (a) verifying your identity and administering your user account (“Account”), including processing your payments and fulfilling your orders; (b) communicating with you about the Service or your use of the Service, and sending you communications on behalf of the Medical Group or its Providers; (c) providing you customer support and responding to your requests or concerns; (d) facilitating the provision of services to you by the Medical Group or its Providers; (e) making certain information in your medical records accessible and available to you; (f) sending you push notifications (notifications may be enabled or disabled through your device or app settings depending on your device type); (g) processing payments; (h) detecting, preventing, investigating and responding to fraud, intellectual property infringement, violations of our Terms of Use, or other misuse of our Service or the Medical Group’s services; (i) reviewing, monitoring, expanding or improving the Service; (j) reviewing and analyzing the efficacy of some or all of the Service; (k) identifying and creating new Content, software or tools offered through the Service; (l) developing, testing and offering other products and services, whether or not through the Service; (m) providing certain marketing communications or promotional materials relating to the Service that may be of interest to you; and (n) any other use permitted by applicable law.

We may use information regarding your location or the location of your device through which you access the Service for a number of purposes, including, but not limited to confirming you are located in a jurisdiction in which the Service is offered.

We may de-identify your information and use, create and sell such de-identified information, including De-Identified Health Information, for any business or other purpose not prohibited by applicable law.

Disclosure of Information

We may disclose your information to third parties in connection with the provision of our Service or your Provider’s provision of services or as otherwise permitted or required by law. For example, we may disclose your information to: (a) our third-party service providers that provide services such as the hosting of the Service, data analysis, IT services and infrastructure, customer service, e-mail delivery, auditing, payment processing, and other similar services; (b) the Medical Group or its Providers to schedule and fulfill appointments and provide healthcare services; (c) the Medical Group or Providers to whom you send messages through our Service; (d) the Medical Group or its Providers for treatment, payment or healthcare operations purposes; (e) third parties as we believe necessary or appropriate to enforce our policies and/or contracts; protect us, you, or others; or to comply with applicable laws; and (f) to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, liquidation or other disposition of all or any portion of our business, assets or stock with such third party. We may de-identify your information and disclose such de-identified information, including De-Identified Health Information, for any purpose not prohibited by applicable law.

USE BY MINORS

Our Service is intended for use by individuals who are at least 18 years of age or such older age as may be required by applicable state laws in the jurisdiction in which an individual utilizes the Service. However, if you are a parent or legal guardian of a minor child, you may, in compliance with the Terms of Use, consent to use of our Service by such minor child provided that such minor child is at least 13 years old, or, if such minor child is under the age of 13, you may, in compliance with the Terms of Use, use our Service on behalf of such minor child. Any information you provide us on behalf of your minor child will be treated in accordance with this Privacy Policy. We do not knowingly collect information from individuals under the age of 13. If we learn that we have received any information from an individual under the age of 13 instead of from such individual’s parent or legal guardian, we will only use that information to respond directly to that child (or a parent a parent or legal guardian) to inform him or her that he or she cannot use the Service directly and must have a parent or legal guardian use the Service on his or her behalf, and subsequently we will delete such information from our own servers.

JURISDICTIONAL ISSUES

The Service may only be used as set forth in the Terms of Use. This Privacy Policy, and our collection, use, and disclosure of your information, is governed by U.S. and California law.

THIRD PARTIES

This Privacy Policy does not address or apply to, and we are not responsible for, the privacy, information or other practices of any third parties, including, without limitation, the Medical Group or its Providers, the manufacturer of your mobile device, and any other third party mobile application or website to which our Service may contain a link. These third parties may at times gather information from or about you. We do not control and are not responsible for the privacy practices of these third parties. We encourage you to review the Medical Group’s Notice of Privacy Practices and the privacy policies of each website and application you visit and use.

MISCELLANEOUS

We strive to use reasonable physical, technical and administrative measures to protect information under our control. However, you must keep your Account password secure and your Account confidential, and you are responsible for any and all use of your Account. If you have reason to believe that the security of your Account has been compromised, please notify us immediately in accordance with the “Contacting Us” section below.

To help protect the privacy of data you transmit through the Service, where personally identifiable information is requested, we also use technology designed to encrypt the information that you input before it is sent to us using Secure Sockets Layer (SSL) technology or similar encryption technology. In addition, Craft Body Scan takes steps to protect the User data we collect against unauthorized access. However, you should keep in mind that the Service and our services are run on software, hardware, and networks, any component of which may, from time to time, require maintenance or experience problems or breaches of security beyond our control. We do not accept liability for unintentional disclosure. In addition, persons with access to your computer, phone, or other mobile or other devices may be able to access the Service and information about you contained in the Service.

By using the Site or providing Personal Information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Site. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on the Site or sending an e-mail to you. You may have a legal right to receive this notice in writing.

When using the Service, you may choose not to provide us with certain information, but this may limit the features you are able to use or may prevent you from using the Service all together. You may also choose to opt out of receiving certain communications (e.g., newsletters, promotions) by emailing us your preference. Please note that even if you opt out, we may still send you Service-related communications. We do not currently respond to web browser “do not track” signals or other mechanisms that provide a method to opt out of the collection of information across the networks of websites and online services in which we participate. If we do so in the future, we will describe how we do so in this Privacy Policy. You may request that we provide you the information we hold about you, update your information, or ask us to remove your information, or to correct any inaccuracies in such personal data by sending an email to info@crafthealth.com with the subject heading “personal information request”. We will use reasonable efforts to deal with your request within a reasonable time.

Residents of the State of California have the right to request from certain businesses with whom the California resident has an established business relationship a list of all third parties to which the business, during the immediately preceding calendar year, has disclosed certain personally identifiable information for direct marketing purposes. We are only required to respond to a customer request once during any calendar year. To obtain this information, you should send a written request to 5711 E. 71st Street ste 100, Tulsa, OK 74136 with the subject heading “Oklahoma Privacy Rights.” In your request, please attest to the fact that you are an Oklahoma resident and provide a current Oklahoma address for our response. Please be aware that not all information sharing is covered by the Oklahoma Privacy Rights requirements and only information on covered sharing will be included in our response.

CONTACTING US

If you have any questions about this Privacy Policy, please contact us by email at info@crafthealth.com or by regular mail at:

5711 E. 71st Street ste 100

Tulsa, OK 74136

Last Revised 11/29/2023