Privacy Policy

This Privacy Policy

This policy describes how we collect and use your information when you use our mobile app.

We may update this policy at any time, and future updates are effective as soon as they are published. Your use of our mobile app is also subject to the applicable Terms of Use. If you use our mobile apps, you agree to the applicable Terms of Use and consent to the use of your information as described in this policy.

This privacy policy has been compiled to better serve those who are concerned with how their ‘Personally Identifiable Information’ (PII) is being used online. PII, as described in US privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person,  or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect, and/or otherwise handle your Personally Identifiable Information in accordance with our website and/or app.

Mobile App for Patients and Providers

Our mobile Othena app for patients connects to servers and systems operated and maintained by Composite Apps, Inc., and hosted by Amazon Web Services, and provides patients with secure, mobile access to health services (vaccinations, testing, ride requests, telehealth, and other healthcare related services) and information in those servers and systems.

What is the purpose of the app?

Othena (powered by CuraPatient) provides end-to-end infectious disease testing and vaccination management solutions helping individuals like you secure vaccines, testing, and/or treatment options for COVID-19, seasonal influenza (flu), Monkeypox, and other infectious diseases. It connects health systems and providers in managing the complex testing and vaccination journey. Othena provides users like you with a Virtual Caretaker powered by Artificial Intelligence to understand your care plan, connect your devices, and/or receive support from providers via remote distance monitoring.

Upon downloading the Othena app and inputting information, you are provided status info, estimated vaccination dates, vaccination schedules, follow-up, complication tracking, emergency contacts, and/or support tools – giving you a support system for infectious disease prevention.

How do we use your information?

  • We do not sell or license your information.
  • If you choose to add a profile photo to our mobile app, you may upload a photo from your device or take a new photo using the camera app on your device. If you select an existing photo on your device, we store a copy of your chosen photo in app-private storage on your device. If you use the camera app on your device to take a new photo, the photo you take is first saved to your camera app and then also saved to app-private storage on your device. If you remove the photo from your profile or delete our mobile apps, the copy of the photo is deleted from the app-private storage, but the photo saved to your camera app remains available in your camera app until you choose to delete it. If you already have a photo stored in your profile through your healthcare provider – we do not interact with that photo in any way.
  • If you choose to view documents from your healthcare provider (such as visit notes or images) using our mobile app, to make the files viewable for you we temporarily store copies on your device in app-private storage. The temporary copies are deleted when you close your session on our mobile apps.
  • If you choose to include a photo or video in a message you send to your healthcare provider using our mobile app, you may select an existing photo or video from your device or take a new photo or video using the camera app on your device. If you use the camera app on your device to take a new photo or video, it will be saved to your camera app. Any photo or video saved to your camera app remains available in your camera app until you choose to delete it.
  • If your healthcare provider offers telehealth visits using our mobile app, when you join a visit with your provider, we will ask for permission to access your device’s video and audio functionality to make the telehealth visit possible. We do not record or store video or audio data from these visits.
  • If your healthcare provider offers automatic appointment arrival and you choose to enable it, we temporarily store identifiers and times for your upcoming appointments in app-private storage to detect when you arrive for an upcoming appointment. If you choose to stop using our mobile apps or you disable automatic appointment arrival, the identifiers are deleted.
  • If your healthcare provider offers location-based check in for in-person appointments, you may choose to allow our mobile app to interact with your location data for those purposes. We do not store your location data.
  • If your healthcare organization allows you to notify front desk staff electronically when you arrive for an appointment, you may choose to allow our mobile apps to interact with your Bluetooth data for this purpose. We do not store your Bluetooth data.
  • While you use our app, if you choose to call a phone number displayed within the app, we will ask for permission to access your device’s phone to place a call to the phone number. We do not store your call history or data about the call.
  • While you use our app, we collect non-identifying information so we can provide customer service to you or your healthcare provider and understand how people use our mobile app so we can improve our products. This information includes the time you began using the app, the healthcare organization you interacted with, any error messages or codes, the model of device used and its operating system, and the version of our mobile app used. If you use Android devices, we also collect your connection type (cellular or WiFi) during an error.
  • You may contact us through the methods listed on Our Website. If you contact us, we may keep a record of the communication. You can decide how much information you want to share with us in those cases.

What personal information do we collect from the people that use our app or web-based patient portal?

When you register on our app or web-based patient portal, the following information is collected from you: Name, Email ID, Mailing Address (Location), Phone Number, Date of Birth, Camera, Photos, Images, Files, Audio, Video, and/or other details.

When do we collect information?

We collect information from you when you register on our site, fill out a form, use Live Chat, open a Support Ticket, and/or enter information on our website and/or app.

Do we automatically collect information?

We and our service providers may collect certain information automatically as you navigate around the app. Please read the Cookie Policy for detailed information about the cookies and other tracking technologies used on the Service. The Cookie Policy includes information on how you may disable these technologies. If you do not disable them and continue to use our Service, we will infer your consent to their use.

We and our service providers may also automatically collect and use information in the following ways:

  • Through your browser: Certain information is collected by most browsers, such as your Media Access Control (MAC) address, computer type (Windows or Mac), screen resolution, operating system name and version, and Internet browser type and version. We may collect similar information, such as your device type and identifier, if you access the Service through a mobile device. We use this information to ensure that the Service functions properly.
  • IP address: Your IP address is a number that is automatically assigned to your computer by your Internet Service Provider. An IP address is identified and logged automatically in our server log files whenever a user visits the Service, along with the time of the visit and the pages visited. Collecting IP addresses is standard practice and is done automatically by many online services. We use IP addresses for purposes such as calculating Service usage levels, diagnosing server problems, and administering the Service. We may also derive your approximate location from your IP address.
  • Device Information: We may collect information about your mobile device, such as a unique device identifier, to understand how you use the Service.

How do we use your information?

We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, use our app, and/or make use of certain other site and/or app features in the following ways:

  • The personal information collected from you at the time of registration on a website and/or app is used to help you with your vaccination, testing, and/or treatment experience and/or to provide information required by appropriate Public Health Services Agency whenever asked by them.
  • To personalize the patient experience and to allow us to deliver the type of content and product offerings in which patients are most interested.
  • To allow us to better service you in responding to customer service requests.
  • To quickly process scheduling, location services, and other transactions.
  • To send periodic emails regarding the patient experience and/or other products and services.

What permissions does a user need to give while accessing the mobile app?

While using the Othena app, you need to give permission to access the following information to the app in order to improve the care experience:


  • Allowing Othena access to your location will enable you to book nearby clinics for testing, vaccinations, or ride requests.

Camera and Storage:

  • Allowing Othena access to your camera and storage will enable you to upload images into your Othena profile, such as photo IDs and insurance cards. 
  • Your camera and microphone are also necessary for telehealth appointments. 
  • Storage is necessary for the downloading of digital vaccination records and testing results.

For Android Users – Required Google Play Disclosures for Certain Health Apps

Google has determined our mobile app is subject to their COVID-19 apps requirements, and we are required to provide the following information so we can make our mobile apps available to you in the Play store.

  • Our mobile apps access your microphone only if you choose to use your microphone to navigate our mobile app. Our mobile app uses your saved images only if you choose to add a profile image to a profile in our mobile app. This information is not used in connection with COVID-19.
  • Our mobile app accesses, collects, uses, and shares your information (including video, audio, images, files, phone) as stated in the above section titled, “How do we use your information?” We also prominently highlight these uses, describe the type of data being accessed, and obtain your consent for these purposes as you use our mobile app.
  • Our mobile app was not created specifically for the COVID-19 pandemic. They existed before the COVID-19 pandemic to allow public health agencies to connect patients, providers, and services, and to allow patients access to health information on file with healthcare providers. Your healthcare provider may allow you to access COVID-19-related vaccination information, laboratory test results, and documents with illness-related information using our mobile app. You may choose if or how you want to access, display, or use the information – similarly to how you can make those choices about health information relating to other conditions, services, tests, or vaccinations.
  • Your healthcare provider may allow you to use our mobile app to conduct telehealth appointments. Our mobile app only provides the technical support for those appointments to happen. We do not interact with any health information about you exchanged during any telehealth appointments.

How do we protect patient information?

  • We only provide articles and information. We never ask for credit card numbers.
  • We use regular Malware Scanning.
  • Personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive information patients supply is encrypted via Secure Socket Layer (SSL) technology.
  • We implement a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of their personal information.
  • All transactions are processed through a gateway provider and are not stored or processed on our servers.

Do we use 'cookies'?

Yes. Cookies are small files that a site or its service provider transfers to a user’s computer’s hard drive through a Web browser (if allowed) that enables the site’s or service provider’s systems to recognize the user’s browser and capture and remember certain information. They are also used to help us understand user preferences based on previous or current site activity, which enables us to provide users with improved services. We also use cookies to help us compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.

We use cookies to:

  • Understand and save user preferences for future visits.
  • Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future. We may also use trusted third-party services that track this information on our behalf.

You can choose to have your computer warn them each time a cookie is being sent, or you can choose to turn off all cookies. You can do this through their browser settings. Since each browser is a little different, you should look at their browser’s Help Menu to learn the correct way to modify cookies.

If you turn cookies off, some of the features that make the site experience more efficient may not function properly.

Third-party disclosure

We do not sell, trade, or otherwise transfer to outside parties any Personally Identifiable Information.

Third-party links

Occasionally, at our discretion, we may include or offer third-party products or services on our website. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.


Google’s advertising requirements can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users.

We have not enabled Google AdSense on our site but we may do so in the future.

California Online Privacy Protection Act

CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require any person or company in the United States (and conceivably the world) that operates websites collecting Personally Identifiable Information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals or companies with whom it is being shared. Ti can learn more about CalOPPA by visiting: 

In accordance with CalOPPA, we agree to the following:

Users can visit our site anonymously.

Once this privacy policy is created, we will add a link to it on our home page, or, as a minimum, on the first significant page after entering our website.

Our Privacy Policy link includes the word ‘Privacy’ and can easily be found on the page specified above.

Users will be notified of any Privacy Policy changes:

  • On our Privacy Policy Page

Users can change their personal information:

  • By logging in to their account

How does our site handle Do Not Track signals?

We honor Do Not Track signals, and we Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.

Does our site allow third-party behavioral tracking?

It’s also important to note that we do not allow third-party behavioral tracking

Children Online Privacy Protection Act (COPPA)

When it comes to the collection of personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, which is the United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online. 

We do not specifically market to children under the age of 13 years old.

Fair Information Practices

The Fair Information Practices Principles form the backbone of privacy law in the United States, and the concepts they include have played a significant role in the development of data protection laws around the globe.

Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.

In order to be in line with Fair Information Practices, we will take the following responsive action, should a data breach occur:

We will notify users via email:

  • Within 7 business days

We will notify the users via in-site notification:

  • Within 7 business days

We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.


The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.

We collect user email addresses in order to:

  • Send information, respond to inquiries, and/or other requests or questions

To be in accordance with CAN-SPAM, we agree to the following:

  • Not use false or misleading subjects or email addresses.
  • Identify the message as an advertisement in some reasonable way.
  • Include the physical address of our business or site headquarters.
  • Monitor third-party email marketing services for compliance, if one is used.
  • Honor opt-out/unsubscribe requests quickly.
  • Allow users to unsubscribe by using the link at the bottom of each email.

If at any time a user would like to unsubscribe from receiving future emails:

By following the instructions at the bottom of each email, we will promptly remove a user from ALL correspondence.

How to contact us

If there are any questions regarding this privacy policy, users may contact us using the information below.

  • Map Icon Img

    300 Spectrum Center Dr. #250
    Irvine, California 92618
    United States

  • Map Icon Img

    [email protected]

  • Map Icon Img

    OTHENA C/O Composite Apps

Last updated on 2022-11-29