Privacy Policies

Link to Parent User Privacy Policy
Link to Healthcare Provider Privacy Policy

Parent User Privacy Policy

Last Updated/Effective Date: March 15, 2025

OtisHealth, Inc. and The California Department of Public Health (“we” or “CDPH”) are committed to preserving the privacy of your personal and health information.  Our Privacy Policy explains what information we gather, use, and share when you use  the OtisHealth, Inc. platform, specifically the Life Events Platform (“Life Events” or the “Platform”).

 

Acceptance of Privacy Policy

By using Life Events, you agree to the terms of this Privacy Policy. If you do not agree to the terms of this Privacy Policy, please do not use Life Events. CDPH may update the Privacy Policy from time to time. You will be notified of any material changes to this Privacy Policy through email.. The most current version of the Privacy Policy is accessible through the app. The notification will indicate when such changes will become effective. 

 

Information We Collect and How We Collect It

 As part of this Platform, CDPH’s Vital Records, (MS 5103, P.O. Box 997410, Sacramento, CA 95899-7410) collects the information necessary for the creation of a birth certificate from Life Events participants and healthcare providers. This collection is pursuant to California Health and Safety Code (HSC) sections 102400, 102425, and 102426. 

Personal Information

We collect your name, e-mail address, phone number, date of birth, your gender, and your medical record number (MRN) from the healthcare provider which enrolls you. We collect this Personal Information when you are enrolled as a Life Events participant. In addition, Life Events will collect all information which you enter into the Birth Worksheet on the Life Events applications, which includes personal history, social history, demographic details, and medical history.

Health Information

We collect your health information from your healthcare providers, or information about your healthcare providers, in the following ways:

  1. When you enter health information on Life Events.
  2. When your healthcare provider uploads health information from their Electronic Health Record (EHR) system into the Platform after the birth event.

 

Information Automatically Collected 

Account Activity. We may collect data about how you use your online account and the Platform when you are logged into your account. We may use IP addresses to conduct website analyses and performance reviews and to administer our website.

Cookies & Other Tracking Technologies.

A cookie is a small text file that our Platform saves onto your computer or device when you use the Platform that provides us certain information about your activities. Other tracking technologies like web beacons/pixel tags are small graphics on a webpage that monitor your activity when viewing a webpage. 

These tools (collectively, “Cookies”) 

  • allow the Platform: to remember your actions and preferences and recognize you or your browser, along with some information you provided.  
  • allow us to provide you with a more personalized experience. 

Cookies may collect information such as your device’s IP address, location and pages visited. Most browsers automatically accept cookies, and you can manually delete Cookies through your browser settings. Also, you can disable this function by changing your browser settings, but disabling cookies may impact your use and enjoyment of the Platform. Not all features or functions of the Platform may work properly if you disable Cookies. You cannot disable all Cookies, such as Cookies that are essential to the functioning of the Platform.

California’s “Do-Not-Track” Requirement.  we currently do not honor “do not track” requests.  

Web Analytics.  We use 3rd party web analytics tools and services to collect and process information about your use of OtisHealth. These tools and services set cookies on your browser or device, and then your web browser will automatically send information to us.  We use this information to better understand and measure how users interact with the Platform. 

Online Behavioral Advertising. We do not use third parties and/or service providers to provide interest-based advertising services.

 

How We Use Your Information

We collect and use your identifiable data and information for the following purposes:

  • To provide the primary service of the Platform, specifically to establish a legal record of a vital event; provide certified copies for personal use; furnish information for demographic and epidemiological studies; and supply data to the National Center for Health Statistics for federal reports.
  • To verify your identity before we begin collecting your health information and records. For example, we use your phone number to send you text messages for multi-factor authentication and other security measures. 
  • To respond to your questions, comments, or complaints. We may also use personal information as requested or consented to by you.
  • To locate your health records and assist healthcare providers with accurately verifying and sending us your correct health records for your account.
  • To support company operations like quality control and fraud detection.           
  • To fulfill internal business purposes such as data analysis, audits, identifying usage trends, and improving our services.
  • To comply with any applicable legal or regulatory obligations.

 

Storage of Data

We store your data on your device. We also store your data outside the device on OtisHealth servers  or  through third party secure cloud storage services.

 

Encryption of Data

We automatically encrypt your data in the device or app. We automatically encrypt your data when stored on OtisHealth servers or with outside cloud computing service providers. We automatically encrypt your data while it is transmitted.

 

Retention of Information

Unless a longer retention period is required by law, your account will be deactivated and your data will be deleted from the app 135 days after you were enrolled by your Healthcare Provider. After deletion, your data will not be available on Life Events for future use. 

 

Disclosure and Sharing of Your Information

We do not sell, rent or lease any of your identifiable or de-identified (data in which personal identifiers have been removed) personal information to any third party. Your identifiable data is only shared when you direct the application to share your data with us and the health system which enrolled you. Information may also be shared with the following parties, in compliance with applicable laws:


Employees and Contractors. We may share personal information with our employees and Contractors, such as the University of California San Diego (UCSD) , who have a need to know the information for our business purposes.

Third-Parties and/or Service Providers. We may share personal information with third party contractors and/or service providers that provide services for us. For example, we may share personal information with cloud storage providers or security vendors. 

Law Enforcement. Other than for the purposes of creating or tracking vital events, we will  only share personal information with law enforcement or a governmental agency if permitted by law.

Other. We may share personal information with third parties when explicitly requested by or consented to by you, or for the purposes for which you disclosed the personal information to us as indicated at the time and point of the disclosure (or as was obvious at the time and point of disclosure).

Social Media. This Platform does NOT allow you to share the collected data with your social media accounts, like Facebook.

Use and Disclosure of Non-Personal Information

Personal information received through this Platform will be transferred to the vital records section of CDPH. After 135 days any and all data maintained in this system will be deleted. Personal information imputed into the Platform, regardless of whether it has been de-identified and/or aggregated, will not be maintained by CDPH’s contractor or subcontractor.  

Children’s Information. Our Platform is not directed at children under 18 years of age, nor is it intended to be used by users under 18 years of age without parent supervision. We do not knowingly collect, use, or share personal information from children under 18. If a parent or legal guardian learns that their child provided us with personal information without his or her consent, please contact us and we will make commercially reasonable attempts to delete such personal information.

 

Data Security

We use commercially reasonable technical and organizational measures to help secure personal information against loss, misuse, and alteration appropriate to the type of personal information processed. If a breach of your personal information occurs, we will follow the requirements of the Information Practices Act and users affected by a data breach will be notified pursuant to the requirements set forth in that Act. Passwords for affected accounts will be invalidated and will require new passwords to be established. Any data deleted or corrupted by a bad actor (i.e. hacker or malicious software) will, if possible, recovered from secure back-up servers. Public disclosure of any data breach will be made as required by state and federal laws and regulations.

 

You understand that no data transmission over the internet or device can be guaranteed to be 100% secure. While we strive to protect Personal Information, we do not guarantee the security of Personal Information and you provide Personal Information at your own risk.

 

Access from Outside the United States

If you access the Platform from outside the United States, please be aware that personal information may be transferred to, stored in, and processed in the United States. Certain governmental authorities may not consider the level of protection of personal information in the United States to be equivalent to that required by the in other jurisdictions.

 

Access, Update or Delete Your Information

Consistent with the laws of your state, this platform allows you to access, edit, share or delete the data we have about you. Data sharing may only occur using the Platform and only to other users and individuals to whom you have authorized access. To access or update your personal information as it exists in our records, please visit your account or contact us using the information below.

 

Use By Non-Residents

This Privacy Policy is intended to meet the laws and regulations of California and the United States, which may not necessarily be consistent with the laws and regulations of your home country. Any information that you provide will be treated in accordance with this Privacy Policy, the Terms and Conditions, and California and U.S. laws. The Platform is not intended for use outside the United States.

 

Contact Us

If you have questions or concerns regarding this Policy, contact CDPH at:

California Department of Public Health

Vital Records -​ MS 5103

P.O. Box 997410

Sacramento, CA 95899-7410

Privacy Policy: https://uat.califeevents.org/privacy 

Email: lifeeventsfeedback@cdph.ca.gov

Phone: (916) 445-2684

Healthcare Provider User Privacy Policy 

Last Updated/Effective Date: May 15, 2025

OtisHealth, Inc. and The California Department of Public Health (“we” or “CDPH”) are committed to preserving the privacy of your personal information and your patients’ health information.  Our Privacy Policy explains what information we gather, use, and share when you use  the OtisHealth, Inc. platform, specifically the Life Events Platform (“Life Events” or the “Platform”). This Privacy Policy pertains specifically to Healthcare Providers (“Providers”) who use the Life Events Platform. For information regarding our patient privacy policy, please see the Patient Privacy Policy.

 

Acceptance of Privacy Policy

By using Life Events, you agree to the terms of this Privacy Policy. If you do not agree to the terms of this Privacy Policy, please do not use Life Events. CDPH may update the Privacy Policy from time to time. You will be notified of any material changes to this Privacy Policy through email. The most current version of the Privacy Policy is accessible through the app. The notification will indicate when such changes will become effective. 

 

Information We Collect and How We Collect It

As part of this Platform, CDPH’s Vital Records, (MS 5103, P.O. Box 997410, Sacramento, CA 95899-7410) collects the information necessary for the creation of a birth certificate from Life Events participants and healthcare providers. This collection is pursuant to California Health and Safety Code (HSC) sections 102400, 102425, and 102426. 

 

Personal Information

We collect your name, mailing address, e-mail address, mobile phone number, your individual National Provider Identifier (NPI), your practice specialty, the name of your affiliated medical practice/organization, and your medical practice/organization NPI.  We collect this Personal Information when you register as a Healthcare Provider. 

 

Health Information

The information collected and processed regarding your patients will be governed by this Privacy Policy. 

 

Information Automatically Collected 

Account Activity. We may collect data about how you use your online account and the Platform when you are logged into your account. We may use IP addresses to conduct website analyses and performance reviews and to administer our website.

 

Cookies & Other Tracking Technologies.

A cookie is a small text file that our Platform saves onto your computer or device when you use the Platform that provides us certain information about your activities. Other tracking technologies like web beacons/pixel tags are small graphics on a webpage that monitor your activity when viewing a webpage. 

These tools (collectively, “Cookies”) 

  • allow the Platform: to remember your actions and preferences and recognize you or your browser, along with some information you provided.  
  • allow us to provide you with a more personalized experience. 

Cookies may collect information such as your device’s IP address, location and pages visited. Most browsers automatically accept cookies, and you can manually delete Cookies through your browser settings. Also, you can disable this function by changing your browser settings, but disabling cookies may impact your use and enjoyment of the Platform. Not all features or functions of the Platform may work properly if you disable Cookies. You cannot disable all Cookies, such as Cookies that are essential to the functioning of the Platform.

 

California’s “Do-Not-Track” Requirement.  we currently do not honor “do not track” requests.  

Web Analytics.  We use 3rd party web analytics tools and services to collect and process information about your use of OtisHealth. These tools and services set cookies on your browser or device, and then your web browser will automatically send information to us.  We use this information to better understand and measure how users interact with the Platform. 

Online Behavioral Advertising. We do not use third parties and/or service providers to provide interest-based advertising services. 

 

How We Use Your Information

We collect and use your identifiable data and information for the following purposes:

  • To provide the primary service of the Platform, specifically to establish a legal record of a vital event; provide certified copies for personal use; furnish information for demographic and epidemiological studies; and supply data to the National Center for Health Statistics for federal reports.
  • To verify your identity before we allow you to begin collecting a patient’s health information and records. For example, we use your phone number to send you text messages for multi-factor authentication and other security measures. 
  • To respond to your questions, comments, or complaints. We may also use personal information as requested or consented to by you.
  • To locate a patient’s health records and assist other healthcare providers with accurately verifying and sending the Platform correct health records  related to your account.
  • To support company operations like quality control and fraud detection. 
  • To fulfill internal business purposes such as data analysis, audits, identifying usage trends, and improving our services.
  • To comply with any applicable legal or regulatory obligations.

 

Storage of Data

We store your data on your device. We also store your data outside the device on OtisHealth servers or through third party secure cloud storage services.

 

Encryption of Data

We automatically encrypt your data in the device or app. We automatically encrypt your data when stored on OtisHealth servers or with outside cloud computing service providers. We automatically encrypt your data while it is transmitted.

 

Retention of Information

Unless a longer retention period is required by law, patients’ accounts will be deactivated and their data will be deleted from the Platform 135 days after they were enrolled by a Healthcare Provider. After deletion, their data will not be available on Life Events for future use. 

 

Disclosure and Sharing of Your Information

We do not sell, rent or lease any of your identifiable or de-identified (data in which personal identifiers have been removed) personal information to any third party. Your identifiable data is only shared when you direct the Platform to share your data with us and the health system which enrolled you. Information may also be shared with the following parties, in compliance with applicable laws:

Employees and Contractors. We may share personal information with our employees and Contractors, such as the University of California San Diego (UCSD), who have a need to know the information for our business purposes.

Third-Parties and/or Service Providers. We may share personal information with third party contractors and/or service providers that provide services for us. For example, we may share personal information with cloud storage providers or security vendors. 

Law Enforcement. Other than for the purposes of creating or tracking vital events, we will  only share personal information with law enforcement or a governmental agency if permitted by law.

Other. We may share personal information with third parties when explicitly requested by or consented to by you, or for the purposes for which you disclosed the personal information to us as indicated at the time and point of the disclosure (or as was obvious at the time and point of disclosure).

Social Media. This Platform does NOT allow you to share the collected data with your social media accounts, like Facebook.

 

Use and Disclosure of Non-Personal Information

Personal information received through this Platform will be transferred to the vital records section of CDPH. After 135 days any and all data maintained in this system will be deleted. Personal information imputed into the Platform, regardless of whether it has been de-identified and/or aggregated, will not be maintained by CDPH’s contractor or subcontractor.  

Children’s Information. Our Platform is not directed at children under 18 years of age, nor is it intended to be used by users under 18 years of age without parent supervision. We do not knowingly collect, use, or share personal information from children under 18. If a parent or legal guardian learns that their child provided us with personal information without his or her consent, please contact us and we will make commercially reasonable attempts to delete such personal information.

 

Data Security

We use commercially reasonable technical and organizational measures to help secure personal information against loss, misuse, and alteration appropriate to the type of personal information processed. If a breach of your personal information occurs, we will follow the requirements of the Information Practices Act and users affected by a data breach will be notified pursuant to the requirements set forth in that Act. Passwords for affected accounts will be invalidated and will require new passwords to be established. Any data deleted or corrupted by a bad actor (i.e. hacker or malicious software) will, if possible, be recovered from secure back-up servers. Public disclosure of any data breach will be made as required by state and federal laws and regulations.

You understand that no data transmission over the internet or device can be guaranteed to be 100% secure. While we strive to protect Personal Information, we do not guarantee the security of Personal Information and you provide Personal Information at your own risk.

 

Access from Outside the United States

If you access the Platform from outside the United States, please be aware that personal information may be transferred to, stored in, and processed in the United States. Certain governmental authorities may not consider the level of protection of personal information in the United States to be equivalent to that required by the in other jurisdictions.

 

Third-Party Websites

The Platform may link to, or be linked to, websites not controlled by us. We are not responsible for third-parties’ privacy policies or practices. This Policy does not apply to any third-party websites or to any data that you provide to third parties. You should read the privacy policy for each website that you visit.

 

Access, Update or Delete Your Information

Consistent with the laws of your state, this platform allows you to access, edit, share or delete the data we have about you. Data sharing may only occur using the Platform and only to other users and individuals to whom you have authorized access. To access or update your personal information as it exists in our records, please visit your account or contact us using the information below.

 

Use By Non-Residents

This Privacy Policy is intended to meet the laws and regulations of California and the United States, which may not necessarily be consistent with the laws and regulations of your home country. Any information that you provide will be treated in accordance with this Privacy Policy, the Terms and Conditions, and California and U.S. laws. The Platform is not intended for use outside the United States.

 

Contact Us

If you have questions or concerns regarding this Policy, contact CDPH at:

California Department of Public Health

Vital Records -​ MS 5103

P.O. Box 997410

Sacramento, CA 95899-7410

Privacy Policy: https://califeevents.org/privacy 

Email: lifeeventsfeedback@cdph.ca.gov

Phone: (916) 445-2684