Sana Benefits - Mobile App Privacy Policy

Mobile App Privacy Policy

Privacy Policy

Last Updated: March 5, 2026

This notice describes how Personal Data and/or information about you may be used and disclosed and how you can obtain access to this information. Please review it carefully. 

 

INTRODUCTION

We at Sana Management Services, LLC on our own behalf and on behalf of our subsidiaries and affiliates (including, where applicable, Sana Benefits, Inc.) (collectively, “we”, “us”, “our,” “the Company”, or “Sana Management”) value your privacy and are committed to keeping your personal data confidential. 

 

We use your data in the context of providing: (i) a mobile application (“Mobile Application”) and a patient-member-facing portal (“Patient Portal”) for patients who are members of Sana Management’s affiliated health plan, Sana Benefits, Inc., or who are otherwise granted access to certain telehealth services without being a Sana Benefits, Inc. plan member (collectively, “Patient Users”) that facilitate access to certain benefits and plan information (where Patient User is a Sana Benefits, Inc. plan member) and certain communication and telehealth services from qualified and authorized providers (each a “Provider User”) that are employed or contracted by Sana Member Services FL, P.A., and other healthcare entities and their affiliates (collectively defined as the “Medical Group”), (ii) an online provider telehealth portal (“Provider Portal”) that enables Provider Users to provide telehealth services to Patient Users and, (iii) an online administrative portal (“Admin Portal”) that enables Sana Benefits, Inc. plan administrators to manage certain administrative and reporting tasks related to their self-funded health insurance programs and enables brokers to manage certain tasks related to their Sana Benefits, Inc. employer group clients (collectively, “Admin Users”), and (vi) a website with a landing page at sanabenefits.com (the “Website”), including all relevant content and functionality associated with the Mobile Application, Provider Portal, Patient Portal, Admin Portal, and Website (collectively, the “Services”). For purposes of this policy, the Mobile Application, Provider Portal, Patient Portal, Admin Portal, and Website may be referred to together as the “Portals.”

 

Sana Management is affiliated with certain Medical Groups where Sana Management provides management and administrative services to Medical Groups, and Medical Groups provide medical services, including telehealth services, in certain states where such Medical Groups are authorized to practice.

 

Please refer to our Notice of HIPAA Privacy Practices to learn about our privacy practices with respect to your Protected Health Information (as defined under the Health Insurance Portability and Accountability Act of 1996 or “HIPAA”).

 

Privacy Policy Applicability

This Privacy Policy applies to personal data (“Personal Data”) that Sana Management collects from Provider Users and Patient Users, (collectively the “Users”) of the Services. The term “Personal Data” includes any information that can be used on its own or with other information in combination to identify or contact one of our Users. Some of the Personal Data we collect and transmit may be considered “health data” (i.e., data related to a Patient User’s physical or mental health), “protected health information” or “PHI” (i.e., information that relates to a Patient User’s past, present, or future physical or mental health or condition(s); the provision of health care to a Patient User; or the past, present, or future payment for the provision of health care to a Patient User), and/or medical records as defined by state law. 

 

We believe that privacy and transparency about the use of your Personal Data are of utmost importance. In this Privacy Policy, we provide you with detailed information about our collection, use, maintenance, and disclosure of your Personal Data. The Privacy Policy explains what kind of information we collect, when and how we might use your Personal Data, how we protect Personal Data and your rights regarding your Personal Data. Therefore, our privacy practices are intended to comply with the Health Insurance Portability and Accountability Act (“HIPAA”) and relevant state law related to the use and disclosure of medical records, where applicable.

 

For additional information related to how we use and disclose your Personal Data, please contact our Privacy Officer at privacy@sanabenefits.com.

 

Note regarding third-party sites: Our Services may contain links to other sites that are not operated by Sana Management. If you click a third-party link, you will be directed to that third party’s site. We strongly advise you to review every site you visit for the privacy policy(ies). Sana Management has no control over and assumes no responsibility for the content, privacy policies, or practices of any third-party sites or services. THIS PRIVACY POLICY DOES NOT APPLY TO YOUR USE OF OR ACCESS TO ANY THIRD-PARTY SITES OR SERVICES. 

 

Agreement to these Privacy Policy Terms

BY ACCESSING AND/OR USING THE SERVICES, YOU ARE ACKNOWLEDGING THAT YOU HAVE READ AND AGREE TO THE TERMS OF THIS PRIVACY POLICY. IF YOU DO NOT AGREE, YOU MUST IMMEDIATELY CEASE USING THE SERVICES. 

 

Privacy Policy Updates

Please note that we occasionally update this Privacy Policy, and it is your responsibility to stay up to date with any amended versions. Any revisions to the Privacy Policy will be posted on the Portals, as applicable. Any changes to the Privacy Policy will be effective immediately upon providing notice via the Portals and will apply to all Personal Data that we maintain, use, and disclose. If you continue to use the following such notice, you are agreeing to those changes. 

 

Account Deletion

If at any point you no longer agree to the use and disclosure of Personal Data, as described in this Privacy Policy, you can delete your User Account (“User Account”) by sending a deletion request to privacy@sanabenefits.com with the following information: 

  • Your name
  • Your organization (if applicable)
  • Your login email address; and
  • A statement that you are requesting account deletion. 

 

Questions or Concerns

If you have any questions or concerns after reading this Privacy Policy, please do not hesitate to contact us at privacy@sanabenefits.com. We appreciate your feedback. 

 

COLLECTION AND USE OF PERSONAL DATA

What Personal Data Does Sana Management Collect?

We collect three types of information from all Users (i.e., Provider Users and Patient Users): (i) Demographic Data; (ii) Support Data; and (iii) Technology data. Each category of data is explained in depth below. 

 

Demographic Data: Sana Management collects demographic data, which may include, but not be limited to, your name, email address, and phone number, your role within your organization (i.e. if you are a Provider User, your designation as a physician, other qualified health care provider, clinical staff, or non-reimbursable staff, the state where you are licensed, and your title within your organization). The collection of this demographic data is primarily used to create your User Account, which you can use to securely utilize the Services. 

 

Support Data: If you contact us for support or to lodge a complaint, we may collect technical or other information from you through log files and other technologies, some of which may qualify as Personal Data (e.g., IP address). Such information will be used for the purposes of troubleshooting, customer support, software updates, and improvement of the Services in accordance with this Privacy Policy. Calls with Sana Management may be recorded or monitored for training, quality assurance, customer service, and reference purposes. 

 

Technology Data: We use common information-gathering tools, such as log files, cookies, web beacons, and similar technologies to automatically collect information, which may contain Personal Data from your computer or mobile device as you navigate our Services or interact with emails or other communications, we have sent you. The information we collect may include your IP address (or proxy server), device and application identification numbers, location, browser type, Internet service provider and/or mobile carrier, the pages, and files you viewed, your searches, your operating system, and system configuration information, and date/time stamps associated with your usage. This information is used to analyze overall trends, help us provide and improve our Services, and ensure the proper functioning and security of the Portals and Services. 

 

For Patient Users of the Services, we may collect the following additional type of information: 

 

Medical Data: We will collect information regarding your health conditions, including, but not limited to, images, age, gender, weight, height, medical history, symptoms, and communications between you and your Provider User who is providing services to you via the Services. We collect this information to provide you with the Services, and as applicable, to provide your health care provider (i.e., the applicable Provider User) with the information required to deliver telehealth services to Patient Users. 

 

How Will Sana Management Use Personal Data? 

Sana Management processes your Personal Data based on legitimate business interests, the fulfillment of our Services to you, compliance with our legal obligations, and/or your consent. We only use or disclose your Personal Data when it is legally mandated or where it is necessary to fulfill those purposes described in this Privacy Policy. Where required by law, we will ask for your prior consent before disclosing your Personal Data to a third party. 

 

More specifically, Sana Management processes your Personal Data for the following legitimate business purposes: 

  • To provide Services
  • To fulfill our obligations to you under the Terms of Use 
  • To communicate with you about and manage your User Account
  • To properly store and track your data within our system
  • To respond to lawful requests from public and government authorities, and to comply with applicable state/federal law, including cooperation with judicial proceedings and court orders
  • To protect our rights, privacy, safety, or property, and/or that of you or others by providing proper notices, pursuing available legal remedies, and acting to limit our damages
  • To handle technical support and other requests from you
  • To enforce and ensure your compliance with our Terms of Use or the terms of any other applicable services agreement we have with you
  • To manage and improve our operations and the Portals, including the development of additional functionality
  • To manage payment processing
  • To evaluate the quality of service you receive, identify usage trends, and improve your user experience
  • To keep our Services safe and secure
  • To send you information about changes to our terms, conditions, and policies
  • To allow us to pursue available remedies or limit the damages that we may sustain; 
  • If you are a Provider User, to enable you to connect with authorized Patient Users and view Personal Data, which allows you to monitor patient progress and overall condition as you deem appropriate; and
  • If you are a Patient User, to enable you to connect with authorized Providers Users and view Personal Data which allows you to monitor your progress and overall condition as you deem appropriate.

 

We may use, or leverage third-party service providers that use, artificial intelligence, machine learning, or other automated technologies in connection with the development, operation, maintenance, and improvement of the Services. These technologies may be used in connection with the Services for purposes such as analyzing service utilization, analyzing or improving communications with prospective customers, aiding in language translation, identifying operational patterns or trends, improving system functionality, and enhancing the overall performance of the Services. To the extent these technologies are used, we will use them in compliance with HIPAA and other applicable privacy laws. 

 

Does Sana Management Use Personal Data for Analytics?

Sana Management uses third-party service providers to monitor and analyze the use of the Services. This enables us to better understand who is using the Services, understand how users are using the Services, evaluate product functionality, and make improvements to the Services.

 

Where Is Personal Data Processed?

The Personal Data we collect through the Services will be stored on secure servers in the United States. Personal Data may be transmitted to third parties, which parties may store or maintain the data on their secure servers. These third parties are not permitted to transfer your Personal Data outside of the United States. 

 

With Whom Does Sana Management Share Personal Data? 

We may share your personal information with the following categories of individuals/entities: 

 

Business Partners and Vendors: We share Personal Data with a limited number of partners, service providers, and other persons/entities who help run our business (“Business Partners”). Specifically, we may employ third-party companies and individuals to facilitate our Services, provide Services on our behalf, perform Service-related functions, or assist us in analyzing how our Services are used. Our Business Partners are contractually bound to protect your Personal Data and to use it only for the limited purpose(s) for which it is shared. Business Partners’ use of Personal Data may include, but is not limited to, the provision of services such as data hosting, IT services, customer services, and payment processing. 

 

Our Advisors: We may share your Personal Data with third parties that provide advisory services to Sana Management, including, but not limited to, our lawyers, auditors, accountants, and banks (collectively, “Advisors”). Personal Data will only be shared with Advisors if Sana Management has a legitimate business interest in the sharing of such data. 

 

Third Parties Upon Your Direction or Consent: You may direct Sana Management to share your Personal Data with third parties. Upon your request and consent, we may share such Personal Data with those third parties that you identify. 

 

Provider Users: To use the Services, Patient Users must be affiliated with one or more Provider Users.  As part of the Services, we will share your Personal Data with your specified Provider(s) User. If at any point you want to deny access to one or more Provider Users, you can do so by emailing privacy@sanabenefits.com.

 

Third Parties Pursuant to Business Transfers: In the event of a reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of Sana Management’s corporate entity, assets, or stock (including in connection with any bankruptcy or similar proceedings), we may share your Personal Data with a third party. 

 

Government and Law Enforcement Authorities: If reasonable and necessary, we may share your Personal Data to (i) comply with legal processes or enforceable governmental requests, or as otherwise required by law; (ii) cooperate with third parties in investigating acts or omissions that violate this Privacy Policy or the Terms of Use; or (iii) bring legal action against someone who may be violating the Terms of Use or who may be causing intentional or unintentional injury or interference to the rights or property of Sana Management or any third party, including other users of our Services. 

 

How Long Does Sana Management Retain Personal Data?

Sana Management retains your Personal Data only as necessary and as required for our business operations, the provision of Services, archival purposes, and/or to satisfy legal requirements. The exact period of retention will depend on: (i) the amount, nature, and sensitivity of the Personal Data; (ii) the personal risk of harm for unauthorized use or disclosure; (iii) the purposes for which we process your Personal Data, including whether those purposes can be achieved through other means; and (iv) business operations and legal requirements. the period of time for which we retain your Personal Data is referred to as the “Retention Period.” 

 

At the end of the applicable Retention Period, we will remove your Personal Data from our databases and will require that our Business Partners remove any identifiable Personal Data from their databases. If there is any data that we are unable to delete entirely from our systems for technical reasons, we will put in place appropriate measures to prevent any further processing of such data. Please note that once we disclose your Personal Data to third parties, we may not be able to access that Personal Data and we cannot force the deletion or modification of such information by third parties.

 

Sana Management and its Business Partners reserve the right to continue using de-identified data indefinitely, even after Personal Data has been removed from Sana Management’s databases. We may continue to disclose de-identified data to third parties in a manner that does not reveal personal information, as described in this Privacy Policy. Our continued use of de-identified data will comport with applicable law. 

 

What Happens to Personal Data Submitted by Minors?

Sana Management does not knowingly collect Personal Data from individuals under the age of 18. Additionally, our Services are not directed to individuals under the age of 18. We request that these individuals not provide Personal Data to us. If we learn that Personal Data from users under the age of 18 has been collected, we will deactivate the User Account associated with that data and take reasonable measures to promptly delete such data from our records. If you are aware of a user under the age of 18 accessing the Portals or Services, please contact us at privacy@sanabenefits.com.

 

If you are a resident of California under the age of 18 and have registered for a User Account with us, you may ask us to remove content or information that you have posted to our Portals. 

 

YOUR RIGHTS

What Rights Do Users Have Concerning Their Personal Data?

As a user of Sana Management’s Services you have certain rights relating to your Personal Data. These rights are subject to local data protection and privacy laws, and may include the right to:

  • Access Personal Data held by Sana Management
  • Erase/delete your Personal Data, to the extent permitted by applicable data protection and privacy laws and to the extent technologically feasible
  • Receive communications related to the processing of your Personal Data
  • Restrict the processing of your Personal Data to the extent permitted by law
  • Object to the further processing of your Personal Data, including the right to object to marketing
  • Request that your Personal Data be transferred to a third party, if possible
  • Receive your Personal Data in a structured, commonly used, and machine-readable format; and/or
  • Rectify inaccurate personal information and, considering the purpose of processing the Personal Data, ensure it is complete. 

 

Where the processing of your Personal Data by Sana Management is based on consent, you have the right to withdraw that consent at any time. If you would like to withdraw your consent or exercise any of the above rights, please contact us at privacy@sanabenefits.com.

 

How Can Users Update, Correct, or Delete Personal Data or Their User Account? 

You have the right to request restrictions on the uses and disclosures of your Personal Data. While we are not required to agree to all restriction requests, we will attempt to accommodate reasonable requests when appropriate. 

 

You may change your phone number by accessing your Sana Management User Account. If you need to make changes or corrections to other information, you may contact us at privacy@sanabenefits.com. To comply with certain requests to limit the use of your Personal Data, we may need to terminate your ability to access and/or use some or all the Services. BY REQUESTING TO LIMIT THE USE OF YOUR PERSONAL DATA OR DELETE PERSONAL DATA, YOU ACKNOWLEDGE AND AGREE THAT SANA MANAGEMENT WILL NOT BE LIABLE TO YOU FOR ANY CORRESPONDING LIMITATION IN THE SCOPE OF SERVICES OR TERMINATION OF SERVICES AS NECESSARY TO COMPLY WITH YOUR REQUEST. 

 

You have the right to request the deletion of any Personal Data from your User Account or the Services. To request deletion of your Personal Data, please email us at privacy@sanabenefits.com and include a description of the Personal Data you would like removed. We will respond to all requests for data deletion as soon as reasonably possible.

 

Should you decide to delete your User Account entirely, you may do so by emailing privacy@sanabenefits.com. By terminating your User Account, you agree that you will not be able to access any information previously contained in your User Account. You further understand that it may not be technologically possible to remove all your Personal Data from our systems. While we will use reasonable efforts to remove your Personal Data, the need to back up our systems to protect information from inadvertent loss means a copy of your Personal Data may exist in a non-erasable form that will be difficult or impossible for us to locate or remove. 

 

SAFEGUARDING PERSONAL DATA

Is Personal Data Secure?

Sana Management understands the importance of data confidentiality and security. We use a combination of reasonable physical, technical, and administrative security controls to (i) maintain the security and integrity of your Personal Data; (ii) protect against any threats or hazards to the security or integrity of your Personal Data; and (iii) protect against unauthorized access to or use of such information in our possession or control that could result in substantial harm to you. 

 

While Sana Management uses reasonable security controls, WE CANNOT GUARANTEE OR WARRANT THAT SUCH TECHNIQUES WILL PREVENT UNAUTHORIZED ACCESS TO YOUR PERSONAL DATA. SANA MANAGEMENT IS UNABLE TO GUARANTEE THE SECURITY OR INTEGRITY OF PERSONAL DATA TRANSMITTED OVER THE INTERNET, AND THERE IS NO GUARANTEE THAT YOUR PERSONAL DATA WILL NOT BE ACCESSED, DISCLOSED, ALTERED, OR DESTROYED BY BREACH OF ANY OF OUR PHYSICAL, TECHNICAL, OR ADMINISTRATIVE SAFEGUARDS. ACCORDINGLY, WE DO NOT AND CAN NOT ENSURE OR WARRANT THE SECURITY OR INTEGRITY OF ANY PERSONAL DATA YOU TRANSMIT TO US. YOU ASSUME THE RISK THAT UNAUTHORIZED ENTRY OR USE, HARDWARE OR SOFTWARE FAILURE, AND OTHER FACTORS MAY COMPROMISE THE SECURITY OF YOUR PERSONAL DATA AT ANY TIME. 

 

What Safeguards Does Sana Management Have in Place to Secure My Personal Data?

Sana Management stores Personal Data on secured servers and uses a combination of technical, administrative, and physical safeguards to protect your personal information. Such safeguards include, but are not limited to, authentication, encryption, backups, and access controls. 

 

How Can Users Protect Their Personal Data? 

You are solely responsible for preventing unauthorized access to your User Account by protecting your account credentials and limiting access to the devices you use to operate the Portals. Sana Management has no access to or control over your device’s security settings, and it is your responsibility to implement any device-level security features and protections you feel are appropriate (e.g., password protection, encryption, remote wipe capability). We recommend that you take all appropriate steps to secure any device that you use to access our Services, including the Portals. 

 

Please note that Sana Management will never send you an email requesting confidential information, such as account numbers, usernames, passwords, or Social Security Numbers. If you receive a suspicious email from Sana Management, please notify us at privacy@sanabenefits.com.

 

Further, if you know of or suspect any unauthorized use or disclosure of your User Account information or any other security concern, please notify Sana Management immediately. 

 

What If Sana Management Experiences a Data or Security Breach?

Sana Management takes the security of your Personal Data seriously. In the event of a data or security breach, Sana Management will take the following actions: (i) promptly investigate the security incident, validate the root cause, and, where applicable, remediate any vulnerabilities within Sana Management’s control which may have given rise to the security incident; (ii) comply with laws and regulations directly applicable to Sana Management in connection with such security incident; (iii) as applicable, cooperate with any affected Sana Management user or client in accordance with the terms of Sana Management’s contract with such user or client, and (iv) document and record actions taken by Sana Management in connection with the security incident and conduct a post-incident review of the circumstances related to the incident and actions/recommendations are taken to prevent similar security incidents in the future. Sana Management will notify you of any data or security breaches as required by and in accordance with applicable law. 

 

ADVERTISING, MARKETING, AND TRACKING

Does Sana Management Send Marketing or Advertisement Materials?

Sana Management may use your Personal Data to contact you with newsletters, marketing, or promotional materials, and other information that may be of interest to you. You may opt-out of receiving any marketing or advertisement materials from Sana Management at any time by following the unsubscribe link or by contacting us. 

 

Can Users Opt-Out of Receiving Communications from Sana Management? 

We may send communications, including emails, to you regarding your User Account and the Services, including the Portals. You can choose to filter any User Account, Services, or Portal emails using your email settings, but we do not provide an option for you to opt-out of these communications. 

 

If you consent to receive marketing or other communications not related to your User Account or the Portals, we will provide you with the option to opt-out of such marketing communications within the applicable message. 

 

What Is Sana Management’s Cookie Policy?

Cookies are small files that a web server sends to your computer or device when you visit or use an application that uses cookies to keep track of your activity on that site or application. Cookies also exist within applications when a browser is needed to view or display certain content within the application. Cookies hold a small amount of data specific to an application, which can later be used to help remember information you entered in the application (like your email or username), preferences selected, and movement within the application. We use cookies and other technologies to, among other things, better serve you with more tailored information and facilitate efficient and secure access to the Services and the Portals. 

 

Our cookies do not, by themselves, contain Personal Data. Further, we do not combine the general information collected through cookies with any other Personal Data to identify you. However, we do use cookies to identify that you have accessed aspects of the Services and Portals and may associate that information with your User Account (if one exists). 

 

Presently, Sana Management may use cookies for purposes including, but not limited to, analyzing user traffic using an analytics package, identifying if you are signed into the Services, testing content on the Services, storing information about your preferences, and recognizing when you return to the Services. In addition, Sana Management may also collect information using pixel tags, web beacons, clear GIFs, or other similar technologies. This information may be used in connection with website pages and HTML formatted email messages to, among other things, track the actions of Users and email recipients and compile statistics about usage and response rates. 

 

How Can Users Opt-Out of Cookies?

While you may set your browser to remove cookies and reject cookies, removing or rejecting cookies will impair functionality and prevent you from being able to properly access and use the Services. 

 

Do Not Track Disclosure

Some web browsers may transmit do not track (“DNT”) signals to websites with which the user communicates. To date, there is no industry standard for DNT, and users cannot know how a given company responds to a DNT signal they receive from browsers. Sana Management is committed to remaining apprised of DNT standards. However, Sana Management does not support DNT browser settings and does not currently participate in any DNT frameworks that would allow Sana Management to respond to signals or other mechanisms regarding the collection of your personal information. 

 

STATE PRIVACY RIGHTS

Depending on what state you live in, you may have rights in addition to the rights listed above. These rights may include:

  1. Right to access a copy of your Personal Information.
  2. Right to correction of your Personal Information.
  3. Right to delete your Personal Information from our Services.
  4. Right to receive your Personal Information in a structured, commonly used and machine-readable format.
  5. Right to opt out of certain uses of your Personal Information.
  6. Right to prohibit our collection of Personal Information if it isn’t relevant and necessary to providing you Services.

If you would like to learn more and/or exercise one or more of these rights, please contact us at privacy@sanabenefits.com.

 

CALIFORNIA SHINE THE LIGHT DISCLAIMER

Under California Civil Code section 1798.83-1798.84 (“Shine the Light”), California residents who provide Personal Information in obtaining products or services for personal, family or household use are entitled to request and obtain from us once (1) a calendar year a list identifying the categories of personal customer information which we shared, if any, with our affiliates and/or third parties in the preceding calendar year for marketing purposes (e.g. requests made in 2025 will receive information regarding 2024 sharing activities). This list will be provided free of charge. Contact information for such affiliates and/or third parties must be included.

 

CONTACTING US

Contacting Sana Management. 

Please feel free to contact Us if You have any questions about these Terms and/or any other documents referenced in these Terms. You may contact Us at privacy@sanabenefits.com, or at our mailing address:

Sana Management Services, LLC 

310 Comal, Building A, Suite 200, #242 

Austin, TX 78702 

Attn: Legal