Privacy Policy

Last updated: November 5, 2025

Salma Health, Inc., together with its subsidiaries and affiliates (collectively, "Company" "us," "we," or "our") is committed to protecting the privacy of Personal Data (i.e., information reasonably related to a specific individual). This Privacy Policy describes how we process Personal Data collected through our websites, including www.salmahealth.com, social media accounts, mobile applications, connectivity required to receive medical services from Center for Neurohealth, Inc., d/b/a Salma Health (collectively, the “Salma Medical Group Practices”) via the virtual clinic, other online interactions and communications such as email (collectively, our “Digital Properties”) and other online and offline interactions.

Scope:

  • This Privacy Policy does not apply to the data about our own employees, contractors, agents, and job applicants.
     
  • This Privacy Policy also does not apply to “protected health information” that is subject to the Health Insurance Portability and Accountability Act (“HIPAA”). We handle protected health information to perform services on behalf of our “covered entity” business customers (as a “business associate”). When we handle information as a “business associate,” our business customer’s HIPAA Notice of Privacy Practices applies to that information, and we encourage you to review that business customer’s HIPAA Notice of Privacy Practices for more information and to exercise your rights under HIPAA. The HIPAA Notice of Privacy Practices for the Salma Medical Group Practices is available here.

Changes: We may update this Privacy Policy from time to time. Any updated Privacy Policy will be effective when posted. Please check this Privacy Policy periodically for updates. If required by law, we will contact you directly to provide you with an updated Privacy Policy.

1. Sources of Personal Data

We collect Personal Data about you from the following sources:

A. Directly from you. We may collect Personal Data you provide to us directly, such as when you contact or interact with us through our Digital Properties, create an account, sign up for offers or newsletters, communicate with us, place or customize orders.

B. Data collected automatically and through tracking technologies. We may automatically collect information or inferences about you, such as through cookies and other tracking technologies, when you interact with our Digital Properties. This may include information about how you use and interact with our Digital Properties, information about your device, and internet usage information.

C. From third parties. We may collect Personal Data from third parties, such as service providers, our affiliated companies and subsidiaries, or other parties who interact with us.

D. From publicly available sources. We may collect Personal Data about you from publicly available sources, such as public profiles and websites.

We may combine information that we receive from the various sources described in this Privacy Policy, including third party sources, and use or disclose the combined information for the purposes identified below.

2. Types of Personal Data We Collect

We may collect the following types of Personal Data:

A. Identifiers, such as your name, email address, physical address, telephone number, business contact information, and device identifiers (e.g., cookie IDs and IP address).

B. Records about you, such as signatures; the content, timing and method of communications you have with us, such as online chats, calls, and emails; and information you share with or upload to our Digital Properties, such as reviews and comments.

C. Demographic information, such as age (including birthdates) and gender.

D. Commercial information, such as information related to your transactions (including credit card data we may collect for copays); products or services purchased, obtained, or considered; subscription information; or other purchasing or consuming histories or tendencies.

E. Internet or other electronic network activity information, such as your browsing history, search history, preference information (including marketing and purchasing preferences), account settings (including any default preferences), and other information regarding your interactions with and use of the Digital Properties. For more information about cookies and other device data, please see Section 5 (Cookies and Other Tracking Technologies).

F. Non-precise geolocation data, such as your location as derived from your IP address.

G. Audio, electronic, visual, or other sensory information, such as photographs and audio/video recordings.

H. Professional or employment-related information, such as job title; organization; professional licenses, credentials, or affiliations; and other professional information.

I. Inferences drawn from any of the information we collect about your preferences or behavior, including to assess the level of interest in our products and services based on frequency of visits and contact and determine your preferred frequency for receiving offers.

J. Sensitive Personal Data, including information about your health.

3. How We Use Personal Data

A. To provide you products and services, such as making our Digital Properties, products and services available to you; registering, verifying, and maintaining your account with us; providing and delivering you the goods and services you request; providing customer service; processing or fulfilling orders and transactions (including processing payments); verifying customer information and eligibility for certain programs or benefits; communicating with you (including soliciting feedback or responding to requests, complaints, and inquiries); hosting informational webinars; and providing similar services or otherwise facilitating your relationship with us.

B. For our internal business purposes, such as day-to-day operation of our business; maintaining internal business records, such as accounting, document management and similar activities; enforcing our policies and rules; management reporting; auditing; and IT security and administration.

C. For our internal research and product improvement purposes, such as verifying or maintaining the quality or safety of our products or services; improving our products or services; designing new products and services; evaluating the effectiveness of our advertising or marketing efforts; and debugging and repairing errors with our systems, networks, and equipment.

D. For legal, safety or security reasons, such as complying with legal, reporting, and similar requirements; investigating and responding to claims against us, our personnel, and our customers; for the establishment, exercise or defense of legal claims; protecting our, your, our customers’, and other third parties’ safety, property or rights; detecting, preventing, and responding to security incidents and health and safety issues (including managing spread of communicable diseases); and protecting against malicious, deceptive, fraudulent, or illegal activity.

E. In connection with a corporate transaction, such as if we acquire assets of another business, or sell or transfer all or a portion of our business or assets including through a sale in connection with bankruptcy and other forms of corporate change.

F. For marketing, such as marketing our products or services or those of our affiliates. For example, we may use Personal Data we collect to analyze interactions with us or our Digital Properties; or to send you newsletters, surveys, questionnaires, promotions, or information about events or webinars. You can unsubscribe to our email marketing via the link in the email, by responding “STOP” to the text message, or by contacting us using the information in Section 9 (Contact Information) below.

We may use anonymized, de-identified, or aggregated information for any purpose permitted by law.

4. How We Disclose Personal Data

We may disclose Personal Data to third parties, including the categories of recipients described below:

A. Affiliates and subsidiaries, including parent entities, corporate affiliates, subsidiaries, business units, and other companies that share common ownership.

B. Service providers, that work on our behalf to provide the products and services you request or support our relationship with you, such as IT providers, internet service providers, web hosting providers, data analytics providers, and companies that provide business support services, financial administration, or event organization.

C. Professional consultants, such as accountants, lawyers, financial advisors, and audit firms.

D. Vendors necessary to complete transactions you request, such as shipping companies and logistics providers.

E. Law enforcement, government agencies, and other recipients for legal, security, or safety purposes, such as when we share information to comply with law or legal requirements, to enforce or apply our Terms of Use  and other agreements or policies, and to protect our, our customers’, or third parties' safety, property, or rights.

F. Other entities in connection with a corporate transaction, such as if we acquire assets of another entity, or sell or transfer all or a portion of our business or assets including through a sale in connection with bankruptcy and other forms of corporate change.

G. The public, such as when you have an opportunity to make comments regarding us or our products that we may share with the public, including comments on our blog posts and reviews on our product pages. Any Personal Data in comments, reviews, or other content that you share in public areas of our Digital Properties may be read, collected, or used by other users or the public.

H. Entities to which you have consented to the disclosure.

5. Cookies and Other Tracking Technologies

Our Digital Properties and authorized third parties use cookies and other tracking technologies to collect information about you, your device, and how you interact with our Digital Properties. This section contains additional information about:

  • The types of tracking technologies we use and the purposes for which we use them
  • The types of information we collect using these technologies
  • How we disclose or make information available to others
  • Choices you may have regarding these technologies

A. Types of cookies and tracking technologies we use

We and the third parties that we authorize may use the following tracking technologies:

  • Cookies, which are a type of technology that installs a small amount of information on a user's computer or other device when they visit a website. Some cookies exist only during a single session and some are persistent over multiple sessions over time.
  • Pixels, web beacons, and tags, which are types of code or transparent graphics. In addition to the uses described below, these technologies provide analytical information about the user experience and help us customize our marketing activities. In contrast to cookies, which are stored on a user's computer hard drive, pixels, web beacons, and tags are embedded invisibly on web pages.
  • Embedded scripts and SDKs, which allow us to build and integrate custom apps and experiences on our Digital Properties.

B.    Purposes for using these technologies

We and authorized third parties use these technologies for purposes including:

  • Personalization, such as remembering language preferences and pages and products you have viewed in order to enhance and personalize your experience when you visit our Digital Properties.
  • Improving performance, such as maintaining and improving the performance of our Digital Properties.
  • Analytics, such as analyzing how our websites are used.
  • Security, such as preventing fraud and malicious behavior.

C.    Information collected

These tracking technologies collect data about you and your device, such as your IP address, location (both approximate and precise) cookie ID, device ID, operating system, browser used, browser history, search history, and information about how you interact with our Digital Properties (such as pages on our Digital Properties that you have viewed).

D.    Disclosures of your information

We may disclose information to third parties or allow third parties to directly collect information using these technologies on our Digital Properties, companies that provide analytics including ad tracking and reporting, security providers, and others that help us operate our business and Digital Properties.

E.    Your choices

You can refuse or delete cookies using your browser settings. If you refuse or delete cookies, some of our Digital Properties’ functionality may be impaired. Please refer to your browser’s Help instructions to learn more about how to manage cookies and the use of other tracking technologies. If you change computers, devices, or browsers; use multiple computers, devices, or browsers; or delete your cookies, you may need to repeat this process for each computer, device, or browser.

Some browsers have incorporated Do Not Track (“DNT”) preferences.  At this time, we honor Do Not Track signals.

Some browsers and browser extensions support the Global Privacy Control (“GPC”) that can send a signal to process your request to opt out from certain types of data processing, including data "sales" as defined under certain laws. When we detect such a signal, we will make reasonable efforts to respect your choices indicated by a GPC setting as required by applicable law.

6. Data Security and Data Retention

Although we maintain reasonable security safeguards, no security measures or communications over the Internet can be 100% secure, and we cannot guarantee the security of your information.

Your Personal Data will be retained as long as necessary to fulfill the purposes we have outlined above unless we are required to do otherwise by applicable law. This includes retaining your Personal Data to provide you with the products or services you have requested and interact with you; maintain our business relationship with you; improve our business over time; ensure the ongoing legality, safety and security of our services and relationships; or otherwise in accordance with our internal retention procedures. Once you have terminated your relationship with us, we may retain your Personal Data in our systems and records in order to ensure adequate fulfillment of surviving provisions in terminated contracts or for other legitimate business purposes, such as to enable easier future user onboarding, demonstrate our business practices and contractual obligations, or provide you with information about our products and services in case of interest.

7. Children and Privacy

Our Digital Properties are intended for individuals 13 years of age and older. The Digital Properties are not directed at, marketed to, nor intended for, children under 13 years of age. As a general rule, we do not knowingly collect any information, including Personal Data, from children under 13 years of age. If you believe that we have inadvertently collected Personal Data from a child under the age of 13, please contact us at the address in Section 9 (Contact Information) below, and we will take prompt steps to delete the information.

8. External Links

Our Digital Properties may contain links to external sites or other online services that we do not control, including those embedded in third party advertisements or sponsor information. We are not responsible for the privacy practices or data collection policies of such third-party services. You should consult the privacy notices of those third-party services for details on their practices.

9. Contact Information

If you have questions regarding this Privacy Policy, please contact us at: privacy@salmahealth.com

You may also contact us by writing to:

Salma Health, Inc.
400 Concar Drive, Suite 4-157
San Mateo, CA 94402

Attn: Privacy Officer

10. Supplemental U.S. State Privacy Disclosures

A. Data Subject Rights

As set forth above under “Scope”, the protected health information that we collect when performing services is subject to HIPAA, and state privacy and consumer health data laws therefore may not apply to such protected health information. We handle limited Personal Data as a “business” that is not otherwise personal health information.

If you live in California or certain other U.S. states, you may have certain rights regarding Personal Data:

  • Right to Know. You may have the right to request information about the categories of Personal Data we have collected about you, the categories of sources from which we collected the Personal Data, the purposes for collecting, selling, or sharing the Personal Data, and to whom we have disclosed your Personal Data and why. You may also request the specific pieces of Personal Data we have collected about you.
  • Right to Delete. You may have the right to request that we delete Personal Data that we have collected from you.
  • Right to Correct. You may have the right to request that we correct inaccurate Personal Data that we maintain about you.
  • Right to Opt Out of Profiling. You may have the right to opt out certain automated processing activities that are used to evaluate characteristics about you.

You may exercise the rights available to you by emailing us at privacy@salmahealth.com or by contacting us at the address set forth in Section 9 (Contact Information) above.

We will not discriminate against you for exercising your privacy rights.

Verification: In order to process rights requests, we may need to obtain information to locate you in our records or verify your identity depending on the nature of the request. In most cases we will collect some or all of the following data elements: first and last name, email address, telephone number, and state of residence. In some cases, we may request different or additional information, including a signed declaration that you are who you say you are. We will inform you if we need such information.

Authorized Agents: Authorized agents may exercise rights on behalf of an individual by submitting a request via email to privacy@salmahealth.com or by contacting us at the address set forth in Section 9 (Contact Information) above and indicating that they are submitting the request as an agent. We may require the agent to demonstrate authority to act on behalf of the individual by providing signed permission from the individual. We may also require you to verify your own identity directly with us or to directly confirm with us that the individual provided the authorized agent permission to submit the request.

B. Additional Data Processing Disclosures

In addition to the disclosures above, this section provides supplemental information about how we process Personal Data.

Disclosure of Personal Data

We do not sell Personal Data. The chart below describes the categories of Personal Data collected via the Digital Properties and to whom it was disclosed during the past 12 months.

Categories Of Personal Data We Collect and Categories of Third Parties To Whom We Disclose Personal Data for a Business Purpose

Identifiers (see Section 2.A above)

- Affiliates and subsidiaries

- Service providers

- Professional consultants

- Vendors necessary to complete transactions you request

- Law enforcement, government, agencies, and other recipients for legal, security, or safety purposes

- In connection with a corporate transaction

- Entities to which you have consented to the disclosure

Records about you (see Section 2.B above)

- Affiliates and subsidiaries

- Service providers

- Professional consultants

- Vendors necessary to complete transactions you request

- Law enforcement, government, agencies, and other recipients for legal, security, or safety purposes

- In connection with a corporate transaction

- Entities to which you have consented to the disclosure

Demographic information (see Section 2.C above)

- Affiliates and subsidiaries

- Service providers

- Professional consultants

- Vendors necessary to complete transactions you request

- Law enforcement, government, agencies, and other recipients for legal, security, or safety purposes

- In connection with a corporate transaction

- Entities to which you have consented to the disclosure

Commercial information (see Section 2.D above)

- Affiliates and subsidiaries

- Service providers

- Professional consultants

- Vendors necessary to complete transactions you request

- Law enforcement, government, agencies, and other recipients for legal, security, or safety purposes

- In connection with a corporate transaction

- Entities to which you have consented to the disclosure

Internet or other electronic network activity (see Section 2.E above)

- Affiliates and subsidiaries

- Service providers

- Professional consultants

- Vendors necessary to complete transactions you request

- Law enforcement, government, agencies, and other recipients for legal, security, or safety purposes

- In connection with a corporate transaction

- Entities to which you have consented to the disclosure

Geolocation data (see Section 2.F above)

- Affiliates and subsidiaries

- Service providers

- Professional consultants

- Vendors necessary to complete transactions you request

- Law enforcement, government, agencies, and other recipients for legal, security, or safety purposes

- In connection with a corporate transaction

- Entities to which you have consented to the disclosure

Audio, electronic, visual, or other sensory information (see Section 2.G above)

- Affiliates and subsidiaries

- Service providers

- Professional consultants

- Law enforcement, government, agencies, and other recipients for legal, security, or safety purposes

- In connection with a corporate transaction

- Entities to which you have consented to the disclosure

Professional or employment-related information (see Section 2.H above)

- Affiliates and subsidiaries

- Service providers

- Professional consultants

- Vendors necessary to complete transactions you request

- Law enforcement, government, agencies, and other recipients for legal, security, or safety purposes

- In connection with a corporate transaction

- Entities to which you have consented to the disclosure

Inferences (see Section 2.I above)

- Affiliates and subsidiaries

- Service providers

- Professional consultants

- Vendors necessary to complete transactions you request

- Law enforcement, government, agencies, and other recipients for legal, security, or safety purposes

- In connection with a corporate transaction

- Entities to which you have consented to the disclosure

Sensitive Information (see Section 2. J above)

- Affiliates and subsidiaries

- Service providers

- Vendors necessary to complete transactions you request

- Law enforcement, government, agencies, and other recipients for legal, security, or safety purposes

- Entities to which you have consented to the disclosure


C. Shine the Light Disclosures.

If you are a California resident, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your Personal Data to third parties for the third parties’ direct marketing purposes. To make such a request, please send an email to the address set forth above. 

Our Programs
Military and VeteransPsychiatric and PsychologicalHeadache and Facial PainMemory and DementiaBrain Injuries
About Us
Our StoryOur Clinical TeamOur LocationsLegalCareers
Resources
Why Salma HealthOur BlogConditions We TreatTreatments and Services
Legal
Notice of Privacy PracticesTerms of UsePrivacy PolicyGood Faith Estimate
Account
Appointment Support
Referrals
Refer a Patient
Subscribe Now
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Notice of Privacy
Terms of Use
Privacy Policy
Good Faith Estimate
© 2025 Salma Health, Inc.