Skip to main content

HOLON HEALTH, INC: Privacy Policy 

Effective Date: April 27, 2026 | Version 2026.04 

1. About this Policy 

Holon Health, Inc. and its affiliates (collectively, “Holon,” “we,” “us,” or “our”) respect your privacy. This Privacy Policy describes how Holon collects, uses, shares, and protects personal information when you visit our website at holonhealth.com (the “Site”) and use the Holon Vibe application (the “App”), and the rights you have over that information. 

This Privacy Policy applies to non-medical personal information. If you are a Holon patient, your protected health information (PHI) is covered by our Notice of Privacy Practices (“NPP”), available at holonhealth.com/notice-of-privacy-practices, not by this Privacy Policy. The federal Health Insurance Portability and Accountability Act (HIPAA) governs PHI; this Privacy Policy governs everything else, including website analytics, cookies, contact-form submissions, newsletter signups, job applications, and similar data. 

2. Personal information we collect 

The categories of personal information we collect depend on how you interact with us. We may collect: 

Identifiers 

  • Name, postal address, email address, telephone number, and similar contact information. 
  • IP address, device identifiers, and online identifiers when you visit the Site or use the App. 
  • Account credentials (username, password) for the App. 

Internet and electronic activity 

  • Pages you visit, links you click, time spent on the Site or App, and similar usage data. 
  • Browser and device information (browser type, operating system, screen size). 
  • Referring website and search terms. 

Geolocation 

  • Approximate location based on IP address; precise location only with your express permission (typically through the App). 

Inferences 

  • Inferences drawn from the categories above to support marketing, content personalization, and analytics — for example, an inference that a Site visitor is interested in substance-use treatment based on the pages they viewed. 

Sensitive personal information 

  • We do not use sensitive personal information categories (such as racial or ethnic origin, religious beliefs, or precise geolocation) for marketing or for any purpose other than as necessary to provide the service you have requested or as permitted by law. 

Information we do not collect through the Site under this Policy 

Protected health information is not covered by this Policy. If you are a Holon patient and you submit medical information through the Site, the Vibe App, or any patient-portal feature, that information is governed by HIPAA and our NPP, not by this Privacy Policy. 

3. Sources of the personal information 

  • Directly from you — for example, when you complete a contact form, request information, sign up for a newsletter, apply for a job, or create a Vibe account. 
  • Automatically — for example, through cookies, server logs, and similar technologies when you visit the Site. 
  • From third parties — for example, marketing partners, analytics providers, advertising networks, payors and partners that refer patients to Holon, and publicly available sources. 

4. Why we use your personal information 

  • Operate the Site and the App, authenticate users, secure our systems, and provide the features you request. 
  • Communicate with you — respond to inquiries, deliver newsletters and program updates you request, and provide service notices. 
  • Marketing — with appropriate consent, send you information about Holon services that may be of interest to you. You may opt out of marketing at any time. 
  • Analytics and improvement — understand how visitors use the Site and the App so we can improve them. 
  • Security and fraud prevention — detect, prevent, and respond to security incidents and fraudulent activity. 
  • Legal compliance — comply with applicable laws, regulations, and lawful requests; defend our legal rights; and protect Holon and others from harm. 
  • Operate the Rewards program (if you are a Holon patient) — administer reward eligibility, verification, and disbursement, including the financial-incentive features described in Section 9 below. 

5. With whom we share personal information 

We share personal information only as necessary for the purposes described above, and only with the categories of recipients listed below. We do not sell personal information for money. 

  • Service providers and vendors — companies that perform services on our behalf, such as hosting, analytics, marketing technology, customer support, payment processing, SMS and email delivery, and AI tools. Service providers are bound by contractual obligations limiting their use of personal information to providing the service to us. 
  • Business associates — vendors that handle protected health information operate under HIPAA Business Associate Agreements; their handling of PHI is governed by the NPP, not by this Privacy Policy. 
  • Health plans, payors, and partners — for routine healthcare operations, only as permitted under your Client Agreement and the NPP. 
  • Law and safety — to comply with legal obligations, respond to lawful requests, enforce our agreements, protect rights and safety, and address fraud and security issues. 
  • Business transfers — in connection with a merger, acquisition, financing, sale of assets, bankruptcy, or similar transaction. Personal information shared in a business transfer continues to be subject to this Privacy Policy or a successor policy that is no less protective. 
  • With your consent — for any other purpose for which you give us your specific consent. 

Some marketing partners, advertising networks, and analytics providers may use cookies or similar technologies to collect information about your activity over time and across websites. Under some state privacy laws, those interactions may be classified as “sale” or “sharing.” You may opt out of those uses; see Section 8 below. 

6. Cookies and tracking technologies 

We use cookies, pixels, and similar technologies on the Site and in the App to make them work, to analyze how they’re used, and (with your consent) for marketing. Categories include: 

  • Strictly necessary — required for the Site or App to function (e.g., authentication, security). 
  • Functional — remember your preferences and improve the user experience. 
  • Analytics — help us understand how the Site and App are used (e.g., Google Analytics). 
  • Marketing — with your consent, support advertising on third-party platforms. 

You can manage your cookie preferences using the cookie consent banner that appears on your first visit, or at any time through the “Cookie Preferences” link in the Site footer. You can also control cookies through your browser settings. 

Minor-facing pages. Holon does not use marketing or cross-context behavioral advertising cookies on Site pages or App screens reasonably expected to be used by minor patients. Analytics necessary to operate and secure the Site and App may be used. See Section 12 for additional protections that apply to personal information of minors. 

Healthcare-context tracking technologies. Holon does not use marketing or analytics tracking on Site pages or App screens that contain protected health information, except where the relevant vendor is a HIPAA business associate under a Business Associate Agreement and the use is consistent with HHS Office for Civil Rights guidance on online tracking technologies. 

7. Use of automated tools and artificial intelligence 

Holon uses automated tools and artificial intelligence (AI) in several ways that may involve personal information: 

  • Personalizing patient engagement (for example, appointment reminders and care-plan nudges through the Vibe App). 
  • Supporting clinical documentation, summarization, and operational workflows. 
  • Verifying completion of activities eligible for the Rewards program. 
  • Marketing analytics and content personalization on the Site. 
  • Security and fraud prevention. 

AI tools that handle protected health information operate under Business Associate Agreements and use the minimum information necessary for the purpose. Clinical decisions about a patient’s care are made by Holon clinicians. If you have questions about Holon’s use of AI, please contact compliance@holonhealth.com. 

8. Your privacy rights 

Depending on the state where you live, you may have the following rights with respect to the personal information we hold about you. These rights apply to non-PHI personal information only; HIPAA rights for protected health information are described in the NPP. 

  • Right to know / right to access — the categories and specific pieces of personal information we have collected about you, the sources, the purposes, and the categories of recipients with whom we share it. 
  • Right to delete — request deletion of personal information we have collected from you, subject to applicable exceptions (for example, where retention is required by law or to complete a transaction you requested). 
  • Right to correct — request correction of inaccurate personal information. 
  • Right to portability — request a copy of your personal information in a portable format. 
  • Right to opt out of sale or sharing — direct us not to sell or share your personal information for cross-context behavioral advertising. 
  • Right to limit use of sensitive personal information — direct us to limit the use of sensitive personal information beyond providing the service you requested. 
  • Right to non-discrimination — exercise these rights without retaliation. 
  • Right to opt out of certain automated decisions — in some states, request that decisions made about you using automated processing be reviewed by a human. 
  • Rights of parents and legal guardians of minor patients — A parent or legal guardian of a minor patient may exercise the rights described above with respect to non-medical personal information about the minor, subject to the minor’s own consent rights under applicable state law. See Section 12. 

How to exercise these rights 

To exercise any of the above rights, contact us at compliance@holonhealth.com or 877-465-6650. We will verify your identity before responding to a rights request — typically by confirming information we already have on file.

Authorized agents. You may designate an authorized agent to submit a request on your behalf. We may require the agent to provide written authorization and verify your identity directly. 

Appeals. If we decline a rights request and your state’s privacy law provides an appeal right, you may appeal by contacting compliance@holonhealth.com with the details of your request and the reasons for your appeal. 

State-specific rights 

Residents of certain states have specific privacy rights under state privacy laws — for example, California (CCPA/CPRA), Colorado (CPA), Connecticut (CTDPA), Maryland (MD MCDPA), Texas (TDPSA), Utah (UCPA), and Virginia (CDPA), among others. The state-by-state rights matrix and the metrics required by each state are maintained at holonhealth.com/state-privacy-rights and updated as new state privacy laws take effect. Holon’s procedures for verifying requests and responding within the timelines required by your state’s law are described on that page. 

9. Financial incentives — Rewards program 

The Holon Rewards program offers patients rewards (loaded onto a reward card that can be used only at participating stores and only for approved items) for completing health-promoting activities.  

  • Material terms. Rewards are issued through a digital reward card. The reward card may be used only at participating stores and only for approved items. The annual cap on rewards is $599 per calendar year per patient. 
  • How the value is reasonably related to the value of your data. The personal information used to verify activity completion (typically appointment attendance, screening completion, or care-plan task completion) is information already created in connection with your care. The reward is a behavioral-health intervention designed to support recovery and adherence, not a payment for personal information. 
  • Method to opt in or opt out. Participation in the Rewards program is voluntary. You may decline at intake or stop participating at any time, without affecting your right to receive medical care. 
  • Right to withdraw. You may withdraw from the program at any time by contacting Holon. Withdrawal does not retroactively reverse rewards already earned. 

10. Data security 

Holon maintains administrative, physical, and technical safeguards designed to protect personal information against unauthorized access, use, disclosure, and loss. No method of transmission or storage is completely secure. If a security incident affects your personal information, we will notify you in accordance with applicable law, including state breach-notification statutes. 

11. How long we keep personal information 

We keep personal information only as long as needed for the purposes described in this Policy or as required by law. Retention periods vary by category — for example, marketing email logs may be retained for the duration of your relationship with Holon plus a defined period thereafter; security logs may be retained for compliance audits; SMS opt-in records may be retained for the period required by carrier or regulatory rules. When personal information is no longer needed, we delete or de-identify it. 

12. Minors

Holon Health provides care to patients age 12 and older. How we handle personal information about a minor depends on the kind of information involved. 

Health information. Information Holon collects about a minor patient in connection with care — including intake assessments, screening responses, clinical notes, prescriptions, treatment plans, and engagement data — is protected health information under HIPAA. Our Notice of Privacy Practices describes how Holon uses and protects that information, and the consents that govern its use, including the heightened protections that apply under 42 C.F.R. Part 2 for substance use disorder records. Whether a minor may consent to their own care, or whether a parent or legal guardian must consent, depends on the law of the state where the minor is located and the type of care involved. State law in many states permits minors to consent to substance use disorder care, mental health care, or both, without parental involvement; in other states a parent or legal guardian must consent. Holon’s enrollment process is designed to obtain the consents required by applicable state law. 

Non-medical personal information collected through the Site or the Vibe application. This Privacy Policy governs non-medical personal information collected through holonhealth.com and the Vibe application — for example, website analytics, cookies, contact-form data, marketing data, and similar information. When that information concerns a minor, Holon applies the following safeguards: 

  • Holon collects only the non-medical personal information necessary to provide the Site or App features the minor is using. 
  • Holon does not use cookies, pixels, or similar technologies to deliver behavioral or cross-context advertising on Site pages or App screens reasonably expected to be used by minors. Analytics necessary to operate and secure the Site and App may be used, subject to the safeguards described in Section 6. 
  • Holon does not sell, and does not share for cross-context behavioral advertising, any personal information of a known minor. 
  • Holon follows applicable state-law protections for minors, including the additional protections that California, Connecticut, Maryland, Texas, and other states provide for personal information of minors under specified ages (typically under 13, under 16, or under 18, depending on the state and the protection). 

Parental and guardian rights. A parent or legal guardian of a minor patient may contact Holon to review the non-medical personal information Holon has collected about the minor through the Site or App, request its correction or deletion, or revoke any consent previously given. Holon will respond to such requests in accordance with applicable state law and consistent with the minor’s own consent rights where state law gives the minor the right to consent to their own care. Health-information requests are handled under the Notice of Privacy Practices and applicable state minor-consent law, not under this Privacy Policy. Contact compliance@holonhealth.com or 877-465-6650. 

If you believe a minor has provided non-medical personal information to Holon outside an enrolled patient relationship — for example, by completing a contact form on the Site without parental knowledge — please contact compliance@holonhealth.com so we can review the situation and take appropriate action, which may include deleting the information. 

13. International users 

The Site and the App are intended for users in the United States. If you access the Site or App from outside the United States, you do so on your own initiative and are responsible for compliance with local laws. Personal information will be processed in the United States. 

14. Changes to this Policy 

We may update this Privacy Policy from time to time. The most current version will be posted at holonhealth.com/privacy-policy and will include the effective date. If we make material changes, we will provide notice through the Site, the App, or by another reasonable means before the change takes effect. Your continued use of the Site or App after changes take effect indicates your acceptance of the updated Policy. 

Governing law. This Privacy Policy is governed by the laws of the Commonwealth of Virginia, without regard to conflict-of-laws principles. Nothing in this Privacy Policy limits any rights you have under the privacy laws of your state of residence. 

15. Contact us 

If you have questions, comments, or concerns about this Privacy Policy or our privacy practices, contact: 

Holon Health, Inc. 

3540 Pump Rd, #1188 

Richmond, VA 23233-1115 

Phone: 877-465-6650 

General questions: engagement@holonhealth.com 

Privacy and compliance: compliance@holonhealth.com