Stay safe from scams: Devoted will never ask for your Food & Home Card information over the phone. If someone calls and asks for your card number or other personal information, hang up and let us know right away.

Internet Privacy Policy

What does this cover?

This Devoted Privacy Policy (the “Policy”) describes how we collect and use personal information about you when you visit our website or use our products and services.

In this Policy, “we,” “us,” and “our” mean Devoted Health Inc. and our affiliated companies, subsidiaries and related companies (collectively “Devoted”), and “you” and “your” means any person who visits our website or uses our products and services.

By “personal information,” we mean information that directly identifies you, such as your name, address, phone number (including mobile phone number), or email address. There are 2 types of personal information:

Personally Identifiable Information (PII)
Protected Health Information (PHI)

This portion of the Policy deals with how Devoted collects, uses, shares, and protects PII. View our Notice of Privacy Practices to learn how we collect, use, share, and protect PHI.

Your personal information

Personally Identifiable Information (PII), as described in US privacy and information security law, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.

How we protect your personal information

We take protecting data and your information very seriously. And we leverage industry best practices to make commercially reasonable efforts to ensure the security of your personal information. We maintain organizational, technical and administrative measures designed to protect personal information within our organization against unauthorized access, destruction, loss, alteration, or misuse. This includes measures designed to ensure that personal information is only accessible to a limited number of personnel who need access to the information to perform their duties, and those personnel are required to keep the information confidential.

The safety and security of your PII also depends on you. We encourage you to take steps to protect the confidentiality of your account and personal information, including by doing the following:

Reviewing your personal accounts, including social media accounts, periodically and immediately reporting any unexpected activity or unrecognized information;
Installing the latest security updates and anti-virus software on your devices to help prevent malware and viruses;
Using complex passwords;
Not using the same password on more than one website;
Using 2-factor authentication where applicable;
Not sharing your password with others;
Password protecting your computer and mobile devices; and
Signing out / Logging off of website sessions so that your session is closed, especially when using a public computer

SMS (text) messaging is not an encrypted (secure) channel. If you text Protected Health Information (PHI) there is a risk that PHI could be intercepted or viewed by third parties, including others who access your device.

Any use and disclosure of PHI in SMS (text) messaging may be governed by additional privacy protections. Please see our Member Communication Risks and our Notice of Privacy Practices for more information.

In general, any information transmitted through the Internet may not be perfectly secure. As a result, we are unable to guarantee the security of your personal information and we are not responsible for the circumvention of any privacy or security measures on our website unless otherwise required by law. In the event of a data breach by us or from third party services we will notify you as required under applicable law and will follow up with respective remediation and resolutions.

How we use your information

We use the information that we collect to conduct our business and to improve your experience with our products and services. In order to do so, we also may combine any or all of the information that we collect or obtain. Examples of how we use information include:

To provide you with products and services, such as to: share services that are relevant to your needs; deliver content that you may find interesting or helpful; and process, maintain, and service your account;
To respond to you, such as when you: send us an inquiry via SMS (text) message; fill out a form to be contacted; make a request or an inquiry; ask to set up an appointment with a sales representative; request materials in the mail, or share a comment or concern;
To personalize your experience with us, including to: remember your interests and preferences; customize the product, services, and content we share with you; facilitate your interactions with our sales and customer service representatives; track and categorize your activity and interests on our website, including by identifying the different devices you use; and to enrich your experience with our products, services, and website;
For marketing and advertising, such as to: send you marketing and advertising communications; to customize the marketing and advertising that we show you; and to identify others like you who may be interested in similar products and services;
For analytics, such as to: understand how you use our website; understand how you shop for and interact with our products and services; determine the methods and devices used to access our website; and improve our website;
For business purposes, such as: to operate and improve upon our business and lawful business activities; to maintain our programs, accounts, and records; for research; to provide you with notices about changes to our website and our products and services; to determine your satisfaction with our products and services; to detect and prevent fraud or misuse of our services;
For legal and safety purposes, such as to: defend our members, from harm or in legal proceedings; protect the security of our customers, employees, property, and our rights; protect our security; respond to court orders, lawsuits, subpoenas, and government requests; address legal and regulatory compliance; and notify you of any critical issues;
For authentication: To verify your identity when you sign in, including through passkey and biometric authentication methods on your mobile device;
For health monitoring, including, but not limited to, reading blood pressure and step count data from your device's health app (Apple Health or Health Connect) so you can import readings into your care plan;
To improve our app, including, but not limited to, recording and analyzing how you use the app so we can identify issues, fix problems, and improve your experience; and
To fulfill any other purpose for which you provide it and any other purpose with your consent, for which we will inform you of the purpose for which we collect it or seek your consent as necessary.

What information we collect

In order to improve your experience when using our website, plan, services, or products, we collect a variety of types of information. Examples include:

Contact information, such as your name, address, phone number, or email address. Examples include when you subscribe to a newsletter, fill out a form, or enter information on our website;
Preference information, such as your contact and marketing preferences, and plan or product interests;
Profile and account information, which may include Contact and Preference information;
Demographic information, which may include age or birth date, gender, ZIP code, and other information about you;
Call recordings including information about your call and that you share when you call us on the phone;
Location information of your device that you use when interacting with our website or calling us, if your device settings allow us to collect location information; and
Device and browsing information, including information about your phone, tablet, computer, or device, and online browsing activity (collectively, “automatically collected information”).

Mobile application

When you use the Devoted Health mobile app, we may collect additional information beyond what is described above. This section describes data practices specific to our mobile app.

Push notifications
If you enable push notifications, we collect a device token so we can send notifications to your device. This token is a unique identifier for your device and can be linked to your account, but it does not contain personal health information. You can turn off push notifications at any time in your device settings. We use Google Firebase Cloud Messaging to deliver push notifications; Google processes your device token in accordance with Google's Privacy Policy (policies.google.com/privacy).

Passkey and biometric sign-in
Our app supports passkey sign-in using your device's built-in biometric features, such as Face ID, Touch ID, or fingerprint recognition. When you set up a passkey, a secure credential is created and stored on your device. Your biometric information (such as your face or fingerprint) is processed entirely on your device and is never sent to or stored on Devoted Health servers. We only receive confirmation that you successfully signed in.

Camera, microphone, and photo library
Our app may ask for access to your device's camera, microphone, and photo library for the following purposes:

Camera and photo library: To take photos of and upload reimbursement receipts and supporting documents for claims and benefits.
Camera and microphone: To participate in telehealth video visits with your healthcare providers.

Photos, videos, and audio captured through the app are sent to Devoted Health's servers over a secure, encrypted connection and are not stored on your device by the app. You can turn off camera, microphone, or photo library access at any time in your device settings, though this may limit certain features.

Health data from your device
With your permission, our app can read health information stored on your device through Apple Health (iPhone) or Health Connect (Android). We currently read:

Blood pressure readings (the most recent reading from the past 30 days)
Step count (today's total)

This information is used to help you track your health and share readings with your care team — for example, importing a blood pressure reading when logging your vitals. We only read this data; we do not write to or modify your device's health records. Health data is sent to Devoted Health's servers over a secure, encrypted connection. You will be asked for permission before the app accesses any health data, and you can revoke this access at any time in your device settings.

Session recording and app analytics
We use a service called Fullstory to understand how people use our app so we can find and fix problems and improve your experience. When you use the app, Fullstory automatically collects:

How you interact with the app, including screens you visit, buttons you tap, how you scroll, and how long you spend on each screen
Your device's IP address, which Fullstory uses to estimate your general geographic area (such as your city or state — not your precise location)
Basic device and connection details, such as your device type, operating system, and mobile network

Fullstory uses cookies and similar technologies to maintain your session while you use the app. Fullstory does not use this information to identify you across other apps or websites, and does not sell your data to third parties. Sensitive information such as passwords, payment details, and personal health information is automatically masked so that Fullstory cannot see it.

You can opt out of Fullstory session recording at any time by visiting https://www.fullstory.com/optout/.

For more information about how Fullstory handles your data, see Fullstory's Privacy Policy (https://www.fullstory.com/legal/privacy-policy/).

Device information
When you use our mobile app, we automatically collect basic information about your device, including whether you are using an iPhone or Android device and which version of the app you have installed. This helps us ensure the app works correctly, fix technical issues, and improve your experience. We do not collect unique hardware identifiers or advertising identifiers from your device.

Cookies and stored data
Our mobile app uses cookies and similar technologies to keep you signed in and remember your preferences between sessions. You can clear this stored data by clearing the app's data in your device settings.

Links and navigation
Our app processes links from emails, push notifications, and other apps to take you directly to the right place within the app. These links may contain reference numbers but do not contain personal health information.

What we do not collect
We do not use advertising identifiers or share your information with advertisers.

How we collect your information

As general practice we always collect the minimal data necessary to provide our services. We collect information on our website, applications, automated chat "bots," during calls with you, and through our in-person interactions. We also obtain information from you and from third parties. For example, we collect and obtain information:

You provide, such as when you submit an online form, interact with a sales representative or customer service agent, send us an inquiry via SMS (text) message, visit or contact us, respond to a survey, register to attend an event or appointment, or sign up for emails or marketing;
At events you attend, such as: the types of information noted above that you provide, and video recordings and photographs that we collect for security, fraud, loss prevention, incident reporting, and operational purposes;
From wi-fi and mobile devices, such as information about your device when you use our website; and information about your device and location that you have consented to share through use of your device or browser, even if you are not currently on our website or on the phone with us;
From third parties, such as service providers that we use, analytics companies, advertising networks and cooperatives, demographic companies, third parties that provide us with information about you and the different devices you use online, and other third parties that we choose to collaborate or work with;
From social media platforms and networks that you use in connection with our website, or that share or allow you to share information with us, such as Facebook, Twitter, Pinterest, and Instagram. For example, if you use functionalities, plugins, widgets, or tools from social media platforms or networks in connection with our website (e.g., to log into an account, or to share content with your friends and followers on social media), we will collect the information that you share with us, or that those social media platforms or networks share with us; and
Using cookies, tracking pixels, and automatic collection methods. For example, we and third parties we work with may collect information from the computer, tablet, phone, or other device: that you use to access our website; or that you use to open an email or click on an advertisement from us. This collection includes automatically collected information, and generally does not include personal information unless you provide it through our website or you choose to share it with us.

If you have questions about the tools that are described in this policy, please visit the websites below to learn more about any options they may have available regarding tracking information.

Google: Privacy Policy or Opt Out
Meta: Privacy Policy or Opt Out

How we share information

We will never share personal information about you with third parties for their marketing or advertising purposes without your explicit consent. We do, however, share personal information with third parties for other operational purposes. For example, we share personal information with:

Third parties and service providers that provide products or services to our members and us, as well as those that help us market or advertise to you on our behalf. When possible, these organizations are under contractual obligations to use personal information about you only for providing the services to us and to maintain this information as strictly confidential;
Social media platforms and networks such as Facebook, Twitter, Pinterest, and Instagram that offer functionalities, plugins, widgets, or tools in connection with our website (e.g., to log into an account or to share content with your friends on social media). If you choose to use these functionalities, plugins, widgets, or tools, certain information may be shared with or collected by those social media companies — for more information about what information is shared or collected, and how it is used, see the applicable social media company’s privacy policy;
Buyers or other successors in interest in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our website’s and products’ users are among the assets transferred;
To fulfill the purpose for which you provide it. For example, when you sign up for one of our Medicare Advantage plans, we may share your information with Medicare to verify your eligibility and for them to cover all or part of the premiums for our plans;
Google Firebase Cloud Messaging: We share device push notification tokens with Google's Firebase Cloud Messaging service solely for the purpose of delivering push notifications. Firebase does not use these tokens for advertising and processes them in accordance with Google's Privacy Policy (policies.google.com/privacy);
Fullstory: We share app usage and session recording data with Fullstory, Inc. for the purpose of analyzing how members use the app and improving the experience. Fullstory acts as a service provider and does not sell your data or use it for advertising. Fullstory's Privacy Policy is available at fullstory.com/legal/privacy-policy; and
Additional third parties such as law enforcement, government entities, courts, or other third parties as required or allowed by applicable law, such as for the legal and safety purposes described under the “How We Use Information” Section above, or otherwise to help prevent harm or fraud to you, our customers, other third parties, or to Devoted. We also may share personal information with third parties upon your request or with your approval, though we may not be able to accommodate all requests.

How long we keep your information

We retain your information for as long as is necessary to fulfill the purposes for which it was collected, to provide our services, and to satisfy our internal business requirements. Additionally, we maintain records to comply with applicable federal and state laws, including health care oversight regulations and statutory audit requirements. Data that has been de-identified or aggregated may be retained indefinitely to the extent permitted by law.

How to delete your information

Most data processed by this application is subject to mandatory retention periods under federal health care laws and is not eligible for deletion. Although the application provides a mechanism to request account closure or data removal, we reserve the right to—and in most cases must—retain your information to comply with our legal obligations. Any request for deletion will be reviewed on a case-by-case basis and will be refused if retention is required for clinical, legal, or administrative purposes. If you choose to export or sync your data with a third-party application, our responsibility for the retention and deletion of that data ends at the point of transfer. We do not control, and are not responsible for, the data practices of third parties.

You have the right to request deletion of the personal information we have collected about you subject to the restrictions above. To request deletion:

Contact us by phone at 1-800-338-6833 (TTY 711)
Email us at privacy@devoted.com
Write to us at Devoted Health, Attn: Privacy Officer, PO Box 21327, Eagan, MN 55121

On your device, you can delete app data at any time by:

Uninstalling the Devoted Health mobile app, which removes all locally stored data including cookies, session data, and cached content
Revoking individual permissions (camera, health data, notifications) in your device settings
Clearing the app's stored data in your device settings

Notices and disclosures

California Privacy Rights. California law entitles residents to ask us for a notice describing what categories of personal information we share with third parties for third parties’ direct marketing purposes. Unless you request us to or consent to us doing so, Devoted does not share any personal information with third parties for their own direct marketing purposes. If you have questions about these practices, please contact us at privacy@devoted.com.
Children's Privacy. Devoted does not knowingly request or collect personal information from any person under 13 years of age without prior verifiable parental consent. If you believe that your child under the age of 13 has submitted personal information to Devoted in connection with our website, and without prior verifiable parental consent, please contact us at privacy@devoted.com so that we can take steps to delete the personal information that she or he provided.

Your rights and choices regarding personal information

We strive to offer you with choices about how personal information is used and shared. Your choices include:

Direct Mail Choices. You may opt out of receiving marketing or advertising by direct mail by contacting us through one of the methods specified in the “How to Contact Us” section below, and sharing the name and mailing address that you would like to opt out. Please note that these requests may take up to 8–10 weeks to become effective.
Online Advertising. You can manage third party advertising preferences for some of the third parties we work with to serve advertising across the Internet by utilizing the choices available at http://www.networkadvertising.org/managing/opt_out.asp and www.aboutads.info/choices. We do not guarantee that all of the third parties we work with will honor the elections you make using those options, but we strive to work with third parties that do.
Social Media Platforms and Networks. We encourage you to review your privacy options and settings with the social media platforms and networks you use to understand what choices you have about sharing information from those platforms and networks with us.
Email Choices. You can opt out of marketing or advertising emails by utilizing the “unsubscribe” link or mechanism noted in marketing or advertising emails you receive from Devoted. You may also request to opt out of marketing or advertising emails by contacting us through one of the methods specified in the “How to Contact Us” Section below, and sharing the email address at which you are receiving marketing or advertising emails.
Mobile Location Choices. You may choose not to provide your location to us by customizing your mobile device settings to prevent sharing of location information.
SMS (text). You may opt out of receiving SMS (text) messages from us anytime by replying “STOP” or “Unsubscribe” to text messages received from Devoted. You can also opt out by contacting us through one of the methods specified in the “How to Contact Us” section below, and identify the number you’d like to stop receiving SMS (text) messages from us.

Accessing and correcting your information

You can review and change your personal information by logging into the website and visiting your account profile page. You may also contact us through one of the method specified in the “How to Contact Us” section below, and informing us of any changes or errors in any personal information we have about you to ensure that it is complete, accurate, and as current as possible. We may ask you for additional information to verify your identity before we provide you with any personal information about you or permit you to change it. We reserve the right to limit or deny your request if you have failed to provide sufficient information to verify your identity or to satisfy our legal and business requirements. We may also not be able to accommodate your request if we believe it would violate any law or legal requirement or cause your personal information to become incorrect.

Please notify us immediately if your mobile number changes. We are not liable for any communication or transmission of information by SMS (text) messaging which happens because you did not report that your mobile number changed. Password-protecting mobile device(s) and enabling encryption, if available, is recommended.

Do Not Track signals

We may use automated data collection technologies to collect information about your online activities over time and across third-party websites or other online services (this is often referred to as behavioral tracking). Some web browsers permit you to broadcast a signal to websites and online services indicating a preference that they “do not track” your activities online. At this time, we do not honor such signals and we do not modify what information we collect or how we use that information based upon whether such a signal is broadcast or received.

How to contact us

If there are any questions regarding this privacy policy, you may contact us using the information below.

Devoted Health
ATTN: Privacy Officer
PO Box 21327
Eagan, MN 55121

Phone: 1-800-338-6833 (TTY 711)
Email: privacy@devoted.com

Updates to this policy

Changes to this Notice

We may make changes to this Policy, and may apply any changes to information previously collected, as permitted by law. When we make material changes to this Policy, we will notify you by posting the updated Policy on our website, and we will update the effective date at the end of this Policy.

Effective date

This Policy is effective August 2023. Last updated May 2026.