Privacy Policy

Last Updated, May 16, 2025

Dahlia Health, Inc. (“Dahlia,” “we”, “us” or “our”) provides a platform for parents or guardians (“Parents”) to answer health questions using a chatbot and find on demand peer mentorship for their teenager(s) (“Teenager” or “Teen”) by pairing their Teen(s) with a college student or a young professional with shared interests, experiences, and personality traits (“Bloom Buddies”). This Privacy Policy describes how Dahlia handles personal information that we collect through our digital properties that link to this Privacy Policy, including our website and mobile application (collectively, the “Service”), as well as through social media, our marketing activities, our live events, and other activities described in this Privacy Policy.

Dahlia is not a medical practice and does not provide medical advice, treatment recommendations, or care. All Bloom Buddy services are provided by trained Bloom Buddies. Dahlia provides a HIPAA compliant way for a Teen to receive the Service from a Bloom Buddy.

Data Protection Officer. Dahlia is headquartered in New York City in the United States. Dahlia has appointed an internal data protection officer for you to contact if you have any questions or concerns about Dahlia’s personal data policies or practices. If you would like to exercise your privacy rights, please direct your query to Dahlia’s data protection officer. Dahlia’s data protection officer’s name and contact information are as follows: Parth Chodavadia - parth@dahlia.health

Information We Collect

  • Information Provided to Us as a Parent. Please note that the information we may collect from you may vary depending on how you interact with the Services. We have outlined these differences below. This does not include aggregated or de-identified information that is maintained in a form not reasonably capable of being associated with or linked to an individual (“De-Identified Information”). Personal information you may provide to us as a Parent through the Service includes:

    • Identifiers, such as your first and last name, salutation, email address, billing and mailing addresses, and phone number.

    • Demographic Information, such as your city, state, country of residence, and postal code.

    • Profile Data, such as the username and password that you may set to establish an online account on the Service, date of birth, biographical details, photograph, links to your profiles on social networks, interests, preferences, and any other information that you add to your account profile.  

    • Communications that we exchange with you, including when you contact us through the Service, social media, or otherwise. 

    • Marketing Data, such as your preferences for receiving our marketing communications and details about your engagement with them.

    • Questionnaire Responses, such as you and your Teenager’s personal concerns, goals, Bloom Buddy preferences, and any other information that you choose to provide.

    • Relationship Data, such as familial or other relationship to Teenagers whose personal information you may provide to us. 

    • Government-Issued Identification Numbers, such as national identification number (e.g., Social Security Number, tax identification number, passport number), state or local identification number (e.g., driver’s license or state ID number), and an image of the relevant identification card.

    • Feedback Data, such as the information you share when you complete a survey or provide feedback about your experience with the Services. 

    • Payment Information needed to complete transactions, including payment card information or bank account number.

    • Other Data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

  • Information Provided to Us as a Teenager. Please note that the information we may collect from you may vary depending on how you interact with the Services. We have outlined these differences below. This does not include aggregated or de-identified information that is maintained in a form not reasonably capable of being associated with or linked to an individual (“De-Identified Information”). Personal information you may provide to us as a Teenager through the Service includes:

    • Identifiers, such as your first and last name, salutation, email address, mailing addresses, and phone number.

    • Demographic Data, such as your city, state, country of residence, postal code, gender, ethnicity, sexual orientation, race, age, pronouns, and any other self-identifying information that you choose to provide.

    • Profile data, such as the username and password that you may set to establish an online account on the Service, education information, date of birth, biographical details, photograph, links to your profiles on social networks, interests, hobbies, preferences, and any other information that you add to your account profile.  

    • Communications that we exchange with you, including when you contact us through the Service, social media, or otherwise. 

    • Questionnaire responses, such as you and your personal concerns, goals, hobbies, activities, education plans, communication preferences,  Bloom Buddy preferences, and any other information that you choose to provide.

    • Marketing data, such as your preferences for receiving our marketing communications and details about your engagement with them.

    • Feedback data, such as the information you share when you complete a survey or provide feedback about your experience with the Services. 

    • Other data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

  • Third-Party Sources. We may combine personal information we receive from you with personal information we obtain from other sources, such as:

    • Public Sources, such as social media platforms, and other publicly available sources.

    • Our Affiliate Partners, such as our affiliate network provider and publishers, influencers, and promoters who participate in our paid affiliate programs.

    • Third-Party Services, such as social media services, that you use to log into, or otherwise link to, your Service account. This data may include your username, profile picture and other information associated with your account on that third-party service that is made available to us based on your account settings on that service.

    • Marketing Partners, such as joint marketing partners and event co-sponsors.

  • Automatic Data Collection. We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and your interaction over time with the Service, our communications and other online services, such as:

    • Device Data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state or geographic area.

    • Online Activity Data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Service, navigation paths between pages or screens, information about your activity on a page or screen, access times and duration of access, and whether you have opened our emails or clicked links within them.

    • Precise Geolocation Data when you authorize our mobile application or service to access your device’s location. Precise Geolocation will only be used in the event of an emergency and will never be stored in our servers for longer than 48 hours.

  • Cookies and Similar Technologies. Some of the automatic collection described above is facilitated by the following technologies:

    • Cookies, which are small text files that websites store on user devices and that allow web servers to record users’ web browsing activities and remember their submissions, preferences, and login status as they navigate a site. Cookies used on our sites include both “session cookies” that are deleted when a session ends, “persistent cookies” that remain longer, “first party” cookies that we place and “third party” cookies that our third-party business partners and service providers place. 

    • Local Storage Technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data on your device outside of your browser in connection with specific applications. 

    • Web Beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked. 

  • Data About Others. We may offer features that help users invite their friends or contacts to use the Service, and we may collect contact details about these invitees so we can deliver their invitations. Please do not refer someone to us or share their contact details with us unless you have their permission to do so.

How We Use AI

  • Artificial Intelligence and Automation. We use artificial intelligence ("AI") models, including natural language processing tools, to power features such as Daisy, our AI chatbot, and to support peer matching, content recommendations, safety flagging, and engagement tracking. These models are trained using de-identified or aggregated user data. Human reviewers may occasionally audit responses to improve quality and ensure safety. Our AI features do not make clinical diagnoses or decisions. We continuously update and evaluate our AI systems to ensure they are fair, accurate, and aligned with our mission of supporting teen wellness.

  • De-identified Data and AI Model Development. We may de-identify personal or health information so that it can no longer reasonably be used to identify an individual. De-identified data is used to train and improve our machine learning models (including Daisy, our AI chatbot), analyze usage trends, support academic or clinical research, and refine our matching algorithms. These models help us better understand patterns across users and enhance our ability to support teen wellbeing at scale. De-identified data may be aggregated with data from other users and used for lawful business and research purposes. We take care to ensure this data cannot be linked back to you and follow applicable laws and data minimization practices when doing so.

  • Personalization. We use personal information to provide a hyper-personalized experience for teens and parents. This includes tailoring content, recommendations, peer matches, chatbot responses, and wellness prompts based on a teen’s expressed preferences, past interactions, stated goals, and profile data. Our goal is to help users feel seen, heard, and supported in ways that are meaningful to them. Personalization features may involve machine learning models trained on prior interactions but will never involve the sale of personal data to third parties.

How We Use Your Personal Information

  • Health Information. Some Personal Information we collect may constitute PHI under HIPAA. As a part of onboarding, we will provide you with a HIPAA Notice of Privacy Practices describing their collection and use of your health information. We will only collect and use PHI for the purposes of providing the Services and we only collect the minimum amount necessary to fully perform and provide the Services on our Platform. We may combine your PHI with Personal Information that we have either obtained from you or through a third-party, such as your Provider, health insurer, employee benefits program, or other health care providers. PHI will only be used and disclosed as outlined in the HIPAA Notice of Privacy Practices and as permitted by HIPAA and other applicable law. Dahlia may de-identify your information such that it is no longer considered protected health information or personally identifiable information.

  • Service Delivery. We may use your personal information to: provide, operate and improve the Service and our business; establish and maintain your user profile on the Service; facilitate your invitations to friends who you want to invite to join the Service; enable security features of the Service, such as by sending you security codes via email or SMS, and remembering devices from which you have previously logged in; communicate with you about the Service, including by sending announcements, updates, security alerts, and support and administrative messages; communicate with you about events or contests in which you participate; understand your needs and interests, and personalize your experience with the Service and our communications; and provide support for the Service, and respond to your requests, questions and feedback.

  • Research and Development. We may use your personal information for research and development purposes, including to analyze and improve the Service and our business.  

  • Marketing and Advertising. We, our service providers and our third-party advertising partners may collect and use your personal information for marketing and advertising purposes. PHI will not be used for marketing without obtaining prior written authorization, as required by HIPAA. Dahlia does not sell your personal data to advertisers or data brokers. We only use your data to support your experience with our Service, and any marketing you receive is either directly from us or our partners under strict data use agreements.Dahlia will never sell user data for any reason:

    • Direct Marketing. We may send you direct marketing communications. You may opt-out of our marketing communications as described in the Opt-out of marketing section below.  

    • Survey Responses. With your consent, we may use your feedback and survey responses to post comments about your experience with the Services on the website, for promotions, or otherwise. 

  • Compliance and Protection. We may use your personal information to: comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities; protect our, your or others’ rights, privacy, or property (including by making and defending legal claims); protect the safety of you or others in the event of a crisis or immediate threat to your or others’ wellbeing;   audit our internal processes for compliance with legal and contractual requirements or our internal policies;  enforce the terms and conditions that govern the Service; and prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.  

  • With Your Consent. In some cases, we may specifically ask for your consent to collect, use or share your personal information, such as when required by law.  

  • Cookies and Similar Technologies. In addition to the other uses included in this section, we may use the Cookies and similar technologies described above for the following purposes:

    • Technical Operation. To allow the technical operation of the Service, such as by remembering your selections and preferences as you navigate the site, and whether you are logged in when you visit password protected areas of the Service.

    • Functionality. To enhance the performance and functionality of our services.

    • Analytics. To help us understand user activity on the Service, including which pages are most and least visited and how visitors move around the Service, as well as user interactions with our emails. For example, we use Google Analytics for this purpose. You can learn more about Google Analytics and how to prevent the use of Google Analytics relating to your use of our sites here: https://tools.google.com/dlpage/gaoptout?hl=en

  • Retention. We generally retain personal information to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes. To determine the appropriate retention period for personal information, we may consider factors such as the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.   

How We Share Your Personal Information

  • Service Providers. Third parties that provide services on our behalf or help us operate the Service or our business (such as hosting, information technology, customer support, email delivery, consumer research and website analytics). 

  • At Your Direction. If you request immediate assistance related to your health or wellbeing, we may connect you to first responders, mental health and medical professionals, or support hotlines.

  • Your Healthcare Providers or Family. With your consent, we may share your information, including information collected from your use of our Platform, with your health care providers and/or family members (e.g., immediate family or friends) that you designate to receive your information.

  • Parents. If we, or our Bloom Buddies, believe a Teenager’s health or wellbeing is at risk, we may share our concerns directly with the Teenager’s Parent, guardian, or other responsible adult.

  • Payment Processors. Any payment card information you use to make a payment on the Service is collected and processed directly by our payment processors, such as Stripe. Stripe may use your payment data in accordance with its privacy policy, https://stripe.com/privacy.

  • Professional Advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.

  • Authorities and Others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.

  • Business Transferees. Acquirers and other relevant participants in business transactions (or negotiations of or due diligence for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, Mind & Match or our affiliates (including, in connection with a bankruptcy or similar proceedings).  

  • Business Associate Agreements. To ensure the protection of your PHI as required by HIPAA, we enter into Business Associate Agreements (BAAs) with all third-party service providers (business associates) who may have access to PHI in the course of providing services to us. These BAAs require our business associates to implement appropriate safeguards to protect the confidentiality, integrity, and availability of PHI they receive, maintain, or transmit on our behalf. They also mandate reporting to us any security incidents or breaches of which they become aware.

Your Choices 

  • Access, update, or delete your information. If you have registered for an account with us through the Service, you may review and update certain account information by logging into the account. You may also contact us to inform us of any changes or errors in any Personal Information we have about you to ensure that it is complete, accurate, and as current as possible, or to delete your account.

  • Opt-out of marketing communications. You may opt-out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us. Please note that if you choose to opt-out of marketing-related emails, you may continue to receive service-related and other non-marketing emails. If you receive marketing text messages from us, you may opt out of receiving further marketing text messages from us by replying STOP to our marketing message. 

  • Cookies. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, the Service may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org

  • Mobile location data. You can disable our access to your device’s precise geolocation in your mobile device settings.

  • Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

  • Declining to provide information. We need to collect personal information to provide certain services. If you do not provide the information we identify as required or mandatory, we may not be able to provide those services.

  • Delete your content or close your account. You can choose to delete certain content through your account. If you wish to request to close your account, please contact parth@dahlia.health

Other sites and services. The Service may contain links to websites, mobile applications, and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites, mobile applications or online services operated by third parties, and we are not responsible for their actions. We encourage you to read the privacy policies of the other websites, mobile applications and online services you use.

Security. We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect. We implement what we believe to be appropriate and reasonable technical and organizational measures to protect the information that we collect and store from loss, misuse, unauthorized use, access, inadvertent disclosure, change or destruction. We use encryption to keep your data private while in transit. We restrict access to Personal Information to those employees, contractors, and agents who need that information in order to process it. Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations. However, no network, server, database or Internet or email transmission is ever fully secure or error free. Please keep this in mind when giving us any Personal Information.

Data Breach Notification. In compliance with HIPAA and other applicable laws, we take the security of your personal information and protected health information (PHI) very seriously. In the event of a data breach that affects your PHI or personal information, we will follow all applicable laws regarding breach notification. If we discover a breach of unsecured PHI, we will notify affected individuals without unreasonable delay, no later than 60 days from the discovery of the breach. We will inform you of the nature of the PHI involved, the steps you should take to protect yourself from potential harm, a brief description of what we are doing to investigate the breach, mitigate damages, and protect against further breaches, as well as contact information should you have any questions or concerns. Our notification will be provided in writing by mail, or by email if you have agreed to receive electronic communications from us. If the breach affects a large number of individuals, or if contact information for some individuals is insufficient or out of date, we will provide notice in a manner that is reasonably calculated to reach those individuals, which may include posting on our website or in a major print or broadcast media.

International Data Transfer. We are headquartered in the United States and may use service providers that operate in other countries. Your personal information may be transferred to the United States or other locations where privacy laws may not be as protective as those in your state, province, or country.  

Children. The Service is not intended for use by anyone under 13 years of age. If you are a parent or guardian of a child from whom you believe we have collected personal information in a manner prohibited by law, please contact parth@dahlia.health. If we learn that we have collected personal information through the Service from a child without the consent of the child’s parent or guardian as required by law, we will comply with applicable legal requirements to delete the information.

Changes to this Privacy Policy. We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Service or other appropriate means. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Service after the effective date of any modified Privacy Policy indicates your acceptance of the modified Privacy Policy.

Contact Information. 

  • Email: parth@dahlia.health

  • Mail: 410 West 53rd Street Apt #305, New York, NY 10019

  • Phone: 512-948-5544

SMS Privacy Commitment  

We collect your mobile number and SMS opt-in status solely to deliver the messages you request.  

  • We never sell or rent SMS opt-in data, consent records, or message content.  

  • We do not share this information with any non-affiliated third parties for marketing or any other purpose.  

  • Disclosures in “How We Share Your Personal Information” do not apply to SMS opt-in data or consent.  

  • The above excludes text-messaging originator opt-in data and consent; this information will not be shared with any third parties.