Grapevine Health Privacy Policy



  • We understand that people and companies working in healthcare must first and foremost earn the trust of patients, and that trust has too often been broken – especially in underserved communities. But at Grapevine Health, community trust is a founding tenet and core value, and we aim to honor and maintain the community’s trust in letter, spirit, and daily practice.


1.1 At Lisa Fitzpatrick & Associates MD-PC dba Grapevine Health (“Grapevine Health,” “we,” “us,” “our”), we respect your privacy and recognize the importance of protecting the personal data we collect and process. This Privacy Policy is designed to help you to understand what personal data we collect about you and how we use and share it.

1.2 This Privacy Policy applies to you if you:

  • interact with Grapevine Health’s website ( or our social media pages (collectively, the “Sites“) (“website users“);
  • attend a Grapevine Health event or an event which Grapevine Health sponsors (“event attendees“);
  • use Grapevine Health’s communication and messaging products, or any of our other applications and services (collectively, the “Grapevine Health Services“) (“customers“).


The personal data that we collect about you broadly falls into the categories set out in the following table. Some of this information you provide voluntarily when you interact with Grapevine Health Services and Sites, or when you attend an event. Other types of information may be collected automatically from your device, such as device data and service data. From time to time, we may also receive personal data about you from third party sources (as further described in the table).

Depending on your interactions with us, we may collect the following personal data about you:

Contact information :

  • first and last names;
  • email addresses;
  • phone numbers;
  • company name;
  • your role in your company.

Survey response data:

  • your answers to multiple-choice or open-text field survey questions.

Focus group responses:

  • your answers and comments over the course of a discussion group.

Device data:

  • operating system type and version number, manufacturer and model;
  • browser type;
  • screen resolution;
  • unique device identifiers;
  • IP address.

Service data:

  • the website you visited before browsing to the Grapevine Health Services;
  • how long you spent on a page or screen;
  • how you interact with our emails;
  • navigation paths between pages or screens;
  • date and time;
  • pages viewed;
  • links clicked.

Third party source data:

  • first and last names;
  • email addresses;
  • phone number;
  • mailing addresses;
  • potential health information interests.

Some device data, service data and third-party source data is collected through the use of first- or third-party cookies and similar technologies. Grapevine Health does not share data regarding a particular user’s activity, unless we are acting as a Business Associate of your health insurance plan, in which case we share activity data with your insurance plan so that they may respond to your requests for further assistance or information. Grapevine Health does assign each user a unique user ID within the scope of an individual Service, but does not collect or retain IP addresses or any information that would allow Grapevine Health to identify the same particular user on more than one Service.


3.1 We collect and process your personal data for the following purposes:

  • Providing and facilitating delivery of the Grapevine Health Services and Sites: We process your personal data to perform our contract with you for use of our Services and Sites and to fulfill our obligations under applicable terms of service. Where we have not entered into a contract with you, we process your personal data in reliance on our legitimate interests to operate and administer the Grapevine Health Services and Sites. For example, to create, remove you from our contact lists if you opt out of messaging services.
  • Communicating with you about the Grapevine Health Services and providing customer support: We may send you service, technical and other administrative messages in reliance on our legitimate interests in administering the Grapevine Health Services. For example, we may send you messages about the availability or security of Grapevine Health Services. We also process your personal data to respond to your comments and questions and to provide community care and support.
  • Improving the Grapevine Health Services and Sites: We process your personal data to improve and optimize the Grapevine Health Services and Sites and to understand how you use the Grapevine Health Services and Sites, including to monitor usage or traffic patterns and to analyze trends and develop new products, services, features and functionality in reliance on our legitimate interests.
  • Sending marketing communications: We process your personal data to send you marketing communications via email, post or SMS about our products, services and upcoming events that might interest you in reliance on our legitimate interests or where we seek your consent. Please see the “Your Privacy Rights and Choices” section below to learn how you can control your marketing preferences.
  • Managing event registrations and attendance: We process your personal data to plan and host events for which you have registered or that you attend, including sending related communications to you.
  • Maintaining security of the Grapevine Health Services and Sites: We process your personal data to control unauthorized use or abuse of the Grapevine Health Services and Sites, or otherwise detect, investigate or prevent activities that may violate Grapevine Health policies or applicable laws, in reliance on our legitimate interests to maintain and promote the safety and security of the Grapevine Health Services and Sites.
  • Carrying out other legitimate business purposes: including fraud monitoring and prevention.
  • Complying with legal obligations: We process your personal data when cooperating or complying with public and government authorities, courts or regulators in accordance with our obligations under applicable laws and to protect against imminent harm to our rights, property or safety, or that of our users or the public, as required or permitted by law.

3.2 In certain circumstances, we may collect your personal data on a different legal basis. If we do, or if we use your personal data for purposes that are not compatible with, or are materially different than, the purposes described in this notice or the point of collection, we will explain how and why we use your personal data in a supplementary notice at or before the point of collection. Where we refer to legal bases in this section we mean the legal grounds on which organizations can rely when processing personal data.


4.1 We may disclose some or all of the personal data we collect to the third parties such as the following:

Business Associates:
Health insurance companies and other entities engaging us in data collection and analysis to support our collective provision of Grapevine Health Services and Sites to their respective members.

Service Providers:
Consultants and vendors engaged by us to support our provision of Grapevine Health Services and Sites and the operation of our business

Professional Advisors:
Professional advisors, such as lawyers, auditors and insurers, in the course of the professional services that they render to us.

Compliance with Law Enforcement:

  • Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
  • Protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
  • Enforce the terms and conditions that govern the Services; and
  • Prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

4.2 Aggregated or anonymized information. We may also share aggregated or anonymized information with third parties for other purposes. Such information does not identify you individually, but may include usage, viewing and technical information such as performance metrics related to the use of websites which we collect through our technology, products and services.

4.3 Third party websites. The Sites may also contain links to third party websites. This Privacy Policy applies solely to information processed by us. You should contact the relevant third-party websites for more information about how your personal data is processed by them.


You can exercise control over the following uses of your information:

  • Opt-Outs. We will provide you with an opportunity to opt-out of having personal data used for certain purposes when we ask for this information. If you decide to opt-out, we may not be able to provide certain features of our offerings. You can indicate that you are revoking your consent at any point by contacting us using the Contact Us link on our website or following the opt-out instructions included in any email or SMS message, and we will do our best to recognize and act on these signals.


6.1 We may amend this Privacy Policy from time to time in response to changing legal, technical or business developments. When we update it, we will take appropriate measures to inform you, consistent with the significance of the changes we make. If we make material updates to this Privacy Policy we will update the effective date at the top of the Privacy Policy.

6.2 If you have any questions, comments or concerns about this Privacy Policy or the way your personal data is being used or processed by Grapevine Health, please submit any questions, comments or concerns using the Contact Us link in the footer of this page.


Grapevine Health Services and the Sites are not aimed toward children under the age of 13. In the event that we are alerted that we have collected information from individuals under 13, we will immediately take steps to remove it. If you become aware that we have collected any such information, please contact us as described above.