“Why does Health Profile need to know if I drink wine every night after work? Are you going to tell my boss?”
“Why does League log me out every time I close the app? It’s annoying!”
“Does ‘Mark’ on the Customer Care team tell everyone about my insurance woes?”
Privacy is personal, and when it comes to your own health and insurance information it’s important to know that it’s being used right and to benefit you.
When it comes to managing your health information, League is a neutral third-party. We’re here for you and always have your best interests in mind. Our top priority is keeping your info safe and secure, and we never share anything you tell us to either your employer or your insurance company unless you ask us to.
How your data is protected and used to personalize League for you
The info you give us is only what we need to make sure League works how you want it and help you hit your goals. We don’t collect anything more than that.
Your info helps power everyday features in the app, like making enrolling for insurance faster or so your Care Team knows your health history when you chat with a health expert.
- Some of your personal info is already shared by your employer or carrier, like the personal info we collect when you sign up as a League member.
- The other health info you give us in League is only between the two of us, like what you tell us to build your personal Health Profile. This quick survey about your health and habits is used to recommend the most relevant Health Programs and products we think you’ll want to know about. It’s never shared with your employer or carrier.
All the ways your personal info is kept safe and secure
There are multiple ways you’ll interact with that keep your account (and all the info in it) private.
Your security controls:
1. Your password
Ok, this is pretty standard. But you’ve got one! (Make sure it’s something easy for you to remember but hard for someone else to guess, etc.)
2. Two-factor authentication
Also known as 2FA, two-factor authentication is League’s version of “two pieces of ID, please!” You can only get access to your account after showing us two or more pieces of evidence (or factors) to an authentication mechanism.
If you’re signing in to League on a new device, you’ll be asked for two-factor
authentication. This is usually done with your League sign-in info (your username and password) plus a 6-digit code texted to your phone.
3. Privacy Lock
If you’re signed in to League but inactive for 15 minutes we automatically sign you out to protect your account. We know it can be a little annoying to have to sign back in, but we think this extra layer of security is worth it.
If you’re on your phone or tablet, in just a second or two you can sign back in with Face ID / Touch ID on iOS, or Fingerprint / Passcode on Android. If you’re on desktop, you’ll be asked to use your sign-in info to get back into your account.
Some of our security controls:
Behind the scenes, League is built to keep your data secure.
1. Encryption
Your data is encrypted as it moves between your device and League’s servers and once it’s stored. We use industry-standard best practices for encryption.
Your chat history with the Care team is stored and encrypted in a platform called Salesforce. Only specific authorized League employees can access it, and only so that they can use it to help you out when you contact us.
2. HIPAA hip hooray!
We make sure that all of our partners and vendors are PIPEDA or HIPAA compliant, so we can share your data with them and give you the most customized (and secure!) advice for your health and well-being.
You might not have heard of HIPAA, the Health Insurance Portability and Accountability Act of 1996. It’s a U.S. legislation that lays out ground rules for how companies like League have to keep American members’ healthcare data safeguarded.
Canadian League members are equally protected, and get another fun acronym to learn: PIPEDA!
PIPEDA is the Personal Information Protection and Electronic Documents Act. This Canadian law governs how private sector companies like League can collect, store, and disclose personal info.
In both countries, we make sure that everything we do with your personal data follows the rules laid out in both HIPPA and PIPEDA.
3. Data storage
All of our member data is stored in Canada. Because of this, our American members are protected from having their healthcare data shared with the U.S. government without their knowledge due to rules in the 2001 Patriot Act.
Want more? Satisfy your inner data-nerd by reading our full Privacy Policy.