MyDirectives® Privacy Policy

Effective Date: January 1, 2021

This Privacy Policy describes how ADVault, Inc. (“ADVault”) collects, discloses, stores, transfers and uses the personal information you provide as a user of the website (“MyDirectives®“) or the software application MyDirectives MOBILE™ (collectively, the “Applications”), each of which is owned and operated by ADVault.

What the Privacy Policy Really Says

The Applications exist to help you share health data, and to ensure it can be located and retrieved in an emergency if you cannot share it yourself, so you can have a voice in your healthcare.  We collect demographic data you voluntarily provide when you create your account.  We collect the health data you voluntarily share with us.  We securely store and protect your personal data.  We use some of it, like contact information for you and your friends and family, so we can contact you and help you share your health data.  We also respond to requests from hospitals, doctors and nurses trying to find your health data so they can know something about you when they treat you.  We may share the fact that you use the Applications with a third party that pays for your healthcare, but we never share your health data with that third party.  We may also share aggregated data with third parties for purposes of research or statistical analysis, but no one can use the data shared to identify you.  Finally, we track general usage of the Applications so we can improve them. 

You control your personal data collected by the Applications.  You voluntarily provide it, and you can change or delete it at any time.  You can also close your MyDirectives account any time you wish. 

Now for the legalese version.

The Legalese Version of the Privacy Policy

The information you provide to ADVault is protected by several privacy frameworks.  In the United States, certain Protected Health Information and Personally Identifiable Information are protected by the United States Federal Health Insurance Portability and Accountability Act of 1996, usually known as HIPAA.  If you are a citizen or resident of the European Union (“EU”), any health data you provide to ADVault is also a protected form of data known as a Special Category of Personal Data under the General Data Protection Regulation (“GDPR”).  In addition to the usual appropriate technical and organizational measures we implement to ensure the security and integrity of the personal data we process, we may implement additional measures in relation to Special Categories of Personal Data, as appropriate.  These measures may include segregation, pseudonymization or restriction of access to the data.

When you use the Applications, you accept certain risks and responsibilities.  You also have a right to know how we protect your privacy and confidentiality and what you should expect from us.  By downloading, accessing or using the Applications, or providing information to us in connection with the Applications, you agree to the terms and conditions of this Privacy Policy.

Your Role, Responsibilities, and Risks

  • You need to be an informed user of the Applications. Please read our Terms and Conditions of Use and all our policies in full so you know how our service works and how you will interact with the Applications.

  • Understand how we collect data and how it is used.  For example, we may offer programs that collect data for special reasons, such as research, scientific studies, and statistics, in which case you may be interested in participating with consent.

  • Be aware that use of the Applications cannot replace, nor is it intended to serve as, a medical treatment provider-patient relationship or an attorney-client relationship.  You should always consult with a medical professional for diagnosis and treatment for specific health problems.  If you need legal assistance, you should seek the services of a competent legal professional.

What You Should Expect

  • We will strive to maintain your privacy, confidentiality, and security at all times.

  • We will not use any of your medical treatment choices information without your express consent.

  • We will notify you of all data collection practices by posting such practices in this Privacy Policy.

  • We will make you aware when you leave MyDirectives for another website, either by telling you in writing or by another technical mechanism.

  • Further details about how we use your personal information and medical treatment choices information are set out in our Terms and Conditions of Use.

  • We may also provide further notices highlighting certain uses we wish to make of your personal information, as well as the ability to opt in or out of selected uses, when we collect personal information from you.

Our Security Measures

All of ADVault’s systems and infrastructure have obtained certification for security and privacy under the HITRUST CSF®.  We use physical, technical and administrative measures to protect the integrity and privacy of the personal information and medical treatment choices information you provide to us.  When you enter sensitive information (such as your health/medical information) in response to our questions, we encrypt the transmission of that information using secure socket layer technology (SSL).  Although we make every reasonable effort to protect personal information and medical treatment choices information from loss, misuse, or alteration by third parties, you should be aware that there is always some risk involved in transmitting information via the Internet, and that hackers or thieves do find ways to thwart security systems.  Please also be aware that we may use third-party cloud service providers like ClearDATA that provide hosting, data storage and other services pursuant to standard terms and conditions that are generally non-negotiable.  These service providers inform us that they apply security measures they consider adequate for the protection of information within their system.  If you have reason to believe that your interaction with the Applications is no longer secure, please notify us immediately by contacting us at

Changes in Our Privacy Policy

It is our goal to use personal information and medical treatment choices information in the manner described in the Privacy Policy that is in effect when your information is collected.  We do, however, reserve the right to change the terms of this Privacy Policy at any time.  If we make any material changes, we will notify you by email (sent to the email address specified in your account) or by means of a notice on the MyDirectives website prior to the change becoming effective.  Any changes to this Privacy Policy will become effective when we make the revised Privacy Policy available through the Applications.  Your use of the Applications or the submission of any information in connection with the Applications following such changes means that you accept the revised Privacy Policy.  Where we rely on your express consent for processing personal data, we will seek further consent if we anticipate changing how we process that personal data.

ADVault Collects and Retains Data

ADVault collects information on its users in different sections of the Applications.  ADVault is interested in user information for the purposes of operating the Applications more efficiently, providing users with more efficient and reliable functionality, and to answer your questions and concerns.

ADVault will retain your information for as long as your account is active or as needed to provide you services. Please contact us if you wish to cancel your account or request that we no longer use your information to provide you services.  We will retain and use your information as necessary to comply with our legal obligations, to resolve disputes, and to enforce our agreements.  More information on ADVault is available in the About Us section of the Applications, and at the websites and

How We Collect Information

Whether directly or through our third-party service providers, we may collect your information in a variety of ways, including:

  • From you: As you set up your profile in the My Account section of the Applications, you will be asked for your name, address, telephone number, email address, birth date, social security number or other identification number, depending on where you live, and other contact or identification information. We collect this information to identify or contact you, and to verify that you are at least 18 years old. We may also collect demographic information such as your location, or other information like your preferred means of communication, when you voluntarily provide such information to us.

    If you contact us, we will typically keep a record of that correspondence.

    If you choose to create a digital advance care plan, you will also have the opportunity to provide us with information about your medical treatment choices; allergies and medications; who should make medical treatment decisions for you if you cannot make or communicate those decisions yourself; your wishes regarding organ donation, autopsies and other post-death services; and messages you wish to express to your friends, family and medical care providers. The Applications use this information to automatically populate ADVault’s proprietary digital advance care plan.

  • Through your device: Certain information is collected automatically through your device, such as your operating system name and version, device manufacturer and model, device identifier, language and the name and version of the software application you are using.  We use this information for purposes such as ensuring that the Applications function properly and understanding usage of the Applications.

  • ​Through server log files: As is true of most websites, we gather certain information automatically and store it in log files. This information includes Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. We may combine this automatically collected log information with other information we collect about you. We do this to improve services we offer you, and to improve marketing, analytics, or site functionality.

  • Tracking technologies: Technologies such as cookies, beacons, tags and scripts are used by MyDirectives and our analytics service providers.  These technologies are used in analyzing trends, administering the site, tracking users’ movements around the site and to gather demographic information about our user base as a whole.  We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.

    We use cookies to remember users’ settings and for user authentication.  Users can control the use of cookies at the individual browser level. If you reject cookies, you may still use MyDirectives®, but your ability to use some features or areas of our website may be limited.

  • Physical Location: We may collect the physical location of your device, for example, using satellite, cell phone tower or WiFi signals.  We may use your device’s physical location to, among other things, provide you with extra security features.  We may also aggregate this information to display usage trends.  We may also share de-identified information about your device’s physical location for any purpose not prohibited by applicable law.  In some instances, you may be permitted to allow or deny such uses of your device’s location, but if you choose to deny such uses, we may not be able to provide you with extra security features.

  • By aggregating information: Aggregated personal information, aggregated protected health information and/or aggregated additional information does not personally identify you or any other user of the Applications.  For example, we may aggregate personal information to calculate the percentage of our users who have a particular telephone area code or postal code, and we may aggregate protected health information and/or other information to calculate the percentage of our users with particular medical treatment goals, preferences and priorities.

We also collect third-party personal information in our My Circle feature when you voluntarily provide it to us.  This section allows a user to designate a healthcare agent and add personal contacts so that they can be contacted in regards to any choices made.  Please note that, by using such functionality, you are agreeing that you have informed that third party that you intend to share their personal data with us and have provided them with a link to or copy of this Privacy Policy.

Where Information Is Collected

We collect information about you at several places throughout the Applications.  Most information is collected in the following instances:

Registration and My Account

In order to have access to many of the services and the content available on the Applications, you are required to complete a registration form that requests certain personal information. You will also have the opportunity to document and store contact information for friends, family, and medical treatment providers, but providing this contact information is optional and voluntary.

We may use your My Account information to send you an email or a text message to confirm your identity and your registration with MyDirectives, to respond to questions from you, or to notify you if there is a problem. Unless you click Notifications on your MyDirectives Dashboard and opt out, we may also send emails from time to time or newsletters we think may be of interest to you. You may unsubscribe from newsletters by following the directions in the newsletters.

Interactive Services/Tools

As stated above, if you choose to create a digital advance care plan, you will have the opportunity to voluntarily enter certain health information about your medical treatment choices, allergies and medications, as well as other personal thoughts you would like to express to your friends, family and medical care providers. The Applications use this information to automatically populate ADVault’s proprietary digital advance care plan.

How We Use Your Personal Information

In this section, we set out the purposes for which we use your personal information. For the benefit of MyDirectives users who are European citizens or residents (and in compliance with our obligations under the GDPR), we also identify the “lawful bases” on which we rely to process the information. These “lawful” bases are set out in the GDPR, which allows companies to process personal data only when the processing is permitted by the specific lawful bases established by law, the full description of which can be found here.

Please note that in addition to the disclosures we have identified below, we may disclose personal information for the purposes we explain in this notice to service providers, contractors, agents and advisors (for example, legal, financial, business or other advisors) that perform activities on ADVault’s behalf.

  • To contact you and provide customer support. Lawful Bases.

  • To conduct user outreach.  We provide you with reminder emails and updates relating to our products and services.  Where required by law, we obtain consent to conduct this activity.  We will provide an option to unsubscribe or opt out of further communication on any electronic marketing communication sent to you, or you may opt out by contacting us. Lawful Bases.

  • To provide new and better services.  We monitor user traffic patterns and try to analyze what our users like and do not like about our current offerings so we can design better services for you.  We may also use certain information for testing purposes, site development and planning, and during the normal course of maintaining the Applications.  In these cases, researchers, business analysts, system designers, and others may have access to the data we collect. Lawful Bases.

  • To enable healthcare providers to locate and retrieve your advance care planning documents.  We use demographic information to attach metadata “tags” to your advance care planning documents so that healthcare providers can locate and retrieve them if they are needed. Lawful Bases.

  • To improve usability, quality and functionality of the Applications.  We may share aggregate statistical information on our users, sales, traffic patterns, and website usage with our business affiliates.  There is nothing in this information that could be used to identify or contact you, and this information does not include information on your health. Lawful Bases.

  • We may require vendors to provide specific services, such as data analysis, data storage, email processing, or customer service.  We ask vendors to adhere to our confidentiality standards and do not permit a vendor to use our customer information for any other purpose. These companies are authorized to use your personal information only as necessary to provide these services to us. Lawful Bases.

  • We may share your registration data with your public or private health insurance provider or your healthcare providers solely to inform them that you are registered with MyDirectives.  Other than cases of a declared healthcare emergency where doctors and nurses need access to your information for treatment purposes, we do not use or disclose any health information or medical treatment choices information you provide on our site to an unrelated third party without your express consent. Lawful Bases.

  • In certain limited circumstances, we may be legally compelled to release your personal information in response to a court order, subpoena, search warrant, law, or regulation.  If we are compelled to disclose personal information or medical treatment choices information to a third party under such circumstances, we will notify you unless doing so would violate the law or court order.  We also reserve the right to cooperate with law enforcement authorities in investigating and prosecuting users that violate our rules or engage in behavior that is harmful to other users or illegal.  We may also release your personal information when we believe in good faith that disclosure is necessary to make or defend against a legal claim, protect your safety or the safety of others, investigate fraud, or respond to a government request, where to do so would be permissible under applicable law. Lawful Bases.

  • If ADVault is involved in a merger, acquisition, or sale of all or a portion of its assets, we may disclose some of your personal information in the course of the transaction.  You will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information. Lawful Bases.

Third-Party Relationships

ADVault works with several types of third-party vendors that provide products and services that we integrate into the Applications.  We also work with private health insurance plans, hospitals, hospice and palliative care providers, and a host of other medical treatment providers, and we intend to work with public and self-funded corporate insurance plans, United States federal and state authorities, as well as foreign governments, to ensure the broadest possible adoption of, and access to, the MyDirectives system.  We request that third-party vendors, commercial partners, and users of the Applications and ADVault’s other technology solutions supply us with information on their security procedures, and we evaluate them periodically to ensure that they are using data only as previously agreed.

This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including our third-party service providers (including cloud service providers such as ClearDATA), any healthcare providers, insurers, employers, and, if applicable, Apple Inc., and any other third party operating any software application or website to which the Applications contain a link.

We may allow third-party vendors or commercial partners to buy aggregate data collected on our site.  We may also share aggregate data with third parties such as universities for purposes of conducting research, scientific studies and statistics.  None of the aggregate data we share with third parties can be used to identify you.

External Links

The Applications may feature external links to other websites or software applications that we believe you might find useful; however, we do not endorse these sites or software applications. We are not responsible for the privacy practices of these external sites or software applications. We will make every effort to notify you when you are leaving MyDirectives, and we encourage you to read the privacy policy of each site you visit that may collect information or ask you to disclose personal information and/or medical treatment choices information.

MyDirectives may have related sites (different URLs) that provide additional information or services offered by medical treatment organizations. Although related, these sites may not be governed by this Privacy Policy.

Rights Relating to Personal Data under the GDPR

EU citizens and residents have a number of rights relating to how their personal data is used. If you are an EU citizen or resident, please be aware that certain exceptions apply to the exercise of these rights, so you will not be able to exercise them in all situations. In addition, these rights will vary slightly between EU member states. If you wish to exercise any of these rights, we will check your entitlement and respond within a reasonable timeframe. Where applicable, EU citizens and residents have the following rights relating to their personal data:

If you have any questions relating to your rights or the exercise of your rights, please contact us.


You can contact ADVault at any time if you do not wish to use the Applications or store your personal information or medical treatment choices information any longer.  Upon receiving your request, we will try to remove or delete all personal information and/or medical treatment choices information stored in the active databases that we use for research and daily business activities.  If you choose to de-register, ADVault may be required to inform your public and/or private health insurance plan provider(s) of your decision.

Change/Update/Delete Personal Information and Medical Treatment Choices

You may change, update, or delete your personal information at any time by returning to the My Account section of the Applications.  If you have selected to create a digital advance care plan, you can change your medical treatment choices recorded on our system at any time by returning to the My Decisions section of MyDirectives (or the Healthcare Agent and Organ & Tissue Donation sections of MyDirectives MOBILE, as appropriate) and changing your answers to the questions asked as part of your medical treatment choices “conversation” with the system.  If you have previously uploaded a digitized paper advance care planning document, you can delete the document by returning to your My Dashboard page, clicking on the document you wish to delete, then clicking Delete in the Actions column next to that document.


With your consent, we may post your testimonial along with your name.  If you want your testimonial removed, please contact us.


Our website offers a publicly accessible blog.  You should be aware that any information you provide in this area may be read, collected, and used by others who access it.  To request removal of your personal information from our blog, please contact us at  In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.

Jurisdictional Issues

The Applications are controlled by us from the United States.  Accordingly, except as explained elsewhere with respect to EU citizens and residents, this Privacy Policy, and our collection, use and disclosure of your personal information, protected health information and additional information, is governed by U.S. law, and not by the laws of any country, territory or jurisdiction other than the United States.  We do not represent or warrant that the Applications, or any functionality or feature thereof, are appropriate or available for use in any particular jurisdiction.  Those who choose to access or use the Applications do so on their own initiative and at their own risk, and are responsible for complying with all local laws, rules and regulations.  By using the Applications and submitting any personal information, protected health information or additional information, users from outside the United States acknowledge that the Applications are subject to U.S. law and consent to the transfer of personal information, protected health information and additional information to the United States, which may provide a different level of data security than in their country of residence.

Contact Information

ADVault, Inc.

Address 740 E. Campbell Rd., Suite 825Richardson, Texas 75083USA

(Version 2021.01.01)