Last Updated: November 9, 2023.


This Privacy Policy (“Privacy Policy”) explains The Stepping Stones Group’s and its affiliates (“we,” “us,” “our”) privacy practices for the activities described herein. Please read this Privacy Policy carefully to learn how we collect, use, share and process personal information, and to learn about your rights and choices regarding information we collect from or about you.


By using our website, our applications that run on mobile devices or tablets, or any online or mobile site or application that we own or control (collectively, our “Sites”), and/or by agreeing to this Privacy Policy, e.g. in the context of utilizing any of our products or services, you understand and acknowledge that we will collect, process, use and share personal information as described in this Privacy Policy and consent to the practices described in this Privacy Policy.




In conducting every aspect of our business, we may collect personal information. The information we collect will vary depending on your interaction with us. Such information may include, without limitation: your name, addresses, email addresses, telephone numbers, social security number, date of birth, age, credit or debit card numbers or other payment methods, billing information, insurance information, gender, protected health information, and other types of personal information that you choose to provide to us or that we may obtain about you.  We collect personal information, as well as other information, in multiple ways.


Information You Provide to Us: We collect information you provide to us. This may include, for example, when you request information or materials from us, visit or use our Sites, purchase our products or services, create an account on the Sites, communicate with our customer service or sales teams, respond to a survey, or respond to our advertisements.


Information We Collect from Other Sources:  We may collect information about you from a variety of third parties.  For example, we may obtain information about you from:


  • covered entities such as health plans, health insurance companies, health care providers and healthcare clearinghouses;
  • schools that you or your child attend;
  • companies that search for, provide, and/or aggregate information from public records, such as LexisNexis Risk Solutions and Accurint;
  • state and federal government agencies, such as the IRS and Medicare/Medicaid;
  • credit bureaus and credit reporting agencies, such as Equifax;
  • your existing health, medical, provider, or insurance accounts when you grant permission to access your accounts or information;
  • social media networks; and
  • publicly available sources and data suppliers from which we obtain data to validate or supplement the information we hold.


Information We Collect Automatically:  When you use or visit our Sites, we collect some information automatically. For example, when you visit our website, we may collect device, usage and log information such as your computer’s operating system, Internet Protocol (IP) address, access times, browser type and language, the search engine you used to locate the website, and the website you visited before or after our site. In addition, we gather certain navigational information about where you go on our website to help us determine which areas of the website are most frequently visited and helps us to tailor the sites to the needs and interests of our online visitors. If you use our mobile applications or use our Services on a mobile device or tablet, we may also collect your device type, mobile phone number, operating system type, wireless carrier, and device IDs, on our mobile applications.


Like most companies, we use technologies such as web beacons, pixels, tags, and JavaScript, alone or in conjunction with cookies, to gather this information. When you visit our website, we, or an authorized third party, place or recognize a unique cookie on your browser (including through use of pixel tags) that collects information, including personal information, about your online activities over time and across different sites. We also use web beacons and pixels in our emails to collect information about how you interact with our emails. For example, we may place a pixel in marketing emails that notify us when you click on a link in the email. If you want to remove or cookies and other collection technology, you may be able to update your browser settings (consult your browser’s “help” menu to learn how to remove or block cookies and similar technology). You can find instructions on how to manage collection technology on different types of web browsers at




We may use your personal information to:


  • Communicate with you and provide services to you;
  • Complete contracts as well as any disclosures or other documents required by law;
  • Provide, develop, maintain, and improve our products and services (e.g. evaluate the performance of our staff, assess the quality of our products and services, and help us improve our website and processes);
  • Process any applications, forms, requests, inquiries, or other information submitted to us;
  • Send marketing communications, promotional offers, and periodic customer satisfaction, market research or quality assurance surveys;
  • Administer and process payments to you or from you;
  • Create and update your customer account, including aggregating your health and medical records and treatment information;
  • Allow creation, maintenance, customization, enrollment, registration, and securing of accounts on your behalf;
  • Administer and support participation in sweepstakes, special offers, special pricing, discounts, and promotions;
  • Personalize our products, websites, and services, including content, ads and offerings;
  • Perform research and analytical activities (e.g. identifying trends and the effectiveness of marketing campaigns);
  • Solicit your participation in a clinical trial or research study;
  • Conduct audits, security and fraud monitoring and prevention;
  • Protect our legitimate business interests and legal rights; and
  • Assist us with legal claims, compliance, regulatory and investigative purposes as necessary (including in connection with law enforcement investigations, legal process, or litigation).


We may also use personal information we have collected and aggregated or anonymized personal information for any purpose permitted by law. For example, we may sell this information to understand more about our users, such as by analyzing aggregated information to calculate the percentage of our users who have a particular telephone area code. This includes demographic data, inferred commercial interests, and other information we may collect from you or from third parties.




We may share your personal information with the third parties described below.  


Service Providers.  We may share your personal information with third parties who work on behalf of, or with, us such as vendors, processors, suppliers, agents, attorneys, management companies, staffing companies, and representatives (collectively, “Service Providers”). Service Providers assist us with a variety of functions including, but not limited to, staffing and employment, sending marketing communications, assisting with advertising and related analytics, conducting research or surveys, sending regular mail and e-mail, maintaining databases, providing software applications, or processing credit card or debit card payments.


Government Agencies.  We may share your personal information with government agencies, law enforcement, or authorized third parties in response to a request relating to a civil or criminal investigation or other alleged illegal activity.  We may also share your personal information with government agencies such as the Internal Revenue Service and the Secretary of the U.S. Department of Health and Human Services.


Disclosures Under Special Circumstances.  We may disclose your personal information to third parties: (i) where we have a good faith belief that such disclosure is necessary to meet any applicable law, regulation, legal process or other legal obligation; (ii) when we believe disclosure is necessary to protect or prevent harm, illegal activity, or financial loss; (iii) to detect, investigate and help prevent security, fraud or technical issues; (iv) to enforce our Terms of Use, and (v) to cooperate with law enforcement, government, quasi-governmental and public agency requests or reporting requirement.


Corporate Transactions.  We may transfer your personal information in the event we: (i) sell or transfer, or are considering selling or transferring, all or a portion of our business or assets; or (ii) are considering or engaging in any reorganization, conversion, merger, sale, joint venture, assignment, transfer or disposition of all or any portion of our ownership interest, business or operations.


With Your Consent or At Your Direction.  We may share your personal information with third parties whenever you consent to or direct such sharing.




We are a Covered Entity under the Health Insurance Portability and Accountability Act and its implementing regulations (“HIPAA”).  As such, we have an obligation to protect the privacy and confidentiality of Protected Health Information (“PHI”) that we obtain.  Our uses and disclosures of PHI governed by HIPAA are set forth in our Notice of Privacy Practices, which is available at [link].




When we provide services in the school setting, the privacy and confidentiality of such educational records is governed by the Family Education Rights Privacy Act (“FERPA”) and our contracts with the applicable school district.  To the extent that FERPA or our contracts with the applicable school district prohibits a use or disclosure of educational records that would otherwise be permitted by this Privacy Policy, we will refrain from use or disclosure.




The Sites are not designed to solicit information from individuals under the age of 16. We do not knowingly collect or store any personal information from anyone under the age of 16 on our Sites. If you are a parent or guardian and believe we may have inadvertently collected personal information from your child, please notify us immediately by sending an email to




We do not collect or respond to Do Not Track signals and our websites do not function differently based on any Do Not Track preferences that may be received. For more information on Do Not Track signals, please visit




We also use analytics services provided by Google Analytics, which uses cookies and other collection technology to collect and store information about the use of the websites and the use of other websites, apps and online resources. You can read Google’s privacy policy, which applies to Google Analytics, at You also can opt-out from being tracked by Google Analytics in the future by downloading and installing Google Analytics Opt-out Browser Add-on for your current browser, at




Our website may contain links to other sites that we do not own or operate. We do not control, recommend or endorse and are not responsible for these sites or their content, products, services or privacy policies or practices. These other sites may send their own cookies to your device, they may independently collect information about you or from you, and they may or may not have their own published privacy policies.




We store your information using reasonable physical, technical and administrative safeguards. Please be aware that the Sites and data storage are run on software, hardware and networks, any component of which may, from time to time, require maintenance or experience problems or breaches of security beyond our control. In addition, no transmission of data over the internet is guaranteed to be completely secure. It may be possible for third parties not under our control to intercept or access transmissions or private communications unlawfully. We cannot ensure or warrant the security of any information you transmit to us over the internet.




We retain your personal information for as long as necessary to provide our services and fulfill the transactions you have requested, or for other essential purposes such as complying with our legal obligations, maintaining business and financial records, resolving disputes, maintaining security, detecting and preventing fraud and abuse, and enforcing our agreements. If you access the Sites or utilize our services on behalf of an organization, we retain your organizational contact details after the termination of your organization’s transaction to continue to communicate with you.




If you no longer want to receive marketing-related emails from us on a going-forward basis, you may opt-out by contacting us by email at or by following the instructions in any such email you receive from us. We will try to comply with your request as soon as reasonably practicable. If you opt out of receiving marketing emails from us, we may still send you important administrative messages, from which you cannot opt out.



By providing my phone number to The Stepping Stones Group,  I agree and acknowledge that The Stepping Stones Group may send text messages to my wireless phone number for any purpose. Message and data rates may apply. Message frequency will vary, and you will be able to Opt-out by replying “STOP”. No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.




Our Sites are intended solely and exclusively for residents of the United States. Accordingly, this Privacy Policy is directed only towards residents of the United States. By using the Sites, you represent that you are not a European Union resident. If you are located outside of the United States, including in the European Union, and you use the Sites you are doing so in violation of our Terms and Conditions. By providing personal information to us or using the Sites, you acknowledge and consent to the transfer and processing of such information in the United States.




The Privacy Policy may be revised from time to time. The “Last Updated” legend at the top of this page indicates when this Privacy Policy was last revised. Any changes will become effective when we post the revised Privacy Policy on any of our websites. Your use of the Services following these changes means that you accept the revised Privacy Policy.




In certain circumstances, you may be able to review and request changes to your personal information. If you would like to make changes or have any questions or concerns about this Privacy Policy or our privacy practices, please contact us at or by mail at The Stepping Stones Group, Attn:  Privacy Officer, 184 High Street, Boston MA 02110.