Skip to main content
Jumavo Privacy Policy
Effective Date: June 1, 2026
Table of content

1. Introduction

Jumavo is operated by JŪMA Group, LLC ("Jumavo," "we," "us," or "our"). Jumavo is a closed-loop prepaid wallet for elective, cash-pay care. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use the Jumavo website, mobile apps, provider portal, APIs, and related services (collectively, the "Services").

Jumavo is not insurance, not a bank, and not financing. It is a prepaid wallet you load and then spend with participating providers.

This Policy applies to two groups of people:

  • Members — individuals who use Jumavo to set money aside for, pay for, and keep records of elective, cash-pay care.
  • Providers — licensed healthcare and wellness providers and their practices who participate in Jumavo to accept wallet payments from members.

It also applies to visitors of our marketing website at jumavo.com. Where Provider obligations differ from Member obligations, this Policy says so.

A note on health information. When a Provider uses the Services to handle information about an identified patient, some of that information may be Protected Health Information ("PHI") under the Health Insurance Portability and Accountability Act ("HIPAA"). Jumavo's handling of any such PHI is governed primarily by the Business Associate Agreement ("BAA") between Jumavo and the Provider, which supplements — and does not replace — this Policy. [Jumavo's HIPAA status is subject to counsel confirmation per the Compliance Playbook.]

2. Information We Collect

2.1 Information You Provide Directly

  • Identity and contact information — name, email address, phone number, date of birth, mailing address.
  • Account information — username, password (stored hashed), profile photo, communication preferences.
  • Member wallet activity — the care categories you save or search, participating providers you transact with, appointment dates, wallet loads and balances, and receipts.
  • Please do not enter medical records or diagnostic details into free-text fields. We do not require you to upload medical records.
  • Provider professional information — practice name, NPI, license numbers and states, insurance carrier, service listings, prices, hours, and photos.
  • Payment information — billing address, the card brand, the last four digits of your payment card, and expiration date. Full payment-card numbers are collected and stored by our payment processor, Stripe, Inc. — not by Jumavo.
  • Communications — messages you send to Jumavo support, to Providers, or to other members through the Services; survey responses; and beta feedback.

2.2 Information Collected Automatically

  • Device and technical data — IP address, device identifiers, operating system, browser type, app version, language, time zone, and crash logs.
  • Usage data — screens and pages viewed, features used, tap and click events, referring URLs, and time stamps.
  • Approximate location — derived from IP address. Precise GPS location is collected only if you grant the app permission, and used only to surface nearby participating providers.
  • Cookies and similar technologies — see Section 9.

2.3 Information We Receive From Third Parties

  • From Providers — limited member information (for example, that an appointment occurred, or a refund status) needed to process wallet transactions.
  • From Stripe — transaction status, last-four card digits, payout records, and fraud signals.
  • From identity-verification or anti-fraud vendors (if used) — pass/fail results and risk scores. We do not retain underlying government-ID images longer than needed to verify.
  • From analytics and CRM partners (for example, HubSpot and server-side analytics) — engagement metrics, attribution, and aggregate insights.

2.4 Sensitive Personal Information

Some information we collect is considered "sensitive" under California and other state privacy laws, including: precise geolocation (only with permission), payment card information, account credentials, and certain health-related information about the cash-pay care you choose. We use this information only for the purposes described in Section 3, and we do not sell it. See Section 11 for California-specific rights.

3. How We Use Information

We use personal information to:

  • Provide and improve the Services — create and authenticate accounts, help you find and pay participating providers, process wallet loads and payments, store receipts, and deliver in-app and email notifications.
  • Process transactions — through Stripe and approved processors, including fraud prevention, chargebacks, and reconciliation.
  • Communicate with you — service messages, security alerts, support replies, and (with consent where required) marketing communications. You can opt out of marketing emails at any time.
  • Send SMS — appointment reminders and security codes via Twilio Inc., with prior consent and required TCPA disclosures. Consent to marketing texts is never a condition of any purchase.
  • Personalize content — surface saved services and participating providers, and tailor your home feed based on your usage.
  • Measure and improve — product analytics, A/B testing, performance monitoring, and aggregated reporting.
  • Protect the Services — detect fraud, abuse, account takeover, and prohibited conduct.
  • Comply with law — respond to legal process, enforce our Terms of Service, and protect the rights, property, and safety of Jumavo, our users, and the public.
  • Develop the business — corporate transactions, including financing, due diligence, and mergers or acquisitions, subject to appropriate confidentiality protections.

Where required by law, we rely on legal bases including: performance of a contract with you; our legitimate interests in operating and securing the Services; your consent (for marketing communications, precise location, and certain cookies); and compliance with legal obligations.

4. How Information Is Shared

We do not sell personal information for money. We share information only as described below.

4.1 With Providers (or Members, for Provider-side data)

When you load your wallet or pay for a service, we share the identifying and transaction details a participating provider needs to complete and record the transaction. When a Provider lists services, we display that information to members using the Services.

4.2 With Service Providers (Processors)

We share information with vendors that process data on our behalf under contract, including our payment processor (Stripe), our messaging provider (Twilio), and our CRM and analytics providers (including HubSpot). Each processor is contractually limited to using the information only to perform the services we direct.

4.3 For Legal Reasons

We may disclose information if required by law, regulation, legal process, or governmental request; to enforce our Terms or this Policy; to detect, prevent, or address fraud, security, or technical issues; or to protect the rights, property, or safety of Jumavo, our users, or others.

4.4 In Corporate Transactions

If Jumavo is involved in a merger, acquisition, reorganization, financing, sale of assets, or insolvency, personal information may be transferred as part of that transaction. We will notify you and provide choices required by law.

4.5 With Your Consent or At Your Direction

We share information in any other way you direct or consent to, including when you publicly post a review or rating.

4.6 Aggregated and De-identified Information

We may create and share aggregated or de-identified information that cannot reasonably be used to identify you, including for research, product development, and marketing.

5. Provider Health Information (HIPAA)

Certain information handled through the provider portal — such as appointment records or notes linked to a specific patient — may constitute PHI subject to HIPAA. Jumavo's handling of any such PHI is governed by the BAA signed by each Provider before PHI may be transmitted through the Services. Providers are responsible for obtaining any HIPAA-required patient authorizations and for issuing their own Notice of Privacy Practices.

Information a member self-tracks (such as noting a cash-pay visit) is generally not PHI in Jumavo's hands. We nonetheless apply administrative, physical, and technical safeguards to that information consistent with strong industry standards. [HIPAA classification pending counsel confirmation.]

8. Automatic Renewal Disclosure (California ARL)

CALIFORNIA RESIDENTS: This Section 8 contains important disclosures required by the California Automatic Renewal Law. Please read carefully.
8.1 Automatic Renewal. Your Jumavo subscription is an automatically renewing subscription. Your subscription will renew automatically each month at the subscription tier you have selected, and your payment method will be charged accordingly, until you cancel.

8.2 Subscription Charges. The amount you will be charged each month is the subscription tier price you selected at signup: $99.00, $199.00, or $299.00 per month, plus any applicable taxes. If Jumavo increases the subscription price, Jumavo will notify you in writing at least thirty (30) days before the change takes effect.

8.3 How to Cancel. You may cancel your subscription at any time through the Service by navigating to your account settings and selecting "Cancel Subscription." You may also cancel by contacting Jumavo at [email protected]. Cancellation is effective at the end of your current billing cycle.

8.4 Acknowledgment. By subscribing, you affirmatively acknowledge and agree to the automatic renewal, the recurring charges to your payment method, and the cancellation method described above.

6. Data Retention

We retain personal information for as long as needed to provide the Services and for the additional periods required for our legitimate business purposes and legal obligations. After applicable retention periods, we delete, anonymize, or aggregate personal information in line with our retention schedule. [Specific retention periods are placeholders pending final review with counsel and compliance.]

7. Security

We use administrative, physical, and technical safeguards designed to protect personal information, including encryption in transit and at rest, access controls and least-privilege permissions, network segmentation, logging and monitoring, vendor security reviews, and employee privacy and security training. No system can be guaranteed perfectly secure; please use a strong, unique password and enable any two-factor authentication option we offer.

If we experience a security incident that affects your personal information and triggers notification obligations, we will notify you and any required authorities consistent with applicable law.

8. Your Choices

  • Account information — review and update most information in your account settings, or contact [email protected] for help.
  • Marketing communications — unsubscribe via the link in any marketing email; transactional and service messages will continue.
  • SMS — reply STOP to opt out at any time, or manage SMS preferences in-app.
  • Push notifications — manage these in your device settings.
  • Location — revoke precise-location access in your device settings; you can still use the Services without it.
  • Cookies — see Section 9. Most browsers let you block or delete cookies and respond to Global Privacy Control ("GPC") signals.
  • Account closure — request closure in-app or by emailing [[email protected]]. Some information may be retained as described in Section 6 or as required by law.

9. Cookies and Similar Technologies

We use cookies, SDKs, pixels, and similar technologies to operate the Services, remember your preferences, measure performance, and (in limited cases) support advertising. Categories include:

  • Strictly necessary — required for login, security, and core functionality.
  • Functional — remember preferences and personalization.
  • Analytics — measure usage and improve the product.
  • Advertising/attribution — measure marketing effectiveness and limit ad frequency.

You can manage non-essential categories through our in-product cookie preferences and most browsers' settings. We honor opt-out preference signals (including GPC) for users in jurisdictions that recognize them, including California.

10. Children's Privacy

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13 in violation of the Children's Online Privacy Protection Act ("COPPA"). Parents or legal guardians may use the Services to manage cash-pay care for minor dependents, subject to additional consent flows. If you believe a child under 13 has provided information to us, contact [[email protected]] and we will delete it.

11. California Residents — CCPA/CPRA Notice

This section provides additional disclosures for California residents under the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA").

11.1 Categories of Personal Information Collected

In the past twelve (12) months, we have collected the following categories: identifiers; customer-records information (such as contact and billing details); commercial information (transactions); internet or network activity; geolocation (general); audio and visual information (support recordings, if applicable); professional information (for Providers); inferences drawn from the above; and the sensitive categories listed in Section 2.4.

11.2 Sources, Purposes, and Disclosures

The sources of this information, the business purposes for which we use it, and the categories of third parties to whom we disclose it are described throughout this Policy and summarized in Section 4.

11.3 "Sale" or "Share" of Personal Information

We do not sell personal information for monetary consideration. We may "share" limited identifiers and online activity for cross-context behavioral advertising. You have the right to opt out of any such sharing using the "Do Not Sell or Share My Personal Information" link in the footer of jumavo.com, or by enabling GPC in your browser.

11.4 Limiting the Use of Sensitive Personal Information

We use sensitive personal information only for the purposes permitted under the CCPA regulations (including providing the Service, fraud prevention, and security), and not to draw inferences about you outside those purposes.

11.5 Your California Rights

  • Right to know what personal information we have collected, used, disclosed, and "shared."
  • Right to delete personal information, subject to exceptions.
  • Right to correct inaccurate personal information.
  • Right to opt out of "sale" or "sharing," and to limit the use of sensitive personal information.
  • Right to non-discrimination for exercising your rights.

Submit requests at [jumavo.com/privacy/requests] or by emailing [[email protected]]. We will verify your identity before fulfilling a request. You may use an authorized agent. We respond within the timelines required by law.

12. Other U.S. State Privacy Rights

Residents of certain other U.S. states (including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and others as laws take effect) may have similar rights to access, correct, delete, and opt out of targeted advertising or profiling. You can exercise these rights through the same channels listed in Section 11.5. We respond as required by applicable state law.

13. International Users

The Services are intended for users in the United States. If you access the Services from outside the U.S., your information may be transferred to, stored, and processed in the United States, where data-protection laws may differ from those in your country.

14. Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will notify you by email, in-app notice, or by posting an updated effective date at the top of this Policy at least fifteen (15) days before the changes take effect.

15. Contact Us

If you have questions about this Privacy Policy or our privacy practices, contact:

JŪMA Group, LLC — Attn: Privacy [Street Address], [City], CA [ZIP] [[email protected]]

Related: see our Terms of Service.

— End of draft. For legal review before publication. —



Jumavo is a product of JŪMA Group, LLC — a closed-loop prepaid wallet for elective, cash-pay care. Not insurance. Not a bank. Not an HSA or FSA. Not financing, a loan, or buy-now-pay-later. No credit check.

Banking services provided by Mercury and its partner banks, Choice Financial Group and Column N.A., Members FDIC.

CMS, National Health Expenditures 2024 Highlights — "Total out-of-pocket spending increased by 5.9 percent in 2024 to $556.6 billion" (11% of total NHE)
Jumavo, a DBA of JŪMA Group, LLC · OWN YOUR HEALTH · © 2026 · All rights reserved.