The policy discloses that Ro deploys tracking technologies from advertising platforms including Google and Meta on its service pages, including pages where users provide health-related information during intake flows.
This analysis describes what Ro's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision discloses that health-related behavioral data generated during patient intake flows may be transmitted to third-party advertising platforms through pixel and cookie technologies, creating potential regulatory exposure under FTC consumer protection authority and state health data privacy laws that apply to consumer health data outside HIPAA-covered transactions.
Interpretive note: The specific data categories transmitted via pixel technologies are not exhaustively enumerated in the policy, and the precise scope of health-related data captured depends on pixel configuration which may change over time.
Under this provision, interactions with Ro's intake and checkout pages, including pages where health conditions and treatment preferences are disclosed, may result in transmission of behavioral data to advertising platforms such as Google and Meta. The agreement discloses this practice but the scope of what specific health-related data is transmitted depends on the specific pixel configuration in use at any given time.
Cross-platform context
See how other platforms handle Third-Party Advertising Pixel Tracking in Telehealth Flows and similar clauses.
Compare across platforms →Monitoring
Ro has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We use third-party analytics and advertising tools, such as those provided by Google and Meta, that use cookies, web beacons, and similar tracking technologies to collect information about your use of our Services and other websites over time. This information may include your IP address, browser type, pages viewed, and interactions with our Services, including on pages where you provide health-related information.— Excerpt from Ro's Ro Privacy Policy
REGULATORY LANDSCAPE: This provision engages FTC Act Section 5 authority over unfair or deceptive data practices and the FTC Health Breach Notification Rule, which applies to personal health records and related entities. HHS OCR guidance has addressed the use of tracking technologies by HIPAA-regulated entities. Multiple state health data privacy statutes, including Washington's My Health MY Data Act and California's CMIA as interpreted alongside CCPA/CPRA, may impose consent or notice requirements on collection and sharing of consumer health data through tracking technologies. The FTC has taken enforcement action against digital health companies for sharing health-related data with advertising platforms without adequate disclosure or consent. GOVERNANCE EXPOSURE: High. The deployment of advertising pixels on pages where patients disclose health conditions or treatment needs represents a category of data practice that has been the subject of active FTC and state AG enforcement in the digital health sector. The policy discloses this practice but does not specify the precise data categories transmitted or the opt-in consent mechanism for health-sensitive page tracking. JURISDICTION FLAGS: Washington state's My Health MY Data Act imposes authorization requirements for collection and sharing of consumer health data and may apply to behavioral data generated on telehealth intake pages. California's CCPA/CPRA and CMIA create additional obligations. Illinois and other states with broad health or biometric data frameworks may create further exposure. EU and UK frameworks are not clearly engaged given the US-only service scope disclosed. CONTRACT AND VENDOR IMPLICATIONS: Advertising platform data processing agreements should be reviewed to determine whether Google and Meta's data use terms are compatible with health data confidentiality obligations and whether those platforms qualify as business associates requiring BAAs or operate as independent data controllers. Standard advertising platform terms typically do not include health data carve-outs sufficient for HIPAA-adjacent compliance. COMPLIANCE CONSIDERATIONS: Compliance teams should conduct a technical audit of all pixels and tracking scripts deployed on intake, checkout, and clinical questionnaire pages to map which data categories are transmitted to which third parties. Consent mechanisms should be evaluated against state health data statutes requiring affirmative authorization for health data collection. Data processing agreements with advertising partners should be reviewed and updated if health data categories are in scope.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 3 platforms + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision discloses that health-related behavioral data generated during patient intake flows may be transmitted to third-party advertising platforms through pixel and cookie technologies, creating potential regulatory exposure under FTC consumer protection authority and state health data privacy laws that apply to consumer health data outside HIPAA-covered transactions.
Under this provision, interactions with Ro's intake and checkout pages, including pages where health conditions and treatment preferences are disclosed, may result in transmission of behavioral data to advertising platforms such as Google and Meta. The agreement discloses this practice but the scope of what specific health-related data is transmitted depends on the specific pixel configuration in use at any …
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Ro.