(last updated 12/2019)
CareBand, Inc. maintains privacy in compliance with the Health Insurance Portability and Accountability Act (“HIPAA”) as well as the Protected Health Information Law (“PHI”).
Here we describe the privacy practices for our devices, applications, software, websites, APIs, products, and services (the “Services”). You will learn about the data we collect, how we use it, the controls we give you over your information, and the measures we take to keep it safe.
INFORMATION WE COLLECT
When you use our Services, we collect the following types of information.
INFORMATION YOU PROVIDE US
Some information is required to create an account on our Services, such as your name, email address, username, and password. This is the only information you have to provide to create an account with us. You may also choose to provide other types of information, such as a mobile telephone number or profile picture.
INFORMATION WE RECEIVE FROM YOUR USE OF OUR SERVICES
Your device collects data to estimate a variety of metrics like the movement, activity, location, and wearing usage. The data collected varies depending on which firmware is on the device you use. When your device transmits data with our gateway, applications or software, data recorded on your device is transferred from your device to our servers.
The Services include features that use precise geolocation data, including GPS signals, device sensors, and Bluetooth beacon access points. On certain applications or software, we collect this type of data if you grant us access to your location. You can always remove our access using your mobile device settings. We may also derive your approximate location from your IP address.
When you access or use our Services, we receive certain usage or network activity information. This includes information about your interaction with the Services, for example, when you view or search content, install applications or software, or create or log into your account.
We also collect data about the devices and computers you use to access the Services, including IP addresses, browser type, language, operating system, or mobile device information (including device and application identifiers), the referring web page, pages visited, location (depending on the permissions you have granted us), and cookie information.
HOW WE USE INFORMATION
We use the information we collect for the following purposes.
PROVIDE AND MAINTAIN THE SERVICES
Using the information we collect, we are able to deliver the Services to you and honor our Terms of Service contract with you. For example, we need to use your information to provide you with your CareBand dashboard and to give you customer support.
IMPROVE, PERSONALIZE, AND DEVELOP THE SERVICES
We use the information we collect to improve and personalize the Services and to develop new ones. For example, we use the information to troubleshoot and protect against errors; perform data analysis and testing; conduct research and surveys; and develop new features and Services.
When you allow us to collect precise location information, we use that information to provide and improve features of the Services such as recording where a workout took place or mapping an activity.
COMMUNICATE WITH YOU
We use your information when needed to send you Service notifications and respond to you when you contact us. We also use your information to promote new features or products that we think you would be interested in. You can control marketing communications and most Service notifications via the “Unsubscribe” link in an email.
PROMOTE SAFETY AND SECURITY
We use the information we collect to promote the safety and security of the Services, our users, and other parties. For example, we may use the information to authenticate users, facilitate secure payments, protect against fraud and abuse, respond to a legal request or claim, conduct audits, and enforce our terms and policies.
HOW INFORMATION IS SHARED
We never sell the personal information of our users. We do not share your personal information except in the limited circumstances described below.
WHEN YOU AGREE OR DIRECT US TO SHARE
You may direct us to disclose your information to others, such as when you use our community features and other social tools.
You may also direct us to share your information in other ways, for example, when you give a third-party application access to your account. You can revoke your consent to share with third-party applications using your account settings.
FOR EXTERNAL PROCESSING
We transfer information to our corporate affiliates, service providers, and other partners who process it for us, based on our instructions, and in compliance with this policy and any other appropriate confidentiality and security measures. These partners provide us with services globally, including for customer support, information technology, payments, sales, marketing, data analysis, research, and surveys.
FOR LEGAL REASONS OR TO PREVENT HARM
We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of the Services or the physical safety of any person.
Please note: Our policy is to notify you of legal process seeking access to your information, such as search warrants, court orders, or subpoenas, unless we are prohibited by law from doing so. In cases where a court order specifies a non-disclosure period, we provide delayed notice after the expiration of the non-disclosure period. Exceptions to our notice policy include exigent or counterproductive circumstances, for example, when there is an emergency involving a danger of death or serious physical injury to a person.
We may share non-personal information that is aggregated or de-identified so that it cannot reasonably be used to identify an individual. We may disclose such information publicly and to third parties, for example, in public reports about movement and activity, to partners under agreement with us, or as part of the community benchmarking information we provide to users of our subscription services.
If we are involved in a merger, acquisition, or sale of assets, we will continue to take measures to protect the confidentiality of personal information and give affected users notice before transferring any personal information to a new entity.
YOUR RIGHTS TO ACCESS AND CONTROL YOUR PERSONAL DATA
We give you account settings and tools to access and control your personal data, as described below.
Accessing and Exporting Data
By logging into your account, you can access much of your personal information, including your dashboard with your location and activity statistics. You can also download information in a commonly used file format, including data about your activities and location.
Editing and Deleting Data
By logging into your account and using your account settings, you can change and delete your personal information. For instance, you can edit or delete the profile data you provide and delete your account if you wish.
If you choose to delete your account, please note that while most of your information will be deleted within 30 days, it may take up to 90 days to delete all of your information, like the data recorded by your CareBand device and other data stored in our backup systems. This is due to the size and complexity of the systems we use to store data. We may also preserve data for legal reasons or to prevent harm, including as described in the How Information is Shared section.
Objecting to Data Use
We keep your account information, like your name, email address, and password, for as long as your account is in existence because we need it to operate your account. In some cases, when you give us information for a feature of the Services, we delete the data after it is no longer needed for the feature.
We keep other information, like your location or activity data, until you use your account settings or tools to delete the data or your account because we use this data to provide you with your statistics and other aspects of the Services. We also keep information about you and your use of the Services for as long as necessary for our legitimate business interests, for legal reasons, and to prevent harm, including as described in the How we Use Information and How Information is Shared sections.
ANALYTICS AND ADVERTISING SERVICES PROVIDED BY OTHERS
We work hard to keep your data safe. We use a combination of technical, administrative, and physical controls to maintain the security of your data. This includes using Secure Sockets Layer (“SSL”) to encrypt many of our Services. No method of transmitting or storing data is completely secure, however. If you have a security-related concern, please contact support.
CHANGES TO THIS POLICY
We will notify you before we make material changes to this policy and give you an opportunity to review the revised policy before deciding if you would like to continue to use the Services.