Last Updated: March 5, 2017
Our Commitment to Privacy
WellAdapt Inc.’s products and services, including the Cardiowell App, can be used to track and share your own health information. WellAdapt Inc. provides an option to store biometric data to the WellAdapt Inc. data centers that are manually entered, and/or provided directly from supported devices, such as a blood pressure monitor or weight scale. The Cardiowell App also allows you to sync with Apple HealthKit so you can view certain Apple Health data in the Cardiowell App. Using the Cardiowell App, you are able to view the biometric data in the form of text and graphs. As of now, HealthKit biometric data is never stored on WellAdapt servers. Other data can be stored on WellAdapt servers for safe-keeping and remote analysis with your explicit authorization.
WellAdapt Inc. does not provide healthcare services of any type. The Cardiowell App only allows you to aggregate biometric data for self-analysis and understanding.
Our confidentiality policy provides you with total transparency on how we process your personal data.
BY USING THE WELLADAPT INC WEB SITES, PRODUCTS, SERVICES AND THE CARDIOWELL APP, YOU APPROVE AND AGREE TO THE PRACTICES DESCRIBED IN OUR POLICY.
If you do not find the answer to your questions in this document, feel free to contact us at: firstname.lastname@example.org
1. WHAT TYPE OF DATA ARE COLLECTED?
The End User of WellAdapt Inc. products and services requests data to be collected as part of the functionality that the Cardiowell App provides. The data identifies you either directly or indirectly.
Data that identifies you directly may include your first name, last name, date of birth, and e-mail address. We may also collect data that indirectly identifies you such as weight, blood pressure, and zip code.
2. HOW CAN I MAINTAIN CONTROL OVER MY DATA?
We believe you should have access to your data at anytime; to ensure your data remains secure and private at WellAdapt Inc, we support you and protect your privacy as fully as possible by guaranteeing you the following rights:
a.) Right to access your data
Your personal data is and shall remain yours. It must be accessible to you upon your request. This means that we will provide you a means to view your data and to export your data for you in an open format.
b.) Right to object to your data being processed
You may object to your personal data being processed and aggregated by contacting our customer service department. Please know that this might limit the scope of WellAdapt Inc.’s. products and services.
c.) Right to protect your data
We use various methods to safeguard your data. How do we protect your data?
First, you need to have a password-protected account to access your data.
Second, all data stored in our cloud database is encrypted.
Third, we de-identify all data used for statistical analysis and research.
d.) Right to control your data sharing
The Cardiowell App provides a sharing option that allows you to control with whom you have shared your data. This option allows you to begin and end sharing your data with WellAdapt Inc. or Apple HealthKit at any time. For your added protection we currently do not allow sharing with any third party apps other than Apple Health. WellAdapt Inc. does not sell, rent, share, or disclose personal information or biometric data with third parties. The system is not designed to enable access by physicians and/or third parties to your personal information.
e.) Right to be forgotten: Deletion of your account
At WellAdapt Inc. we give you the right to remove data that identifies you directly by deleting your account for you. Contact us anytime to have your account deleted
f.) Right to update your information
At any time you can update your personal information within the App. If you have registered or created an account, you may view, update, or delete certain personal information through that account. Please note that we reserve the right to retain personal information relating to you for a period of time as reasonably necessary to document our business activities, comply with applicable laws or regulations or as needed for required disclosures. If you wish to edit personal information but are unable to do so by visiting your account, please contact the WellAdapt Inc. customer service department.
3. WHAT DATA IS COLLECTED AND WHEN?
WellAdapt Inc. products and services, such as the Cardiowell App, do not share any data with third-party companies without your explicit permission. The Cardiowell App does collect data when used. This is a list and explanation of the data collected with your permission.
We receive data:
c.) When you use the Cardiowell App.
a.) When you visit and use our websites and services
When you use our website, take or reply to our questionnaires, we collect certain information even if you do not have a Cardiowell App account. This happens when you complete surveys, write a comment, share on a social network, order a product, etc.
When ordering Products and Services from our website, we collect information about your order such as mailing and billing address. However, WellAdapt Inc. will never have access or store your bank details as payment transactions are conducted and secured by our partners.
We may also collect information that your browser sends whenever you use the Cardiowell App, use our service or visit our websites by or through a mobile device or PC. ("Log Data").
This Log Data may include information such as your computer's Internet Protocol ("IP") address, browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages and other statistics.
When you access the Service by or through a mobile device, this Log Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use and other statistics. It can also include crash reports and logs related to the function or malfunction of the Cardiowell App.
WellAdapt Inc. analyses web traffic data and information gathered using cookies, web beacons and mobile device data to help better understand who is using the website and/or apps and how they are being used. This helps to identify patterns and trends in usage to allow WellAdapt Inc. to better meet user needs. “Cookies” are small files placed on your hard drive when you visit a web page that help to a) analyze page flow, b.) customize services, content and advertising, c) measure promotional effectiveness d.) promote trust and safety and e.) store user preferences and other information.
You can always disable cookies on your browser.
We do not support Do Not Track ("DNT"). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.
This is the data that you may communicate to us by visiting and using our sites and services:
1. Identity Data
3. Log Data
b.) When you create a Cardiowell App account
Creating a Cardiowell App End User account allows you to use the App and may allow you to use WellAdapt Inc.’s Products and Services. A unique user account will be created requiring us to collect certain identifiers about you. We will, therefore, collect any information you provide to identify and register yourself as a Cardiowell App user. This data may include demographic-type data including your name, user name and contact information. The Cardiowell App user account allows you to access and control your data. Data is collected when you first create an account and every time you login and use the Cardiowell App.
This is the data you may communicate to us when you create a Cardiowell user account:
1. Identity Data
c.) When you use the Cardiowell App
Using the Cardiowell App requires a user account. To create and maintain a user account certain data is shared with us when you download, install and use the Cardiowell App. This is also the case when you set a notification, reminder, share information, or respond to questionnaires.
This is the data that you may communicate to us by using our applications:
1. Identity Data
2. Body Metrics Data
d.) When you Use a WellAdapt Inc. product
WellAdapt’s products, services and applications such as the Cardiowell App collect data, and enable biometric monitoring. When you activate a WellAdapt product, you will need to download the Cardiowell App and create an account.
When used, the device’s serial number and your biometric measurement (i.e. weight, pulse, blood pressure) data are automatically sent from supported devices to the WellAdapt Inc. data center whenever you use the device. No user identification information is sent. Cardiowell App uses the information to show measurement history and graphs.
This is the data that you may communicate to us by using our products:
1. Body Metric Data
2. Device Serial Number
e.) When you share data from Apple HealthKit
You have the option to share Apple HealthKit data with the Cardiowell App. Sharing with Apple HealthKit allows Cardiowell App to display certain biometric data in the Cardiowell App. The user must explicitly grant permission to read and write data from Apple HealthKit. Users can grant or deny permission separately for each type of data. No Apple HealthKit data is stored on WellAdapt Inc servers.
Sharing can be turned off by the user at anytime.
The Cardiowell app is using the Apple HealthKit framework, and will NOT store any users’ health information in iCloud.
This app will NOT use user data gathered from the Apple HealthKit API for advertising or other use-based data mining purposes other than improving health, medical, and fitness management, or for the purpose of medical research.
This app will NOT share user data acquired via the HealthKit API with third parties without user consent.
This is the data that you may share from Apple HealthKit when you use the Cardiowell App:
- We do not transfer any AppleHealth Kit data to WellAdapt Inc servers or any third parties.
f.) When you share the data with WellAdapt Inc.
When you share data with WellAdapt Inc., some of your biometric data may be sent automatically and securely to our cloud-based data servers so that you can access the data online, sync your data with your other devices, and share the data with WellAdapt Inc. health coaches.
This is the data you may communicate to us when you share your data with WellAdapt Inc.
1. Body Metrics Data
2. Date of Birth
g.) When you contact our customer service department
As part of our customer service, we collect information about you. Customer support information remains confidential whenever you contact us or visit our Web site.
To better support you, some of your data is shared with our teams until we solve the problem. Our teams ensure your data is secure and comply with our confidentiality policy.
This is the data you may communicate to us when you reach our customer service department:
1. Identity Data
2. Body Metrics Data
4. HOW CAN MY DATA BE USED?
a.) To display your data to you
The data is displayed through the Cardiowell App in the form of graphs and historical trends. Data may be in raw format (weight, pulse, etc.), or averaged over time.
b.) To improve WellAdapt Inc. product and service offerings
In order to improve our products and services and ensure the availability of our platform, in accordance with Internet standards, we retain a record of operations conducted, in log form.
We never work with your data when it identifies you unless you have given us your consent; for example, in order to resolve a problem that you have pointed out to us when you contact our customer service department.
c.) To communicate information to you
We may use certain data in order to offer surveys, news, tips, promotions and other types of direct marketing and communications, such as new product and service offerings, at your discretion. Information can be communicated by email, and within the Cardiowell App.
If you do not wish to receive such information, please opt out by emailing email@example.com
d.) To produce statistics and/or aggregated data analyses
We will never sell your personal data without your permission. At WellAdapt Inc., we whole-heartedly believe that data can serve the common good. We may create statistics and analysis using the data we collect. When conducted, all data is first anonymized to assure your privacy is protected.
Data anonymized and/or aggregated in this way are used to:
1. Improve Cardiowell App products and services so that we:
- Can better understand how our products and services are used and can be improved.
- Can improve the user experience of visitors on our websites and applications.
2. Demonstrate the effectiveness of our solutions:
- We participate in scientific studies to document benefits.
- We communicate through blogs, advertising or the press, to educate the public about the benefits of the products and solutions.
3. Educate the public on health issues:
- We publish websites and charts to present statistics and analyses.
- We may generate studies, analyses and general statistical analysis for the public, for companies or universities. We may at times produce studies on digital health and new applications (e.g., a research paper on effectiveness).
5. IN WHICH CASES DOES WELLADAPT INC. SHARE MY PERSONAL DATA?
WellAdapt Inc. never shares your data without your authorization. Data can only be shared between the Cardiowell App and Apple HealthKit and WellAdapt Inc. In each case, only with your explicit authorization. It is essential for us to gain your prior agreement when data that can identify you is shared.
a.) When it is on your own initiative
You can decide to share your data with Apple HealthKit
You can decide to share your data with WellAdapt Inc.
b.) When sharing your data is necessary to provide you with certain services
Some services require the involvement of other companies. This is the case, for example, for online payments on our www.welladapt.com Web site. In order for this service to work, we have to transmit certain data to our partners that allows you to be identified in order to process a secure payment.
c.) When we are obliged by law
We may disclose Personal Information in the good faith belief that we are required to do so by law. We fully cooperate with any law enforcement authority or court order requesting or directing us to disclose the identity, behavior or digital content of any user suspected to have engaged in illegal or infringing behavior. Certain laws, regulations, administrative or court rulings may compel us to communicate certain personal data to a third-party. Except when this is prohibited by law, we shall inform you as soon as possible if we have to transmit some of your data.
d.) Business Transaction
6. FOR HOW LONG DO YOU RETAIN MY PERSONAL DATA?
We retain all data until the time your user account is deleted.
7. WHERE IS MY PERSONAL DATA KEPT?
WellAdapt Inc. has implemented and maintains reasonable security procedures and practices designed to protect against the unauthorized access, use, modification, destruction or disclosure of your Personal Information.
Data is stored locally on your iOS device and upon your authorization limited data can be stored on secure database servers hosted by Database-as-a-Service partner, Object Labs Corporation maker of mLAB.com. Cardiowell also uses Heroku Inc., which is a third-party cloud based data storage and management company. WellAdapt Inc. may also use other services provided by Object Labs and Heroku such as Push Notifications, Debugging Features or Analytics. All data is backed up and encrypted to preserve and secure your information. The Heroku servers are throughout the country and are subject to regulations that guarantee a high level of protection.
Heroku Terms of Service: https://www.heroku.com/policy/tos; and
mLAb Terms of Service: https://mlab.com/company/legal/tos/
Heroku’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilize the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.
Amazon’s data center operations have been accredited under:
SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
PCI Level 1
Heroku provides a high level of data security, including vulnerability management, backups, disaster recovery and redundancy.
However, as you probably know, third-parties may unlawfully intercept or access transmissions or private communications, and other users may abuse or misuse your personal information that they collect from the site. Therefore, although we work very hard to protect your privacy, we do not promise, and you should not expect, that your personal information or private communications will always remain private.
8. HOW DO YOU PROTECT MY DATA?
WellAdapt Inc. has put in place security measures in an effort to protect personal information from loss, misuse, or alterations while it is under our control. Your data is stored on industry-compliant cloud servers located within the Amazon Inc. hosting facilities. Amazon uses technical, contractual, administrative and physical measures in an effort to protect against unauthorized access. These include secure servers, SSL and encryption. The hosting facilities are equipped with the latest security technologies and advanced security technologies and procedures. Data is restricted using security controls consisting of security staff, security doors and biometric readers. Remote access to the servers is highly restricted and controlled.
To allow you to securely view your account and registration information you will be required to submit a username and password upon registration and log into the application.
9. HOW DO I DELETE MY CARDIOWELL APP USER ACCOUNT?
To delete your account, please contact our customer service department.
Data that identifies you directly will be deleted from our production servers. However, data may be retained within the security backups that we regularly make. In order to ensure free access to your data, we shall give you the option of retaining your data locally before deleting your account. This will be done following a secured procedure.
10. WHAT THIRD-PARTY TOOLS DO YOU USE?
Other than the use of Heroku and Object Labs Corp. for application managmenet and database storage we use Square Space for web site hosting and Heap for user analytics. Heap allows us to track bugs, crashes, and user behavior to better understand issues and improve user experience.
11. WHAT IS THE MINIMUM AGE FOR THE USE OF WELLADAPT INC. PRODUCTS AND SERVICES?
All users must be over the age of thirteen (13) to create an account and use our products and services. Our Service does not address anyone under the age of 13 ("Children").
All individuals under the age of 13 must have a parent's or legal guardian's consent by contacting our customer service department. We do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and you learn that your Children have provided us with Personal Information, please contact us. If we become aware that we have collected Personal Information from a child under age 13 without verification of parental consent, we take steps to remove that information from our servers.
By visiting and using WellAdapt Inc. products, applications and services, you agree that the laws of the state of California, without regard to principles of conflict of laws, will govern any dispute of any sort that might arise between you and WellAdapt Inc. If you are located outside of the United States and choose to provide your information, your information will be transferred to the United States and processed there.
DISCLAIMER OF WARRANTIES & LIMITATION OF LIABILITY
All information, content, materials, products (including applications) and services included on or otherwise made available to you through the Cardiowell App, Cardiowell Web sites and WellAdapt Inc. products and services are provided by WellAdapt Inc. on an “as is” and “as available” basis, unless otherwise specified in writing. WellAdapt Inc. makes no representations or warranties of any kind, express or implied, as to the operation of Web sites, or the information, content, materials, products (including Cardiowell App) or services included on or otherwise made available to you by WellAdapt Inc., unless otherwise specified in writing. You expressly agree that your use of the Cardiowell App and other WellAdapt Inc. products and services, including the websites is at your sole risk.
To the full extent permissible by applicable law, WellAdapt Inc. disclaims all warranties, express or implied, including, but not limited to, implied warranties of merchantability and health for a particular purpose. WellAdapt Inc. does not warrant that the Cardiowell App, or Web sites; information, content, materials, products (including software) or services included on or otherwise made available to you through this site; their servers; or e-mail sent from WellAdapt Inc., are free of viruses or other harmful components.
WellAdapt Inc. will not be liable for any damages of any kind arising from the use of its products or services or from any information, content, materials, products (including software) or services included on or otherwise made available to you, including, but not limited to, direct, indirect, incidental, punitive, and consequential damages, unless otherwise specified in writing.
Certain state laws do not allow limitations on implied warranties or the exclusion or limitation of certain damages. If these laws apply to you, some or all of the above disclaimers, exclusions, or limitations may not apply to you, and you might have additional rights.
If you have any questions regarding privacy while using our products, or have questions about our practices, please contact us via email at firstname.lastname@example.org
Last updated: March 5, 2017