MyDataHelps Designer Privacy and Use Policy

July, 2022


CareEvolution’s MyDataHelps Designer web platform (“the Platform”) enables end users to build and launch an end-to-end digital research or health project in hours— no coding required. Core components include eConsent, automated survey and notification delivery, and wearable and EHR information collection. Please also see our MyDataHelps Privacy and Use Policy that covers the MyDataHelps mobile and web applications (applies to project participants).

What does this Policy Cover?

CareEvolution (“We”) take your privacy very seriously and are conscientious about how we handle data entered by you about yourself or your project(s). Your use of the Platform is voluntary. The set of policies here covers what kinds of information (the “Data”) We collect, how We use the Data, how We secure the Data, how We may share the Data, how We communicate with you, and your Data responsibilities. By using the Platform, you acknowledge that you accept the practices and policies outlined here. You also consent that We collect, use, and share your information as described in this policy.

Data We Collect

Registering for the Platform

In order to participate on the Platform, we ask you to create an account. To create an account, you must share certain identifying information (such as name and email address), and agree to the usage and privacy practices as detailed in this document, which may be modified over time.

User Data

The Platform will obtain information from you in two ways:

Project Data

We may also collect project information you provide to us in support of your MyDataHelps project. This includes information such as your project name, other MyDataHelps Designer users, surveys, notifications, schedules, and associated participant information. Further details regarding participant information are covered in the Your Data Responsibilities section of this policy.

How We Use Data

Identifiable Data will never be sold or used for advertising without your consent. We may aggregate your Data for legitimate business purposes. In such circumstances, CareEvolution will de-identify the Data to protect your confidentiality and privacy. Deidentification means that the Data cannot reasonably be associated with you or your projects, and aggregation involves combining the Data with other users and projects, again, such that no user or project can be identified.

The Platform collects Data for the following purposes:

How We Secure Data

The Data is maintained in the United States by us (CareEvolution) or our authorized partners. We use appropriate physical, organizational, and technical safeguards designed to protect the confidentiality, integrity, and availability of the Data we collect. For example, the Data is encrypted both at rest and in transit in accordance with the security standards set forth by the National Institute of Standards and Technology’s (NIST) Federal Information Processing Standard (FIPS) Publication 140-2: Security Requirements for Cryptographic Modules. These are the standards mandated by the Department of Health and Human Services for securing health information. We cannot, however, fully guarantee the security of the Data or any information transmitted to us.

How We May Share Data

Except as described in this policy, we will not sell, rent, lease, give away, disclose, or share your contact information, and will not disclose the Data we collect through the Platform without your consent. We may combine your Data without identifying information (removing information such as name and email address) with others’ Data (also without identifying information) for use in health and fitness research and quality improvement initiatives. We also reserve the right to disclose your information that we believe, in good faith, may be necessary to i) protect our intellectual property and other rights; ii) take liability; iii) protect ourselves from fraudulent, abusive, or unlawful uses or activity; iv) investigate and defend ourselves against any third-party claims or allegations; or v) protect the rights or safety of others. We will notify you of any such disclosures. When we work with third parties who provide services on our behalf, we take steps to limit the information provided to them to that which is reasonably necessary for them to perform the functions for the allowable purposes listed above. We require them to agree to handle and process the information in accordance with our instructions and to maintain the confidentiality, integrity, and availability of the information by applying appropriate organizational and technical safeguards. We reserve the right to disclose and otherwise transfer the Data to an acquirer, successor, or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, or in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets, to the extent and in the way as prescribed by applicable law.

How We Communicate With You

We may contact you to:

Your Data Responsibilities

We collect and process project information on behalf of you. In such cases where activities are subject to the EU General Data Protection Regulation (“GDPR”), we act as Data Processors (as such term is defined in the GDPR). As the responsible entity for protecting your data subjects’ Personal Data, your responsibilities as a Data Controller (as defined in the GDPR) include the following:

Data You Can Access and Withdrawing

The Platform enables you to view, edit, and share some of the Data. You may request that your Data be deleted by contacting us at with the email address used to register your account.

In some circumstances, we may not delete all of your Data, and we may continue to use your Data if it is necessary to comply with our legal obligations (including law enforcement requests), to meet regulatory requirements, to maintain our security program, or if retaining such Data is in the interest of public health or scientific research purposes.

Data is deleted within 45 days of a deletion request, except where retention is necessary as described within this policy.

By using the Platform, you agree that you will not do anything to interfere with or disrupt the operation of the Platform, will provide only accurate and current information through the Platform, and will not impersonate anyone else in your use of the Platform. You further agree not to transmit content that you do not have the right to transmit or that infringes the rights of any party, and you agree to use the Platform in compliance with all applicable laws. You understand that the Platform or portions of it may be subject to patent, copyright, trademark, and other intellectual property protection and that the ownership of software and other intellectual property related to the Platform, as well the goodwill associated therewith, remains with CareEvolution. You agree that any improvements or other changes to the Platform are the property of CareEvolution. To the maximum extent permitted by law, the Platform is provided “As Is” and “As Available”, with all faults and without warranty of any kind, and CareEvolution and its licensors disclaim all warranties, either implied or statutory, including, but not limited to, the implied warranties of merchantability, satisfactory quality, fitness for a particular purpose, accuracy, quiet enjoyment, and non-infringement of third party rights. To the extent not prohibited by applicable law, in no event shall CareEvolution be liable for personal injury, or any incidental, special, indirect or consequential damages whatsoever arising out of or related to your use or inability to use the Platform.

Changes to Our Privacy and Use Policy

We may change this policy over time. Any changes will be posted on our website and will be effective when published at


If you have any questions, comments, or requests regarding this policy or our handling of your Data, please contact us at