MyDataHelps™ and myFHR™ (the “App”) enable consumer participation in research studies, quality improvement programs, and health and wellness tools (the “Project” or “Projects”) organized by healthcare researchers and providers (the “Investigators”) to improve our understanding of how diseases progress, what healthcare interventions work, and how each of us may respond differently to the same interventions so we may learn how to improve our collective health and well-being through data. Your use of the App will allow you to share information about your overall health and fitness; family history; your activity level; any sensor-based data such as weight, blood pressure, blood glucose level, and heart rate; information about your location; and any other information requested by Projects you enroll in and agree to provide as part of the Project.

What does this Policy Cover?

CareEvolution (“We”) take your privacy very seriously and are conscious about how we handle your data. Your use of the App and your participation in the Projects are each voluntary. The set of policies here covers what kinds of information (the “Data”) the App collects, how We store the Data, how We use the Data, and how We may share the Data. By using the App you acknowledge that you accept the practices and policies outlined here. You also consent that We collect, use, and share your information as described in this privacy policy.

This Privacy and Use Policy does not apply to the practices of the Investigators or the companies and institutions that we do not own or control, or to individuals that we do not employ or manage. For each Project you elect to participate in, you will be prompted to consent before any of your data is shared. For digital clinical research Projects, you are required to review and acknowledge the informed consent form provided by that Project's Investigator.

Registering for the App

In order to participate in the App platform, we ask you to create an account in the App. To create an account, you must share certain identifying information (such as name, date of birth, email address) and preferences (such as whether to share certain types of data, whether and when to receive notifications and reminders), and agree to the usage and privacy practices as detailed in this document, which may be modified from time to time.

MyDataHelps does not allow children under 13 years old to create their own accounts. To enroll a minor under 13 years old in a project, a parent/guardian must register their own account, provide consent, and oversee the minor’s participation. Parents/guardians are responsible for ensuring that their child’s data is entered and used in accordance with applicable laws and consent requirements.

The App will not access your personal contacts, personal photos nor any text and email messages on your smartphone without your explicit permission.

The App will obtain information from you in three ways.

• Manually entered information -- this is information that you manually enter into the App.
• Automatically collected information -- this information is either generated as a byproduct of your use of the App or generated by your smartphone or any digital health devices connected to your smartphone.
• Existing Information -- this information is typically the result of one or more connections to existing data from your healthcare provider (such as a physician office or hospital, among others) that you authorize in the App.

Information you manually enter into the App

We receive and store some information you manually enter into the App. In addition to directly identifiable Personal Information, We or an Investigator may ask you to enter information including but not limited to your medications, medical history, lifestyle choices, illnesses and associated symptoms, mood, activity, and fitness. In the future We may collect additional health-related information as the App and the surveys presented to you are further developed by various researchers who implement Projects using the App. You can choose not to provide us with certain information by simply skipping questions that you are uncomfortable answering.

Information That May Be Collected Automatically

In addition to the information that you manually enter, with your permission, the App also collects certain information about you automatically through your smartphone and/or any other connected digital health devices such as smartwatches.

• Apple’s Health Application (“Health”) and HealthKit

  The following provision relates to your ability to share your information with Health and your ability to have Health send information back to the App. Health is an app from Apple that allows you to store your personal health information on the Apple device. Our App will ask you to enable sharing of information with Health. Apple Health will provide you the ability to select which information from Health is shared with the App. Please be aware that this information may not be accessible by your specific health providers. For specific health concerns, please contact your care provider directly.

  Because the settings in Health and the apps which work with Health will affect how your information is used and disclosed, it is important that you review the privacy policies and settings of those applications. You can find more information about Health and your privacy settings at https://www.apple.com/ios/health/.

• Apple Sensor & Usage Data (“Apple SensorKit”)

  The following provision relates to your ability to have Sensor & Usage Data (Apple SensorKit data) from your Apple device(s) sent back to the App. Depending on the projects you participate in, our App may ask you to enable sharing your Apple Sensor & Usage Data. Your Apple device (e.g., iPhone) will provide you the ability to select which information is shared with the App. This may include metrics that describe your facial expression. Please be aware that this information may not be accessible by your specific health providers. For specific health concerns, please contact your care provider directly.

  You can find more information about Apple Sensor & Usage Data and your privacy settings at https://www.apple.com/legal/privacy/data/en/sensor-usage-data/.

• Google Fit

  The following provision relates to your ability to have Google Fit send information back to the App. Google Fit is a cloud-based activity-tracking platform that allows you to share your activity information with other apps and devices that are designed to work with Google Fit. You may enable sharing between the App and Google Fit applications as well as choose which information is shared with Google Fit. You can also select which information from Google Fit is shared with the App. Please be aware that this information may not be accessible by your specific health providers. For specific health concerns, please contact your care provider directly.

  Because the settings in Google Fit and the apps which work with Google Fit will affect how your information is used and disclosed, it is important that you review the privacy policies and settings of those applications. You can find more information about Google Fit and your privacy settings at https://www.google.com/fit/.

• Google's Health Connect by Android

  The following provision relates to your ability to share your information with Health Connect and have Health Connect send information back to the App. Health Connect is an app from Google that allows you to store your personal health information on the Android device. Our App may ask you to enable sharing of information with Health Connect. Health Connect will provide you the ability to select which information from Health Connect is shared with the App. Please be aware that this information may not be accessible to your specific health providers. For specific health concerns, please contact your care provider directly.

  Because the settings in Health Connect and the apps which work with Health Connect will affect how your information is used and disclosed, it is important that you review the privacy policies and settings of those applications. You can find more information about Health Connect and your privacy settings at https://health.google/health-connect-android/.

• Wearables and Other Digital Health Devices (for example, Fitbit, Withings)

  The following provision relates to your ability to have your digital health devices and the services offered by the device company send data back to the App. You may enable sharing between the App and your device as well as choose which information is shared with the device company. You can also select which information from the device is shared with the App. Please be aware that this information may not be accessible by your specific health providers. For specific health concerns, please contact your care provider directly.

  Because the settings in your device(s) and the apps which work with your device will affect how your information is used and disclosed, it is important that you review the privacy policies and settings of those applications. You can find more information about your device and your privacy settings at your device company’s website. For example: https://www.fitbit.com/privacy.

• Location Information

  If required by a specific Project in the App, we may also collect information about your location through your smartphone or digital health device's applicable geolocation, GPS, wifi or similar capabilities ("Location Information"). We use a power-efficient way of gathering the location data on your movements that are noteworthy (for example, to determine if your typical mobility outside your home has decreased due to changes in your health status).

• Usage Information

  The App may also automatically receive technical information relating to your usage of the App such as your operating system, device, features used, content viewed and downloaded, the dates and times of your interactions with the App, and other information.

Information for Minors

For minors under 13 years old, participation in projects is facilitated through their parent/guardian’s account. Parents/guardians provide consent, manage the account, and may enter or review information on behalf of the child. MyDataHelps does not permit children under 13 years old to create their own accounts or directly submit data without parental involvement. Investigators are responsible for ensuring compliance with applicable laws, including COPPA, for projects involving minors.

Push Notifications

"Push notifications" are App messages sent to your smartphone as reminders of what you may wish to do for the various Projects you may be participating in. Such notifications can serve as helpful reminders to complete surveys or take certain measurements (for example, blood pressure, weight, or glucose readings). You can choose to disable notifications in the settings on your smartphone, but we strongly encourage you to not disable such notifications.

SMS Messages

Another way you could receive notifications from CareEvolution is through SMS (text) messages. When signing up for our service, we will send you a one-time PIN code to verify your account from MyDataHelps. You can also choose to receive continuous notifications about your participation in health research studies. Message and data rates may apply. The frequency of these messages depends on the number of Projects you are enrolled in and their schedule. If you need help reply with "HELP" or contact mydatahelps-support@careevolution.com. To unsubscribe reply "STOP" to any received message. Carriers are not liable for delayed or undelivered messages.

How We Secure Your Data

Your Data is maintained in the United States by us (CareEvolution) or our authorized partners.

We use appropriate physical, organizational, and technical safeguards designed to protect the confidentiality, integrity, and availability of the Data we collect. For example, your data is encrypted both while it is stored and while it is transmitted in accordance with the security standards set forth by the National Institute of Standards and Technology’s (NIST) Federal Information Processing Standard (FIPS) Publication 140-2: Security Requirements for Cryptographic Modules. These are the standards mandated by the Department of Health and Human Services for securing health information. We cannot, however, fully guarantee the security of the Data or any information transmitted to us.

If you enable sharing with third-party device manufacturers and their systems (such as Apple Health, Fitbit, Google Fit, Google Health Connect, etc.) or your health plan or provider, you understand that the App uses the standard security protocols, as provided by the third parties, to protect the privacy and security of your information as it is transmitted to and stored by these third parties. CareEvolution has no control over their security protocols.

Access to the App on your smartphone will be protected by the biometric code (such as Touch ID or Face ID) or the passcode you have enabled on your smartphone. We strongly recommend that one of these be enabled to protect access to all apps on your smartphone, including our App.

We strive to protect the privacy of the Personal Information we collect and hold, but we cannot guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of your Personal Information at any time.

How We Use the Data

Your Data will never be sold or used for advertising.

The App collects your Data for the following purposes:

• For the improving general health, medical and fitness management, and for the purposes of medical research.
• We may use the Data to understand, customize and improve user experience with the App. For example, we may engage analytics services to analyze this information in order to help us understand how users engage with and navigate the App, how and when features within the App are used and by how many users.
• We may use the data without your identifying information (name, contact information, email address) to support research and health or quality improvement initiatives with external collaborators and partners.

How We May Share the Data

Except as described in this privacy policy, we will not sell, rent, lease, give away, disclose, or share your contact information, and will not disclose the Data we collect through the App without your consent. Any information collected by the App will not be shared with or sold for advertising purposes.

If required by law, we may share anonymized Data with United States Department of Health and Human Services agencies, the Office for Human Research Protection, and other agencies or courts as required by law. Also, the Institutional Review Board at the Investigator’s institutions that implement a Project in the App may access anonymous data to monitor the safety and conduct of human research.

We may share the Data among the Investigators and Projects you choose to participate in.

We may combine your Data without identifying information (removing information such as name, DOB, and email address) with others’ data (also without identifying information) for use in health and fitness research and quality improvement initiatives.

We also reserve the right to disclose your information that we believe, in good faith, may be necessary to i) protect our intellectual property and other rights; ii) take liability; iii) protect ourselves from fraudulent, abusive, or unlawful uses or activity; iv) investigate and defend ourselves against any third-party claims or allegations; or v) protect the rights or safety of others. We will notify you of any such disclosures.

When we work with third parties who provide services on our behalf, we take steps to limit the Personally Identifiable Information provided to them to that which is reasonably necessary for them to perform the functions for the allowable purposes listed above. We require them to agree to handle and process the information in accordance with our instructions and to maintain the confidentiality, integrity, and availability of the information by applying appropriate organizational and technical safeguards.

We reserve the right to disclose and otherwise transfer your Data to an acquirer, successor, or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, or in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets, to the extent and in the way as prescribed by applicable law.

The App enables you to view, edit, and share some of the Data collected.

You may elect to withdraw from using the App or any Projects implemented in the App at any time by contacting us at mydatahelps-support@careevolution.com with the email address you used to register your account. Upon your withdrawal, we will stop collecting new Data from you.

You may request that your Data be deleted by contacting us at mydatahelps-support@careevolution.com with the email address you used to register your account.

Parents/guardians can also access, review, or delete any data related to their child through their account or by contacting us.

In some circumstances, we may not delete all of your Data, and we may continue to use your Data if it is necessary to comply with our legal obligations (including law enforcement requests), to meet regulatory requirements, to maintain our security program, or if retaining such Data is in the interest of public health or scientific research purposes.

The Data that you have already shared with the Projects you have enrolled in will be retained even after you delete your account. We retain this Data in order to preserve the scientific integrity of the Projects.

Data is deleted within 45 days of a deletion request, except where retention is necessary as described within this policy.

When you download the App, you receive a non-exclusive, non-transferable, non-assignable license (without the right to sublicense) to install and use one copy of the App solely for your personal, non-commercial use in connection with participating in the App community. You must own or control the device on which you download the App. By downloading and using the App, you agree that you will not do anything to interfere with or disrupt the operation of the App, will provide only accurate and current information through the App, and will not impersonate anyone else in your use of the App. You further agree not to transmit content that you do not have the right to transmit or that infringes the rights of any party, and you agree to use the App in compliance with all applicable laws. You understand that the App or portions of it may be subject to patent, copyright, trademark, and other intellectual property protection and that the ownership of software and other intellectual property related to the App, as well the goodwill associated therewith, remains with CareEvolution. You agree that any improvements or other changes to the App are the property of CareEvolution.

The App (including any of the Projects administered in it) is not designed to deliver medical care, nor is the App intended to be professional medical advice or a substitute for such advice, or for diagnosis, treatment, cure, or prevention of any health conditions, and you should not rely on the App as such. You should always seek the advice of physicians or other qualified health care providers if you have questions about any medical condition or any information you receive from the App. Do not ignore or delay obtaining professional medical advice because of any information or other content you obtain from the App.

To the maximum extent permitted by law, the App is provided “As Is” and “As Available”, with all faults and without warranty of any kind, and CareEvolution and its licensors disclaim all warranties, either implied or statutory, including, but not limited to, the implied warranties of merchantability, satisfactory quality, fitness for a particular purpose, accuracy, quiet enjoyment, and non-infringement of third party rights. To the extent not prohibited by applicable law, in no event shall CareEvolution be liable for personal injury, or any incidental, special, indirect or consequential damages whatsoever arising out of or related to your use or inability to use the App.

CareEvolution complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. We have certified to the U.S. Department of Commerce that we adhere to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. We have also certified to the U.S. Department of Commerce that we adhere to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit Data Privacy Framework.

With respect to personal data received or transferred pursuant to the Data Privacy Frameworks, CareEvolution is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

Pursuant to the DPF Program, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under the DPF, should direct their query to privacy@careevolution.com. If requested to remove data, we will respond within a reasonable timeframe.

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to privacy@careevolution.com.

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

CareEvolution’s accountability for personal data that it receives in the United States under the DPF and subsequently transfers to a third party is described in the DPF Principles. In particular, CareEvolution remains responsible and liable under the DPF Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the DPF Principles, unless CareEvolution proves that it is not responsible for the event giving rise to the damage.

In compliance with the EU-U.S. Data Privacy Framework Principles, we are committed to resolving complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. European Union, Swiss and United Kingdom individuals with DPF inquiries or complaints should first contact CareEvolution at privacy@careevolution.com.

We are further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit DPF Services Dispute Resolution Process for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See DPF Arbitral Model for more information.

We may change this privacy policy from time to time. Any changes will be posted on our website and/or the respective app store and will be effective when published at https://trust.careevolution.com/mydatahelps/privacy.html.

If you have any questions, comments or requests regarding this policy or our handling of your Data, please contact us at https://careevolution.com/contact-us/.