Updated December 10, 2021

MyVitalz, Inc. (“MyVitalz,” “we,” or “us”) owns and operates the MyVitalz remote patient monitoring system and application (the “Service”). We value the privacy of our users (“You”), and we are committed to keeping your Personal Data (as defined further below) confidential. We use your data solely in the context of helping you improve your health by offering a convenient and secure software solution with tools that allow users to monitor and remotely transmit patient-generated health data and communicate for telehealth visits. Terms not defined in this Privacy Policy are defined in our Terms of Use.

This Privacy Policy applies to information that MyVitalz collects from users of the Service, including Personal Data. “Personal Data” includes any information that can be used on its own or in combination with other information to identify or contact one of our users and may include health data. Details about the information we collect is below. In this Privacy Policy (the “Policy”), we provide you detailed information about our collection, use, maintenance, and disclosure of your Personal Data. The policy explains what kind of information we collect, when and how we might use that information, how we protect the information, and your rights regarding your Personal Data.

Please read the following carefully to understand our views and practices regarding your Personal Data and how we will treat it.

BY SUBMITTING YOUR PERSONAL DATA THROUGH THIS APP, YOU ARE ACKNOWLEDGING THAT YOU HAVE READ AND AGREE TO THE TERMS OF THIS POLICY. IF YOU DO NOT AGREE, PLEASE DO NOT LOG INTO OR ACCESS THE APP AND PLEASE DO NOT SUBMIT ANY PERSONAL DATA TO US.

PLEASE NOTE THAT WE OCCASIONALLY UPDATE THIS PRIVACY POLICY AND THAT IT IS YOUR RESPONSIBILITY TO STAY UP TO DATE WITH ANY AMENDED VERSIONS. WE WILL NOTIFY YOU OF MATERIAL CHANGES TO THE POLICY. YOU MAY STORE THIS POLICY AND/OR ANY AMENDED VERSION(S) DIGITALLY, PRINT THE POLICY, OR SAVE IT. ANY CHANGES TO THIS PRIVACY POLICY WILL BE EFFECTIVE IMMEDIATELY UPON PROVIDING NOTICE, AND SHALL APPLY TO ALL INFORMATION WE MAINTAIN, USE, AND DISCLOSE. IF YOU CONTINUE TO USE THE APP FOLLOWING SUCH NOTICE, YOU ARE AGREEING TO THOSE CHANGES.

If have any questions or concerns after reading this Privacy Policy, please do not hesitate to contact us at via the contact information listed below. We appreciate your feedback.

Responsible Entity/Controller

MyVitalz is the Controller of your Personal Data, and we may collect, use, and/or process this data in accordance with this Privacy Policy. However, if we are processing Personal Data on behalf of a third-party that is not our agent or affiliate, the terms of this Privacy Policy do not apply—instead, the terms of that third-party’s privacy policy will apply.

Links to Other Sites

The Services may contain links to websites and services that are owned or operated by third parties (each, a “Third-party Service”). Any information that you provide on or to a Third-party Service or that is collected by a Third-party Service is provided directly to the owner or operator of the Third-party Service and is subject to the owner’s or operator’s privacy policy. We are not responsible for the content, privacy or security practices and policies of any Third-party Service. To protect your information, we recommend that you carefully review the privacy policies of all Third-party Services that you access.

What Personal Data do we collect?

We collect “Personal Data”, which includes any information that can be used on its own or with other information in combination to identify or contact one of our users. In some cases, this Personal Data may be or may include healthcare information or “Protected Health Information.” The types of Personal Data we collect are described below.

Demographic Data

We collect demographic information such as your name, email address, age, gender, phone number, postal address, and personal health information such as your diagnosed condition(s). Primarily, the collection of your Personal Data assists us in creating your User Account, which you can use to securely track, manage, and transmit your Personal Data to your healthcare provider. We also use your demographic data for the purposes of research and analysis.

Payment Data

If you make purchases from us, we may require that you provide to us your financial and billing information, such as billing name and address, credit card number or bank account information.

Support Data

If you contact us for support or to lodge a complaint, we may collect technical or other information from you through log files and other technologies, some of which may qualify as Personal Data (e.g., IP address). Such information will be used for the purposes of troubleshooting, customer support, software updates, and improvement of the Service and related services in accordance with this Privacy Policy. Calls with us may be recorded or monitored for training, quality assurance, customer service, and reference purposes.

Device, Telephone, and ISP Data

We use common information-gathering tools, such as log files, web beacons, and similar technologies to automatically collect information, which may contain Personal Data, from Your computer or mobile device as you navigate our App. The information we collect may include your Internet Protocol (IP) address (or proxy server), device and App identification numbers, location, browser type, Internet service provider and/or mobile carrier, the pages, and files you viewed, your searches, your operating system and system configuration information, and date/time stamps associated with your usage. This information is used to analyze overall trends, to help us provide and improve our App and to guarantee their security and continued proper functioning.

Health Data (Patient Users Only)

In addition to demographic information, we may collect information regarding your health conditions, medications, medical appointments, insurance provider, healthcare facility information, medical biometric data. We collect this information to help your healthcare provider(s) track and manage your health. We may also receive relevant information from your doctor about you.

How will We use Your Personal Data?

We process Your Personal Data for purposes based on legitimate business interests, meeting our contractual obligations to you, complying with our legal obligations, and/or your consent. We only use or disclose your Personal Data when it is legally mandated or where it is necessary to fulfill the purposes described herein. Where required by law, we will ask for your prior consent before doing so.

Specifically, we process Your Personal Data for the following legitimate business purposes:

1. To fulfill our obligations to You under the Terms of Use or another applicable services agreement
2. To communicate with You about and manage Your User Account
3. To properly store and track Your data within our system
4. To respond to lawful requests from public and government authorities, and to comply with applicable state/federal law, including cooperation with judicial proceedings or court orders.
5. To protect our rights, privacy, safety, or property, and/or that of you or others by providing proper notices, pursuing available legal remedies, and acting to limit Our damages
6. To handle technical support and other requests from You
7. To enforce and ensure your compliance with our Terms of Use or the terms of any other applicable services agreement We have with You
8. To manage and improve our operations and the Service, including the development of additional functionality
9. To manage payment processing
10. To evaluate the quality of service You receive, identify usage trends, and thereby improve Your user experience
11. To keep our App safe and secure for You and for Us
12. To send You product, service, and new feature information and/or information about changes to our terms, conditions, and policies (with your consent, if required by law)
13. To allow us to pursue available remedies or limit the damages that we may sustain
14. To provide access to a third-party user (with your consent), to enable that individual to monitor your progress and overall condition and to follow up with you, as they deem appropriate (e.g., you can give access to your caregiver, parent, child, or spouse).
15. To send you marketing communications, including newsletters, new product offerings, SMS messages, and push notifications about MyVitalz and its affiliates and partners (with your consent, if required by law).
16. To aggregate and anonymize Your data for research analysis and possible resale

You can opt-out of receiving promotional emails by changing the notification preferences in your account settings or by unsubscribing via the “Unsubscribe” link in such emails. Opting-out of these emails will not end transmission of important service-related emails that are necessary to your use of the Service.

Where is your Personal Data processed?

Personal Data MyVitalz collects through the Service will be stored on secure US servers even if you are accessing the Service from outside the United States. Your country’s data protection laws may not apply and may be more stringent than those to which MyVitalz is legally subject.

Will we share your Personal Data with anyone else?

We may share your Personal Data with the following companies with whom we have a business relationship (“Business Partners”) and who have agreed to the same Privacy obligations laid out herein. These Business Partners are contractually bound to protect Your Personal Data and to use it only for the limited purpose(s) for which it is shared. Business Partners’ use of Personal Data may include, but is not limited to, the provision of services such as data hosting, information security, IT services, customer service, and billing management. They include, specifically:

Google Cloud, Sendgrid, Hotjar, GSuite, Slack, Google Analytics, Intercom, Mongo DB, Aiven, GitHub, Updown.io, Atlassian, DataDog, Cloudflare, Browserstack, Twilio, and others.

Yes, with any third-party with whom you choose to connect via the Service and who you authorize to receive your Personal Data (“Authorized User”). This is usually your doctor and your emergency contact or other agent for health-related purposes (such as someone with a power of attorney for medical decisions).

We will share information captured by the Service, as well as any reports generated by the Service based on the information captured, with the Authorized User with whom you choose to share data via the Service. If you permit Authorized User access to your account, that user will also have access to your activity within the platform (e.g., view your biometric readings and other health data). If, at any point, you want to deny access to one or more Third-Party Users, you can do so by sending us an email at the address below.

We may share your Personal Data (but not your health data), if reasonable and necessary, to (i) comply with legal processes or enforceable governmental requests, or as otherwise required by law; (ii) cooperate with third parties in investigating acts in violation of this Agreement; or (iii) bring legal action against someone who may be violating the Terms of Use or who may be causing intentional or unintentional injury or interference to the rights or property of MyVitalz or any third-party, including other users. If we receive a government order to share your health data, we will attempt to secure your consent before responding, but will provide the requested data by the response due date.

Finally, we may give your data to our successor in the event of a reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our corporate entity, assets, or stock (including in connection with any bankruptcy or similar proceedings). If we make such a transfer, it will be pursuant to an agreement that imposes the obligations and responsibilities set forth herein on such successor, and we will notify you. In no event will we transfer your health data without your knowledge.

What is “anonymized data” and what will We do with it?

We may, from time to time, rent or sell aggregated data and/or other information that does not contain any personal identifiers (i.e., the information has been anonymized by stripping out any information that alone or taken together could identify you. The purpose of this type of disclosure is to describe the Service to current and prospective business partners and other third parties. The anonymized data may also be shared or published through academic journals or media platforms for lawful purposes. Once your data is anonymized, it is no longer Personal Data, and we are not restricted in our use of that data for any purpose. Anonymized Health data submitted through the Service will be included in such aggregated uses.

What is our Cookie Policy?

In operating the Service, we may use cookies, web beacons and similar technologies. A cookie is a piece of information that the Service stores on your device when you access the Service. Our cookies help provide additional functionality to the Service and help us analyze usage more accurately for research and marketing purposes. In all cases in which we use cookies, we will not collect Personal Data except with your permission. We recommend that you leave cookies turned on because they allow you to take advantage of some of the Service’s features. In addition to cookies, we may use web beacons (also known as “clear GIFs”) to measure traffic to or from the Service and related browsing behavior and to improve your experience when using the Service.

We use two types of cookies: essential and non-essential cookies. Essential cookies are those necessary for us to provide the Service to you. All other cookies are non-essential. We use two types of non-essential cookies: (1) cookies used to analyze your behavior on a website (“Analytics Cookies”); and (2) cookies used to provide you enhanced functionality (“Functional cookies”). We have provided, below, a full list of our cookies, categorized as described above. We have described the purpose of each, whether they are MyVitalz or third-party cookies, and how to withdraw consent to their use. We have also indicated which cookies are “session cookies” (which last for as long as you keep your browser open) and “persistent cookies” (which remain on your hard drive until you delete them, or they expire).

Essential Cookies:

1. Cookie Name, Who Controls It, and Duration
2. Purpose
3. Information Collected
4. How to Withdraw Consent
5. auth-tokens-token
6. Stel
7. 30 Days
8. To authenticate you when you sign into the service.
9. A generated token that allows the server to identify you.
10. Do not use our Service if you do not want to receive this cookie.

Analytics Cookies:

1. Cookie Name, Who Controls It, and Duration
2. Purpose
3. Information Collected
4. How to Withdraw Consent
5. Website Cookies
6. Website Analysis
7. Browser information and IP address

This Privacy Policy covers the use of cookies, web beacons and similar technologies by MyVitalz only. Uses of these technologies by third-party websites are governed by each such website’s privacy policy.

How long do We retain Personal Data?

We will retain your Personal Data for as long as you maintain a User Account. The exact period of retention will depend on the type of Personal Data, our contractual obligation to you, and applicable law. We keep your Personal Data for as long as necessary to fulfill the purpose for which it was collected, unless otherwise required or necessary pursuant to a legitimate business purpose outlined herein. At the end of the applicable retention period, we will remove your Personal Data from our databases and will request that our Business Partners remove your Personal Data from their databases. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further processing of such data. We retain anonymized data indefinitely, and health data is deleted no more than 30 days after the deletion of your account or whatever the law requires.

How do we protect your Personal Data?

MyVitalz is committed to protecting the security and confidentiality of your Personal Data. We use a combination of reasonable physical, technical, and administrative security controls to maintain the security and integrity of your Personal Data, to protect against any anticipated threats or hazards to the security or integrity of such information, and to protect against unauthorized access to or use of such information in our possession or control that could result in substantial harm or inconvenience to you. However, Internet data transmissions, whether wired or wireless, cannot be guaranteed to be 100% secure.

As a result, we cannot absolutely ensure the security of information you transmit to us. By using the Service, you are assuming this risk.

Safeguards

The information collected by MyVitalz and stored on secure servers is protected by a combination of technical, administrative, and physical security safeguards, such as authentication, encryption, backups, and access controls. If we learn of a security concern, we may attempt to notify you and provide information on protective steps, if available, through the email address that you have provided to us or by an in-application notification. Depending on where you live, you may have a legal right to receive such notices in writing.

You are solely responsible for protecting information entered or generated via the Service that is stored on your personal device (such as your cell phone or tablet) and/or removable device storage. MyVitalz has no access to or control over your personal device’s security settings, and it is up to you to implement any device level security features and protections you feel are appropriate (e.g., password protection, encryption, remote wipe capability, etc.). We recommend that you take any and all appropriate steps to secure any device that you use to access our App.

NOTWITHSTANDING ANY STEPS THAT WE TAKE, IT IS NOT POSSIBLE TO GUARANTEE THE SECURITY OR INTEGRITY OF DATA TRANSMITTED OVER THE INTERNET. THERE IS NO GUARANTEE THAT YOUR PERSONAL DATA WILL NOT BE ACCESSED, DISCLOSED, ALTERED, OR DESTROYED BY BREACH OF ANY OF OUR PHYSICAL, TECHNICAL, OR ADMINISTRATIVE SAFEGUARDS. THEREFORE, WE DO NOT AND CANNOT ENSURE OR WARRANT THE SECURITY OR INTEGRITY OF ANY PERSONAL DATA YOU TRANSMIT TO US, AND YOU TRANSMIT SUCH PERSONAL DATA AT YOUR OWN RISK.

How can You protect Your Personal Data?

Please be advised that we will NEVER send you an email requesting confidential information such as account numbers, usernames, passwords, health information, or social security numbers, and you should NEVER respond to any email requesting such information. If you receive such an email purportedly from MyVitalz, DO NOT RESPOND to the email, DO NOT CLICK ON ANY LINKS AND/OR OPEN ANY ATTACHMENTS in the email and NOTIFY MyVitalz immediately.

You are responsible for taking reasonable precautions to protect your user ID, password, and other User Account information from disclosure to third parties, and You are not permitted to circumvent the use of required encryption technologies. You should

immediately notify us if you know of or suspect any unauthorized use or disclosure of your user ID, password, and/or other User Account information, or any other security concern.

What are Your Rights?

You have certain rights relating to Your Personal Data, subject to local data protection laws. These rights may include the right to:

1. access your Personal Data held by us
2. erase/delete your Personal Data, to the extent permitted by applicable data protection laws
3. receive communications related to the processing of your personal data that are concise, transparent, intelligible, and easily accessible.
4. restrict the processing of your Personal Data to the extent permitted by law (while we verify or investigate your concerns with this information, for example).
5. object to the further processing of your Personal Data, including the right to object to marketing.
6. request that your Personal Data be transferred to a third-party, if possible.
7. receive your Personal Data in a structured, commonly used and machine- readable format
8. lodge a complaint with a supervisory authority
9. rectify inaccurate Personal Data and, considering the purpose of processing the Personal Data, ensure it is complete
10. not be subject to a decision based solely on automated processing, including profiling, which produces legal effects (“Automated Decision-Making”); and
11. withdraw your consent at any time (to the extent we base the collection, processing and sharing of your Personal Data on your consent) without affecting the lawfulness of the processing based on such consent before its withdrawal.

You can exercise the rights listed above at any time by contacting us at the addresses listed below.

California Residents

California residents may request and obtain from us, once a year, free of charge, a list of third parties, if any, to which we disclosed their Personal Data for direct marketing purposes during the preceding calendar year and the categories of Personal Data shared with those third parties. If you are a California resident and wish to obtain that information, please submit your request by sending us an email with “California Privacy Rights” in the subject line.

How do You update, correct, or delete Personal Data?

You may change your email address and other contact information either in the application or by contacting us directly. Please note that in order to comply with certain requests to limit use of your Personal Data, we may need to terminate your account and your ability to access and use the Services, and you agree that we will not be liable to you for such termination or for any refunds of prepaid fees paid by you. You may deactivate your account at any time by contacting us.

Although we will use reasonable efforts to do so, you understand that it may not be technologically possible to remove from our systems every record of your Personal Data. The need to back up our systems to protect information from inadvertent loss means a copy of your Personal Data may exist in a nonerasable form that will be difficult or impossible for us to locate or remove.

Information submission by minors

Physicians may advise that their underage patients use the Services. If they do so, we will collect and store Personal Data related to such underage patient, including health data. We acknowledge the particular sensitivity of such data related to an underage patient, and we will maintain the confidentiality of it accordingly along the other medical and health data we have.

Contact Us

If you have any questions about this Privacy Policy, please contact us at one of the addresses listed below:

Email: [email protected]

Please note that email communications are not always secure; so please do not include sensitive information in your emails to us.