LAST UPDATED: JUNE 8, 2026
Privacy Policy
This Privacy Policy (“Policy”) is designed to help you understand how Sidekick Wellness Inc. (“Sidekick”, “we”, “us”, or “our”) collects, uses, and shares your personal information and help you understand and exercise your privacy rights. This Policy applies to Sidekick’s processing of personal information including on our website available at www.sidekickplatform.com and our other online or offline offerings which link to, or are otherwise subject to, this Policy (collective, the “Services”). Where you use our mobile application or interact with Sidekicks, some information you provide may be sensitive, including private conversations, uploaded files, voice inputs, audio recordings, transcripts, precise location information, or information that may constitute consumer health data. This Policy explains how we collect, use, disclose, retain, and protect that information. We do not use private conversations with Sidekicks, uploaded files, audio recordings, voice inputs, transcripts, precise location information, or consumer health data for targeted advertising, cross-context behavioral advertising, or third-party marketing.
1. UPDATES TO THIS PRIVACY POLICY
2. PERSONAL INFORMATION WE COLLECT
3. HOW WE USE PERSONAL INFORMATION
4. HOW WE DISCLOSE PERSONAL INFORMATION
5. YOUR PRIVACY CHOICES AND RIGHTS
6. SECURITY OF YOUR INFORMATION
7. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION
8. RETENTION OF PERSONAL INFORMATION
9. SUPPLEMENTAL NOTICE FOR NEVADA RESIDENTS
10. CHILDREN’S PERSONAL INFORMATION
11. THIRD-PARTY WEBSITES/APPLICATIONS
12. CONTACT US
ANNEX A: SUPPLEMENTAL CONSUMER HEALTH DATA PRIVACY STATEMENT
1. UPDATES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time in our sole discretion. If we do, we’ll let you know by posting the updated Privacy Policy on our website and/or we may also send other communications.
2. PERSONAL INFORMATION WE COLLECT
We collect personal information you provide to us, personal information we collect automatically when you use the Services, and personal information from third-party sources, as described below.
- Personal Information You Provide to Us Directly
We may collect personal information that you provide to us.
- Account Information. We may collect personal information in connection with the creation or administration of your account. This personal information may include, but is not limited to, your name, email address, phone number, username, and other information you store with your account.
- Purchases. We may collect personal information and details associated with your purchases, including payment information. Any payments made via our Services are processed by third-party payment processors. We do not directly collect or store any payment card information entered through our Services, but we may receive information associated with your payment card information (e.g., your billing details).
- Your Communications with Us. We, and our service providers, may collect and store the information you communicate to us, including chat communications with our AI agents.
- Audio Information. When you speak to your Sidekick using voice features, we access your device’s microphone and record or process your voice input. Audio recordings, voice inputs, transcripts, and related voice-feature records may be transmitted to and stored on our servers to provide, operate, maintain, secure, troubleshoot, and support the Services, including to process and respond to your voice interactions with our Sidekicks. We access the microphone only with your permission, which you can revoke at any time in your device settings. We do not use your audio recordings, voice inputs, transcripts, or related voice-feature records to train, fine-tune, benchmark, evaluate, or improve generalized AI models or third-party AI models, unless you or the organization that made the Services available to you expressly authorizes that use and applicable law permits it.
- Surveys. We may contact you to participate in surveys. If you decide to participate, we may collect personal information from you in connection with the survey.
- Interactive Features. We and others who use our Services may collect personal information that you submit or make available through our interactive features (e.g., messaging features, commenting functionalities, forums, blogs, and social media pages). Any information you provide using the public sharing features of the Services will be considered “public.”
- Sweepstakes or Contests. We may collect personal information you provide for any sweepstakes or contests that we offer. In some jurisdictions, we are required to publicly share information of sweepstakes and contest winners.
- Conferences, Trade Shows, and Other Events. We may collect personal information from individuals when we attend or host conferences, trade shows, and other events.
- Business Development and Strategic Partnerships. We may collect personal information from individuals and third parties to assess and pursue potential business opportunities.
- Job Applications. If you apply for a job with us, we will collect any personal information you provide in connection with your application, such as your contact information and CV.
- Personal Information Collected Automatically
We may collect personal information automatically when you use the Services.
- Device Information. We may collect personal information about your device, such as your Internet protocol (IP) address, user settings, cookie identifiers, other unique identifiers, browser or device information, Internet service provider, and location information, including approximate location derived from IP address and, with your consent, precise location information collected via our mobile application to provide location-based features, such as helping identify nearby resources or improving the relevance of support provided through the Services.
- Usage Information. We may collect personal information about your use of the Services, such as the pages that you visit, items that you search for, the types of content you interact with, information about the links you click, the frequency and duration of your activities, and other information about how you use the Services.
- Cookie Notice (and Other Technologies). We, as well as third parties, may use cookies, pixel tags, and other technologies (“Technologies”) to automatically collect personal information through your use of the Services.
- Cookies. Cookies are small text files stored in device browsers.
- Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded in the Services that collects personal information about use of or engagement with the Services. The use of a pixel tag allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement. We may also include web beacons in e-mails to understand whether messages have been opened, acted on, or forwarded.
Our uses of these Technologies fall into the following general categories:
- Operationally Necessary. This includes Technologies that allow you access to our Services, applications, and tools that are required to identify irregular website behavior, prevent fraudulent activity and improve security or that allow you to make use of our functionality;
- Performance-Related. We may use Technologies to assess the performance of our Services, including as part of our analytic practices to help us understand how individuals use our Services;
- Functionality-Related. We may use Technologies that allow us to offer you enhanced functionality when accessing or using our Services. This may include identifying you when you sign into our Services or keeping track of your specified preferences, interests, or past items viewed;
See “Your Privacy Choices and Rights” below to understand your choices regarding these Technologies.
- Personal Information Collected from Third Parties
We may collect personal information about you from third parties.
- Third-Party Services and Sources. We may obtain information about you from other sources, including through third-party services and organizations. For example, if you access our Services through a third-party application, such as an app store, a third-party login service, or a social networking site, we may collect information about you from that third-party application that you have made available via your privacy settings. Additionally, we may collect information from publicly available sources, such as publicly available websites or directories.
- Clients or Other Organizations. We may receive your personal information from our clients or other organizations, such as your employer or school (if we are providing Services to you at the request of such an organization), in connection with one or more business purposes, including to make our Services available to you.
3. HOW WE USE PERSONAL INFORMATION
We use personal information for a variety of business purposes, including to provide the Services, for administrative purposes, and to market our products and Services, as described below.
- Provide the Services
We use personal information to fulfill our contract with you and provide the Services, such as:
- Managing your information;
- Providing access to certain areas, functionalities, and features of the Services;
- Answering requests for support;
- Sending you SMS messages for purposes of authentication;
- Communicating with you;
- Sharing personal information with third parties as needed to provide the Services;
- Processing your financial information and other payment methods for products and Services purchased; and
- Allowing you to register for events.
- Administrative Purposes
We use personal information for various administrative purposes, such as:
- pursuing our legitimate interests, including network and information security, fraud prevention, service reliability, and product support;
- detecting security incidents and protecting against malicious, deceptive, fraudulent, or illegal activity;
- carrying out analytics to understand performance, reliability, safety, and engagement with the Services;
- maintaining, debugging, improving, upgrading, and enhancing the Services, including through artificial intelligence and other methods, subject to the limitations described in this Policy;
- creating de-identified and/or aggregated information. If we create or receive de-identified information, we will not attempt to reidentify such information unless permitted by, or required to comply with, applicable laws;
- ensuring internal quality control and safety;
- authenticating and verifying individual identities, including requests to exercise your rights under this Privacy Policy;
- auditing interactions, transactions, and other compliance activities;
- enforcing our agreements and policies; and
- carrying out activities required to comply with our legal obligations.
We do not use your private conversations, uploaded files, audio recordings, voice inputs, transcripts, Inputs, Outputs, or consumer health data to train, fine-tune, benchmark, evaluate, or improve generalized AI models or third-party AI models, unless you or the organization that made the Services available to you expressly authorizes that use and applicable law permits it.
- Marketing and Advertising Our Products and Services
Your personal information may be used to tailor and provide you with marketing and other content as permitted by applicable law. We do not use private conversations with Sidekicks, uploaded files, audio recordings, voice inputs, transcripts, precise location information, or consumer health data for targeted advertising, cross-context behavioral advertising, or third-party marketing. We do not sell consumer health data.
California Shine the Light: If you are a California resident, you may annually submit a request to us to find out whether we have shared your personal information with third parties for the third parties’ direct marketing purposes. If you would like to submit such a request, please “Contact Us.”
If you have any questions about our marketing practices, you may contact us at any time as set forth in “Contact Us” below.
- With Your Consent or Direction
We may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information, with your consent, or as otherwise directed by you.
- Automated Decision Making
We may engage in automated decision making, including profiling. Sidekick’s processing of your personal information will not result in a decision based solely on automated processing that has a legal or other similarly significant effect on you unless such a decision is necessary as part of a contract we have with you, we have your consent, or we are permitted by law to engage in such automated decision making.
If you have questions about our automated decision making, you may contact us as set forth in “Contact Us” below.
4. HOW WE DISCLOSE PERSONAL INFORMATION
We disclose personal information to third parties for a variety of business purposes, including to provide the Services, to protect us or others, or in the event of a major business transaction such as a merger, sale, or asset transfer, as described below.
- Disclosures to Provide the Services
We may disclose any of the personal information we collect to the categories of third parties described below.
- Service Providers. We may disclose personal information and chat communications with our AI agents (“Sidekicks”) to third-party service providers who use that information to help us provide our Services and provide our chat features. This includes, but is not limited to, service providers who provide us with platform support, including IT support, hosting, payment processing, customer service, and quotes and other information for banking, legal, insurance, analytics, and related services.
- AI Processing and Service Providers. To provide certain platform features, user-submitted content, including messages, inputs, uploaded files, audio recordings, voice inputs, transcripts, and related voice-feature records, may be transmitted to third-party service providers, including Amazon Web Services (AWS) and OpenAI, for processing on our behalf. These providers act solely as service providers and are contractually required to safeguard data. They are prohibited from retaining, using, or disclosing your data for any purpose other than providing the specified services to us. We do not permit third-party AI providers to use your data to train their models. We store user content in connection with your account to support functionality, security, troubleshooting, support, and analytics as described in this Policy.
- Third-Party Services With Whom You Share or Interact. The Services may link to or allow you to interface, interact, share information with, direct us to share information with, access and/or use third-party websites, applications, services, products, and technology (each a “Third-Party Service”).
Any personal information shared with a Third-Party Service will be subject to the Third-Party Service’s privacy policy. We are not responsible for the processing of personal information by Third-Party Services.
- Our Clients (Authorized Users Only). If you use our Services as an authorized user of a client or other organization, we may provide that client or organization with limited usage information associated with your use of the Services, such as engagement metrics. We do not provide the client or organization with access to your private conversations with Sidekicks unless you direct us to do so, the client or organization is legally authorized to receive them, disclosure is required or permitted by law, disclosure is necessary to protect safety or security, or the applicable client or organization agreement and user-facing disclosures expressly permit such access. We are not responsible for the client’s or organization’s processing of your personal information.
- Affiliates. We may share your personal information with our corporate affiliates.
- Disclosures to Protect Us or Others
We may access, preserve, and disclose any information we store associated with you to external parties, if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our, or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.
- Disclosure in the Event of Merger, Sale, or Other Asset Transfers
If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, purchase or sale of assets, transition of service to another provider, or other similar corporate transaction, your personal information may be disclosed, sold, or transferred as part of such a transaction as permitted by law and/or contract.
5. YOUR PRIVACY CHOICES AND RIGHTS
A. Your Privacy Choices. The privacy choices you may have about your personal information are described below.
- Email Communications. If you receive an unwanted promotional email from us, you can use the unsubscribe functionality found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails. We may also send you certain non-promotional communications regarding us and the Services, and you will not be able to opt out of those communications (e.g., communications regarding the Services or updates to this Privacy Policy).
- Text Messages. If you receive an unwanted promotional text message from us, you can reply “STOP” to opt out of receiving future promotional texts. Note that you will continue to receive transaction-related text messages. We may also send you certain non-promotional communications regarding us and the Services, and you will not be able to opt out of those communications (e.g., communications regarding the Services or updates to this Privacy Policy).
- Mobile Devices. We may send you push notifications through our mobile application. You may opt out from receiving these push notifications by changing the settings on your mobile device. With your consent, we may also collect precise location-based information via our mobile application to provide location-based features, such as helping identify nearby resources or improving the relevance of support provided through the Services. You may opt out of this collection by changing the settings on your mobile device. To request deletion of your account, please use the standard deletion functionality available via the Services or contact us using the information set forth in “Contact Us” below.
- Do Not Track signals and Global Privacy Control. Some web browsers incorporate “do-not-track” (“DNT”) or similar features signaling to websites with which the browser communicates that a visitor does not want to have their online activity tracked. As of the Effective Date, not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, we along with many other digital service operators do not respond to all DNT signals. We recognize GPC signals as required under certain state privacy laws, but we do not currently recognize other DNT signals. For more information about the Global Privacy Control, please visit https://globalprivacycontrol.org.
- Cookies. You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. However, if you adjust your preferences, the Services may not work properly.
Please note that cookie-based opt-outs are not effective on mobile applications. However, you may opt-out of certain tracking on some mobile applications by following the instructions for Android, iOS, and others.
The online advertising industry also provides mechanisms that may allow you to opt out of receiving targeted ads from organizations that participate in self-regulatory programs. To learn more, visit the Network Advertising Initiative and the Digital Advertising Alliance.
Please note you must separately opt out in each browser and on each device.
B. Your Privacy Rights. In accordance with applicable law, you may have the right to:
- Confirm Whether We Are Processing Your Personal Information;
- Request Access to or Portability of Your Personal Information;
- Request Correction of Your Personal Information;
- Request Deletion of Your Personal Information;
- Request Restriction of or Object to our Processing of Your Personal Information; and
- Withdraw Your Consent to our Processing of Your Personal Information. Please note that your withdrawal will only take effect for future processing and will not affect the lawfulness of processing before the withdrawal.
If you would like to exercise any of these rights, please contact us as set forth in “Contact Us” below. We will process such requests in accordance with applicable laws.
Only you, or someone legally authorized to act on your behalf in certain jurisdictions, may make a request to exercise the rights listed above regarding your personal information. If your personal information is subject to a law that allows an authorized agent to act on your behalf in exercising your privacy rights and you wish to designate an authorized agent, please provide written authorization signed by you and your designated agent using the information found in “Contact Us” below and ask us for additional instructions.
To protect your privacy, we will take steps to verify your identity before fulfilling requests submitted under applicable privacy laws. These steps may involve asking you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. Examples of our verification process may include asking you to confirm the email address we have associated with you.
Some laws may allow you to appeal our decision if we decline to process your request. If applicable laws grant you an appeal right, and you would like to appeal our decision with respect to your request, you may do so by informing us of this and providing us with information supporting your appeal.
6. SECURITY OF YOUR INFORMATION
We take steps to ensure that your information is treated securely and in accordance with this Privacy Policy. Unfortunately, no system is 100% secure and we cannot ensure or warrant the security of any information you provide to us. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized disclosure.
By using our Services or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of our Services. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on our Services, by mail or by sending an email to you.
7. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION
All personal information processed by us may be transferred, processed, and stored anywhere in the world, including, but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live.
8. RETENTION OF PERSONAL INFORMATION
We and our service providers store the personal information collected as described in this Privacy Policy, including audio recordings, voice inputs, and any transcripts or other records generated from voice features, for as long as you use the Services, or as necessary to fulfill the purpose(s) for which it was collected, provide the Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.
To determine the appropriate retention period for personal information, we may consider applicable legal requirements, the amount, nature, and sensitivity of the personal information, certain risk factors, the purposes for which we process your personal information, and whether we can achieve those purposes through other means.
The specific retention period may vary depending on the type of information and the context in which it was collected. For example:
- Account information is generally retained while your account is active and as needed for support, security, legal, and operational purposes.
- Conversation history, uploaded files, and transcripts may be retained in connection with your account to provide the Services, preserve conversation history, support functionality, troubleshoot issues, and comply with applicable legal or organizational requirements.
- Audio recordings and voice inputs may be retained as needed to provide and support voice features, troubleshoot issues, maintain security, and comply with applicable legal or organizational requirements. Where we no longer need audio recordings for these purposes, we may delete or de-identify them.
- Technical logs, device information, and usage information may be retained for security, debugging, abuse prevention, audit, analytics, and service-improvement purposes.
- De-identified or aggregated information may be retained as permitted by law, provided we do not attempt to re-identify de-identified information except as permitted by law.
9. SUPPLEMENTAL NOTICE FOR NEVADA RESIDENTS
If you are a resident of Nevada, you have the right to opt out of the sale of certain personal information to third parties who intend to license or sell that personal information. Please note we do not currently sell personal information as sales are defined in Nevada Revised Statutes Chapter 603A. If you have any questions, please contact us as described in “Contact Us” below.
10. CHILDREN’S PERSONAL INFORMATION
The Services are not directed to children under 16 and we do not knowingly collect personal information from children.
If you are a parent or guardian and believe your child has uploaded personal information to the Services in violation of applicable law, you may contact us as described in “Contact Us” below. If we become aware that a child has provided us with personal information in violation of applicable law, we will delete any personal information we have collected, unless we have a legal obligation to keep it, and terminate the child’s account if applicable.
11. THIRD-PARTY WEBSITES/APPLICATIONS
The Services may contain links to other websites/applications and other websites/applications may reference or link to our Services. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen, or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Providing personal information to third-party websites or applications is at your own risk.
12. CONTACT US
If you have any questions about our privacy practices or this Privacy Policy, or to exercise your rights as detailed in this Privacy Policy, please contact us at:
ANNEX A – SUPPLEMENTAL CONSUMER HEALTH DATA PRIVACY STATEMENT
This Supplemental Consumer Health Data Privacy Statement (“Consumer Health Data Privacy Statement”) supplements our Privacy Policy.
This Supplemental Consumer Health Data Privacy Statement only applies to personal information we process that is “consumer health data” subject to the Connecticut Data Privacy Act, as amended (“CTDPA”), Nevada’s Consumer Health Data Privacy Law (“NVCHDPL”), Washington My Health My Data Act (“MHMDA”), or other states with consumer health data privacy laws (as applicable).
Terms used in this Supplemental Consumer Health Data Privacy Statement that are defined in the CTDPA, NVCHDPL, or MHMDA will have the meaning set forth in those laws to the extent such laws are applicable.
CONSUMER HEALTH DATA WE COLLECT
Under CTDPA, “consumer health data” is defined as “any personal data that a controller uses to identify a consumer's physical or mental health condition or diagnosis, and includes, but is not limited to, gender-affirming health data and reproductive or sexual health data.”
Under NVCHDPL, “consumer health data” is defined as “personally identifiable information that is linked or reasonably capable of being linked to a consumer and that a regulated entity uses to identify the past, present or future health status of the consumer.”
Under the MHMDA, “consumer health data” is defined as “personal information that is linked or reasonably linkable to a consumer and that identifies the consumer's past, present, or future physical or mental health status.”
Because consumer health data is defined very broadly, many of the categories of personal information that we collect under our Privacy Policy may also be considered consumer health data.
Examples of consumer health data that you may provide to us, or that we may otherwise collect, may include:
- Information that could identify your attempt to seek health care services or information, including services that allow you to assess, measure, improve, or learn about your or another person’s health. For example, we collect your search queries on our Services, which may include queries or other information concerning nutrition, wellness, fitness, medical conditions, or other health-related topics.
- Audio recordings, voice inputs, transcripts, and other records generated from voice features may constitute consumer health data when they contain, reveal, or are used to identify information about your physical or mental health, wellness, fitness, symptoms, conditions, treatments, care-seeking activity, or other health-related topics.
- Information about your health-related conditions, symptoms, status, diagnoses, disease, testing, or treatments.
- Information about social, psychological, behavioral, and medical interventions.
- Information about use or purchase of prescribed medication.
- Information about measurements of bodily functions, vital signs, symptoms, or characteristics.
- Information about diagnoses or diagnostic testing, treatment, or medication.
- Information about surgeries or other health-related procedures.
- Reproductive or sexual health information.
- Information about gender-affirming care.
- Biometric information.
- Genetic data.
- Information about your access to healthcare, including precise location information that could reasonably indicate an attempt to acquire or receive health services or supplies.
- Information processed to associate or identify an individual with the data listed above that is derived or extrapolated from non-health information.
- Information related to the precise (geo)location information of a consumer used to indicate an attempt by a consumer to receive health care services or products.
- Other information that may be used to infer or derive data related to the above or other consumer health data.
SOURCES OF CONSUMER HEALTH DATA
We collect consumer health data that you provide to us, including through text, chat, audio recordings, voice inputs, and other interactions with our Services; consumer health data we collect automatically when you use the Services; and consumer health data from third-party sources, as described in our Privacy Policy and below.
WHY WE COLLECT AND USE CONSUMER HEALTH DATA
We collect and use consumer health data for the purposes and in the manner described in the “How We Use Personal Information” section of our Privacy Policy.
Primarily, we collect and use consumer health data as reasonably necessary to provide you with the products or Services you have requested or authorized. This may include delivering and operating the products or Services and their features, personalization of certain product or Service features, ensuring the secure and reliable operation of the products or Services and the systems that support them, troubleshooting and improving the products and Services, and other essential business operations that support the provision of the products and Services (such as analyzing our performance and meeting our legal obligations). Where you use voice features, this may include collecting, processing, storing, transcribing, analyzing, and responding to audio recordings, voice inputs, and related records as reasonably necessary to provide, operate, personalize, troubleshoot, secure, and improve those features and the Services.
We may also use consumer health data for other purposes for which we give you choices and/or obtain your consent as required by law.
We do not use consumer health data to train, fine-tune, benchmark, evaluate, or improve generalized AI models or third-party AI models unless you or the organization that made the Services available to you expressly authorizes that use and applicable law permits it.
SHARING OF CONSUMER HEALTH DATA
We may share each of the categories of consumer health data described above for the purposes described above and in the How We Disclose Personal Information section of our Privacy Policy.
We only share or disclose your consumer health data as needed to provide the products or Services you request or authorize, with your explicit consent, or as otherwise permitted or required by law. We do not sell consumer health data. We do not share consumer health data for targeted advertising, cross-context behavioral advertising, or third-party marketing.
We may share consumer health data with the following categories of recipients, who may use the data only for the purposes described in this Consumer Health Data Privacy Statement, our Privacy Policy, and our contracts with them:
- Service providers, including providers that host or process data on our behalf, support chat and voice features, assist with fraud prevention, incident management, customer support, information technology, security, analytics, and other operational services.
- AI processing and infrastructure providers, including providers that process messages, inputs, audio recordings, voice inputs, transcripts, and related records on our behalf. We do not permit third-party AI providers to use consumer health data to train their models.
- Emergency personnel or safety resources, where disclosure is reasonably necessary to protect your safety or the safety of others.
- Authorized representatives, legal representatives, family members, or caregivers, where you direct us to share the information, where they are legally authorized to receive it, or where disclosure is otherwise permitted or required by law.
- Clients or organizations that make the Services available to you, but only as described in this Policy, applicable user-facing disclosures, and our agreements with those clients or organizations.
- Professional advisors, such as lawyers, auditors, consultants, and insurers, where reasonably necessary for legal, compliance, audit, insurance, or governance purposes.
- Legal, regulatory, law enforcement, or governmental authorities, where required or permitted by law.
- Successor organizations, if we are involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, sale or transfer of assets, transition of service to another provider, or similar corporate transaction, as permitted by law and/or contract.
HOW TO EXERCISE YOUR RIGHTS
The CTDPA, MHMDA, and NVCHDPL provide consumers with certain rights with respect to consumer health data.
Under CTDPA, we are required to obtain consumer consent prior to selling or offering to sell consumer health data. Consumers have the right to: (i) confirm whether we are collecting or sharing consumer health data; (ii) have us provide the categories of consumer health data that it shares with third parties and the categories of third parties with which it shares consumer health data; and (iii) withdraw consent from our selling of consumer health data.
Under NVCHDPL, consumers have the right to: (i) confirm whether we are collecting, sharing or selling consumer health data; (ii) have us provide the consumer with a list of all third parties with whom we have shared consumer health data relating to the consumer or to whom we have sold such consumer health data; (iii) request that we cease collecting, sharing, or selling consumer health data relating to the consumer; and (iv) request that we delete consumer health data.
Under MHMDA, consumers have the right to: (i) confirm whether we are collecting, sharing, or selling consumer health data and to access such data; (ii) withdraw consent from our collection and sharing of consumer health data; and (iii) request that we delete consumer health data.
The rights afforded to consumers under CTDPA, NVCHDPL, and MHMDA are subject to certain exceptions.
Subject to certain legal limitations and exceptions, you have the following rights with respect to any consumer health data we may collect about you:
- The right to confirm whether we are collecting, sharing, or selling your consumer health data and to access such data, including to receive a list of affiliates or specific third parties with whom we have shared or sold your information, along with contact information such as an active email address for each third party;
- The right to review and request corrections to your consumer health data;
- The right to withdraw consent from our collection or sharing of your consumer health data; and
- The right to request that we delete your consumer health data.
You may submit a request pursuant to any of these rights by contacting us as described in the “Your Privacy Rights” section of the Privacy Policy.
We will not discriminate against you for exercising any of your rights. We will make reasonable efforts to respond promptly to your requests in accordance with applicable laws. Please allow 45 days for a response. We may, after receiving your request, require additional information from you to authenticate your request and verify your identity. Please be aware that we may be unable to afford these rights to you under certain circumstances, such as if we are legally prevented from doing so. If we deny your request, you have the right to appeal that denial by contacting us as described in the “Your Privacy Rights” section of the Privacy Policy. We will process and respond to your appeal within the time permitted by applicable law.
If you are a Washington resident and your appeal is unsuccessful, you may file a complaint with the Washington State Attorney General at www.atg.wa.gov/file-complaint.
CHANGES TO OUR CONSUMER HEALTH DATA PRIVACY STATEMENT
We may update this Consumer Health Data Privacy Statement from time to time. When we do update it, for your convenience, we will make the updated statement available on this page. Our intention is to use consumer health data in accordance with the Consumer Health Data Privacy Statement in place at the time the consumer health data was collected.