Patient Privacy Pollicy

Privacy Policy

Storyline Health Inc.

Last updated April 11, 2021

THIS PATIENT PRIVACY POLICY APPLIES TO PERSONAL INFORMATION COLLECTED BY STORYLINE HEALTH, INC., (“Storyline Health”, “We”, “Us” and/or “Our”) FROM USERS OF OUR APPLICATIONS (THE “APPLICATION”) OR OTHER SERVICES (COLLECTIVELY, THE “SERVICES”). “PERSONAL INFORMATION” INCLUDES ANY INFORMATION THAT CAN BE USED ON ITS OWN OR WITH OTHER INFORMATION TO IDENTIFY OR CONTACT A SINGLE PERSON OR TO IDENTIFY IN CONTEXT. IF WE CAN LINK PARTICULAR INFORMATION (DIRECTLY OR INDIRECTLY) TO AN INDIVIDUAL, WE WILL CONSIDER THIS INFORMATION “PERSONAL INFORMATION,” AND WE WILL PROTECT IT.

We at Storyline Health value keeping Your Personal Information confidential and using it solely in the context of Our mission to provide Our Services to gather information related to Your health, fitness and other activities (i) if you are a patient, in order to aid You and Your healthcare providers (“Providers”) in treating you and making informed decisions about Your care or (ii) if you are participating in a research study, to the research clinic or organization at which You are participating in a research study based, in part, on the collection of Your Personal Information (“Research Clinic”).

BECAUSE THE PERSONAL INFORMATION WE COLLECT AND TRANSMIT MAY INCLUDE HEALTHCARE INFORMATION, INCLUDING MEDICAL INFORMATION, OUR PRIVACY PRACTICES ARE INTENDED TO COMPLY WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (“HIPAA”). WE WILL MAINTAIN THE PRIVACY OF YOUR HEALTH INFORMATION AS REQUIRED BY HIPAA AND THE REGULATIONS PROMULGATED UNDER THAT ACT.

We believe that transparency about the use of Your Personal Information is important. In this Privacy Policy, We provide You detailed information about Our collection, use, maintenance, and disclosure of Your Personal Information. The policy explains what kind of information We collect, when and how We might use that information, how We protect the information, and Your rights regarding Your Personal Information.

Please read the following carefully to understand Our views and practices regarding Your Personal Information and how We will treat it. For the purposes of Applicable Data Protection Laws including the European Economic Area data protection law (the “Data Protection Law”), the Data Controllers are YOUR Provider and Storyline Health, Inc., 2935 Anne Marie Drive, Cottonwood Heights, Utah 84121

BY SUBMITTING YOUR PERSONAL INFORMATION THROUGH THIS APPLICATION, YOU ARE ACKNOWLEDGING THAT YOU HAVE READ AND AGREE TO THE TERMS OF THIS POLICY. IF YOU DO NOT AGREE, PLEASE DO NOT LOG INTO OR ACCESS THE APPLICATION OR SERVICES AND DO NOT SUBMIT ANY INFORMATION TO US.

As a patient of one or more of Our participating Provider customers or a participant for one or more of Our Research Clinic customers (a “Patient”), you may have received an enrollment kit or information which includes or provide access to certain activity-monitoring devices (“Devices”), pre-loaded with Our App from your Provider or Research Clinic, or an access code, link, or invitation to Our App. You would like to make information related to Your health, behavior, fitness and activities (Health and Activity Data”) available to Your Providers or Research Clinic through the Service.

CAPITALIZED TERMS, IF NOT DEFINED IN THIS PRIVACY POLICY, ARE DEFINED IN THE TERMS OF SERVICE, WHICH IS ACCESSIBLE THROUGH THE APPLICATION.

What Information Do We Collect and Why?

Personal Data that You Provide through the Service: We collect Personal information such as certain demographic information from You when You voluntarily provide such information, such as when You create Your account on the Service, use the App or Devices in connection with the Service (including, without limitation, the software featured on the Devices and/or platforms made available by the third-party providers of the Devices (collectively, the “Integrated Services”), contact us with inquiries, enter information into Our Site contact form, or use certain features of the Service, including importing data from other sources for integration in the Platform. We use this information to create Your account and provide You with the Services.

In addition to demographic information, because You are a Patient or Research Subject, We may ask You to provide Your contact preferences, certain contact information, such as Your email address and mobile telephone number. When using the Devices along with the Platform, Storyline Health collects other Health and Activity Data to use in order to create Your account and provide You with the Services. Such Health and Activity Data may include information including Your name, gender, height, weight, information contained in Your health record, self-reported patient health data, as well as data about Your use of Our Services and Devices, such as detailed information collected while monitoring Your movements and activity. Data may also be collected from Your responses to questions and live and recorded video and audio responses and interactions with Your Providers or Research Clinics. This information may include data on Your behavior, sentiment, expression, language and speech, posture and movements, Your activity level, calories You consumed, and other related biomechanical information such as Your respiration, heart rate, speech and behavior patterns, and sleep activity. We collect this information to provide You more customized Services and to communicate information to Your Provider or Research Clinic.

Wherever Storyline Health collects Personal Information, We make an eﬀort to provide a link to this Privacy Policy.

If You choose to create a User Account, We may also use Your Personal Information to (1) communicate with You about and manage Your User Account; (2) store data; (3) comply with the law; (4) respond to requests from public and government authorities; (5) to enforce Our terms and conditions; (6) manage and improve Our operations and applications; (7) provide additional functionality; (8) protect Our rights, privacy, safety or property, and/or that of Yours or others; and (9) allow us to pursue available remedies or limit the damages We may sustain.

Support Information:

IP Addresses; Device ID Information: Because You are accessing the Service on a mobile device, We may also collect Your device identiﬁcation number and request access to settings and location information to analyze and report upon usage of the Service; to diagnose and prevent service or technology problems aﬀecting the Service; and to monitor and prevent fraud and abuse.

Non-Identiﬁable Data Related to Operation of the Service: When You interact with Storyline Health through the Service, We receive and store certain personally non-identiﬁable information. Such information, which We collect passively using various technologies, cannot presently be used to speciﬁcally identify You. We may store such information Ourselves or such information may be included in databases owned and maintained by Storyline Health aﬃliates, agents or service providers. The Service may use such information and pool it with other information to track, for example, the total number of users of the Service, the number of visitors to each page of Our Site, and the domain names of Our visitors' Internet service providers. It is important to note that Storyline Health does not use Personal Information for this process.

Aggregated Personal Data: In an ongoing eﬀort to better understand and serve Our Customers, other users of the Service, Storyline Health may conduct research on its user demographics and behavior based on the Personal Information We collect from You and the other information provided to us. This research may be compiled and analyzed on an aggregate basis, and Storyline Health may share this research and related information in aggregated, de-identiﬁed and/or anonymized format with its aﬃliates, agents and other entities in the healthcare research and services entities, including without limitation insurance and pharmaceutical companies. For the avoidance of doubt, this aggregate information does not identify You personally. Storyline Health may also disclose aggregated, de-identiﬁed and/or anonymized information in order to describe Our business and the Service to current and prospective business partners and Customers, and to other third parties for other lawful purposes

How will We use Your Personal Data?

We process Your Personal Data based on legitimate business interests, the fulfillment of Our Services to You, compliance with Our legal obligations, and/or Your consent. We only use or disclose Your Personal Data when it is legally mandated or where it is necessary to fulfill those purposes described herein. Where required by law, we will ask for your prior consent before doing so.

Specifically, we process Your Personal Data for the following legitimate business purposes:

To fulfill our obligations to You under the Terms of Use;
To communicate with You about and manage Your User Account;
To properly store and track Your data within our system;
To respond to lawful requests from public and government authorities, and to comply with applicable state/federal law, including cooperation with judicial proceedings or court orders;
To protect Our rights, privacy, safety or property, and/or that of You or others by providing proper notices, pursuing available legal remedies, and acting to limit Our damages;
To handle technical support and other requests from You;
To enforce and ensure your compliance with Our Terms of Use or the terms of any other applicable services agreement We have with You;
To manage and improve Our operations, Services and the Platform, including the development of additional functionality;
To manage payment processing;
To evaluate the quality of service You receive, identify usage trends, and thereby improve Your user experience;
To keep Our Platform safe and secure for You and for Us;
To send You information about changes to our terms, conditions, and policies;
To allow Us to pursue available remedies or limit the damages that We may sustain;
To enable you to connect with (or share Personal Data with) your Provider or Research Clinic on the Platform;
To provide access to a third party users (with your consent), to enable that those individuals to monitor your progress and overall condition and to follow up with you, as they deem appropriate (e.g., you can give access to your caregiver, parent, child, or spouse);
To send You information regarding the research in which You are participating or for which You may be a candidate.
To send you marketing communications**, including newsletters, new product offerings, SMS messages, and push notifications about Storyline Health and its affiliates and partners (with your consent, if required by law).
To aggregate and anonymize Your data for research purposes.

**You can opt-out of receiving promotional emails by changing the notification preferences in Your Account Settings or by unsubscribing via the “Unsubscribe” link in any Storyline Health email. Opting-out of these emails will not end transmission of important service-related emails that are necessary to your use of the Platform.

Where Is Your Personal Information Stored And/Or Processed?

Information Storyline Health collects through Our Application will be stored on secure U.S.-based servers. The application is native to Your device, meaning information You enter into Our Application is also stored directly on the device You use to access and enter information into the Application.

Will Storyline Health Share Personal Information With Anyone Else?

We consider Your information to be a vital part of Our relationship with You. There are, however, certain circumstances in which We may share Your Personal Information with certain third parties without further notice to You, as set forth below:

With Our Customers: If You are a Patient, We will share Your Personal Information and Health and Activity Data with Our Provider customer(s) that provide healthcare services to You or the Research Clinic in which You are participating in a research study. This will enable Your Provider or Research Clinic to track Your Health and Activity Data and combine such Health and Activity Data with other information about You that Your Provider obtains in providing healthcare services to You.

With Patient-Authorized Persons: If You are a Patient, You may have the option of identifying family and/or friends in the Storyline Health application to view certain of Your information and receive alerts regarding Your health and/or activities (“Permissions”). If You designate permissions, We may make available certain of Your Personal Information and Health and Activity Data, and alerts related thereto, to such authorized user.

In the Event of a Business Transfer: Storyline Health might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, Personal Information may be part of the transferred assets.

With Our Agents, Consultants and Related Third Parties: Storyline Health, like many businesses, sometimes hires other companies to perform certain business-related functions. Examples of such functions include mailing information and maintaining databases. When We employ another entity to perform a function of this nature, We only provide the entity with the information that it needs to perform its speciﬁc function. These Business Partners are contractually bound to protect Your Personal Data and to use it only for the limited purpose(s) for which it is shared with Us. Business Partners’ use of Personal Data may include, but is not limited to, the provision of services such as data hosting, IT services, customer service, payment processing, session recording and remote access services, performance measurement services, pharmacies or other providers of medication or medical lab testing, data optimization and marketing services, content providers, and our legal and financial advisors. Such service providers may have access to Personal Data according to their particular roles and purposes, and may only use the information for such purposes.

To Meet Our Legal Requirements: Storyline Health may disclose Your Personal Information if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend the rights or property of Storyline Health, (iii) act in urgent circumstances to protect the personal safety of You, us, other users of the Service or the public, or (iv) protect against legal liability.

How Long Will Storyline Health Retain The Information?

We store Your Personal Information for as long as You maintain an account and for the amount of time required in order to fulfill our legal obligations. The exact period of retention will depend on the type of Personal Data, Our contractual obligations to You, and applicable law. We keep Your Personal Data for as long as necessary to fulfill the purpose for which it was collected, unless otherwise required or necessary pursuant to a legitimate business purpose outlined in this Privacy Policy. At the end of the applicable retention period, We will remove Your Personal Information from Our databases and will request that Our business partners remove Your Personal Information from their databases. However, once We disclose Your Personal Information to third parties, We may not be able to access that Personal Information any longer and cannot force the deletion or modification of any such information by the parties to whom We have made those disclosures. Written requests for deletion of Personal Information other than as described should be directed to privacy@storylinehealth.com. We retain anonymized data indefinitely.

Does Storyline Health Utilize Cookies in the Services?

Storyline Health utilizes use certain monitoring and tracking technologies (such as cookies, beacons, pixels, tags and scripts) to collect information about You through the Services. This information may be used to track users of the Services as well as to authenticate users, permissions, etc in order to use the Platform. We, together with our marketing, analytics and technology partners, may also use these technologies on our App and certain partner sites. These technologies are used in order to maintain, provide and improve our Services on an ongoing basis, and in order to provide You with a better experience. Such technologies enable us to maintain and keep track of Your preferences and authenticated sessions, to better secure our Services, to identify technical issues, user trends and effectiveness of campaigns, and to monitor and improve the overall performance of our Services. While We do not currently track Your general web or social network activity, We may add such tracking capabilities in the future since these activities are a component of behavior that may be deemed relevant and useful.

In order for some of these technologies to work properly, a small data file (“cookie”) must be downloaded and stored on your device. By default, We use several persistent cookies for purposes of session and user authentication, security, keeping the user’s preferences (such as regarding default settings), monitoring performance of our services, and generally providing and improving our services. Storyline Health’s Services are not available to use without cookies since they are primarily used for both security and experience.

Generally, if You would prefer not to accept cookies, most browsers will allow You to adjust your settings to notify you when you receive them, automatically reject them or disable existing ones. Depending on Your mobile device and operating system, You may not be able to block and delete all cookies.

Deleting cookies does not delete Local Storage Objects (LSOs) such as Flash Objects and HTML5 Local Storage or Session Storage. If you use Google Chrome, You can learn more about locally stored data in your browser, and how to control at: https://www.google.com/chrome/privacy/.

Please note that deleting our cookies or disabling future cookies or tracking technologies may prevent You from accessing certain areas or features of our Services or may otherwise adversely affect Your user experience.

How can You Manage Your Cookies?

Most web browsers let you choose whether to accept cookies. Most also let you delete cookies already set. The choices available, and the mechanism used, will vary from browser to browser. Such browser settings are typically found in the “options”, “tools” or “preferences” menu. You may also consult the browser’s “help” menu. For example:

There are online tools available for clearing all cookies left behind by the websites you have visited, such as https://www.allaboutcookies.org. Usually, deletion of cookies will anonymize the information associated with the pixel and a website will not receive any further associated information.

How Does Storyline Health Protect My Personal Information?

Storyline Health is committed to protecting the security and conﬁdentiality of Your Personal Information. We use a combination of reasonable physical, technical, and administrative security controls to maintain the security and integrity of Your Personal Information, to protect against any anticipated threats or hazards to the security or integrity of such information, and to protect against unauthorized access to or use of such information in Our possession or control that could result in substantial harm or inconvenience to You. However, Internet data transmissions, whether wired or wireless, cannot be guaranteed to be 100% secure. As a result, We cannot ensure the security of information You transmit to us. By using the Application, You are assuming this risk.

Safeguards

The information Storyline Health collects and stores on secure servers, is protected by a combination of technical, administrative, and physical security safeguards, such as authentication, encryption, backups, and access controls. If Storyline Health learns of a security concern, We may attempt to notify You and provide information on protective steps, if available, through the email address that You have provided to us or by an inapp notiﬁcation. Depending on where You live, You may have a legal right to receive such notices in writing.

You are solely responsible for protecting information entered or generated via the Application that is stored on Your device and/or removable device storage. Storyline Health has no access to or control over Your device’s security settings, and it is up to You to implement any device level security features and protections You feel are appropriate (e.g., password protection, encryption, remote wipe capability, etc.). We recommend that You take any and all appropriate steps to secure any device that You use to access Our Application.

NOTWITHSTANDING ANY OF THE STEPS TAKEN BY US, IT IS NOT POSSIBLE TO GUARANTEE THE SECURITY OR INTEGRITY OF DATA TRANSMITTED OVER THE INTERNET. THERE IS NO GUARANTEE THAT YOUR INFORMATION WILL NOT BE ACCESSED, DISCLOSED, ALTERED, OR DESTROYED BY BREACH OF ANY OF OUR PHYSICAL, TECHNICAL, OR ADMINISTRATIVE SAFEGUARDS. THEREFORE, WE DO NOT AND CANNOT ENSURE OR WARRANT THE SECURITY OR INTEGRITY OF ANY INFORMATION YOU TRANSMIT TO US AND YOU TRANSMIT SUCH INFORMATION AT YOUR OWN RISK

HOW SHOULD YOU PROTECT YOUR PERSONAL INFORMATION?

In addition to securing Your Device, as discussed above, We will NEVER send You an email requesting conﬁdential information such as account numbers, usernames, passwords, or social security numbers, and You should NEVER respond to any email requesting such information. If You receive such an email purportedly from Storyline Health, DO NOT RESPOND to the email and DO NOT click on any links and/or open any attachments in the email, and notify Storyline Health support at privacy@storylinehealth.com.

You are responsible for taking reasonable precautions to protect Your user ID, password, and other user account information from disclosure to third parties, and You are not permitted to circumvent the use of required encryption technologies. You should immediately notify Storyline Health at privacy@storylinehealth.com if You know of or suspect any unauthorized use or disclosure of Your user ID, password, and/or other user account information, or any other security concern

EU CITIZEN RIGHTS

You have the right under certain circumstances:

to receive communications related to the processing of Your personal data that are concise, transparent, intelligible and easily accessible;

to be provided with a copy of Your personal data held by us or Your healthcare provider;
to request the rectification or erasure of Your personal data held by us or Your healthcare provider without undue delay;
to request that We or Your healthcare provider restrict the processing of Your personal data (while We verify or investigate Your concerns with this information, for example);
to object to the further processing of Your personal data by us or Your healthcare provider, including the right to object to marketing;
to request that Your personal data be moved to a third party;
to receive Your personal data in a structured, commonly used and machine-readable format
to lodge a complaint with a supervisory authority

Where the processing of Your personal information by us is based on consent, You have the right to withdraw that consent without detriment at any time by editing or changing Your User Account Settings. You can also exercise the rights listed above at any time by contacting us at privacy@storylinehealth.com.

CALIFORNIA CONSUMER PRIVACY ACT PRIVACY RIGHTS

To the extent that the California Consumer Privacy Act applies to You, You have the following additional data privacy rights:

Privacy; Confidential Information

We may aggregate or deidentify any Personal Data that We collect in connection with our Services, such that the information is no longer personally identifiable or attributable to You. We may use such aggregated information for Our own legitimate business purposes without restriction.

Your Rights:

You have the right:

to request that We disclose what information We collect, use, disclose, and sell. California residents may request and obtain from Us, once a year, free of charge, a list of third parties, if any, to which we disclosed their Personal Data for direct marketing purposes during the preceding calendar year and the categories of Personal Data shared with those third parties; and
to request that We delete any Personal Data We have collected about You.

To submit a request for (1) or (2) above, you may

delete Your account in Your User Account Settings
email Us at privacy@storylinehealth.com or contact us through the Platform.

For your protection, any request you send to Us to delete your Personal Data is subject to the following verification procedure: We will confirm that your name and address match the credit card information you provide, and we may ask for a copy of your picture identification.

We reserve the right to deny Your request if we cannot verify Your identity. If We deny Your request in whole or in part, We will notify You of the denial and provide the reasons for the denial.

We will not discriminate against you for exercising any of Your above rights.

You may designate an authorized agent to make a request to exercise Your rights on Your behalf. Your authorized agent must be able to provide to Us proof of your authorization. For Your protection, We reserve the right to deny any request from an agent who does not submit proof that they have been authorized to act on Your behalf.

How Can You Update, Correct Or Delete Your Personal Information?

You can change Your email address and other contact information by editing Your proﬁle Proﬁle Settings in the Application. If You need to make changes or corrections to other information, You may email privacy@storylinehealth.com. Please note that in order to comply with certain requests to limit use of Your Personal Information We may need to terminate Your account with us and Your ability to access and use the Services, and You agree that We will not be liable to You for such termination or for any refunds of prepaid fees paid by You. Although We will use reasonable efforts to do so, You understand that it may not be technologically possible to remove from Our systems every record of Your Personal Information. The need to back up Our systems to protect information from inadvertent loss means a copy of Your Personal Information may exist in a nonerasable form that will be diﬃcult or impossible for us to locate or remove. Backups of that data will remain associated with Your account and in Our archive servers. You can deactivate and/or delete Your account by under Your Account Settings or by emailing privacy@storylinehealth.com.

Can You “OptOut” Of Receiving Communications From Storyline Health?

In providing the Services, You may receive periodic email communications that are essential to the proper functioning and delivery of the Services (e.g. information regarding your User Account), which are part of the Services, and which You cannot opt out of receiving. When such messages are sent to You via the Application, Platform, Web Site, or Web Portal, you will receive an email alert indicating that a message has been received.

You may also receive periodic promotions and other offers or materials We believe might be of interest to You. You can opt in to receive these promotional messages at any time by changing the Communications Preferences in Settings.

Does This Privacy Policy Apply To All Information You Provide?

This Privacy Policy does not apply to any unsolicited information You provide to Storyline Health through the Service or through any other means. This includes, but is not limited to, any ideas for new products or modiﬁcations to existing products, and other unsolicited submissions (collectively, “Feedback”). All Feedback shall be deemed to be non-conﬁdential and Storyline Health shall be free to reproduce, use, disclose, and distribute such Feedback to others without limitation or attribution.

How Storyline Health Makes Changes To This Policy

We occasionally update this Privacy Policy. It is Your responsibility to stay up to date with any amended versions. If We modify this Privacy Policy, We will notify You of the changes through either a notice in the App, an email notification, or other reasonable means. You can store this policy and/or any amended version(s) digitally, print it, or save it in any other way. Any changes to this Privacy Policy will be effective immediately upon providing notice, and shall apply to all information We maintain, use and disclose. If You continue to use the App following such notice, You are agreeing to those changes.

Information Submitted by Minors

Storyline Health does not knowingly collect Personal Information or other information from children under the age of 13. If You are under the age of 13, please do not submit any Personal Information or other information through the Service. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce Our Privacy Policy by instructing their children never to provide Personal Information on the Service without their permission. If You have reason to believe that a child under the age of 13 has provided Personal Information to Storyline Health through the Service, please contact us, and We will endeavor to delete that information from Our databases.

How Can I Contact Storyline Health?

Please feel free to contact us if You have any questions about this Privacy Policy or the information practices of the Service. You may contact us by email at the following address: privacy@storylinehealth.com.