Effective: April 21, 2020
OUR CORE PRINCIPLES
- We'll only ask you to share the information needed to fulfill the mission of Healthy Together.
- We’ll be clear about what information you’re choosing to share.
- We’ll never share your name, phone number or any other information that specifically identifies you with other Healthy Together users.
- We’ll be open and clear about why features exist, what they do, and how they use your information.
Healthy Together is a tool developed in coordination with epidemiologists and public health officials to help stop the spread of COVID-19. It uses information that you share through the app along with third-party data to help U.S. local, state and federal governments and public health organizations identify COVID-19 transmission networks and deploy testing and containment efforts to research and combat the pandemic.
If you choose to share information through Healthy Together, the data you share will help further COVID-19 response efforts by allowing public health workers to conduct contact tracing more accurately, more effectively and at a larger scale.
- Allows people to log and share their symptoms, diagnoses, and real-time location data with the State of Utah and other U.S. local, state and federal government organizations and public health organizations; these government and public health organizations have committed to using this information solely for the purpose of COVID-19 response efforts.
- Alerts people if they have been exposed to a COVID-19-affected individual and provides instructions on how and where to get tested.
- Provides U.S. local, state and federal government officials and healthcare workers with access to real-time data of probable infection hot-spots and information on individuals who may have been exposed to COVID-19, so that they can more surgically deploy testing, contact tracing procedures, and other medical efforts.
- Retains location history for no longer than 30 days after you share it with us.
- Retains personally identifiable health-related information that you share with us no longer than 30 days after you provide it. After 30 days, we will de-identify this information by removing any details that directly identify you, such as your name and phone number.
- Puts you in control of your information by letting you request deletion of all personal information we have received through the app at any time.
Your use of Healthy Together is voluntary. You can at any time direct us to delete your personal information by choosing to do so within the app, or by emailing your request to firstname.lastname@example.org.
We may need to modify our privacy practices to comply with legal requirements, such as court orders, subpoenas or investigations.
TYPES OF PERSONAL INFORMATION THAT MAY BE SHARED WITH US
When you use Healthy Together, we will ask you to share certain personal information with us. We will also receive information from U.S. local, state and federal government organizations, and collect certain technical, device and usage information from your device.
We may receive:
- Registration and Profile Information. We may receive information from you when you register to use Healthy Together. That information may include, among other things, your full name, phone numbers, and device identifiers.
- Contact List. If you choose to share your mobile device contacts or address book with Healthy Together, we will store your contacts or address book information, including the phone numbers and names of your contacts, to enable you to invite your contacts to Healthy Together and help facilitate your user experience.
- Customer Support Information. We will store the contact information you provide to our customer support personnel, and information about your use of Healthy Together. We will also store the communications you have with us and any information contained in those communications.
- Device, Technical and Usage Information. When you access Healthy Together, we collect information about your mobile device or computer system, including MAC address, IP address and mobile device ID. We also generate usage statistics about your interactions with Healthy Together. This information is typically collected through the use of server log files or web log files, mobile device software development kits and tracking technologies like browser cookies to analyze certain types of technical information. Some of the cookies Healthy Together places on your computer are linked to your user ID number. When you respond to communications we send you, we may use automated technology to understand how you interact with the communications. You can usually remove or reject browser cookies through the settings on your browser or device. At this time we do not recognize automated browser signals regarding tracking mechanisms, which may include ”do not track” instructions.
- Precise Geo-Location and Location History. When you use Healthy Together, you may choose to share with us precise geo-location information using iOS and Android location services. These services may use a combination of GPS, WiFi, Cellular, Bluetooth, and IP address to detect and triangulate your location. You can stop the sharing of location information at any time by changing the preferences on your device. All geo-location data which you share with us will be deleted within 30 days of collection, subject to our legal obligations.
- Health-Related Information. Through your use of Healthy Together, you may choose to submit personal information about yourself, such as your approximate age, as well as your pre-existing conditions, symptoms, COVID-19 test status, and treatment details. We will remove personal identifiers from any health-related information you share with us within 30 days of sharing, subject to our legal obligations. The State of Utah may also provide us with certain health-related information, including COVID-19 test results, which we may use, in conjunction with real-time location data that users choose to share, to alert individuals when they may have been exposed to individuals who have tested positive for COVID-19. If a user has been exposed to COVID-19, this information may be shared with government officials and healthcare workers to help augment contact tracing efforts or coordinate the COVID-19 public health response. However, we will never disclose to other Healthy Together users the name or phone number of individuals who have tested positive for COVID-19, or any other details that directly identify these persons.
PRIVACY BY DESIGN AND DATA MINIMIZATION
We are committed to putting citizens in control of their information:
- We will delete location history within 30 days of recording the location, except when applicable legal requirements mandate a longer retention period.
- We will retain personally identifiable health-related information that you share with us no longer than 30 days after you provide it, except when applicable legal requirements mandate a longer retention period. After 30 days, we will retain, use and share limited, de-identified health-related information only for COVID-19 response efforts or other public health or research purposes.
- To de-identify health-related information, we disassociate it from data elements that specifically identify you, such as your name and phone number; we will instead maintain this health-related information in conjunction with a random ID that we generate.
- We will not attempt to re-identify health-related information after we de-identify it, and have implemented policies prohibiting re-identification.
- We will use and share de-identified health-related information only in connection with the COVID-19 response efforts or other public health or research purposes; if we share this information with third parties, such as researchers, we will prohibit them from attempting to re-identify the information.
- You can at any time direct us to delete all of the personal information we have received through Healthy Together by electing to do so within the app or by emailing us at email@example.com; if you request deletion, we will delete all of your personal information received through Healthy Together from our live systems and applications, unless we are prohibited by law from doing so. We will delete any personal information we maintain on back-up media in the ordinary course of business.
HOW WE USE NON-HEALTH-RELATED INFORMATION
- In connection with COVID-19 response efforts or other public health or research purposes.
- To operate Healthy Together.
- For internal business purposes that are necessary, reasonable, or appropriate to operate the business functions that support the platform, such as for quality control and platform improvement, and to provide technical support and respond to user inquiries.
- To enable user communications. If you have chosen to synchronize all or portions of your mobile device contacts with Healthy Together, you may choose to initiate SMS notifications to your friends to invite them to Healthy Together or alert them to relevant application activity.
- For Healthy Together, and U.S. local, state and federal government organizations to communicate with you.
- To analyze the information we collect through cookies and other tracking technologies to help us improve our function and to modify the services and information that we provide.
- For fraud prevention and legal compliance, including to prevent fraud or potentially illegal activities, and enforce our Terms of Service.
HOW WE SHARE YOUR INFORMATION
Except as described below, we may only share your personal information:
- With third-party service providers that perform services on our behalf, including: to help operate Healthy Together; to conduct quality assurance testing; to facilitate the creation of accounts; to optimize the performance of the platform; to provide technical support; and/or to provide other related services.
We may share de-identified information with public interest organizations, health care organizations and researchers. We will prohibit these organizations from attempting to re-identify the information we share with them.
We may share personal information with government, law enforcement officials or private parties as required by law, when we believe such disclosure is necessary or appropriate (a) to comply with legal obligations, law enforcement requests or legal directives such as a court order or subpoena; (b) enforce the terms and conditions that govern the platform; (c) protect our rights, privacy, safety or property, and/or that of you or others; and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
OTHER SHARING OF INFORMATION
We may make available on Healthy Together, or link to, features that allow you to share information with third parties. Please be careful whenever sharing your personal information with third parties, and only share sensitive personal information with third parties whom you trust. We have no control over the use of your information by third parties with whom you choose to share your information.
SECURITY OF YOUR INFORMATION
We have implemented a number of security measures designed to protect your information, including encrypting all personal information in transit and at rest. Please note that we are not a healthcare provider or other “covered entity” that is subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and are not bound by its requirements for handling protected health information. However, we have a security program in place designed to mitigate risk and to use reasonable and appropriate procedures and technologies to help protect the confidentiality of all personal information.
It is important that you protect and maintain the security of your account, and you should immediately notify us of any unauthorized use of your account. No website, mobile application or Internet transmission is completely secure, and therefore we cannot guarantee that unauthorized access, hacking, data loss, or other breaches or other type of misuse will never occur. Be careful where and how you share personal information—use public WiFi spots wisely and avoid clicking unfamiliar links or using unfamiliar devices.
We may post a notice via Healthy Together if a security breach occurs. We may also send you notice by the contact information you have provided to us in these circumstances. Depending on where you live, you may have a legal right to receive written notice of a data privacy or security breach.
Accessing and Updating Your Information. If you have an account with us, you can access and edit your profile information directly within the profile page of the app.
Deactivating Your Account and Deleting Your Information. You may deactivate your account at any time by following the instructions within the app settings. Deactivating your account deletes all of your personal information we maintain. You may also deactivate your account and delete your personal information by contacting us directly at firstname.lastname@example.org. Please note that you must follow these instructions to deactivate your account. Otherwise, your account will remain active, even if you delete or uninstall the app. We will delete any personal information we maintain on back-up media in the ordinary course of business.
Opting Out of Push Notifications. If you opt-in to receive push notifications within the app, we may send push notifications or alerts to your mobile device from time to time. You can deactivate push notifications and alerts at any time by deleting the app, changing your device settings or changing the push notification settings within the app.
Opting Out of SMS Communications. If you opt-in to receive SMS messages by providing your phone numbers, we may send you notifications and other SMS messages from time to time. You may opt out of receiving SMS communications at any time by responding to any SMS with the single-word command, “STOP.” In addition, if you have an account, you can opt out of SMS communications by changing the settings within the app. You may opt back in to SMS communications at any time by adjusting your account settings within the app. Please note we may not be able to determine if you delete or uninstall the app, or block the number that delivers the communications, and therefore may be unable to automatically stop you from receiving SMS communications unless you have specifically opted out of SMS communications by following the instructions above.
Opting Out of Location Tracking. While the information you share will be vital to contributing to our awareness and understanding of how the COVID-19 threat is spreading, ultimately you control what is shared. If you opt in to sharing your geo-location information through Healthy Together, you can subsequently stop sharing this information at any time by deleting the app or changing the preferences on your mobile device. Please note, however, that if you withdraw consent to the sharing of location information, you will no longer be able to use some features of Healthy Together.
Healthy Together is not intended for children under the age of 13, and we do not knowingly collect any personal information from children under 13. If you are between the ages of 13 and 17, you can only use Healthy Together if your parent or legal guardian has reviewed and agreed to the Terms of Service on your behalf.
If we become aware that personal information we maintain pertains to a child under the age of 13, we will promptly delete that information from our live systems and applications, unless we are prohibited by law from doing so. We will delete any personal information we maintain on back-up media in the ordinary course of business.
We are in the very early days and would love to hear your feedback on how we can improve our approach to impacting the pandemic.
Twenty Labs, LLC
c/o 280 Park Avenue
New York, NY 10017