Effective: March 22, 2021 note that we updated our Privacy Policy to explain that, if you use the Covid-19 Vaccine Standby Service, we may share your information with providers of the Covid-19 vaccines.
OUR CORE PRINCIPLES
This Privacy Policy explains how you may share personal information with Healthy Together, and how we receive, use, disclose, and otherwise process your personal information. We are committed to putting people in control of their information and we believe in the following core principles:
- We'll only ask you to share the information needed to fulfill the mission of Healthy Together.
- We’ll be clear about what information you’re choosing to share.
- We’ll never share your name, phone number or any other information that specifically identifies you with other Healthy Together users, unless you specifically authorize us to do so.
- We’ll be open and clear about why features exist, what they do, and how they use your information.
This Privacy Policy is designed to describe our privacy practices in a comprehensive manner. Because there are different versions of Healthy Together available, which are designed to reflect the individual needs of the different entities which use the app, some of the versions may collect fewer types of personal information than this Privacy Policy describes, or disclose the information in fewer ways that this Privacy Policy describes. For example, the version of Healthy Together used by the State of Florida does not collect COVID-19 symptom information. If the version of the app you are using collects more information than this Privacy Policy describes, we will provide additional notice that is specific to the relevant users, such as the notice to Utah and California users we have included at the bottom of this Privacy Policy. Please keep these differences in mind when reviewing this Privacy Policy.
OUR MISSION
Healthy Together is a tool developed in coordination with epidemiologists and public health officials to help stop the spread of COVID-19. It uses information that you share through the app along with third-party data to help U.S. local, state and federal governments, public health organizations, as well as other entities a user authorizes, identify COVID-19 transmission networks and deploy testing and containment efforts to research and combat the pandemic. Our Healthy Together COVID-19 Vaccine Standby Service (the “Standby Service”) uses information that you share through the app and shares it with Covid-19 vaccine providers (“Vaccine Providers”) in order to identify you as interested in potentially receiving available doses of the Covid-19 vaccines that would otherwise be wasted.
If you choose to share information through Healthy Together, the data you share will help further COVID-19 response efforts by allowing (1) public health workers to conduct contact tracing more accurately, more effectively and at a larger scale and (2) if you are enrolled in the Standby Service, allowing us and Vaccine Providers to contact you with information about the potential to make an appointment to receive available doses of the Covid-19 vaccines.
Healthy Together:
- Allows people to log and direct us to share their symptoms, diagnoses, and real-time location data with U.S. local, state and federal government organizations and public health organizations; these government and public health organizations have committed to using this information solely for the purpose of COVID-19 response efforts.
- Alerts people if they have been exposed to a COVID-19-affected individuals and provides instructions on how and where to get tested.
- Alerts users, if they have enrolled in the Standby Service, of vaccine appointments Covid-19 made available by Vaccine Providers.
- Provides U.S. local, state and federal government officials and healthcare workers with information on individuals who may have been exposed to COVID-19, so that they can more surgically deploy testing, contact tracing procedures, and other medical efforts.
- Retains personally identifiable health-related information regarding COVID-19 symptoms that you share with us no longer than 30 days after you provide it. After 30 days, we will de-identify this information by removing any details that directly identify you, such as your name and phone number.
- Puts you in control of your information by letting you request deletion of all personal information we have received through the app at any time.
Your use of Healthy Together is voluntary. You can at any time direct us to delete your personal information by choosing to do deactivate your account within the app.
We may need to modify our privacy practices to comply with legal requirements, such as court orders, subpoenas or investigations.
TYPES OF PERSONAL INFORMATION THAT MAY BE SHARED WITH US
When you use Healthy Together, we will ask you to share certain personal information with us. We will also receive information from U.S. local, state and federal government organizations, as well as other entities that you authorize, and collect certain technical, device and usage information from your device.
We may receive:
- Registration and Profile Information. We may receive information from you when you register to use Healthy Together. That information may include, among other things, your full name, zip code, phone numbers, and device identifiers.
- Contact List. If you choose to share your mobile device contacts or address book with Healthy Together, we will store your contacts or address book information, including the phone numbers and names of your contacts, to enable you to invite your contacts to Healthy Together and help facilitate your user experience. You may also be permitted to share information about your contacts with U.S. state and local government organizations in order to assist them with contact tracing activities and other COVID-19 response efforts.
- Customer Support Information. We will store the contact information you provide to our customer support personnel, and information about your use of Healthy Together. We will also store the communications you have with us and any information contained in those communications.
- Device, Technical and Usage Information. When you access Healthy Together, we collect information about your mobile device or computer system, including MAC address, IP address and mobile device ID. We also generate usage statistics about your interactions with Healthy Together. This information is typically collected through the use of server log files or web log files, mobile device software development kits and tracking technologies like browser cookies to analyze certain types of technical information. Some of the cookies Healthy Together places on your computer are linked to your user ID number. When you respond to communications we send you, we may use automated technology to understand how you interact with the communications. You can usually remove or reject browser cookies through the settings on your browser or device. At this time we do not recognize automated browser signals regarding tracking mechanisms, which may include ”do not track” instructions.
- Health-Related Information. Through your use of Healthy Together, you may choose to submit personal information about yourself, such as your approximate age, as well as your pre-existing conditions, symptoms, COVID-19 test status, and treatment details. We may also receive certain health information from government and public health organizations, including your COVID-19 diagnosis. We will remove personal identifiers from any information regarding potential COVID-19 symptoms that you share with us within 30 days of sharing, subject to our legal obligations.
PRIVACY BY DESIGN AND DATA MINIMIZATION
We are committed to putting people in control of their information:
- To the extent the version of the Healthy Together app which you are using collects personally identifiable information regarding potential COVID-19 symptoms, we will retain the information that you share with us no longer than 30 days after you provide it, except when applicable legal requirements mandate a longer retention period. After 30 days, we will retain, use and share limited, de-identified symptom-related information only for COVID-19 response efforts or other public health or research purposes.
- To de-identify symptom-related information, we disassociate it from data elements that specifically identify you, such as your name and phone number; we will instead maintain this health-related information in conjunction with a random ID that we generate.
- We will not attempt to re-identify symptom-related information after we de-identify it, and have implemented policies prohibiting re-identification.
- We will use and share de-identified symptom-related information only in connection with the COVID-19 response efforts or other public health or research purposes; if we share this information with third parties, such as researchers, we will prohibit them from attempting to re-identify the information.
- You can at any time direct us to delete all of the personal information we have received through Healthy Together by electing to do so within the app; if you request deletion, we will delete all of your personal information received through Healthy Together from our live systems and applications. After you request deletion, we will retain the information only to the extent we are required by law or record retention policies of the governmental authority on whose behalf we are providing Healthy Together to you. We will delete any personal information we maintain on back-up media in the ordinary course of business.
HOW WE USE NON-HEALTH-RELATED INFORMATION
Other than health-related information, which is used for the limited purposes described in this Privacy Policy, we use the information we receive:
- In connection with COVID-19 response efforts or other public health or research purposes.
- To operate Healthy Together.
- If you are enrolled in the Standby Service, to provide you with updates on potentially available COVID vaccines.
- For internal business purposes that are necessary, reasonable, or appropriate to operate the business functions that support the platform, such as for quality control and platform improvement, and to provide technical support and respond to user inquiries.
- To enable user communications. If you have chosen to synchronize all or portions of your mobile device contacts with Healthy Together, you may choose to initiate SMS notifications to your friends to invite them to Healthy Together or alert them to relevant application activity.
- For Healthy Together, U.S. local, state and federal government organizations, and other entities you authorize, to communicate with you. In addition, if you have chosen to provide information about your contacts with certain U.S. state and local government organizations, those organizations may communicate with your contacts in connection with their contact tracing activities or other COVID-19 response efforts.
- To analyze the information we collect through cookies and other tracking technologies to help us improve our function and to modify the services and information that we provide.
- For fraud prevention and legal compliance, including to prevent fraud or potentially illegal activities, and enforce our Terms of Service.
HOW WE SHARE YOUR INFORMATION
Personal Information
- By using Healthy Together, you direct us to share your personal information with U.S. local, state and federal government organizations and public health organizations for the purposes we have set out in this Privacy Policy relating to COVID-19 response efforts. In some cases when we are requested to share personal data with government and public health organizations (such as if a government agency requests your checkup data and if you have tested positive for COVID-19, to assist with its contact tracing efforts), we will ask you to specially confirm your agreement to the sharing of such information prior to us doing so.
- We may also share your personal information with other third parties relating to COVID-19 response efforts, such as your university or employer, but only if you authorize us to do so. Please note that these third parties may retain your personal information for longer than thirty days.
- We may also share personal information with third-party service providers that perform services on our behalf, including: to help operate Healthy Together; to conduct quality assurance testing; to facilitate the creation of accounts; to optimize the performance of the platform; to provide technical support; and/or to provide other related services.
- If you are enrolled in the Standby Service, we may share your personal information with Vaccine Providers in order to alert you to available vaccines and related appointments.
De-identified Information
We may share de-identified information with public interest organizations, health care organizations and researchers. We will prohibit these organizations from attempting to re-identify the information we share with them.
Other Disclosures
We may share personal information with government, law enforcement officials or private parties as required by law, when we believe such disclosure is necessary or appropriate (a) to comply with legal obligations, law enforcement requests or legal directives such as a court order or subpoena; (b) enforce the terms and conditions that govern the platform; (c) protect our rights, privacy, safety or property, and/or that of you or others; and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
We may sell, transfer or otherwise share some or all of our business or assets, including personal information, in connection with a business transaction such as a merger, consolidation, acquisition, spinoff, reorganization or sale of assets or in the event of bankruptcy. We will require any recipient of data in connection with such business transaction to abide by this Privacy Policy.
OTHER SHARING OF INFORMATION
We may make available on Healthy Together, or link to, features that allow you to share information with third parties. Please be careful whenever sharing your personal information with third parties, and only share sensitive personal information with third parties whom you trust. We have no control over the use of your information by third parties with whom you choose to share your information.
SECURITY OF YOUR INFORMATION
We have implemented a number of security measures designed to protect your information, including encrypting all personal information in transit and at rest. Please note that we are not a healthcare provider or other “covered entity” under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). However, we have a security program in place designed to mitigate risk and to use reasonable and appropriate procedures and technologies to help protect the confidentiality of all personal information.
It is important that you protect and maintain the security of your account, and you should immediately notify us of any unauthorized use of your account. No website, mobile application or Internet transmission is completely secure, and therefore we cannot guarantee that unauthorized access, hacking, data loss, or other breaches or other type of misuse will never occur. Be careful where and how you share personal information—use public WiFi spots wisely and avoid clicking unfamiliar links or using unfamiliar devices.
We may post a notice via Healthy Together if a security breach occurs. We may also send you notice by the contact information you have provided to us in these circumstances. Depending on where you live, you may have a legal right to receive written notice of a data privacy or security breach.
YOUR CHOICES
Accessing and Updating Your Information. If you have an account with us, you can access and edit your profile information directly within the profile page of the app.
Deactivating Your Account and Deleting Your Information. You may deactivate your account at any time by following the instructions within the app settings. Deactivating your account deletes all of your personal information we maintain, except to the extent we are required to retain the information by law or record retention policies of the governmental authority on whose behalf we provided Healthy Together to you. Please note that you must follow these instructions to deactivate your account. Otherwise, your account will remain active, even if you delete or uninstall the app. We will delete any personal information we maintain on back-up media in the ordinary course of business.
Opting Out of Push Notifications. If you opt-in to receive push notifications within the app, we may send push notifications or alerts to your mobile device from time to time. You can deactivate push notifications and alerts at any time by deleting the app, changing your device settings or changing the push notification settings within the app.
Opting Out of SMS Communications. If you opt-in to receive SMS messages by providing your phone numbers, we may send you notifications and other SMS messages from time to time. You may opt out of receiving SMS communications at any time by responding to any SMS with the single-word command, “STOP.” In addition, if you have an account, you can opt out of SMS communications by changing the settings within the app. You may opt back in to SMS communications at any time by adjusting your account settings within the app. Please note we may not be able to determine if you delete or uninstall the app, or block the number that delivers the communications, and therefore may be unable to automatically stop you from receiving SMS communications unless you have specifically opted out of SMS communications by following the instructions above.
AGE REQUIREMENTS
Healthy Together is not intended for children under the age of 13, and we do not knowingly collect any personal information from children under 13. If you are between the ages of 13 and 17, you can only use Healthy Together if your parent or legal guardian has reviewed and agreed to the Terms of Service on your behalf.
If we become aware that personal information we maintain pertains to a child under the age of 13, we will promptly delete that information from our live systems and applications, unless we are prohibited by law from doing so. We will delete any personal information we maintain on back-up media in the ordinary course of business.
ADDITIONAL NOTICE TO UTAH USERS
If you are a Utah resident and are using the Healthy Together app offered by the State of Utah, you may choose to enable Bluetooth on your iOS or Android device to allow us to determine your proximity to other Healthy Together users. We may use the Bluetooth information that you and others share as described in this Privacy Policy as well as in conjunction with certain health-related information, including COVID-19 test results, to alert individuals when they may have been exposed to individuals who have tested positive for COVID-19. We will never disclose to other Healthy Together users the name or phone number of individuals who have tested positive for COVID-19, or any other details that directly identify these persons.
If a user has been exposed to COVID-19, this information may be shared with government officials and healthcare workers to help augment contact tracing efforts or coordinate the COVID-19 public health response.
We will delete all Bluetooth data which you share with us within 30 days of collection, subject to our legal obligations. You can stop the sharing of Bluetooth information at any time by changing the preferences on your device. Please note, however, that if you withdraw consent to the sharing of Bluetooth information, you will no longer be able to use some features of Healthy Together.
ADDITIONAL NOTICE TO CALIFORNIA USERS
Please note that we do not sell personal information.
The California Consumer Privacy Act of 2018 (“CCPA”) grants California residents the following rights:
- Information. You can request information about how we have collected, used and shared your personal information during the past 12 months. We have made this information available to California residents without having to request it by including it in this Privacy Policy.
- Access. You can request a copy of the personal information that we have collected about you.
- Deletion. You can ask us to delete the personal information that we maintain about you.
Please note that the CCPA limits these rights by, for example, prohibiting us from providing certain information we maintain for compliance in response to an access request and limiting the circumstances in which we must comply with a deletion request. If we deny your request, we will communicate our decision to you.
You are entitled to exercise the rights described above free from discrimination, as prohibited by the CCPA.
How to Submit a Request
- To request access to or deletion of personal information:
- Attn: Twenty Labs, LLC, 382 NE 191st, St PMB 42782, Miami, Florida 33179-3899
- Email: support@healthytogether.zendesk.com
- Identity verification. We will need to confirm your identity and California residency to process your requests to exercise your information, access or deletion rights. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it.
- Authorized agents. California residents can empower an “authorized agent” to submit requests on their behalf. We will require the authorized agent to have a written authorization confirming that authority.
CHANGES TO OUR PRIVACY POLICY
We may update this Privacy Policy from time to time. If we make material changes to our Privacy Policy, we will notify you and other users by posting the changes on Healthy Together or by using the contact information you have on file with us and will indicate when such changes will become effective.
If you object to the updated Privacy Policy, we will continue processing your information in accordance with the Privacy Policy to which you agreed or delete your account and information if we cannot do so.
By continuing to use Healthy Together 30 days after we notify you of updates to our Privacy Policy, you will have agreed to the new Privacy Policy.
CONTACTING US
We are in the very early days and would love to hear your feedback on how we can improve our approach to impacting the pandemic.
If you have any feedback, or any questions, comments, or concerns relating to this Privacy Policy or our privacy practices, please send an email to support@healthytogether.zendesk.com or write to us at the following address:
Twenty Labs, LLC
382 NE 191st St
PMB 42782
Miami, Florida 33179-3899