Heuro Privacy Policy and Notice of Privacy Practices

We value your trust and are committed to protecting your privacy. This Privacy Policy and Notice of Privacy Practices (“Privacy Policy”) explains the ways in which your personal information may be collected, utilized, and shared in connection with your use of the products and services of Heuro, LLC (“Heuro”), including the Heuro Mobile App (“Heuro App”), the images and content provided via the Heuro App, and any other Heuro-owned websites (collectively, the “Services”).  In addition, this Privacy Policy describes the steps we take to protect your personal information. By using the Services, you are expressly agreeing that you have read and understood this Privacy Policy.  Please read this Privacy Policy carefully.

Please also review our Terms of Use for additional terms and conditions applicable to the Services.

Types of Information We Collect

Heuro collects the following information about you:

Personal Information. This includes general information that may directly or indirectly identify you, such as your name, date of birth, address, email address, or other identifying information.

Protected Health Information (“PHI”). PHI is information which may be used to identify you and that was created, used, or disclosed in the course of providing a health care service.  In certain contexts, PHI is protected under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). HIPAA and other laws regulate the protection of PHI and how it may be handled and shared. Heuro may offer certain Services to you through a relationship with your employer, health care provider, or other entity covered by the privacy and security requirements of the HIPAA law (i.e., a “Sponsored Program”). Heuro ensures that it complies with HIPAA when offering Services in connection with a Sponsored Program.

General Usage Information. General Usage Information is other information that, by itself, does not individually identify you, such as your operating system, device type, server logs, app navigation data, use data, access data, technical data, and other usage information. We may link different types of General Usage Information together or link General Usage Information to Personal Information.

How We Collect Information

Heuro collects information in the following ways:

Information you give us. When you sign up for a Heuro Account you will provide your e-mail address and complete a brief survey including your date of birth, gender, height, weight, and lifestyle habits. You may then choose to directly link additional information including wearable fitness tracker data, insurance information, electronic medical records, pharmacy records, and lab data.  Occasionally you may be asked to complete additional health or lifestyle surveys.

Information obtained from your employer or health care provider. When you access Heuro in connection with a Sponsored Program, your employer or health care provider may directly provide PHI or other Personal Information such as your name, date of birth, gender, mailing address, health coverage details, health plan identification number, medical claims data, and other information. We use this information to provide Services to you on behalf of your employer or health care provider.

Information obtained from other sources. We may obtain information about you from affiliates, partners, and other third-parties. This information may be used to provide services to you and to provide analysis about you in comparison to people who are demographically similar to you. We may combine the information we obtain from third-parties with information that we have collected about you.

Information we get from your use of the services. We may collect information about the Services that you use and how you use them. This information includes:

Computer, tablet, or mobile telephone information. We may collect device-specific information (such as your hardware model, operating system, unique device identifiers, device sensors and mobile network information including phone number) and device sensors and related device hardware. Heuro may associate your device identifiers or phone number with your Heuro Account.

Information from wearables. When you connect your wearable fitness tracker, heart rate monitor, pedometer or other wearable technology with the Services, we collect information about your steps, fitness activities, exercise frequency, sleep, and information about nutrition, such as caloric intake, nutritional statistics, blood pressure, and other biometric data.

Log information. When you use the Services or view content provided by Heuro, we may automatically collect and store certain information in server logs. This may include:

  • Internet protocol address.
  • Device information such hardware settings, duration of use, app navigation data, system activity, and device crashes.
  • Cookies that may uniquely identify your Heuro Account.

Location information. When you use a location-enabled feature within the Heuro Mobile App (“Heuro App”), we may collect and process information about your GPS location sent by your mobile device. We may also use other mobile device features to determine your location, such as features that provide information on nearby Wi-Fi access points and cell towers.

Unique application numbers. When you install or uninstall the Heuro App (or when the App periodically communicates with our servers for updates) information such as the operating system type, application version number, and a unique application number may be sent to Heuro.

Local storage. We may collect and store information locally on your device using application data caches.

How We Use Information We Collect

To provide Services to you. We use the information that we collect about you to provide, maintain, protect and improve the Services that Heuro provides to you.

To provide Sponsored Programs to you. We may use the information that we collect about you to provide Services through Sponsored Programs in collaboration with your employer and/or a health care provider.

What Information We Share

We take your privacy seriously. We do not sell your information to any third-parties and all information disclosed to any third-party is the minimum amount necessary to fulfill the legitimate business purpose. We do not share Personal Information with companies, organizations or individuals outside of Heuro except in the following circumstances:

With your consent. We may share your Personal Information with companies, organizations or individuals outside of Heuro when we have your consent to do so.

As part of a Sponsored Program. Heuro may share your Personal Information with your employer, health plan, or health care provider in the following contexts:

Plan administration. Under applicable U.S. laws, we may share PHI with your health plan for the administration of your plan.

Healthcare providers. We may share information with your health care providers and any clinics or organized healthcare organizations with whom they are associated.

Your employer. We will not share your PHI with your employer for any employment-related purpose. We may share certain limited Personal Information with your employer that is needed to deliver a Sponsored Program. For example, we may share completion status of a Sponsored Program requirement but not the actual results of the required action.

Third-party service providers. Heuro does not sell or rent your PHI to third parties. We may disclose your PHI to our business associates who perform various functions on our behalf and who have agreed in writing to safeguard your PHI appropriately and in accordance with the law.  We also may disclose your Personal Information to third-parties in the following limited contexts:

  • For external services. We provide Personal Information to our affiliates or other trusted businesses or persons who provide services to you or us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures.
  • For legal reasons. We will share Personal Information with companies, organizations or individuals outside of Heuro if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
    • meet any applicable law, regulation, legal process or enforceable governmental request;
    • enforce applicable Terms of Use, including investigation of potential violations;
    • detect, prevent, or otherwise address fraud, security or technical issues;
    • protect against harm to the rights, property or safety of Heuro, our users, or the public as required or permitted by law.

We may share aggregated, non-personally identifiable information publicly and with our partners to evaluate the effectiveness, value, and analytic trends of the Services.

If Heuro is involved in a merger, acquisition or asset sale, we will continue to ensure the confidentiality of any Personal Information and give affected users notice before Personal Information is transferred or becomes subject to a different privacy policy.

How We Protect Your Information

Heuro is committed to protecting the sensitive user information held on its platform from unauthorized access, alteration, disclosure, or destruction. Specifically, Heuro has taken the following steps to protect your information from unauthorized disclosure:

  • We comply with HIPAA’s security rule.
  • We encrypt many of our Services using SSL.
  • We review our information collection, storage, and processing practices, including physical security measures, to guard against unauthorized access to systems.
  • We restrict access to Personal Information to Heuro employees, contractors, and agents who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

Your Control of Your Information

Exporting Personal Information. As a Heuro user, you have the option to cancel your account and/or to export your personal information at any time by contacting Heuro Customer Support.

Updating or correcting Personal Information. Our goal is to give users ways to update and correct their information quickly or, alternatively, delete the information, unless we need to keep the information for legitimate business or legal purposes. When updating your Personal Information, we may ask you to verify your identity before we can act on your request. Where we can provide information access and correction, we will do so for free, except where it would require a disproportionate effort. We aim to maintain our Services in a manner that protects information from accidental or malicious destruction. Because of this, after you delete information from our Services, we may not immediately delete residual copies from our active servers and may not remove information from our backup systems. Access, correction, or deletion requests can be made by contacting Heuro Customer Support

Continued access to your information.  In addition, upon termination (by you or by Heuro) of a relationship with an organization supporting a Sponsored Program (e.g. termination of your employment or cessation of the program), you will have the opportunity, in certain circumstances, to continue accessing your Heuro Account, including personal health information generated during the Sponsored Program.  To continue accessing PHI provided through a Sponsored Program, you may need to execute a voluntary HIPAA Authorization allowing Heuro to receive and use your PHI. In addition, certain features of the Heuro App and Services may no longer be accessible following the termination of a Sponsored Program relationship.  If you continue to use Services made available by Heuro after termination of a Sponsored Program relationship, your Heuro account will be governed by the Heuro Terms of Use and Privacy Policy then in effect, as may be amended from time to time.

Not Intended for Users Under Age 18

Information of Minors. The Services are not directed to or intended for use by anyone under the age of 18. In compliance with laws, we will not intentionally collect any Personal Information from minors under the age of 18. If you think that we have collected Personal Information from a minor, please contact us by e-mailing [email protected]

Privacy of Telecommunications Information

Heuro may obtain customer proprietary network information (CPNI) from certain affiliates or partners in connection with your use of the Services. CPNI is data collected by telecommunications companies that relates to the type, quantity, destination, technical configuration, location, and amount of use of telecommunications and interconnected VoIP services. In certain instances, Heuro may use CPNI provided by affiliates or partners to enhance or facilitate the Services provided to you. Heuro is fully committed to protecting the confidentiality of any CPNI it receives in connection with the Services.  Under federal law, you are entitled to contact your telecommunications provider to opt-out of sharing CPNI.  If you believe your CPNI has been shared with Heuro in error, please contact us by e-mailing [email protected] If we have a relationship with your telecommunications provider, we will advise your telecommunications provider of your complaint.

Applicability of Privacy Policy

Our Privacy Policy applies to all of the Services offered by Heuro but does not apply to Services offered by other companies or individuals, including products or sites that may be linked from our Services.

Compliance and Cooperation with Regulatory Authorities

We regularly review our compliance with our Privacy Policy. It is our intention to review and resolve all formal complaints, either with the proper regulatory authority or directly with our users.

California Privacy Rights

Residents of the State of California, under certain provisions of the California Civil Code, have the right to request from companies conducting business in California a list of all third parties to which the company has disclosed certain personally identifiable information as defined under California law during the preceding year for third-party direct marketing purposes. The company is not required to provide the above-described lists if it adopts and discloses its policy of not disclosing Personal Information to third-parties for their direct marketing purposes unless the customer first affirmatively agrees to the disclosure.

We do not share information with third-parties for their direct marketing purposes unless you affirmatively agree to such disclosure — typically by opting-in to receive information from a third-party. To prevent disclosure of your Personal Information for use in direct marketing by a third-party, do not opt-in to such use when you provide Personal Information through our Services. California customers may request further information about our compliance with this law by e-mailing [email protected]

California Do Not Track Notice. Some browsers have a “Do Not Track” feature that lets you tell websites and online services that you do not want to have your online activities tracked. Our websites and Services do not respond to “Do Not Track” signals as such browser features and industry standards are not uniform.

Amendments to this Privacy Policy

Our Privacy Policy may be amended from time to time. This Privacy Policy is not intended to and does not create any contractual or other legal rights in or on behalf of any party. If we change this Privacy Policy, we will post changes on this page and, if the changes are material, we will provide a more prominent notice by sending you an email and/or posting a notice within the Services. Heuro reserves the right to modify this Privacy Policy at any time, so please review it frequently.

Last modified: April 2, 2020