Types of Information We Collect
Personal Information. We and our affiliated service providers, including affiliated health care service providers (“Service Providers”) may collect Personal Information from you which includes general information that may directly or indirectly identify you, such as your name, date of birth, address, email address, or other identifying information.
Protected Health Information (“PHI”). We and our Service Providers may also collect PHI which includes information that may be used to identify you and that was created, used, or disclosed in the course of providing a health care service. In certain contexts, PHI is protected under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). HIPAA and other laws regulate the protection of PHI and how it may be handled and shared. Heuro may offer certain Services to you through a relationship with your employer, health care provider, or other entity covered by the privacy and security requirements of the HIPAA law (i.e., a “Sponsored Program”). Heuro ensures that it complies with HIPAA when offering Services in connection with a Sponsored Program.
General Usage Information. Heuro also collects General Usage Information, which is other information that, by itself, does not individually identify you, such as your operating system, device type, server logs, app navigation data, use data, access data, technical data, and other usage information. We may link different types of General Usage Information together or link General Usage Information to Personal Information.
How We Collect Information
Heuro collects information in the following ways:
Information you give us. When you sign up for a Heuro Account you will provide your e-mail address and complete a brief survey including your date of birth, gender, height, weight, and lifestyle habits. We may also collect information such as your general geographic location or your preferred means of communication when you voluntarily provide us with such information. You may then choose to directly link additional information including wearable fitness tracker data, insurance information, electronic medical records, pharmacy records, and lab data. Occasionally, you may be asked to complete additional health or lifestyle surveys.
Information obtained from your employer or health care provider. When you access Heuro in connection with a Sponsored Program, Heuro and its affiliated Service Providers may collect certain Personal Information or PHI, such as your name, date of birth, gender, mailing address, health coverage details, health plan identification number, medical claims data, and other information from or on behalf of your employer, or your past, current, and future health care providers. We use this information only in accordance with your express authorization, which we request from you through a separate document before you access the Services.
Information obtained from other sources. We may obtain information about you from affiliates, partners, and other third-parties. This information may be used to provide services to you and to provide analysis about you in comparison to people who are demographically similar to you. We may combine the information we obtain from third-parties with information that we have collected about you.
Information we get from your use of the Services. We may collect information about the Services that you use and how you use them. This information includes:
Computer, tablet, or mobile telephone information. We may collect device-specific information (such as your hardware model, operating system, unique device identifiers, device sensors and mobile network information including phone number) and device sensors and related device hardware. Heuro may associate your device identifiers or phone number with your Heuro Account.
Information from wearables. When you connect your wearable fitness tracker, heart rate monitor, pedometer or other wearable technology with the Services, we collect information about your steps, fitness activities, exercise frequency, sleep, and information about nutrition, such as caloric intake, nutritional statistics, blood pressure, and other biometric data.
Log information. When you use the Services or view content provided by Heuro, we may automatically collect and store certain information in server logs. This may include:
- Internet protocol address.
- Device information such hardware settings, duration of use, app navigation data, system activity, and device crashes.
- Cookies that may uniquely identify your Heuro Account.
Location information. When you use a location-enabled feature within the Heuro Mobile App (“Heuro App”), we may collect and process information about your GPS location sent by your mobile device. We may also use other mobile device features to determine your location, such as features that provide information on nearby Wi-Fi access points and cell towers.
Unique application numbers. When you install or uninstall the Heuro App (or when the App periodically communicates with our servers for updates) information such as the operating system type, application version number, and a unique application number may be sent to Heuro.
Local storage. We may collect and store information locally on your device using application data caches.
How We Use Information We Collect
To provide Services to you. We and our Service Providers use the information that we collect about you to provide, maintain, protect and improve the Services that Heuro provides to you.
To provide Sponsored Programs to you. We and our Service Providers may use the information that we collect about you to provide Services through Sponsored Programs in collaboration with your employer.
Because General Usage Information does not personally identify you, we may use General Usage Information for any purpose. In instances where we may combine General Usage Information with Personal Information (such as combining your zip code with your name), the combined information will be treated by us as Personal Information as long as it is so combined.
What Information We Share
We take your privacy seriously. We do not sell your information to any third-parties and all information disclosed to any third-party is the minimum amount necessary to fulfill the legitimate business purpose. We do not share Personal Information with companies, organizations or individuals outside of Heuro except in the following circumstances:
With your consent. We may share your Personal Information with companies, organizations or individuals outside of Heuro when we have your consent to do so.
As part of a Sponsored Program. Heuro may share your Personal Information with your employer, health plan, or health care provider in the following contexts:
Plan administration. Under applicable U.S. laws, we may share PHI with your health plan for the administration of your plan.
Healthcare providers. We may share information with your Service Providers. Our disclosure of your Personal Information may also be subject to certain restrictions set forth in agreements between us and your Service Providers.
Your employer. We will not share your PHI with your employer for any employment-related purpose. We may share certain limited Personal Information with your employer that is needed to deliver a Sponsored Program. For example, we may share completion status of a Sponsored Program requirement but not the actual results of the required action.
Third-party service providers. Heuro does not sell or rent your PHI to third parties. We may disclose your PHI to our business associates who perform various functions on our behalf and who have agreed in writing to safeguard your PHI appropriately and in accordance with the law. We also may disclose your Personal Information to third-parties in the following limited contexts:
- For legal reasons. We will share Personal Information with companies, organizations or individuals outside of Heuro if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
- meet any applicable law, regulation, legal process or enforceable governmental request;
- detect, prevent, or otherwise address fraud, security or technical issues;
- protect against harm to the rights, property or safety of Heuro, our users, or the public as required or permitted by law.
We may share aggregated, non-personally identifiable information publicly and with our partners to evaluate the effectiveness, value, and analytic trends of the Services.
How We Protect Your Information
Heuro is committed to protecting the sensitive user information held on its platform from unauthorized access, alteration, disclosure, or destruction. Specifically, Heuro has taken the following steps to protect your information from unauthorized disclosure:
- We comply with HIPAA’s security rule.
- We encrypt many of our Services using SSL.
- We review our information collection, storage, and processing practices, including physical security measures, to guard against unauthorized access to systems.
- We restrict access to Personal Information to Heuro employees, contractors, and agents who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
Your Control of Your Information
Exporting Personal Information. As a Heuro user, you have the option to cancel your account and/or to export your Personal Information at any time by contacting Heuro Customer Support.
Updating or correcting Personal Information. Our goal is to give users ways to update and correct their information quickly or, alternatively, delete the information, unless we need to keep the information for legitimate business or legal purposes. When updating your Personal Information, we may ask you to verify your identity before we can act on your request. Where we can provide information access and correction, we will do so for free, except where it would require a disproportionate effort. We aim to maintain our Services in a manner that protects information from accidental or malicious destruction. Because of this, after you delete information from our Services, we may not immediately delete residual copies from our active servers and may not remove information from our backup systems. Access, correction, or deletion requests can be made by contacting Heuro Customer Support
Account Closures. Upon termination (by you or by Heuro) of a relationship with a Service Provider supporting a Sponsored Program (e.g. termination of your employment or cessation of the program), you will no longer have access to your Heuro Account or the Personal Information generated during the Sponsored Program. Upon account closure, you have the option to export your Personal Information by contacting Heuro Customer Support.
Not Intended for Users Under Age 18
Information of Minors. The Services are not directed to or intended for use by anyone under the age of 18. In compliance with laws, we will not intentionally collect any Personal Information from minors under the age of 18. If you think that we have collected Personal Information from a minor, please contact us by e-mailing [email protected]
Privacy of Telecommunications Information
Heuro may obtain customer proprietary network information (CPNI) from certain affiliates or partners in connection with your use of the Services. CPNI is data collected by telecommunications companies that relates to the type, quantity, destination, technical configuration, location, and amount of use of telecommunications and interconnected VoIP services. In certain instances, Heuro may use CPNI provided by affiliates or partners to enhance or facilitate the Services provided to you. Heuro is fully committed to protecting the confidentiality of any CPNI it receives in connection with the Services. Under federal law, you are entitled to contact your telecommunications provider to opt-out of sharing CPNI. If you believe your CPNI has been shared with Heuro in error, please contact us by e-mailing [email protected] If we have a relationship with your telecommunications provider, we will advise your telecommunications provider of your complaint.
Compliance and Cooperation with Regulatory Authorities
California Privacy Rights
Residents of the State of California, under certain provisions of the California Civil Code, have the right to request from companies conducting business in California a list of all third parties to which the company has disclosed certain personally identifiable information as defined under California law during the preceding year for third-party direct marketing purposes. The company is not required to provide the above-described lists if it adopts and discloses its policy of not disclosing Personal Information to third-parties for their direct marketing purposes unless the customer first affirmatively agrees to the disclosure.
We do not share information with third-parties for their direct marketing purposes unless you affirmatively agree to such disclosure — typically by opting-in to receive information from a third-party. To prevent disclosure of your Personal Information for use in direct marketing by a third-party, do not opt-in to such use when you provide Personal Information through our Services. California customers may request further information about our compliance with this law by e-mailing [email protected]
California Do Not Track Notice. Some browsers have a “Do Not Track” feature that lets you tell websites and online services that you do not want to have your online activities tracked. Our websites and Services do not respond to “Do Not Track” signals as such browser features and industry standards are not uniform.
Last modified: July 30, 2021