Consumer Privacy Policy

Effective as of January 3, 2025

This Consumer Privacy Policy describes how ClosedLoop.ai, Inc. (“ClosedLoop,” “we,” “us” or “our“) processes personal information that we collect through our digital or online properties or services that link to this Consumer Privacy Policy in the context of providing our Healthy solution (including as applicable, our website, mobile application, and social media pages) as well as our marketing activities, live events and other activities described in this Consumer Privacy Policy (collectively, the “Service”). ClosedLoop may provide additional or supplemental privacy policies to individuals for specific products or services that we offer at the time we collect personal information. For information about how we collect, use, and share personal information that constitutes “consumer health data” or equivalent terms as defined by applicable laws, please see our Consumer Health Data Privacy Policy.

This Consumer Privacy Policy does not apply to the information collected and processed via our informational website, https://www.closedloop.ai, or in the context of our processing personal information on behalf of our enterprise customers. Our privacy practices and how we handle personal information that we collect through our informational website can be found here. In the context of processing personal information on behalf of enterprise customers, the relevant enterprise customer agreement governs how we process such personal information.

Index

Personal information we collect

Information you provide to us or that we may generate about you. Personal information you may provide to us through the Service or otherwise or that we may generate about you includes:

  • Contact data, such as your name, email address, phone number, and billing and physical addresses.
  • Demographic data, such as your gender, date of birth, and zip code.
  • Payment information, such as your credit card number, financial account information, and other payment details.
  • Profile data, such as a username or account number in combination with a password, security or access code, or other credential that allows access to an account; a redemption code; biographical details; links to your profiles on social networks; information about your interests and preferences; and any other information that you add to your account profile.
  • Communications data based on our exchanges with you, including when you contact us through the Service (including, provide feedback or request support), communicate with us via social media, or otherwise.
  • Government-issued identification number data, such as national identification number (e.g., Social Security Number, tax identification number, passport number), state or local identification number (e.g., driver’s license or state ID number), and an image of the relevant identification card.
  • Biometric data, such as fingerprints, irises, and facial images.
  • Health insurance data, such as health insurance carrier, policy number and policy details.
  • Marketing data, such as your preferences for receiving our marketing communications and details about your engagement with them.
  • User-generated content data, such as photographs, videos, documents, and other information (including screening and diagnostic testing results and supporting documentation) that you upload to our Service or otherwise make available on the Service, as well as associated metadata. Metadata includes information on how, when, where and by whom a piece of content was collected and how that content has been formatted or edited. Metadata also includes information that users can add or can have added to their content, such as keywords, geographical or location information, and other similar data.
  • Health and wellness-related information, such as information concerning your past, present and future physical and/or mental health status, goals, conditions, symptoms, medications, diagnoses, treatment data, claims data and any other information that you voluntarily provide or connect via the Services including in response to prompts and other questions through the Services.
  • Relationship data, such as familial or other relationships to third parties whose personal information you may provide to us.
  • Sensory data, such as audio or similar information.
  • Derived data, such as information we derive from personal information about you based on your interactions with the Service which could include your health and wellness-related information, preferences, interests and other information.
  • Activity related or linked third-party information, such as any information that you provide when you choose to share or link activity data from your device (for example, your phone’s accelerometer) or link other third-party platforms (such as Apple HealthKit or Google Health Connect), activity trackers, or health-related information repositories to the Service.
  • Characteristics of protected classifications, such as if you choose to provide in your user-generated content data related to, for example, your age, race or ethnic origin, health, sexual orientation or other information.
  • Usage data, such as your interaction (for example, time, frequency and duration of your activities) with the Service.
  • Other data not specifically listed here, which we will use as described in this Consumer Privacy Policy or as otherwise disclosed at the time of collection.

Third-party sources. We may combine personal information we receive from or generate about you with personal information we obtain from other sources, such as:

  • Co-branding/marketing partners. Partners with which we offer co-branded services or engage in joint marketing activities.
  • Publicly available sources, such as government agencies, public records, social media platforms, and other publicly available sources.
  • Private sources, such as medical providers, data providers and social media platforms.
  • Third-party services, such as social media or authentication services, that you use to log into, or otherwise link to, your Service account. This data may include your username, profile picture and other information associated with your account on that third-party service that is made available to us based on your account settings on that service.
    • Google User Data. If you connect the Service to a Google account, this Privacy Policy will apply to Google user data collected as well as to other categories of personal information. Notwithstanding anything else in this Privacy Policy, if you provide the Service access to your Google data, the Service’s use of that data will be subject to these additional restrictions:
      • The Service will not use Google data for serving advertisements.
      • The Service will not allow humans to read this data unless we have your affirmative agreement, doing so is necessary for security purposes (such as investigating abuse), to comply with applicable law, or for the Service’s internal operations and even then only when the data have been aggregated and anonymized.
  • Activity trackers. To the extent you link a device to the Service, we may also receive data from such device such as your device’s health app (like Apple HealthKit or Google Health Connect).
  • Electronic Medical Records. We may obtain medical records (including lab results and images) from the relevant electronic medical record database(s) (including providers) that you choose to connect to the Services or with whom we may have an enterprise business relationship.

Information from service providers. We may combine personal information we receive from or generate about you with information we receive from service providers that collected or provide personal information to us in connection with the work they do on our behalf.

Automatic data collection. We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and your interaction over time with the Service, our communications and other online services, such as:

  • Device data, such as your computer or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers, language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state or geographic area. This also includes data that we collect through digital trackers (such as smart scale, glucose devices and activity trackers) that you link to the Service.
  • Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Service, navigation paths between pages or screens, information about your activity on a page or screen, access times and duration of access, and whether you have opened our emails or clicked links within them.
  • Precise geolocation data such as when you authorize the Service to access your device’s location.
  • Communication interaction data such as your interactions with our email, text or other communications (e.g., whether you open and/or forward emails) – we may do this through use of pixel tags (which are also known as clear GIFs), which may be embedded invisibly in our emails.

Cookies and similar technologies. Some of the automatic collection described above is facilitated by the following technologies and we may store a record of your preferences in respect of the use of these technologies in connection with the Service:

  • Cookies, which are small text files that websites store on user devices and that allow web servers to record users’ web browsing activities and remember their submissions, preferences, and login status as they navigate a site. Cookies used on our sites include both “session cookies” that are deleted when a session ends, “persistent cookies” that remain longer, “first party” cookies that we place and “third party” cookies that our third-party business partners and service providers place.
  • Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data on your device outside of your browser in connection with specific applications.
  • Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.
  • Session-replay technologies, that employ software code to record users’ interactions with the Services in a manner that allows us to watch video replays of those user sessions. The replays include users’ clicks, mobile app touches, mouse movements, scrolls and keystrokes/key touches during those sessions.

Data about others. We may offer features that help users invite their contacts to use the Service (including, without limitation, to submit information relating to the users), and we may collect contact details about these invitees so we can deliver their invitations. Please do not refer someone to us or share their contact details with us unless you have their permission to do so.

How we use your personal information

We may use your personal information for the following purposes or as otherwise described at the time of collection:

Service delivery and operations. We may use your personal information to:

  • provide, operate and improve the Service and our business (including, without limitation, to build, develop and operate algorithms and models);
  • personalize the service, including remembering the devices from which you have previously logged in and remembering your selections and preferences as you navigate the Service;
  • establish and maintain your user profile on the Service;
  • facilitate your invitations to contacts who you want to invite to join the Service;
  • enable security features of the Service, such as by sending you security codes via email or SMS, and remembering devices from which you have previously logged in;
  • communicate with you about the Service, including by sending Service-related announcements, updates, security alerts, and support and administrative messages;
  • understand your needs and interests, and personalize your experience with the Service and our communications; and
  • provide support for the Service, and respond to your requests, questions and feedback.

Research and development. We may use your personal information for research and development purposes, including to analyze and improve the Service and our business and to develop new products and services.

Marketing. We, our service providers, and our third-party marketing partners may collect and use your personal information for marketing purposes:

  • Direct marketing. We may send you direct marketing communications and may personalize these messages based on your personal information. You may opt-out of our marketing communications as described in the Opt-out of marketing section below.
  • Testimonials. We may use your feedback to post comments about your experience with any Service on the website, in our marketing and promotional materials.

Service improvement and analytics. We may use your personal information to analyze your usage of the Service, improve the Service, improve the rest of our business, help us understand user activity on the Service, including which pages are most and least visited and how visitors move around the Service, as well as user interactions with our emails, and to develop new products and services.

Compliance and protection. We may use your personal information to:

  • comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas, investigations or requests from government authorities;
  • protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
  • audit our internal processes for compliance with legal and contractual requirements or our internal policies;
  • enforce the terms and conditions that govern the Service; and
  • prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

With your consent. In some cases, we may specifically ask for your consent to collect, use or share your personal information, such as when required by law.

To create aggregated, de-identified and/or anonymized data. We may create aggregated, de-identified and/or anonymized data from your personal information and other individuals whose personal information we collect. We make personal information into de-identified and/or anonymized data by removing information that makes the data identifiable to you. We may use this aggregated, de-identified and/or anonymized data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business.

Cookies and similar technologies. In addition to the other uses included in this section, we may use the Cookies and similar technologies described above for the following purposes:

  • Technical operation. To allow the technical operation of the Service, such as by remembering your selections and preferences as you navigate the site, and whether you are logged in when you visit password protected areas of the Service.
  • Functionality. To enhance the performance and functionality of our services.
  • Analytics. To help us understand user activity on the Service, including which pages are most and least visited and how visitors move around the Service, as well as user interactions with our emails. For example, we may use Google Analytics and Mixpanel for this purpose. You can learn more about Google Analytics and how to prevent the use of Google Analytics relating to your use of our sites here: https://tools.google.com/dlpage/gaoptout?hl=en. You can learn more about Mixpanel and how to prevent the use of Mixpanel relating to your use of our sites here: https://mixpanel.com/privacy/.

Retention. We generally retain personal information to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes. To determine the appropriate retention period for personal information, we may consider factors such as the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

When we no longer require the personal information we have collected about you, we may either delete it, anonymize it, or isolate it from further processing.

How we share your personal information

We may share your personal information with the following parties and as otherwise described in this Consumer Privacy Policy, in other applicable notices, or at the time of collection.

Affiliates. To the extent relevant, our corporate parent, subsidiaries and affiliates.

Service providers. Third parties that provide services on our behalf or help us operate the Service or our business (such as trainers or coaches, hosting, information technology, customer support, email delivery, marketing, consumer research and website analytics).

Generative AI platforms. We use third-party artificial intelligence (AI) providers to provide certain aspects of the Service.

Payment processors. Any payment card information you use to make a purchase on the Service is collected and processed directly by our payment processors, such as PayPal and Stripe. PayPal may use your payment data in accordance with its privacy policy, https://www.paypal.com/us/webapps/mpp/ua/privacy-full. Stripe may use your payment data in accordance with its privacy policy, https://stripe.com/privacy.

Third parties designated by you. We may share your personal information with third parties where you have instructed us or provided your consent to do so. For example, we may share your personal information with your healthcare providers, healthcare administrators, healthcare payors or others where you have directed us to do so.

Business and marketing partners. We may share certain personal information with third parties with whom we co-sponsor events or promotions, with whom we jointly offer products or services, or whose products or services may be of interest to you.

Linked third-party services. If you log into the Service with, or otherwise link your Service account to, a social media or other third-party service, we may share certain of your personal information (such as an authentication token) with that third-party service. The third party’s use of the shared information will be governed by its privacy policy and the settings associated with your account with the third-party service.

Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.

Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the Compliance and protection purposes described above.

Business transferees. We may disclose personal information in the context of actual or prospective business transactions (e.g., investments in or financings of ClosedLoop, public stock offerings, or the sale, transfer or merger of all or part of our business, assets or shares), for example, we may need to share certain personal information with prospective counterparties and their advisers. We may also disclose your personal information to an acquirer, successor, or assignee of ClosedLoop as part of any merger, acquisition, sale of assets, or similar transaction, and/or in the event of an insolvency, bankruptcy, or receivership in which personal information is transferred to one or more third parties as one of our business assets.

Other users and the public. For example, if you provide a testimonial that is intended to be public, we may disclose your information to other users and the public.

Your choices

In this section, we describe the rights and choices available to all users.

Access or update your information. If you have registered for an account with us through the Service, you may review and update certain account information by logging into the account.

Opt-out of communications. You may opt-out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us at help@gethealthy.com. Please note that if you choose to opt-out of marketing-related emails, you may continue to receive service-related and other non-marketing emails.
If you receive text messages from us, you may opt out of receiving further text messages from us by replying STOP to our message.

Cookies. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, the Service may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org. You can also configure your device to prevent images from loading to prevent web beacons from functioning.

Mobile location data. You can disable our access to your device’s precise geolocation in your mobile device settings.

Blocking images/clear gifs. Most browsers and devices allow you to configure your device to prevent images from loading. To do this, follow the instructions in your particular browser or device settings.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Declining to provide information. We need to collect personal information to provide certain services. If you do not provide the information we identify as required or mandatory, we may not be able to provide those services.

Linked third-party platforms. If you choose to connect to the Service through your social media account or other third-party platform, you may be able to use your settings in your account with that platform to limit the information we receive from it. If you revoke our ability to access information from a third-party platform, that choice will not apply to information that we have already received from that third party.

Delete your content or close your account. You can choose to delete certain content or close your account through account settings within the mobile app or by contacting us.

Other sites and services

The Service may contain links to websites, mobile applications, and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites, mobile applications or online services operated by third parties, and we are not responsible for their actions. We encourage you to read the privacy policies of the other websites, mobile applications and online services you use.

Security

We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information.

International data transfer

We are headquartered in the United States and may use service providers that operate in other countries. Your personal information may be transferred to the United States or other locations where privacy laws may not be as protective as those in your state, province, or country.

Children

The Service is not intended for use by anyone under 18 years of age. If you are a parent or guardian of a child from whom you believe we have collected personal information in a manner prohibited by law, please contact us. If we learn that we have collected personal information through the Service from a child without the consent of the child’s parent or guardian as required by law, we will comply with applicable legal requirements to delete the information.

Changes to this Consumer Privacy Policy

We reserve the right to modify this Consumer Privacy Policy at any time. If we make material changes to this Consumer Privacy Policy, we will notify you by updating the date of this Consumer Privacy Policy and posting it on the Service or other appropriate means. Any modifications to this Consumer Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Service after the effective date of any modified Consumer Privacy Policy indicates your acknowledging that the modified Consumer Privacy Policy applies to your interactions with the Service and our business.

How to contact us

Email: help@gethealthy.com

State privacy rights notice

Additional information for California residents. Under California’s Shine the Light law (California Civil Code Section 1798.83), California residents may ask companies with whom they have formed a business relationship primarily for personal, family or household purposes to provide the names of third parties to which they have disclosed certain personal information (as defined under the Shine the Light law) during the preceding calendar year for their own direct marketing purposes, and the categories of personal information disclosed. You may send us requests for this information to help@gethealthy.com. In your request, you must include the statement “Shine the Light Request,” and provide your first and last name and mailing address and certify that you are a California resident. We reserve the right to require additional information to confirm your identity and California residency. Please note that we will not accept requests via telephone, mail, or facsimile, and we are not responsible for notices that are not labeled or sent properly, or that do not have complete information.